04 January 2009

Another Reason to Run GNU/Linux...

And a pretty important one:

The Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

So why might GNU/Linux help? Well:

He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.

Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.

Er, and how are they going to break into my system to install the keylogger if they don't know the password? Attachments won't work: I'm generally clever enough *not* to open them, and even if I did, they wouldn't do much on a GNU/Linux box. And hacking my hard disc through the wireless network? I don't think so.

Looks like free software is becoming even more about freedom....

18 comments:

  1. If they've got physical access to the machine and you aren't running with an encrypted file system, then I'm afraid that you're root'd...

    1. If they can boot from a CD-Rom, USB drive, or floppy, then they can quickly boot up their own OS, mount your filesystems, and install whatever software they want.

    2. If they can't reboot the machine, they open the case, take out the hard drive, attach it to their machine, and then do the same things to it.

    Of course, in either case you'd know that the machine had been down, but they could easily create a "power outage" that would explain that.

    ReplyDelete
  2. Thanks for that useful rundown.

    So what about if I've got an encrypted directory with all my important files in it...?

    ReplyDelete
  3. Anonymous1:06 am

    Encrypted dir wont prevent anyone from installing a keylogger. Better yet it will only protect the stuff that was in it prior to the "lawful break-in". It's still quite easy to install an application that will do whatever it likes as soon as you access its contents.

    ReplyDelete
  4. Anonymous3:31 am

    There are also hardware keyloggers (look on thinkgeek.com) which sit between the keyboard and the computer; this wouldn't even need to power down the machine and encryption would be useless. It would require access to the machine of course.

    But researchers can identify keys typed by each individual key's *sound* and a person's typing pattern makes this even easier to decode...

    Like always, security isn't a yes/no issue, but various levels of grey as to whether anything is or is not secure.

    ReplyDelete
  5. @Kaczus: Hmm, can't I encrypt the entire disc, then?

    ReplyDelete
  6. Perhaps the only solution is to adopt 1984-like methods of telling when someone has been in....

    ReplyDelete
  7. Anonymous9:42 pm

    About hard disk encryption, read

    this
    new blog from Michael Horowitz?


    Peter G>

    ReplyDelete
  8. Thanks that's very useful.

    ReplyDelete
  9. Anonymous10:35 am

    It's ironic, but the very effectiveness of encryption is probably why the EU and British government are so keen to give the security services these astonishingly intrusive powers.

    Being able to walk into people's data (and thus often, effectively, into their thoughts themselves) without a court order is a very serious power for citizens to grant to the state. But then we didn't grant it, did we? Our increasingly security paranoid authorities just took it without asking.

    The powers-that-be seem to be attempting to cultivate an accepted view that all and any data somehow morally belongs to the state in the final analysis. If you encode information digitally, the state has the right to inspect it. It seems that in their eyes there is no such thing as private data, it should all be accessible to security forces and to the authorities, whenever they feel they need to view it. Of course, to most non-bureaucrats and non-politicians this is a very worrying new mind-set, very worrying indeed.

    It seems clear that our state views the Internet as potentially the most pervasive tool of law enforcement, monitoring and control ever devised. IMO, much government policy making in recent years strongly indicates this. Far from maintaining and encouraging the development of the Internet as a network of unprecedented freedom, modern governments are seeking to mould it into an entity characterised by surveillance, censorship, and subordination to the economic interests of copyright holders.

    This is all so different from the nature and potential of the Internet as envisaged by most of my friends and colleagues, past and present (and indeed, as envisaged by those who developed it into the network it is today). But then, we're not politicians/bureaucrats seeking overbearing levels of control over the lives of others, and appropriating and subverting the new technologies in order to achieve that aim.

    ReplyDelete
  10. Excellent points.

    The question is: what should we do about it?

    ReplyDelete
  11. Anonymous1:10 pm

    Indeed, what to do?

    In my view, a good start would be the mainstream media taking a more active role in raising awareness of the likely outcome of these policies. Instead of giving blank "column inch" cheques to events occurring thousands of miles away (however catastrophic and tragic), IMO the media needs to take greater responsibility for defending democracy and the rights of the individual here at home and instead of routinely consigning stories about the growth of the security state, and the resulting discussions, to the "inside pages", it needs to give them much greater more prominence and focus. We are, after all, faced with major restrictions being placed on our personal liberty and privacy. These matters are about important as it gets, surely?

    There are hugely important legislation and measures due to be enacted or expanded this year (Blanket communications monitoring and surveillance, mobile phone databases, legislation restricting the rights of citizens to record the actions of the police, tasers for police officers, etc. etc). In my view the broadsheets and television media, at least, should devote more time and space to tracking the liberty-impacting changes, existing and proposed, as well as explaining their likely ramifications (this last point especially!)

    I just can't understand the mainstream media's _relative_ lack of concern with these matters, not least because freedom of expression and publishing are key freedoms threatened by much recent policy and legislation. Sometimes I get the sense that the combined juggernaut of national government and EU authority is simply too complex, convoluted and wearisome to document and effectively hold to account (if so, a very ominous thing). A "can't fight city hall" mindset seems to have descended on parts of the mainstream media organizations. No doubt some of this is down to ignorance of technology matters by many of the more experienced journalists (present company excepted of course ;), but the often "ho hum, here's another one, whatever" reporting of liberty-reducing legislation I find very puzzling and worrying.

    IMO we need to up the heat. More strident headlines, more incisive and numerous editorials, more focus given to resulting discussion on media organization websites, probably a new popular movement and organization that can harness, popularize and better promote the efforts of the likes of the ORG, Liberty, and the many others concerned directly or indirectly with the state of democracy and individual rights. After all, these issues are to the individual what constitutional issues are to a nation. For the most part they're not party political, unlike other political causes celebres in recent memory, but yet there exists a surprising degree of fatalism, acquiescence and/or ignorance. The consequences of the slow construction of the database-armed, security state simply haven't sunk in yet, one is forced to conclude.

    My view is that individuals also need to stop being so politically lazy, and to explicitly engage in politics. As a population we need to cease this meek acquiescence each time government kicks away another plank of our personal liberty (or else withholds or compromises the benefits of a potential new strand). We need to routinely and robustly reject "The innocent have nothing to fear" strategy so beloved by those seeking to curtail personal freedoms. IMO people can start simply by contributing to political discussion (online or traditional), they can work up to joining democracy and liberty-defending organizations, writing to their MPs, signing petitions, participating in constructive democratic protest and peaceful direct action. The smug authoritarians running the show at the moment need to be sent a clear signal that they are imposing these policies against both our wishes and our interests. Digital technology is not a tool to be owned by government, and dispensed in small doses to us when we behave. And more specifically, the Internet is primarily a tool to benefit civic society, not government.

    Without wishing to unduly flatter present company, I applaud your comprehensive and level-headed reporting on this blog Glyn (puts my own efforst to shame), and one of my small but hopefully meaningful "what to do" action points (and I have been practising what I preach above, honest!) is to recommend this site to anyone who comes within earshot. I doubt that anything in the brain dump above is anything other than preaching to the converted of course, but as you asked... ;)

    ReplyDelete
  12. Roger, great comment - many thanks for all that thought - tweeted at https://twitter.com/glynmoody/status/1101924394.

    I agree journalists have a huge responsibility, but sadly not all of them really care. In many ways, blogging (and tweeting) has come at just the right time.

    And thanks for the kind words: we do our 'umble best....

    ReplyDelete
  13. Anonymous11:47 pm

    Thanks Glyn. I'll be sure to drop in regularly to your twitter feed.

    And just to underscore the point:

    Kiwis rally opposition to NZ copyright bill


    They're coming thick and fast now, aren't they?

    GET YOUR HANDS OFF OUR NETWORK, YOU GREEDY, SELFISH BUGGERS!

    ReplyDelete
  14. Which is why *we* must fight back just as hard....

    ReplyDelete
  15. Anonymous1:38 pm

    Reminds me of a story I heard from the SO36-hackers of Germany, who provide net services to many globalization protest groups. Before the G8-meeting in Heiligendam in 2007, the German police raided the offices of S036. It took the police "computer expert" five hours to figure out what kind of OS they we're running at the machine. Three hours later they figured out that the webcam was on and broadcasted everything the police did. The continuous calls the SO36 representative got during the raid, where hackers were joking about the cluelessness of the police "expert" provided the hint. The court order only gave the police 24 hours, so they didn't find much. Of course this is security by obscurity, but for now Linux and BSD in combination with (other's) incompetence gives you an added layer of security.

    ReplyDelete
  16. Great story - thanks for sharing it.

    ReplyDelete
  17. Anonymous8:33 am

    @Brian, @Anon

    As far as i know (IANAL), this new hackerhappy way of doing things does not cover warrentless entry into your house, just your digital networks / computers.

    So as long as your firewalls and software is secure, they are out of luck (unless they get a warrent, in which case your skrewed anyway).

    So yes, using a secure OS is probably a good place to start.

    ReplyDelete
  18. IANAL either, but my impression was that they *could* (and if they can't, I'm sure there's some legislation being prepared....)

    ReplyDelete