Today, the FBI becomes the enemy of every computer user and every IT security professional worldwide

Today December 1, the United States FBI is granted new powers to intrude into any computer anywhere on the globe, instantly changing the FBI from a random law enforcement agency to a global adversary. Law enforcement agencies are expected to be met with open arms and treated as good guys. There’s not going to be any good guy treatment of the FBI here, and for good reason.

The U.S. FBI has been sort of a random law enforcement agency somewhere on the planet doing physical law enforcement work, kind of like the Bundespolizei in Germany would appear to an American, or the way the Policía Federal Argentina would appear to a European. Today, the FBI becomes a global adversary and enemy to every security-conscious computer user and to every IT security professional, similar to how the mass surveillance agencies are treated. The FBI has requested, and been granted, the lawful power (in the US) to intrude into any computer in the entire world. In 95% of the world, this makes the FBI no different from a Russian or Chinese criminal intruder, and it will be treated in the same way by people defending their systems; defending their homes.

This has happened under the boring legislative name of “changes to Rule 41”, and is (as always!) presented as nothing of particular interest. This is an old trick: when you want sweeping broad new powers without accountability, don’t call it “sweeping broad new power without accountability”, but cloud it in a name so boring it will interest absolutely nobody. (This lawmaker trick was skillfully observed by John Oliver, who said we shouldn’t call the peer-to-peerness of the Internet a boring term like “net neutrality”, but the more to-the-point “preventing cable company fuckery”.)

These “changes to Rule 41” put a lot of people in the FBI’s crosshairs. As usual, most people think new powers for law enforcement can only target criminals – as in actual, violent criminals. This would be the reasonable course of action, but not so in this case, not so at all. Techdirt points out that anybody using encryption, or anybody trying to hide their identity or location, can be presumed to be engaged in crime (having a “guilty mind”, or mens rea in Legalese Latin) and therefore be a valid target.

This assertion is, of course, outrageous and preposterous.

Under this assertion, sources to reporters do not have a right to hide their identity: the FBI just invalidated most principles behind freedoms of the press. The EFF points out numerous other reasons why we want to protect people hiding their identity – such as domestic abuse victims. Further, everybody has a right to hide their location for any reason or no reason at any time (with a few exceptions like felons serving sentences with electronic shackles). In short, seeing this activity as suspicious is blatantly outrageous.

Actually, let’s take that observation one step further: carrying an electronic ankle shackle is considered equivalent to serving a prison sentence. So when the FBI says out straight that nobody has a right to hide their location, what they’re saying is that they want to reduce everybody’s freedom to the equivalent of being in prison. That’s a remarkable statement no matter how you twist it.

These sweeping new powers for the US FBI have not been without opposition. There were some last-minute efforts to stop it, but in the end, the new powers took effect and will now need a constitutional challenge.

A lot of this comes down to law enforcement’s distorted self-image: since they have the lawful power to enter a residence on its own jurisdiction (a power backed on location by a half-dozen locked and loaded assault rifles with safeties off), they have taken for granted that they can and should enter anywhere they see themselves having a need to enter. In short, law enforcement is used to getting some sort of preferential treatment when breaking and entering using force. But when the FBI tries to break into my firewall in Switzerland, there’s no jurisdiction, and there’s no guns: there’s going to be just me shooting their attempts down with complete prejudice, no remorse, and 100% justification. They’re going to be treated no differently than any other criminal trying to break into my home.

If the FBI wants the ability to behave like a global adversary, it will be globally treated as an adversary.

The security industry has already announced its intent to this effect, to refusing to give law enforcement any kind of preferential treatment: Mikko Hypponen of F-Secure was crystal clear a decade ago when this was discussed last time, saying “Malware detectors will make no difference between adversaries based on whether they consider themselves lawful”, or something to that effect. An intruder is an intruder, plain and simple.

The FBI may have a very high horse to step down from. Just because it has been immediately accepted into houses when it’s also pointing automatic rifles at the residents, that doesn’t mean it’s particularly welcome. When it doesn’t carry guns and tries to intrude into computers, it will be ejected, rejected, and kicked out with force, lawful intrusion into a computer or not notwithstanding: an intruder is an intruder. And the FBI is about to become aware of that.

And as a final note, once the FBI breaks in to your computer at home, don’t expect them to be able to protect their intrusion. The United States has proven itself utterly incapable of protecting its own dirtiest laundry, so it can’t and won’t protect the data it has stolen when breaking into your home.

Privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


Advertisements