Noah Webster
In selecting men for office, let principle be your guide. Regard not the particular sect or denomination of the candidate - look to his character. . . . When a citizen gives his suffrage to a man of known immorality he abuses his trust; he sacrifices not only his own interest, but that of his neighbor, he betrays the interest of his country.[Noah Webster, Letters to a Young Gentleman Commencing His Education to which is subjoined a Brief History of the United States (New Haven: S. Converse, 1823), pp. 18, 19.]
When you become entitled to exercise the right of voting for public officers, let it be impressed on your mind that God commands you to choose for rulers, "just men who will rule in the fear of God." The preservation of government depends on the faithful discharge of this duty; if the citizens neglect their duty and place unprincipled men in office, the government will soon be corrupted; laws will be made, not for the public good so much as for selfish or local purposes; corrupt or incompetent men will be appointed to execute the laws; the public revenues will be sqandered on unworthy men; and the rights of the citizens will be violated or disregarded. If a republican government fails to secure public prosperity and happiness, it must be because the citizens neglect the divine commands, and elect bad men to make and administer the laws.[Noah Webster, History of the United States (New Haven: Durrie & Peck, 1832), pp. 336-337, �49.]
Government will soon able legally hack anyone
Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts.
That’s why it’s so concerning that the Justice Department is planning a vast expansion of government hacking. Under a new set of rules, the FBI would have the authority to secretly use malware to hack into thousands or hundreds of thousands of computers that belong to innocent third parties and even crime victims. The unintended consequences could be staggering.
Without rigorous and periodic evaluation of hacking software by independent experts, it would be nothing short of reckless to allow this massive expansion of government hacking.
If malware crashes your personal computer or phone, it can mean a loss of photos, documents and records—a major inconvenience. But if a hospital’s computer system or other critical infrastructure crashes, it puts lives at risk. Surgical directives are lost. Medical histories are inaccessible. Patients can wait hours for care. If critical information isn’t available to doctors, people could die. Without new safeguards on the government’s hacking authority, the FBI could very well be responsible for this kind of tragedy in the future.
No one believes the government is setting out to damage victims’ computers. But history shows just how hard it is to get hacking tools right. Indeed, recent experience shows that tools developed by law enforcement have actually been co-opted and used by criminals and miscreants. For example, the FBI digital wiretapping tool Carnivore, later renamed DCS 3000, had weaknesses (which were eventually publicly identified) that made it vulnerable to spoofing by unauthorized parties, allowing criminals to hijack legitimate government searches. Cisco’s Law Enforcement access standards, the guidelines for allowing government wiretaps through Cisco’s routers, had similar weaknesses that security researchers discovered.
The government will likely argue that its tools for going after large botnets have yet to cause the kind of unintended damage we describe. But it is impossible to verify that claim without more transparency from the agencies about their operations. Even if the claim is true, today’s botnets are simple, and their commands can easily be found online. So even if the FBI’s investigative techniques are effective today, in the future that might not be the case. Damage to devices or files can happen when a software program searches and finds pieces of the botnet hidden on a victim’s computer. Indeed, damage happens even when changes are straightforward: recently an anti-virus scan shut down a device in the middle of heart surgery.
Compounding the problem is that the FBI keeps its hacking techniques shrouded in secrecy. The FBI’s statements to date do not inspire confidence that it will take the necessary precautions to test malware before deploying them in the field. One FBI special agent recently testified that a tool was safe because he tested it on his home computer, and it “did not make any changes to the security settings on my computer.” This obviously falls far short of the testing needed to vet a complicated hacking tool that could be unleashed on millions of devices.
Why would Congress approve such a short-sighted proposal? It didn’t. Congress had no role in writing or approving these changes, which were developed by the US court system through an obscure procedural process. This process was intended for updating minor procedural rules, not for making major policy decisions.
This kind of vast expansion of government mass hacking and surveillance is clearly a policy decision. This is a job for Congress, not a little-known court process.
If Congress had to pass a bill to enact these changes, it almost surely would not pass as written. The Justice Department may need new authorities to identify and search anonymous computers linked to digital crimes. But this package of changes is far too broad, with far too little oversight or protections against collateral damage.
Congress should block these rule changes from going into effect by passing the bipartisan, bicameral Stopping Mass Hacking Act. Americans deserve a real debate about the best way to update our laws to address online threats.
https://www.wired.com/2016/09/government-will-soon-able-legally-hack-anyone/
No comments:
Post a Comment