A firm called SpyCloud is selling your data to law enforcement.Whats worse is that the sources of that data are hackers.
Thats right: A company is selling data it says is stolen to the police so they can decide if youre guilty of something. There are no words.
Of course, theres the small matter of federal law: 18 U.S.C. 2315Receipt of Stolen Propertyapplies if a person willfully receives valuable stolen property thats been moved across state lines.
Is law enforcement above the law? And if not, who enforces the law in that case?In todays SBBlogwatch, stop the worldwe want to get off.
Your humble blogwatchercurated these bloggy bits for your entertainment. Not to mention:the black hole in your yard.
Whats the craic?Joseph Cox reportsPolice Are Buying Access to Hacked Website Data:
Breached data now has another customer: law enforcement. Companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads.[In] webinar slides by a company called SpyCloud, presented to prospective customersthe company claimed to empower investigators from law enforcement agencies and enterprises. The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data.[It] raises questions about whether law enforcement agencies should be leveraging information originally stolen by hackers. [They] would also be obtaining access to hacked data on people who are not associated with any crimesand would not need to follow the usual mechanisms.SpyCloud confirmed the slides were authentic. Were turning the criminals data against them, or at least were empowering law enforcement to do that, Dave Endler, co-founderof SpyCloud, [said]. The data that were providing to law enforcement, tends to be data thats already in the hands of criminals, and in our mindset it tends to be already public.That may be the case for some particularly widely traded breaches, but others are not as simple to obtain. Data trading forums often ask users to pay for datasets.
Should I be worried?Shoshana Wodinsky addsLaw Enforcement Is Buying Its Way Into Our Breaches:
Right now, theres a good chance your digital life is multitudes bigger than it was just a few months ago. Theres also a good chance that you (again, like everyone I kn0w), are rightfully concerned about the digital paper trail youre now leaving behind, either for data-hungry brokers or for national authorities.Because Spycloud is a private company, these agencies can fudge the Fourth Amendment to get their hands on that data wherever they want, whenever they want, no warrant required. Look, I dont doubt that [this] pretty unassuming companyhas its heart in the right place herebut theres still something about this service that makes meuncomfortable.Maybe its becausethe Spycloud website boasts about how they couldbe handing these cops highly enriched PII like first and last names, addresses, phone numbers, dates of birth, SSNs, and 150 other types of data. Maybe its because Ive seen firsthand how easy it is for these sorts of data breaches to ruin someones life.Agencies like the DOJa confirmed Spycloud customercan get this data behind our backs. While warrantless collection of this sort of data is typically a major slap in the face to the Fourth Amendment, federal authorities in our country have a storied history of bypassing those pesky legal requirements.
How is that even legal?Tyler Sonnemaker shines more light from above: [Youre firedEd.]
Law enforcement agencies have been buying up data originally obtained by hackers, including peoples emails, usernames, passwords, internet addresses, and phone numbers, from a cybersecurity company called SpyCloud, allowing them to bypass normal legal processes. While SpyCloud presents its tools as a way to help law enforcement investigators (and companies) catch cybercriminals, it also raises concerns about enabling them to collect information on innocent people.Investigators often need permission from a court to obtain certain types of digital information, but buying breach data from a private company gives them a more efficient and less accountable way to scoop up data. More than 15 billion records were exposed in nearly 8,000 breaches in 2019, according to Risk Based Security, giving law enforcement a treasure trove of personal data.While companies argue their products play a vital role in helping the government track down criminals and terrorists, theyve also sparked backlash from civil rights and privacy advocates and increasingly, from employees.
Wait, so is it legal?Ilia Kolochenko thinks not:
As a matter of practice, some law enforcement organisations and police units indeed occasionally buy stolen data from various sources. The data may then be used for a wide spectrum of monitoring, preventive or investigative purposes.Its usage, however, rarely becomes official and mostly serves different in-house purposes. The use of stolen, or otherwise unlawfully obtained data or evidence, is expressly prohibited by law.Moreover, subpoenaed data will likely be more recent, relevant, and complete, and wont pose problems for law enforcement officers later if a defendantcan afford skilled criminal defense lawyers.
So its illegal, right?Luthair agrees, but thinks around the problem:
One wonders the general legality in accessing this data for other purposes, and its admissibility in court or are they simply creating [a] parallel constructionabout how they might have otherwise arrived at some knowledge?
But wont somebody think of the children?Heres the National Child Protection Task Force CEO Kevin Metcalf:
Breach data is used by criminals every day. Together SpyCloud and NCPTF are using that data against them. Were proud to partner with SpyCloud to aid child trafficking investigators in solving important, time-sensitive cases.
In summary?ShanghaiBill cuts to the chase:
[The police] paid for it, supplying profit to the criminals and incentivizing future crime. They obtained, through criminal means, information that they would have never been allowed to collect with a legal warrant.They should be fired. Their supervisors should be fired. The politicians that allowed this to happen should be named andvoted out of office.
AndKevin Beaumont@GossiTheDogdoesnt sound positive:
Between cops routinely paying their own ransomware and now buying hacked data, we really are empowering police in the US to pay criminals, to keep their jobs.Seriously though, guardrails need putting up internationally around use of stolen data including security companies and authorities. Its a wild west, and Im not sure its healthy.
Meanwhile,its sauce for the goose, thinks knaapie:
Interesting. If usage of information from hacks by law enforcement is legitimate, then the usage of information from hacks by, for instance, Wikileaks would be legitimate too.
The mystery of black hole entropy
Previously in And Finally
You have been readingSBBlogwatchbyRichiJennings. Richi curates the best bloggy bits, finest forums, and weirdest websites so you dont have to. Hate mail may be directed to@RiCHiorsbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Anja/cocoparisienne (via Pixabay)
Recent Articles By Author
Go here to see the original:
Police Buy Hacked Data, to Fish for EvidenceIs That Even Legal? - Security Boulevard
- Quinn: Supreme Court should clarify Fourth Amendment rights in the digital age [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Fourth amendment | Wex Legal Dictionary / Encyclopedia ... [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- The Fourth Amendment is destroyed by the Roberts led Supreme Court. - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Protections for e-data clear Senate committee [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Weighing The Risks Of Warrantless Phone Searches During Arrests [Last Updated On: April 29th, 2014] [Originally Added On: April 29th, 2014]
- Court may let cops search smartphones [Last Updated On: April 29th, 2014] [Originally Added On: April 29th, 2014]
- Supreme Court to hear case on police searches of cellphones [Last Updated On: April 29th, 2014] [Originally Added On: April 29th, 2014]
- Fourth Amendment in the digital age: Supreme Court to decide if police can search cellphones without a warrant [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- What Scalia knows about illegal searches [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- Should police be allowed to search your smartphone - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- The Shaky Legal Foundation of NSA Surveillance on Americans [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Pennsylvania Supreme Court rules police don't need warrants to search cars [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- Local police: Updated vehicle-search law still requires probable cause [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- Liberal Supreme Court Justice Comes To The Defense Of Scalia [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- Smartphones and the Fourth Amendment - Video [Last Updated On: May 4th, 2014] [Originally Added On: May 4th, 2014]
- Fourth Amendment Defined & Explained - Law [Last Updated On: May 6th, 2014] [Originally Added On: May 6th, 2014]
- I-Team: Do police seek search warrant friendly judges? [Last Updated On: May 8th, 2014] [Originally Added On: May 8th, 2014]
- Is Big Brother Listening? Applying the Fourth Amendment in an Electronic Age - Video [Last Updated On: May 9th, 2014] [Originally Added On: May 9th, 2014]
- Magistrate waxes poetic while rejecting Gmail search request [Last Updated On: May 10th, 2014] [Originally Added On: May 10th, 2014]
- The Fourth Amendment - Video [Last Updated On: May 10th, 2014] [Originally Added On: May 10th, 2014]
- License reader lawsuit can be heard, appeals court rules [Last Updated On: May 15th, 2014] [Originally Added On: May 15th, 2014]
- Seize the Rojo - Video [Last Updated On: May 16th, 2014] [Originally Added On: May 16th, 2014]
- NSA Spying Has a Disproportionate Effect on Immigrants [Last Updated On: May 16th, 2014] [Originally Added On: May 16th, 2014]
- Motorists sue Aurora, police in 2012 traffic stop after bank robbery [Last Updated On: May 18th, 2014] [Originally Added On: May 18th, 2014]
- Judge Says NSA Phone Surveillance Likely Unconstitutional - Video [Last Updated On: May 21st, 2014] [Originally Added On: May 21st, 2014]
- New York Attorney Heath D. Harte Releases a Statement on Fourth Amendment Rights [Last Updated On: May 22nd, 2014] [Originally Added On: May 22nd, 2014]
- The Fourth Amendment Rights - Video [Last Updated On: May 23rd, 2014] [Originally Added On: May 23rd, 2014]
- Bangor Area School District teachers vote no to random drug [Last Updated On: May 24th, 2014] [Originally Added On: May 24th, 2014]
- I Don't Care About The Contitution, Take Your Fourth Amendment And Shove It The Hills Hotel - Video [Last Updated On: May 27th, 2014] [Originally Added On: May 27th, 2014]
- Lonestar1776 at Illegal Checkpoint 80 Miles Inside Border - Standing UP & Pushing Back! pt 2/2 - Video [Last Updated On: August 31st, 2014] [Originally Added On: August 31st, 2014]
- Suit charges Daytona Beach's rental inspection program violates civil rights [Last Updated On: September 3rd, 2014] [Originally Added On: September 3rd, 2014]
- 4th Amendment - Laws.com [Last Updated On: September 4th, 2014] [Originally Added On: September 4th, 2014]
- YOU CAN ARREST ME NOW (cops refuse, steal phone) - Video [Last Updated On: September 7th, 2014] [Originally Added On: September 7th, 2014]
- The Feds Explain How They Seized The Silk Road Servers [Last Updated On: September 8th, 2014] [Originally Added On: September 8th, 2014]
- Volokh Conspiracy: Does obtaining leaked data from a misconfigured website violate the CFAA? [Last Updated On: September 9th, 2014] [Originally Added On: September 9th, 2014]
- Defence asks judge in NYC to toss out bulk of evidence in Silk Road case as illegally obtained [Last Updated On: September 10th, 2014] [Originally Added On: September 10th, 2014]
- Family of a mentally ill woman files lawsuit against San Mateo Co. after deadly shooting [Last Updated On: September 10th, 2014] [Originally Added On: September 10th, 2014]
- Minnesota Supreme Court upholds airport drug case decision [Last Updated On: September 12th, 2014] [Originally Added On: September 12th, 2014]
- Law Talk - Obamacare Rollout; Fourth Amendment, NSA Spying Stop & Frisk DUI Check Points lta041 - Video [Last Updated On: September 12th, 2014] [Originally Added On: September 12th, 2014]
- Volokh Conspiracy: The posse comitatus case and changing views of the exclusionary rule [Last Updated On: September 15th, 2014] [Originally Added On: September 15th, 2014]
- Guest: Why the privacy of a public employees cellphone matters [Last Updated On: September 16th, 2014] [Originally Added On: September 16th, 2014]
- Volokh Conspiracy: Apples dangerous game [Last Updated On: September 19th, 2014] [Originally Added On: September 19th, 2014]
- Judge expounds on privacy rights [Last Updated On: September 20th, 2014] [Originally Added On: September 20th, 2014]
- Great privacy essay: Fourth Amendment Doctrine in the Era of Total Surveillance [Last Updated On: September 20th, 2014] [Originally Added On: September 20th, 2014]
- The Fourth Amendment By Maison Erdman - Video [Last Updated On: September 20th, 2014] [Originally Added On: September 20th, 2014]
- Volokh Conspiracy: When administrative inspections of businesses turn into massive armed police raids [Last Updated On: September 22nd, 2014] [Originally Added On: September 22nd, 2014]
- The chilling loophole that lets police stop, question and search you for no good reason [Last Updated On: September 23rd, 2014] [Originally Added On: September 23rd, 2014]
- Pet Owners Look to Muzzle Police Who Shoot Dogs [Last Updated On: September 27th, 2014] [Originally Added On: September 27th, 2014]
- Volokh Conspiracy: A few thoughts on Heien v. North Carolina [Last Updated On: September 29th, 2014] [Originally Added On: September 29th, 2014]
- Volokh Conspiracy: Third Circuit on the mosaic theory and Smith v. Maryland [Last Updated On: October 1st, 2014] [Originally Added On: October 1st, 2014]
- Volokh Conspiracy: Third Circuit gives narrow reading to exclusionary rule [Last Updated On: October 2nd, 2014] [Originally Added On: October 2nd, 2014]
- Volokh Conspiracy: Supreme Court takes case on duration of traffic stops [Last Updated On: October 3rd, 2014] [Originally Added On: October 3rd, 2014]
- Search & Seizure, Racial Bias: The American Law Journal on the Philadelphia CNN-News Affiliate WFMZ Monday, October 6 ... [Last Updated On: October 3rd, 2014] [Originally Added On: October 3rd, 2014]
- Argument preview: How many brake lights need to be working on your car? [Last Updated On: October 3rd, 2014] [Originally Added On: October 3rd, 2014]
- The 'Barney Fife Loophole' to the Fourth Amendment [Last Updated On: October 3rd, 2014] [Originally Added On: October 3rd, 2014]
- Search & Seizure: A New Fourth Amendment for a New Generation? - Promo - Video [Last Updated On: October 4th, 2014] [Originally Added On: October 4th, 2014]
- Ap Government Fourth Amendment Project - Video [Last Updated On: October 4th, 2014] [Originally Added On: October 4th, 2014]
- Lubbock Liberty Workshop With Arnold Loewy On The Fourth Amendment - Video [Last Updated On: October 5th, 2014] [Originally Added On: October 5th, 2014]
- Feds Hacked Silk Road Without A Warrant? Perfectly Legal, Prosecutors Argue [Last Updated On: October 7th, 2014] [Originally Added On: October 7th, 2014]
- Supreme Court Starts Term with Fourth Amendment Case [Last Updated On: October 7th, 2014] [Originally Added On: October 7th, 2014]
- Argument analysis: A simple answer to a deceptively simple Fourth Amendment question? [Last Updated On: October 9th, 2014] [Originally Added On: October 9th, 2014]
- Feds Say That Even If FBI Hacked The Silk Road, Ulbricht's Rights Weren't Violated [Last Updated On: October 9th, 2014] [Originally Added On: October 9th, 2014]
- Mass Collection of U.S. Phone Records Violates the Fourth Amendment - Video [Last Updated On: October 9th, 2014] [Originally Added On: October 9th, 2014]
- Leggett sides with civil liberties supporters [Last Updated On: October 10th, 2014] [Originally Added On: October 10th, 2014]
- Search & Seizure / Car Stops: A 'New' Fourth Amendment for a New Generation? - Video [Last Updated On: October 10th, 2014] [Originally Added On: October 10th, 2014]
- The Fourth Amendment- The Maininator Period 4 - Video [Last Updated On: October 10th, 2014] [Originally Added On: October 10th, 2014]
- Judge nukes Ulbricht's complaint about WARRANTLESS FBI Silk Road server raid [Last Updated On: October 11th, 2014] [Originally Added On: October 11th, 2014]
- Montgomery County will not hold immigrants without probable cause -- Gazette.Net [Last Updated On: October 13th, 2014] [Originally Added On: October 13th, 2014]
- Debate: Does Mass Phone Data Collection Violate The 4th Amendment? [Last Updated On: October 14th, 2014] [Originally Added On: October 14th, 2014]
- Does the mass collection of phone records violate the Fourth Amendment? [Last Updated On: October 19th, 2014] [Originally Added On: October 19th, 2014]
- When Can the Police Search Your Phone and Computer? [Last Updated On: October 21st, 2014] [Originally Added On: October 21st, 2014]
- Supreme Court to decide if cops can access hotel registries without warrants [Last Updated On: October 22nd, 2014] [Originally Added On: October 22nd, 2014]
- Third Circuit Allows Evidence from Warrantless GPS Device [Last Updated On: October 22nd, 2014] [Originally Added On: October 22nd, 2014]
- US court rules in favor of providing officials access to entire email account [Last Updated On: October 24th, 2014] [Originally Added On: October 24th, 2014]
- EL MONTE POLICE OFFICER VIOLATES ARMY VETERAN'S FOURTH AMENDMENT RIGHT - Video [Last Updated On: October 25th, 2014] [Originally Added On: October 25th, 2014]
- FBI demands new powers to hack into computers and carry out surveillance [Last Updated On: October 30th, 2014] [Originally Added On: October 30th, 2014]
- Fourth Amendment (United States Constitution ... [Last Updated On: November 4th, 2014] [Originally Added On: November 4th, 2014]
- Fourth Amendment - Video [Last Updated On: November 4th, 2014] [Originally Added On: November 4th, 2014]
- Call Yourself a Hacker and Lose Fourth Amendment Rights - Video [Last Updated On: November 5th, 2014] [Originally Added On: November 5th, 2014]
- Volokh Conspiracy: Magistrate issues arrest warrants for 17 years but is new to probable cause [Last Updated On: November 7th, 2014] [Originally Added On: November 7th, 2014]