Z3 ECM Enterprise Content Management for Zope3
« zc.buildout: new feature and speed up | Main | Announcing zopeproject 0.4 »

The Online Search Warrant

And now for something completely different... (in other words, unreleated to Python or Zope)

When it comes to national security in Germany, there's currently one topic dominating the press: online search warrants. Or rather the lack thereof. You see, German politicians and authorities involved in national security have demanded for many months now that online searches of computers on behalf of the police should be allowed without a search warrant issued by a court.

At first sight, it seems to make total sense. Surely there are terrorist who want to erect theocracies all over the world and bomb the rest of us heathens back to the middle ages. To reach that goal they don't seem to shy away from using modern means of communication, combat and sabotage, though. So this is a war of technology and we need to fight back with everything we got now, right? Considering the success the police had investigating the bombing of the London Underground in 2005 and the attempted bombing of trains in Dortmund and Kassel in 2006 was thanks to video surveillance, it seems that betting on technology pays off.

So why not go a step further and put the bad guys under surveilance before they bomb us to pieces? Let's catch them making plans, not executing them. What better tool could online searches be for this? Well, to be honest, I see a whole range of problems with them.

It's unconstitutional

From my point of view, this is by far the strongest argument. "Naturally we have to change the constitution to allow them," the supporters of online searches say. The problem with this is that this touches essential civil rights (Americans will know this as the Bill of Rights) that every Western democracy holds up so high. Once we start giving these up, we might just as well get out of the U.N. and stop telling the world that we're so better at treating people. I can already hear China saying "Told you so, Germany".

Lack of proportionality

Authorities claim that they can only conduct (and afford) 5 to 10 online searches a year. Is it really too much trouble getting a judge to sign a search warrant for such few incidents? Is it worth changing our constitution for this? It's not like the police isn't going to collect some evidence on the guy they're going to put under surveillance in the first place. After all, hacking into another guy's computer takes time and money, you better make sure it's worth it. So you might just as well get a judge involved.

Have they actually thought this through?

The means by which the authorities want to conduct these online searches aren't well known. The press obviously likes to speculate wildly (and usually gets it all wrong due to their lack of understanding the details).

The most obvious choice seems to be to buy a zero-day exploit for whichever operating system the person in question is using. I've heard these sell for a couple hundred thousand dollars. So the whole thing sure is pricey. Then you install a trojan (dubbed "Federal Trojan"). According to the press, this has been done already in an investigation (unconstitutionally, I might add).

The problem with the trojan is that if the police can get in that way, so can anybody else, especially if the system isn't well maintained (security updates, virus scanner, etc.). So in the end, an online search is like catching two cars on a speed camera. You know at least one of them has been speeding but you can't tell which one. That's why I doubt they'll hold up in court.

Politicians realized that too, of course, and backpedaled. Now they wouldn't use a trojan but rather fall back to more conventional methods of gaining access to the computer: breaking into the suspect's house and install the software or hardware (e.g. a keylogger) locally. Well, I sure hope that those terrorist have no laptops, otherwise them cops are goin' be real mad when they find out the terrorists always take that computer with them when they leave the house...

To me, all of this doesn't look like this has been thought through properly. Those who want it seem to think it's a silver bullit. Those who actually know a little bit about this stuff can't seem to see that it would be. I sure hope that parliament will be wise enough not to let this one slide by.

Posted by Philipp von Weitershausen @ 08/30/2007 01:18 AM. - Categories: Miscellania -  0 comments

Latest animations