Jennifer Granick had harsh words at the Our Advocates Conference for the growing state of mass surveillance and in the United States

Granick, surveillance and counsel at the American Civil Liberties Union, took the stage at OURSA on Tuesday to discuss the state of modern surveillance and hacking performed by the U.S. government, arguing that both cross the line of traditional legal searches.

“Increasingly, modern surveillance is mass surveillance,” Granick said. “We used to target people for surveillance because of their political opinions or their religion or their race. Now the mainstream is being surveilled.”

This mass surveillance is not only mainstream, but it’s still mostly secret from the public, said Granick. This is

because the secrecy that covers surveillance is legal — either by classification or the sealing of surveillance orders that is built into the legal process.

“People should care about this,” Granick said, “because any issue we may care about — be it racism, the environment, poverty and so on — will require

change to overpower the entrenched interests. “Surveillance makes that hard because those people who are in power can use that [collected] information against activists in order to try to silence or neutralize us.”

Granick cited government actions in countries such as Egypt and Ethiopia over the last few years against human rights activists. These governments were performing surveillance on activists and using that information to hack them. And government hacking is an extension of surveillance, said Granick.

It’s also clear governments use hacking in this way because democratic countries are starting to pass laws that make hacking legal, such as in the United Kingdom.

“At least in the UK they call it ‘equipment interference.’ I appreciate the honesty,” Granick said.

Search warrants are cutting it

The U.S. doesn’t currently have specific hacking laws, though the U.S. government uses hacking for law enforcement and intelligence operations. Instead, noted Granick, the U.S. relies on the same legal process for hacking that it does for regular searches — the warrant. While warrants are crucial, they don’t cover enough ground.

“Government hacking is different from regular searches in five particular ways that the warrant requirement can’t really address,” Granick said.

Those ways include the amount of data being collected; the invasiveness of the techniques the government uses to hack and surveil, such as turning on the cameras and microphones on personal laptops and smart devices; and, the falsification of data.

That the incentives are misaligned with the defense, and everybody in this room knows that defense is losing.
Jennifer Granicksurveillance and cybersecurity counsel, ACLU

“If this information is being collected for criminal prosecution purposes, how can we know that the very act of accessing the computer hasn’t changed the information that’s there in ways that impinge upon the defendants’ rights?” Granick posed. “How can the defense test that theory and see that the evidence is not altered in any way if the government insists on keeping the exploit and the vulnerability secret? It interferes the with due process rights of the defendant in the criminal justice system.”

The fourth way in which government hacking is out-of-scope with regular search warrants is the potential cybersecurity harms.

“When you have the government as an incentivized attacker on the network, that is a very different thing from having the government be on the side of

. That means the incentives are misaligned with the defense, and everybody in this room knows that defense is losing” when it comes to cybersecurity, Granick said. “But also there’s the problem of the government losing and them getting

the hands of the wrong people, as has happened with WannaCry.”

Granick said another threat to cybersecurity is when the government doesn’t share information about vulnerabilities or exploit with the vendors or manufacturers so that they could fix the problem.

The final problem, Granick said, is that of public trust.

“In order to serve malware, we’ve seen the government pretend to be an

reporter; serve up child pornography for a period of two weeks; we’ve seen them try to force vendors into creating malicious updates for their products. How can the public trust the government or trust the commercial entities, the devices, the that we deal with every day if this is going to be the way that that government hacking operates?”

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here