Menu Home End users Hacking Humour Interviews Opinons Reviews All articles Issues Books
Free Software magazine
Gary Richmond [opinions]

Warrantless Intrusion: yet another reason for Using GNU/Linux (but it may not be enough) [eu] [intrusion] [keyloggers] [hacking]

They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety (Benjamin Franklin)

All manner of campaigns have been tried to persuade Windows users to make the switch to GNU/Linux and every year is heralded as the year of GNU/Linux on the desktop. Whether these things come to pass or not only time will tell, but the latest electronic assault on the integrity of computers which emanates from the British Government via a European directive might just tilt the balance in favour of free and open software. I suspect however that the hard-core Redmondnites will blunder on as usual making the internet a gold mine for any individual, corporation or government maliciously inclined to steal or plant information your computer. So, what exactly is warrantless intrusion?

Hacking computers is hardly new. Electronic surveillance, man in the middle attacks, rootkits, Trojans, adware, malware and keyloggers are well known and have been around for years. Just ask any Windows user but just because you are using GNU/Linux doesn't mean you should be smug. Using any decent distro with a relatively secure browser like Firefox will afford you a degree of protection not available to Windows users, but there is no such thing as 100% security -- and warrantless intrusion knows it. In the USA there is of course the Patriot Act and in the UK there is Regulation of Investigatory Powers Act (RIPA). Despite the fact that when RIPA was passed into law only nine organisations had authority under the act, now seven hundred and ninety two do.

Most sinister of all, it has the power to compel computers users to hand over the private keys of any encryption software they have used to protect e-mail communications, files and whole hard drives. You could at least argue that this is at least blatant coercion but warrantless intrusion is like invisible, silent mission creep and the British Home Office (which has presided over some of the most monumental security cockups and information leaks of citizens' personal details and is now proposing to outsource a database of all UK e-mails and internet usage) has been quietly rolling out plans and powers to allow police to hack into computers without any warrant. The British Freedom of Information Act will avail citizens nothing. The name of the act could have been devised by George Orwell. It's purpose is to feign the illusion of transparent access to information held by employers and government whilst ensuring that you are told nothing of any real significance. Rest assured warrantless intrusions will be exempt from the Act's provisions.

The present British government has had an outbreak of the equivalent of legislative Tourette's syndrome

There was a time when the United Kingdom of Great Britain and Northern Ireland was a country which passed relatively few laws but mostly obeyed them. On the continent, particularly France, infinitely more laws were passed and mostly ignored. Those laws passed were derived in large part from a bottom-up common law, not the Code Napoleon in France which was top down. The present British government has had an outbreak of the equivalent of legislative Tourette's syndrome and much of the uncontrolled judicial outbursts are directed towards to the average citizen. Warrantless intrusion has been rampant in Europe for decades and predates the current terrorist threat. The spiritual home of Hitler, Napoleon, Stalin and Mussolini, Europe has no protection for the individual against the predations of the state in the form of the American Fourth Amendment or the Common Law of England.

It is almost impossible to convey to non-British citizens how deeply and systematically over governed the UK actually is. The levels of surveillance are almost Orwellian and they are directed as much against the law-abiding majority as against criminals and terrorists. Indeed, they seem determined to criminalize the entire population. Combine the totalitarian tendencies of the present government with the directives emanating from the European Union, the most corrupt, undemocratic, unaccountable superstate in the Western world, and you get a securocrat's wet dream come true: Warrantless intrusion. So it is perhaps ironic that the European Community has been to the fore in challenging and fining Microsoft for monopoly behaviour.

Before you accuse me of being naive, a fellow traveller or an useful idiot I should tell you that I have been accused of being well to the right of Attila the Hun so I am no friend to terrorism or sexual predators operating on the internet, but I simply don't trust the government, any government. Watch what they do--not what they say. Remember, my government has publically declared that no citizen has the right to privacy.

Warrantless intrusion, the dirty details

Government spying, in war and peace, is hardly new but the Brussels edict takes it to a new level where the results of "remote searching" (which could involve delivering a malicious payload directly or via an e-mail attachment) by British police can be requested on behalf of police forces in other EU countries like Germany and France. This does not require police to obtain a Magistrate's warrant. However, the government did not need to wait for the EU to do this as an amendment to the Computer Misuse Act of 1990 gave the police powers to make hacking legal when authorised and carried out by the state. In fact the government may not have even needed to wait for that EU directive. If reports are to believed some careless programming by Microsoft engineers is said to reveal that the NSA had their own special access codes built in all versions of Windows, except '95.

Richard Stallman hates RFID. I know, I saw and heard him go off at a tangent about them. In the words of Johnston's Boswell, he tossed and gored several persons--and they were on his side

It is contained in the Windows driver, ADVAPI.DLL. So far three keys have been discovered and not perhaps before time as this piece of detection work will be impossible if tried after the introduction of the next generation of CPUs capable of handling encrypted instruction sets. The British government has been asking for a backdoor into Windows Vista since 2006 so the NSA keys and the Brussels edict will be grist to the mill. So, you say to yourself, bugger Windows, I'll use a GNU/Linux distro instead or I will communicate on the move without a computer but then RFID (aka spychips) might do for you anyway. Richard Stallman hates RFID. I know, I saw and heard him go off at a tangent about them at a public meeting I attended. In the words of Johnston's Boswell, he tossed and gored several persons--and they were on his side!

Even Deep Packet Inspection (DPI) which can be used in conjunction with stateful firewalls to detect and prevent intrusion can be turned to potentially malicious ends like surveillance and censorship. Those well-known ambulance chasers, the anti-virus companies who rely on the inherent flaws in the Windows OS, may have been complicit in this whole business too. The FBI has been reported as developing Trojan software and asked anti-virus vendors to "turn a blind eye" to detecting its keylogger (Haven't they ever heard of Java virtual keyboards ?) Userscripts has them and they work with Greasemonkey. If true it proves the maxim that you just never know what's bundled with proprietary software. So why pay for it when you don't know what's in it and besides you can get better, free and guaranteed to be free of spyware. Clamav, chrootkit or rkhunter ring any bells?

It's ironic really

The supreme irony of technology, even technology rooted in free and open software, underpinned by political literacy and awareness, is that it is a double-edged sword. Like anything we invent it can be a source for good or ill, and as we extend its use and it insinuates its way into every aspect of our lives, we become increasingly dependent on it. We become loathe to abjure it even when it can be and is turned against in order to spy and control for commercial and government reasons. Even using GNU/Linux in this context will be of limited value as it will offer us only limited protections from all the nastiness afflicting Windows users. GNU/Linux has developed massively because of the internet and that is both its strength and its weakness. Weakness? Yes, because although 60% of servers use GNU/Linux running LAMP stacks it does not own ISPs and they are, as far as the governments are concerned, the weak link in the chain. They are commercial undertakings, not charities. They are responsive to their customers as they provide a link to the backbone of the internet but they are also subject to pressures from government as they are a gold mine of information about the internet habits of their customers. Pressure can be brought--and has been.

No turning back alas

There is no going back. Uninventing technology is the stuff of dystopian fantasies

I'm not a technical expert but it seems to me that the only theoretical way to defeat the government's insatiable lust for information, power and control is to create an open source ISP funded by its members like some kind of modern Friendly Society which would be founded on democratic principles and funded by the members. It seems impossible but the Wikipedia project ought not to exist either -- but it does. The other long shot is to pray for the sudden emergence of a technological singularity which moves so impossibly fast that governments cannot keep pace with counter measures. Failing that we all become Luddites and forswear computers and the internet entirely. The withdrawal symptoms would be horrendous. So, the technical hand, having written, cannot unwrite a single word. There is no going back. Uninventing technology is the stuff of dystopian fantasies.


Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice is preserved.