Month in review: No privacy for home computers, and the end of 'trustworthy' ransomware?
It’s amazing how quickly a month can pass and how easily a commitment to regularly update your blog goes by the wayside. The past month, I’ve written more than a dozen articles, but two that deal with important events stand out.
The ruling by Senior U.S. District Judge Henry Coke Morgan Jr. allowing the FBI to use a single warrant to run information gathering tools on the systems of suspected criminals that browse, in the current case, a site with illict images. Judge Morgan even stated that a warrant is unnecessary because of the type of crime being investigated and because users should have no “objectively reasonable expectation of privacy.”
I’ll let the judge explain his reasoning:
[H]acking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public’s reasonable expectations of privacy. Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion. Indeed, the opposite holds true: In today’s digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked.
— Senior U.S. District Judge Henry Coke Morgan Jr.
While the specific ruling applies to a limited subset of information — the IP address and system data of the suspect — the technique could easily be used to gain more intelligence. The Electronic Frontier Foundation believes the ruling will likely be overturned, but it does show that privacy has become a race to the bottom.
In a similar way, ransomware criminals may be starting their own race to the bottom. They are acting out the Tragedy of the Commons, a parable of individuals making the best short-term decision for themselves, but which has long-term poor consequences for the group. In a statement to local press, Kansas Heart Hospital, a ransomware victim, claimed it had paid a ransom for its data and the criminals asked for more money before turning over the keys to the rest of the hospital’s systems.
Such double-dipping, if it continues, will erode the trust that victims have placed in ransomware operators to date, which could spell the beginning of the end for the scam.
- “Home Computers Connected to the Internet Aren’t Private, Court Rules,” eWEEK
- “How greed could destroy the ransomware racket,” PCWorld
Week (Month) in Review is where I highlight articles that I’ve written and that have been published in the last week.