Privacy Groups say FBI Hacking went too Far!

Privacy advocates are claiming in court that an FBI hacking operation to take down a child pornography site was unconstitutional and violated international law.

That’s because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.

“How will other countries react to the FBI hacking in their jurisdictions without prior consent?” wrote Scarlet Kim, a legal officer with UK-based Privacy International.

Recently, that group, along with the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union of Massachusetts, filed briefs in a lawsuit involving the FBI’s hacking operation against Playpen.

The child pornography site was accessible through Tor, a browser designed for anonymous web surfing. But in 2014, the FBI managed to take it over.

In a controversial move, the agency then decided to use the site to essentially infect visitors with malware as a way to track them down.

As a result, the FBI is prosecuting hundreds who were found visiting the site, but it also happened to hack into computers from 120 countries.

Recently, the three privacy groups filed briefs in a case involving Alex Levin, a suspect in the FBI’s Playpen investigation who’s appealing the way the agency used malware to gather evidence against him.

Privacy International claims that the warrant the FBI used to conduct the hacking is invalid. This is because the US was overstepping its bounds by conducting an investigation outside its borders without the consent of affected countries, the group said.

According to Privacy International, the case also raises important questions: What if a foreign country had carried out a similar hacking operation that affected US citizens? Would the US welcome this?

The EFF and ACLU also claim that the FBI’s warrant was invalid, but they cite the US Constitution, which protects citizens from unreasonable searches.

“Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world,” EFF attorney Mark Rumold wrote in a blog post. “If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied.”

A key concern is that a warrant to hack into so many computers will set a precedent. “Even serious crimes can’t justify throwing out our basic constitutional principles,” Rumold said.

US attorneys have argued in court that the FBI followed proper procedures in obtaining its warrant from a federal judge. They said the FBI’s hacking techniques managed to identify hundreds of Playpen users who otherwise were cloaked in anonymity.

Allowing the Playpen suspects “to evade capture and carry on abusing children in the dark shadows of Tor would be repugnant to justice,” the US attorneys argued in court in October.

Computerworld:

 

« Handbook Of Russian Information Warfare
Law to Imprison Journalists for Publishing Leaks »

Directory of Suppliers

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Information Technology & Communications

HSI Cyber Crimes Center

HSI Cyber Crimes Center

HSI's Cyber Crimes Center delivers computer-based technical services to support domestic and international investigations into cross-border crime.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

DataGravity

DataGravity

DataGravity enables organizations to identify sensitive data across their virtual environments and protect it from theft, misuse, and abuse.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

GLS is an award-winning eLearning and blended-learning solutions provider in Security Awareness, Compliance Training and custom training solutions

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

Stormshield

Stormshield

Stormshield offers innovative end-to-end security solutions to protect networks, workstations and data.

National Cyber-Forensics & Training Alliance (NCFTA)

National Cyber-Forensics & Training Alliance (NCFTA)

NCFTA is a non-profit corporation focused on identifying, mitigating, and neutralizing cyber crime threats globally.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

National Cyber Exchange (NCX)

National Cyber Exchange (NCX)

NCX is a non-profit, member organization dedicated to improving cybersecurity and protecting critical infrastructure.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.