[IP] Hacking tools tipped to become weapons of the state

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Hacking tools tipped to become weapons of the state
From: Dave Farber <dave@xxxxxxxxxx>
Date: Thu, 11 Mar 2004 07:43:02 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx


Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 11 Mar 2004 11:25:59 -0500
From: Joel Reidenberg <reidenberg@xxxxxxxxxxx>
Subject: **SPAM** ZDNet UK - News - Hacking tools tipped to become weapons of
 the state
To: dave@xxxxxxxxxx

This story was printed from ZDNet UK, located at<http://news.zdnet.co.uk/>http://news.zdnet.co.uk/

[]

Story URL:<http://news.zdnet.co.uk/internet/security/0,39020375,39148211,00.htm>http://news.zdnet.co.uk/internet/security/0,39020375,39148211,00.htm

[]

Hacking tools tipped to become weapons of the state
<mailto:mailroomuk@xxxxxxxxx>Graeme Wearden
ZDNet UK
March 10, 2004, 13:35 GMT

Governments could soon be using hacker tools for law enforcement and thepursuit of justice, according to an expert on IT and Internet law. JoelReidenberg, professor of law at New York-based Fordham University, believesit likely that<http://news.zdnet.co.uk/internet/security/0,39020375,39118640,00.htm>denialof service attacks (DoS) and packet-blocking technology will be employed bynation states to enforce their laws. This could even include attacks oncompanies based in other countries, he says.

Reidenberg told a seminar at the Oxford Internet Institute (OII) on Tuesdaythat democratic governments have an obligation to enforce their laws in theonline space, as well as offline. Previously, this was thought to beextremely difficult due to the global nature of the Web.

"In the 1990s, it was thought states had no way of enforcing their lawsonline. That conventional wisdom doesn't stand up any more," said Reidenberg.

According to security experts, intelligence agencies have been conductinghacking attacks online for years. Reidenberg, though, sees a future wheresuch actions would be just another legal instrument wielded by the state.

In 2000, a French court<http://news.zdnet.co.uk/internet/0,39020369,2082447,00.htm>ordered Yahooto block Nazi paraphernalia from being auctioned through its site in France-- where it is outlawed because it violates France's hate speech laws. Buta US court later ruled that the decision<http://news.zdnet.co.uk/internet/0,39020369,2083341,00.htm>could not beenforced in America, where Yahoo's servers were sited.

At the time, the French government was<http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,2079239,00.htm>ridiculedin some quarters for believing that they could impose their laws oncompanies based in other jurisdictions.

But according to Reidenberg, the power of technologies such as distributedDoS attacks and worms means this is theoretically possible. "Distributeddenial of service attacks and worms are characterised by having policepowers," Reidenberg told the OII. "We think of them today as only beingused by bad people, but these same instruments could just as easily be usedby states to enforce legal judgements."

Some members of the audience at the OII expressed deep concern at thisidea, suggesting that governments couldn't be trusted to wield such powersresponsibly.

Reidenberg pointed out that the Chinese government has already imposedrestrictions on Internet traffic -- the<http://news.zdnet.co.uk/internet/0,39020369,2133588,00.htm>"Great Firewallof China" -- to prevent access to certain Web sites. He suggested that if acase similar to that between the French courts and Yahoo arises again, thecompany concerned could see itself virtually banned from that country."States could soon have technology, if they haven't already, to interceptpackets of data that they have decided shouldn't enter their country, inthe same way we have officials patrolling national borders today,"Reidenberg explained.

Another option could be an 'electronic blockage', where a company would beprevented from communicating across the Web outside of its home country.This would require the development of packet interception techniques, andwould also need the help of intermediaries such as Internet service providers.

In the most extreme example, a company's Web site could even be takenoffline by a distributed DoS attack, which Reidenberg likened to the "deathpenalty", if they failed to comply with a legal order.

One economist with links to the government who attended the seminar saidshe didn't believe regulators are considering such tools at present. ButReidenberg says that as sites such as Amazon, Yahoo, eBay and CNN have allbeen seriously disrupted by<http://news.zdnet.co.uk/business/0,39020645,2084263,00.htm>DoS attackslaunched by malicious hackers, and that the same tools could be effectivelywielded by the forces of law and order.

Before any of this can take place, though, countries will have to lay outclear rules for online enforcement.

Reidenberg told the OII that there must be prerequisite legal authority,stating the conditions when police can resort to online tools. This couldinclude an assessment of the magnitude of the threat. For example, in theYahoo France case, if the presence of Nazi memorabilia for sale online waslikely to lead to public rioting, the French authorities could be justifiedin deciding to attempt to shut Yahoo down immediately.

According to Dr Stephen Coleman, visiting professor in e-democracy at theOII, Reidenberg's views are just one part of a bigger picture surroundinglaw enforcement and government action on the Internet. "There is somespeculation about whether some of the necessary technology exists already,"Coleman said, warning that he was extremely dubious whether we could everhave the effective global intelligence needed, as well as a trulyaccountable appeal process. "In terms of the use of disruptive technology,the UK government's secure intranet is hacked into once every three seconds-- primarily by its allies."

A senior official from Cable&Wireless also warned that there is a muchgreater degree of uncertainly about the location and identity of onlineagents, compared to offline. He believes this would make it much harder forcourts to issue a warrant permitting action to be taken against a Web siterather than an offline entity such as an office.

Another hurdle to be overcome is the problem of third-party damage. Anattack on an Internet bank or email provider could inconvenience Web usersacross many countries -- governments could find it impossible to justifycausing such disruption.

Dr Reidenberg is currently working on a book about states and Internetenforcement. He recently published a research paper on the issue, which canbe seen online<http://papers.ssrn.com/sol3/delivery.cfm/SSRN_ID487965_code339387.pdf?abstractid=487965>here.

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] The perils of Googling
Next by Date: [IP] New Domain Is Proposed
Previous by thread: [IP] The perils of Googling
Next by thread: [IP] Darpa Takes Battle to the Streets
Index(es):
- Date
- Thread