Recently there have been a number of different issues regarding information privacy. These include encryption (Manon, 2016), the government legal authorities wanting complete access to emails and cell phones, and other focal points. The rationale for this is the legal authorities may need intelligence for investigations. This may be beneficial in that this would provide for a lesser time to investigate presuming the data would be germane, and would potentially provide for direct evidence, such as pictures. With these in hand the deviant would be caught earlier, allow for fewer crimes that may have been committed in the additional investigative time that would have been spent, and the judicial process could move a bit quicker as there would be pictures or other direct evidence.
The Stop Mass Hacking Act was introduced by Senators Ron Wyden and Rand Paul (Eggerton, 2016) and co-sponsored by Senators Steve Daines, Tammy Baldwin, and Jon Tester (Manon, 2016). The intent is to repeal the previously approved act which would allow law enforcement virtual unfettered access to an unlimited number of computers with a single warrant and signature affixed thereto. The law enforcement officials only have to produce an allegation the computer(s) had been “affected by criminals” (Eggerton, 2016). The potential for this is vastly reaching with a direct negative impact on civil liberties (Manon, 2016).
From a magistrate to a full sitting judge, the legal governmental authority would have the ability to simply issue a warrant to search remote devices across the planet (Wyden, Paul, Baldwin, Daines, & Tester, 2016). Unless there is a Congressional action by December 1, 2016, this Act will transform into a statute.
As noted, this Act is directed to remote equipment searches for electronic devices. With the physical devices, the law enforcement and judicial system could complete the warrant including signatures. The law enforcement would then learn of the location of the equipment, travel there, and secure the property for the court. This is a moderately basic process.
With remote devices, this is much different. The law enforcement authorities may not be able to find the property, and if the location were to become known, it may be located out of its jurisdiction. As an example, the crime could be committed in Maryland. The person and phone could now be located in Ireland. There is evidence presumed to be on the phone. The task to secure the phone through the usual legal channels would be a mountain of a task and not likely to proceed with any slight definition of ease.
As this is a remote asset, to achieve the intent of the warrant and to secure the data on the phone, the authorities would need to plant an app on the target asset, or in a less politically correct, hack the asset. This is a single warrant signed by a magistrate or judge effectually allowing law enforcement to hack a million machines. This is a bit far-reaching. This could be accomplished with malware being planted on the asset via various tools or a botnet attack.
Once breached the asset is potentially also vulnerable to other attacks by other third parties. It is unknown with a certainty how this would affect the asset for other third party attacks. The implications are significant.
Learn more about protecting your business at the National Cybersecurity Institute.
Eggerton, J. (2016, May 19). Bipartisan senators introduce stopping mass hacking act. Retrieved from http://www.broadcastingcable.com/news/washington/bipartisan-senators-intorducing-stopping-mass-hacking-act/156670
Manon, J. (2016, May 20). US senate introduces bill that would limit FBI’s power to remotely hack devices. Retrieved from http://appleinsider.com/articles/16/05/20/us-senate-introduces-bill-that-would-limit-fbi-power-to-remotely-hack-device
Pappalardo, J. (2016, May 20). Senate introduces ‘stop mass hacking act’”. Retrieved from http://townhall.com/tipsheet/josephpappalardo/2016/05/20/senate-introduces-stopping-mass-hacking-act-n2166145
Reitman, R. (2016, April 30). With rule 41, little-known committee proposed to grant new hacking powers to the government. Retrieved from https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government
Reuters. (2016, May 20). U.S. senators introduce act to stop mass hacking by government spy bots. Retrieved from http://www.patentlyapple.com/patently-apple/2016/05/us-senators-introduce-act-to-stop-mass-hacking-by-government-spy-bots.html
Stacks, T., & Goode, D. (2016, May 20). Stopping mass hacking act gets debate started. Retrieved from http://www.politico.com/tipsheets/morning-cybersecurity/2-16/05/stop-mass-hacking-act-gets-debate-started-procesution-of-cyber-criminals-at-issue-bank-heists-around-the-globe-214411
Wyden, Paul, Baldwin, Daines, & Tester. (2016). Stopping mass hacking (SMH) act. Retrieved from https://www.wyden.senate.gov/download/?id=599A82D4-F984-46B1-9BFF-F8487BBF279C&download=1
Charles Parker, II, has been coding since the mid-1980’s, and has been working in the finance, auto manufacturer, and health industries seeking secure solutions for issues for over 17 years. Charles has an MBA, MSA, JD, LLM, and is a doctoral candidate for a PhD in Information Assurance and Security.