Monday, April 28, 2008

Could clicking a link—just clicking it—be a federal-level offense?

Scary opinion piece by Mark Gibbs in ComputerWorld.
Just imagine if one day in the near future the FBI comes to your enterprise with warrants that allow them to seize and remove any computer-related equipment, utility bills, telephone bills, any addressed correspondence sent through the U.S. mail, video gear, camera equipment, checkbooks, bank statements and credit card statements. The first question you'd ask is, "Who has done what?"

You're going to be presume your CEO has been involved in some outrageous stock manipulation, or maybe your CFO has been cooking the books. But no, the agent in charge says: "Someone here clicked on a Web link, and we're going to find out who did it."

A link?! Clicking on a link can now be a federal offense?! Was it a link to the truth about JFK's assassination (which we all know the CIA was responsible for ... or was it the Moonies?). Was the link going to launch an ICBM at the Kremlin? Nope, it was a link to a nonexistent cache of kiddie porn that was created specifically by the FBI to attract pedophiles.

As is often said at moments like these, I am not making this up; this is exactly what happened to a doctoral student at Temple University who was also a history professor at La Salle University named Roderick Vosburgh...

According to federal law, attempts to download child porn, whether successful or not, can result in prison sentences of up to 10 years, and a court found Vosburgh guilty of just that, "attempting" to follow a link, a link set up specially by the FBI to trap pedophiles...

The fact that the action might not have been done by you personally is, apparently, not an issue...

The second issue concerns browser add-ons that attempt to pre-cache the content of links on a page. These add-ons are to improve perceived performance, but imagine that you run a Web search and wind up on a page that links to one of these FBI honeypots: Your browser will access the link and, unless you are masking what you do through something like the Tor network, the Feds will get your IP address. Before you know what's going on, there will be a knock on your door, you'll be hurled to the ground, cuffed, Mirandized, and all of your computer gear, financial records and leftover Chinese food will be en route to the local FBI office.

But what if an employee's browser pre-caches the contents of one of these FBI links, or the employee actually clicks on it? Can you imagine the chaos and insanity that would result from the FBI paying your company a visit? Work would grind to a halt, PCs and other gear would be impounded, records taken and your business would be dead in the water.

Labels: , ,


Post a Comment