On Wed, May 04, 2016 at 09:55:38PM -0400, Paul Syverson wrote:
On Wed, May 04, 2016 at 05:32:24AM -0400, Roger Dingledine wrote:
Hi Alison, Kate,
Check out https://theintercept.com/2016/04/28/supreme-court-gives-fbi-more-hacking-pow...
I think this is a really important outreach topic.
A) We should reach out to the senators who are planning to fight the changes, to offer to teach them more about Tor and more about the Internet, see if they have any questions or concerns, etc. I bet there are some staffers somewhere who are working on exactly this topic, and everything they know about Tor they learned from one scary video about the dark web. We should teach them how Tor works, why people need it, and why a diversity of types of users is key to its security.
B) At the same time, we should learn what their talking points are, so we can be better at educating people about the issue. In particular, one of the quotes in the article says it's "possibly the broadest expansion of extraterritorial surveillance power since the FBI's inception", but at the same time, I can totally picture people saying "Oh come on, it's just Tor, how can that be such a big change?" We would be smart to have concrete non-Tor examples of what these new powers would allow, so everybody can understand that these changes aren't just about Tor.
I am so totally not a lawyer, but
Suppose I post a comment somewhere, say a news site or blog that accepts comments, and I don't identify my location (district) in that comment. Suppose the site allows unauthenticated comments (alternatively, the site has a posted privacy policy to protect my facebook/gmail/ whatever-they-use login credentials except for that use and permits me to choose any available username, ---alternatively alternatively, I use my regular longstanding gmail address overtly as identifier for the post, but don't announce my district in any way and I have never authorized Google to use or reveal my location to others.)
If I say anything in that comment that any magistrate judge anywhere in the country can be convinced indicates there is on my computer evidence of any crime whatsoever in his district (or a crime such that activites related to it have occurred in his district), then is it the case that that judge can issue a warrant to seize my computer? (And in the alternative scenarios above, could they then issue a warrant (subpoena?) for Google to turn over records of where I logged into my gmail from?)
For some other examples, see https://www.accessnow.org/cms/assets/uploads/archive/docs/Rule41botnettestim...
There it is noted that probably any victim of a widescale botnet could have their computer seized under Rule 41 changes. Also examples are given of people merely sharing servers or service providers being so affected. Also how seizure has included and could include in that case interception and re-routing of traffic besides the potential for hardware seizure.
aloha, Paul