Guys (and gals),

I've just read this report from the UK.


Is this common in other parts of the world? Or am I right to be feeling very paranoid and disapproving?

I can understand the need for this in some cases, but I thought the requirement for warrants was designed to protect against mis-use. Think I need to tighten my home network...

Jimbob,

I think that is where the abilities of the authorities is going to fall down. Unless the UK gov has a few 0days to share to the world I could imagine that a lot of this could come down to client-side attacks and phishing, which may fall under entrapment (IANAL). Or some imaginative MitM through insecure or badly configured wireless in more complex cases.

I'd like to see what they intend to throw at the machines to 'investigate'.

But my main concern is that they feel this is acceptable. Whilst a comment to the original article claims that police in the UK have had these powers for awhile and the only change is sharing data with the EU (IANAL so I can't say if this is the case or not), I don't see how anyone can believe, following recent high profile issues that these powers will not get abused. Supposedly the powers are only available if a superior offices deems them accused crimes to be relevant to a minimum crime (3months jail time I think), who confirms if the superiors' belief was correct. And surely if the accusation warrants the penalty a judge would see it the same way and provide the warrant.

I've got no complaints with providing the authorities the ability to conduct investigations; but there must be sufficient checks and balances in place to ensure the power isn't abused. As an example (can't find my link) some councils in the UK have used recent 'terrorist' surveillance provisions to monitor which residents put their bin out the night before collection day.

Why not have the ability in place, providing a judge agrees and provides the warrant?

Additionally, what happens if the authorities 'search' a PC for an individual accused of a crime that warrants the search and they find no evidence of the original crime, but find evidence of a lesser offence? is the evidence still valid despite being gained through the backdoor?

How can the authorities ensure, 100%, that their searches will have no negative impact to the working of an innocent persons private property (I think we're still innocent until proven guilty aren't we?...)

How can the authorities ensure, 100%, that no 'remains' will be left in the system following their intrusion. McKinnon supposedly did no damage to the systems he connected to, but the US government claim the clean-up bill was huge because they couldn't ensure that there wasn't something on the systems that they had missed. If the US can't prove this, how can an individual with a home PC?

I think these, and many more, questions need answering

</rant - sorry folks....>

As we already know the UK has more CCTV than any country, and its big brother central here.

I dont think its right they can just do what they want when they want, I dont think its right, what happens if they got in and decided to plant something?

Still might be an interesting job

Mmmm hadn't thought of that (must have been optimistic for change), makes it scarier than I originally thought 

I loved this bit:


Dispite the potential ineffectiveness of this method it raises issues such as:

- as there is now a potential market for malware in the form of governments, where do malware writers stand legally now?
- if a security researcher finds said malware, reverses it and reports on it's inner workings on the internet, where does this put the security researcher legally?
- if a security researcher developes a tool to remove government malware - where does it put them - or any anti-virus company/group for that matter.
- how the hell are they going to deal with people who actually know how to secure their pc's? 

orwellian slope anyone?