A firm called SpyCloud is selling your data to law enforcement.Whats worse is that the sources of that data are hackers.
Thats right: A company is selling data it says is stolen to the police so they can decide if youre guilty of something. There are no words.
Of course, theres the small matter of federal law: 18 U.S.C. 2315Receipt of Stolen Propertyapplies if a person willfully receives valuable stolen property thats been moved across state lines.
Is law enforcement above the law? And if not, who enforces the law in that case?In todays SBBlogwatch, stop the worldwe want to get off.
Your humble blogwatchercurated these bloggy bits for your entertainment. Not to mention:the black hole in your yard.
Whats the craic?Joseph Cox reportsPolice Are Buying Access to Hacked Website Data:
Breached data now has another customer: law enforcement. Companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads.[In] webinar slides by a company called SpyCloud, presented to prospective customersthe company claimed to empower investigators from law enforcement agencies and enterprises. The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data.[It] raises questions about whether law enforcement agencies should be leveraging information originally stolen by hackers. [They] would also be obtaining access to hacked data on people who are not associated with any crimesand would not need to follow the usual mechanisms.SpyCloud confirmed the slides were authentic. Were turning the criminals data against them, or at least were empowering law enforcement to do that, Dave Endler, co-founderof SpyCloud, [said]. The data that were providing to law enforcement, tends to be data thats already in the hands of criminals, and in our mindset it tends to be already public.That may be the case for some particularly widely traded breaches, but others are not as simple to obtain. Data trading forums often ask users to pay for datasets.
Should I be worried?Shoshana Wodinsky addsLaw Enforcement Is Buying Its Way Into Our Breaches:
Right now, theres a good chance your digital life is multitudes bigger than it was just a few months ago. Theres also a good chance that you (again, like everyone I kn0w), are rightfully concerned about the digital paper trail youre now leaving behind, either for data-hungry brokers or for national authorities.Because Spycloud is a private company, these agencies can fudge the Fourth Amendment to get their hands on that data wherever they want, whenever they want, no warrant required. Look, I dont doubt that [this] pretty unassuming companyhas its heart in the right place herebut theres still something about this service that makes meuncomfortable.Maybe its becausethe Spycloud website boasts about how they couldbe handing these cops highly enriched PII like first and last names, addresses, phone numbers, dates of birth, SSNs, and 150 other types of data. Maybe its because Ive seen firsthand how easy it is for these sorts of data breaches to ruin someones life.Agencies like the DOJa confirmed Spycloud customercan get this data behind our backs. While warrantless collection of this sort of data is typically a major slap in the face to the Fourth Amendment, federal authorities in our country have a storied history of bypassing those pesky legal requirements.
How is that even legal?Tyler Sonnemaker shines more light from above: [Youre firedEd.]
Law enforcement agencies have been buying up data originally obtained by hackers, including peoples emails, usernames, passwords, internet addresses, and phone numbers, from a cybersecurity company called SpyCloud, allowing them to bypass normal legal processes. While SpyCloud presents its tools as a way to help law enforcement investigators (and companies) catch cybercriminals, it also raises concerns about enabling them to collect information on innocent people.Investigators often need permission from a court to obtain certain types of digital information, but buying breach data from a private company gives them a more efficient and less accountable way to scoop up data. More than 15 billion records were exposed in nearly 8,000 breaches in 2019, according to Risk Based Security, giving law enforcement a treasure trove of personal data.While companies argue their products play a vital role in helping the government track down criminals and terrorists, theyve also sparked backlash from civil rights and privacy advocates and increasingly, from employees.
Wait, so is it legal?Ilia Kolochenko thinks not:
As a matter of practice, some law enforcement organisations and police units indeed occasionally buy stolen data from various sources. The data may then be used for a wide spectrum of monitoring, preventive or investigative purposes.Its usage, however, rarely becomes official and mostly serves different in-house purposes. The use of stolen, or otherwise unlawfully obtained data or evidence, is expressly prohibited by law.Moreover, subpoenaed data will likely be more recent, relevant, and complete, and wont pose problems for law enforcement officers later if a defendantcan afford skilled criminal defense lawyers.
So its illegal, right?Luthair agrees, but thinks around the problem:
One wonders the general legality in accessing this data for other purposes, and its admissibility in court or are they simply creating [a] parallel constructionabout how they might have otherwise arrived at some knowledge?
But wont somebody think of the children?Heres the National Child Protection Task Force CEO Kevin Metcalf:
Breach data is used by criminals every day. Together SpyCloud and NCPTF are using that data against them. Were proud to partner with SpyCloud to aid child trafficking investigators in solving important, time-sensitive cases.
In summary?ShanghaiBill cuts to the chase:
[The police] paid for it, supplying profit to the criminals and incentivizing future crime. They obtained, through criminal means, information that they would have never been allowed to collect with a legal warrant.They should be fired. Their supervisors should be fired. The politicians that allowed this to happen should be named andvoted out of office.
AndKevin Beaumont@GossiTheDogdoesnt sound positive:
Between cops routinely paying their own ransomware and now buying hacked data, we really are empowering police in the US to pay criminals, to keep their jobs.Seriously though, guardrails need putting up internationally around use of stolen data including security companies and authorities. Its a wild west, and Im not sure its healthy.
Meanwhile,its sauce for the goose, thinks knaapie:
Interesting. If usage of information from hacks by law enforcement is legitimate, then the usage of information from hacks by, for instance, Wikileaks would be legitimate too.
The mystery of black hole entropy
Previously in And Finally
You have been readingSBBlogwatchbyRichiJennings. Richi curates the best bloggy bits, finest forums, and weirdest websites so you dont have to. Hate mail may be directed to@RiCHiorsbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Anja/cocoparisienne (via Pixabay)
Recent Articles By Author
Go here to see the original:
Police Buy Hacked Data, to Fish for EvidenceIs That Even Legal? - Security Boulevard
- Quinn: Supreme Court should clarify Fourth Amendment rights in the digital age - April 26th, 2014 [April 26th, 2014]
- Fourth amendment | Wex Legal Dictionary / Encyclopedia ... - April 26th, 2014 [April 26th, 2014]
- The Fourth Amendment is destroyed by the Roberts led Supreme Court. - Video - April 26th, 2014 [April 26th, 2014]
- Protections for e-data clear Senate committee - April 27th, 2014 [April 27th, 2014]
- Weighing The Risks Of Warrantless Phone Searches During Arrests - April 29th, 2014 [April 29th, 2014]
- Court may let cops search smartphones - April 29th, 2014 [April 29th, 2014]
- Supreme Court to hear case on police searches of cellphones - April 29th, 2014 [April 29th, 2014]
- Fourth Amendment in the digital age: Supreme Court to decide if police can search cellphones without a warrant - April 30th, 2014 [April 30th, 2014]
- What Scalia knows about illegal searches - April 30th, 2014 [April 30th, 2014]
- Should police be allowed to search your smartphone - Video - April 30th, 2014 [April 30th, 2014]
- The Shaky Legal Foundation of NSA Surveillance on Americans - May 1st, 2014 [May 1st, 2014]
- Pennsylvania Supreme Court rules police don't need warrants to search cars - May 3rd, 2014 [May 3rd, 2014]
- Local police: Updated vehicle-search law still requires probable cause - May 3rd, 2014 [May 3rd, 2014]
- Liberal Supreme Court Justice Comes To The Defense Of Scalia - May 3rd, 2014 [May 3rd, 2014]
- Smartphones and the Fourth Amendment - Video - May 4th, 2014 [May 4th, 2014]
- Fourth Amendment Defined & Explained - Law - May 6th, 2014 [May 6th, 2014]
- I-Team: Do police seek search warrant friendly judges? - May 8th, 2014 [May 8th, 2014]
- Is Big Brother Listening? Applying the Fourth Amendment in an Electronic Age - Video - May 9th, 2014 [May 9th, 2014]
- Magistrate waxes poetic while rejecting Gmail search request - May 10th, 2014 [May 10th, 2014]
- The Fourth Amendment - Video - May 10th, 2014 [May 10th, 2014]
- License reader lawsuit can be heard, appeals court rules - May 15th, 2014 [May 15th, 2014]
- Seize the Rojo - Video - May 16th, 2014 [May 16th, 2014]
- NSA Spying Has a Disproportionate Effect on Immigrants - May 16th, 2014 [May 16th, 2014]
- Motorists sue Aurora, police in 2012 traffic stop after bank robbery - May 18th, 2014 [May 18th, 2014]
- Judge Says NSA Phone Surveillance Likely Unconstitutional - Video - May 21st, 2014 [May 21st, 2014]
- New York Attorney Heath D. Harte Releases a Statement on Fourth Amendment Rights - May 22nd, 2014 [May 22nd, 2014]
- The Fourth Amendment Rights - Video - May 23rd, 2014 [May 23rd, 2014]
- Bangor Area School District teachers vote no to random drug - May 24th, 2014 [May 24th, 2014]
- I Don't Care About The Contitution, Take Your Fourth Amendment And Shove It The Hills Hotel - Video - May 27th, 2014 [May 27th, 2014]
- Lonestar1776 at Illegal Checkpoint 80 Miles Inside Border - Standing UP & Pushing Back! pt 2/2 - Video - August 31st, 2014 [August 31st, 2014]
- Suit charges Daytona Beach's rental inspection program violates civil rights - September 3rd, 2014 [September 3rd, 2014]
- 4th Amendment - Laws.com - September 4th, 2014 [September 4th, 2014]
- YOU CAN ARREST ME NOW (cops refuse, steal phone) - Video - September 7th, 2014 [September 7th, 2014]
- The Feds Explain How They Seized The Silk Road Servers - September 8th, 2014 [September 8th, 2014]
- Volokh Conspiracy: Does obtaining leaked data from a misconfigured website violate the CFAA? - September 9th, 2014 [September 9th, 2014]
- Defence asks judge in NYC to toss out bulk of evidence in Silk Road case as illegally obtained - September 10th, 2014 [September 10th, 2014]
- Family of a mentally ill woman files lawsuit against San Mateo Co. after deadly shooting - September 10th, 2014 [September 10th, 2014]
- Minnesota Supreme Court upholds airport drug case decision - September 12th, 2014 [September 12th, 2014]
- Law Talk - Obamacare Rollout; Fourth Amendment, NSA Spying Stop & Frisk DUI Check Points lta041 - Video - September 12th, 2014 [September 12th, 2014]
- Volokh Conspiracy: The posse comitatus case and changing views of the exclusionary rule - September 15th, 2014 [September 15th, 2014]
- Guest: Why the privacy of a public employees cellphone matters - September 16th, 2014 [September 16th, 2014]
- Volokh Conspiracy: Apples dangerous game - September 19th, 2014 [September 19th, 2014]
- Judge expounds on privacy rights - September 20th, 2014 [September 20th, 2014]
- Great privacy essay: Fourth Amendment Doctrine in the Era of Total Surveillance - September 20th, 2014 [September 20th, 2014]
- The Fourth Amendment By Maison Erdman - Video - September 20th, 2014 [September 20th, 2014]
- Volokh Conspiracy: When administrative inspections of businesses turn into massive armed police raids - September 22nd, 2014 [September 22nd, 2014]
- The chilling loophole that lets police stop, question and search you for no good reason - September 23rd, 2014 [September 23rd, 2014]
- Pet Owners Look to Muzzle Police Who Shoot Dogs - September 27th, 2014 [September 27th, 2014]
- Volokh Conspiracy: A few thoughts on Heien v. North Carolina - September 29th, 2014 [September 29th, 2014]
- Volokh Conspiracy: Third Circuit on the mosaic theory and Smith v. Maryland - October 1st, 2014 [October 1st, 2014]
- Volokh Conspiracy: Third Circuit gives narrow reading to exclusionary rule - October 2nd, 2014 [October 2nd, 2014]
- Volokh Conspiracy: Supreme Court takes case on duration of traffic stops - October 3rd, 2014 [October 3rd, 2014]
- Search & Seizure, Racial Bias: The American Law Journal on the Philadelphia CNN-News Affiliate WFMZ Monday, October 6 ... - October 3rd, 2014 [October 3rd, 2014]
- Argument preview: How many brake lights need to be working on your car? - October 3rd, 2014 [October 3rd, 2014]
- The 'Barney Fife Loophole' to the Fourth Amendment - October 3rd, 2014 [October 3rd, 2014]
- Search & Seizure: A New Fourth Amendment for a New Generation? - Promo - Video - October 4th, 2014 [October 4th, 2014]
- Ap Government Fourth Amendment Project - Video - October 4th, 2014 [October 4th, 2014]
- Lubbock Liberty Workshop With Arnold Loewy On The Fourth Amendment - Video - October 5th, 2014 [October 5th, 2014]
- Feds Hacked Silk Road Without A Warrant? Perfectly Legal, Prosecutors Argue - October 7th, 2014 [October 7th, 2014]
- Supreme Court Starts Term with Fourth Amendment Case - October 7th, 2014 [October 7th, 2014]
- Argument analysis: A simple answer to a deceptively simple Fourth Amendment question? - October 9th, 2014 [October 9th, 2014]
- Feds Say That Even If FBI Hacked The Silk Road, Ulbricht's Rights Weren't Violated - October 9th, 2014 [October 9th, 2014]
- Mass Collection of U.S. Phone Records Violates the Fourth Amendment - Video - October 9th, 2014 [October 9th, 2014]
- Leggett sides with civil liberties supporters - October 10th, 2014 [October 10th, 2014]
- Search & Seizure / Car Stops: A 'New' Fourth Amendment for a New Generation? - Video - October 10th, 2014 [October 10th, 2014]
- The Fourth Amendment- The Maininator Period 4 - Video - October 10th, 2014 [October 10th, 2014]
- Judge nukes Ulbricht's complaint about WARRANTLESS FBI Silk Road server raid - October 11th, 2014 [October 11th, 2014]
- Montgomery County will not hold immigrants without probable cause -- Gazette.Net - October 13th, 2014 [October 13th, 2014]
- Debate: Does Mass Phone Data Collection Violate The 4th Amendment? - October 14th, 2014 [October 14th, 2014]
- Does the mass collection of phone records violate the Fourth Amendment? - October 19th, 2014 [October 19th, 2014]
- When Can the Police Search Your Phone and Computer? - October 21st, 2014 [October 21st, 2014]
- Supreme Court to decide if cops can access hotel registries without warrants - October 22nd, 2014 [October 22nd, 2014]
- Third Circuit Allows Evidence from Warrantless GPS Device - October 22nd, 2014 [October 22nd, 2014]
- US court rules in favor of providing officials access to entire email account - October 24th, 2014 [October 24th, 2014]
- EL MONTE POLICE OFFICER VIOLATES ARMY VETERAN'S FOURTH AMENDMENT RIGHT - Video - October 25th, 2014 [October 25th, 2014]
- FBI demands new powers to hack into computers and carry out surveillance - October 30th, 2014 [October 30th, 2014]
- Fourth Amendment (United States Constitution ... - November 4th, 2014 [November 4th, 2014]
- Fourth Amendment - Video - November 4th, 2014 [November 4th, 2014]
- Call Yourself a Hacker and Lose Fourth Amendment Rights - Video - November 5th, 2014 [November 5th, 2014]
- Volokh Conspiracy: Magistrate issues arrest warrants for 17 years but is new to probable cause - November 7th, 2014 [November 7th, 2014]