Tuesday, June 13, 2023

State Surveillance and Ransomware

Section 702 is a controversial part of the Foreign Intelligence Surveillance Act, passed with a bundle of other amendments in 2008. It allows the government to force telecoms and internet companies to grant access to the information they have on their customers, without a warrant. The FBI uses it millions of times a year, sometimes for dubious purposes:

In March, the leader of the House Intelligence Committee’s working group devoted to 702 renewal revealed he had been the target of wrongful searches. Last month, the administration declassified two court opinions that showed the bureau had used the spy tool to search for information about individuals who participated in the 2020 George Floyd protests.

But with Section 702 up for renewal this year, the Biden administration is releasing information on how the government has used Section 702 in the past:

The U.S. government used controversial digital surveillance powers to identify the individual behind the crippling ransomware attack on Colonial Pipeline in 2021 and to claw back a majority of the millions of dollars in bitcoin the company paid to restore its systems, according to senior Biden administration officials. . . . In another instance, the government used information gleaned under those powers — known as Section 702 of the Foreign Intelligence Surveillance Act — to identify and mitigate an Iranian ransomware attack against a nonprofit organization's systems in 2022.

So, yeah, the powers you can use to defeat ransomware hackers can also be used to harass protesters.

In general I am more afraid of Nazis and ransomware gangs than the FBI, and I would like for the government to put them behind bars. If only we could trust them.

2 comments:

David said...

@John

I would agree with your leanings. But I wonder what is keeping us from devising a system by which the issuance of warrants could keep up with the technology. Is there simply no way to construct a system by which, say, the clues that led the FBI toward the Iranian ransomware criminals could pass muster with a court as the basis for a warrant?

John said...

I don't know, but it could be that some kind of bulk, semi-random analysis of masses of data is what generates the clues in the first place.