Ethics, Society & Politics

Stopping law enforcement hacking

Saal 1
Christopher Soghoian
We didn’t win the second crypto wars. Governments merely made a strategic retreat and they’ll be back. Although they will likely give up on trying to regulate or prohibit encryption, we should expect that malware and law enforcement hacking will play a starring role in the next battle in the crypto wars.
In a world where encryption is increasingly the norm, the cops aren’t going to give up and go home. No, they’ll target our scarily insecure mobile devices and computers. How did we get here, what's going on, and what can we do to stop it? Come to this talk to find out. For more than fifteen years, the FBI has had a dedicated hacking team. Until recently, this team’s hacking operations were shrouded in near-complete secrecy. That is slowly starting to change. And while we still don’t know a lot, what we have learned is alarming. For example, in order to deliver malware, the FBI has impersonated journalists and engaged in bulk-hacking operations that targeted users of legitimate communications services (TorMail). As the next crypto wars unfold in Washington, London and Brussels, we should expect to see law enforcement hacking play a central role in the debate. With the mass, default adoption of full disk encryption storage and end-to-end encryption for communications, law enforcement agencies will no doubt struggle to acquire data that has traditionally been easy for them to get. This will likely result in two significant policy shifts – first, it will force law enforcement hacking out of the shadows, and second, it will cause hacking tools to trickle down from elite, well-resourced federal law enforcement units to regional and local cops, who are most impacted by encryption, the least technically sophisticated and the most likely to abuse hacking tools. If a world in which the FBI hacks is scary, just wait until local police departments are doing it too. We must stop the spread of hacking as a law enforcement tool, before it is too late.

Additional information

Type lecture
Language English

More sessions

12/27/16
Ethics, Society & Politics
Cian Westmoreland
Saal 1
As they say in the Air Force, ‚No comms no bombs‘, – A technician’s insight into the invisible networks governing military drones and the quest for accountability
12/27/16
Ethics, Society & Politics
Kurt Opsahl
Saal 1
Both strong end-to-end communications encryption and device encryption are legal in most jurisdictions today, and remain widely available. Yet software programmers and hardware producers are increasingly under pressure from law enforcement and policy makers around the world to include so-called backdoors in encryption products.
12/27/16
Ethics, Society & Politics
RA Ulrich Kerner
Saal 2
Polizeibehörden und Geheimdienste sammeln Daten der Bürger – mehr als je zuvor. Der Bestand an unterschiedlichen Datenbanken ist enorm gewachsen und geradezu unübersichtlich geworden. Aufgrund datenschutzrechtlicher Regelungen gibt es für etliche dieser Datenbanken einen gesetzlichen Auskunftsanspruch des Bürgers.
12/27/16
Ethics, Society & Politics
Joseph Cox
Saal 1
In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser exploit to target over 4000 computers spread across the world based on a single, arguably illegal warrant.
12/27/16
Ethics, Society & Politics
Erik
Saal 2
This talk presents the results of the technical analysis for the German Parliamentary Committee investigating the NSA spying scandal on geolocation methods in mobile networks.
12/27/16
Ethics, Society & Politics
Max Mehl
Saal G
Nach drei Jahren wurde endlich die nutzerunfreundliche Praxis des Routerzwangs („Compulsory Routers“) gesetzlich für unzulässig erklärt, und aktuell treibt uns die EU-Funkabschottung („Radio Lockdown Directive“) um. Um was geht es dabei? Und was können wir daraus für andere Fälle lernen?
12/27/16
Ethics, Society & Politics
Saal 2
After three years the EU has for the first time new Net Neutrality rules. What do they mean in practice? Which commercial practices by ISPs are allowed and which have to be punished by the telecom regulator. We give an overview about three years of campaign and where we go from here.