Hacking Isn’t Searching; It’s Quartering

A common critique of the deep state’s dragnet surveillance operation is to depict it as a violation of the Fourth Amendment. The pundits and politicians who publicly railed against the recent NSA and FBI revelations commonly referred to the issue as one of “warrant-less” wiretapping, data collection, and spying.

But that isn’t quite the game that signals intelligence analysts and network security experts are playing.

The invocation of the term “warrant-less” is unsurprising; it hearkens back to the Watergate scandal, and by making that comparison, it helps to make the case that these surveillance programs were just as serious and important as that major kerfuffle back in 1972.

The issue with this is that bugging a hotel room and tampering with evidence are such benign and irrelevant acts compared with what the NSA does routinely. In reality, recent dragnet surveillance revelations are far more destructive, wide-ranging, and horrifying than anything Richard Nixon was capable of doing. The NSA does not fuck around.

Though a well-intended PR trick, the term “warrant-less” does more to downplay the seriousness of governmental dragnet surveillance than it wakes up the general populace. Likening the NSA’s work to merely a search or seizure of evidence significantly misinforms the public about the nature of hacking in a number of ways. Let’s pick them apart, shall we?

The NSA Plays Offense, Not Defense

Perhaps most important to remember is that the NSA is part of the Department of Defense; it is a military organization, not law enforcement.

In almost every instance, hacking a network or device is not an act of defense, but rather an act of offense. When done by the NSA, you can expect it to be a particularly aggressive act — not one to conduct law enforcement activities, but to steal secrets, or to weaponize computing and network hardware.

When a three-letter agency breaks into the system of the Average Joe, that person is usually not the target. Their system was merely a means to some other more dastardly end. For example, a compromised system is often leveraged by the attacker against their agency’s final target, which is often some other state actor. Worse yet, when these attacks are carried out, there’s no guarantee that the agency has masked your private information from the device. So if the target on the other end is capable, they may “hack back,” leaving ordinary citizens right in the crossfire.

There’s No Warrant for Committing Atrocities

Once they gain access to your machine, there are many things that the NSA’s goons can do, and almost all of them are illegal to do in any circumstance no matter who you are, warrant or otherwise. These continued violations of our Constitution’s fundamental protections resembles nothing short of a human rights atrocity.

Some different types of these egregious attacks include:

  • Denial of Service: Overloading a device or network with falsified activity, for the purpose of bringing down critical functionality. This could be as inconsequential as a kid pulling the fire alarm at their middle school, or could be as deadly as an aerial assault by a bomber jet. It all depends on the infrastructure that was attacked and the users impacted by the attack. Either way, it is a crime that cannot be excused by a warrant from a judge.
  • Subversion: Involves the manipulation or degradation of data, in order to incite lowered confidence in the integrity of the information the network provides. This is ultimately a form of PSYOPS — psychological warfare. On the one hand, we routinely criticize Russia for engaging in this kind of activity against the US. On the other hand, we conceive of such warfare as a form of cruel and unusual punishment when it is used against American citizens. This dual narrative could even be seen as the NSA engaging in an ongoing subversion attack against the American people.
  • Masquerade: When an attacker elevates their own permissions/privileges within a computer system in order to leverage credentials to which they should not have access. Imagine if a person broke into the local police headquarters, armed themselves in official gear and a police badge, and then used that false authority to intimidate their enemies. I would hope that no judge on this planet would grant a warrant for such an activity.
  • Forgery: When an attacker dispatches messages from a computer network, pretending to be somebody they aren’t. This is the kind of attack that would happen if a Subversion and a Masquerade had a baby. It involves masquerading as a different computer user in order to subvert the computer system’s messaging systems. Forgery is a state and federal crime in all US jurisdictions.

Could the Constitution Still Be Helpful?

So no, the Fourth Amendment doesn’t have a whole lot to say about the NSA’s activities. Luckily, unlike most of our current elected officials, the Founding Fathers were not idiots. The Bill of Rights still can be of major assistance in the fight against the offensive cyber operations of our military. We just need to rethink which amendment to focus upon.

There is only one amendment to the Constitution that addresses the relationship between the citizenry and the military — the Third Amendment. And it is stunningly apt in helping to make sense of exactly why the NSA’s actions are so objectionable.

The Third Amendment reads as follows, with my own emphases:

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.

Citizens: 1. Military: 0.

As an American, your private property rights as they pertain to the military are quite clear: your rights are superior to theirs. During peace time, the federal government’s soldiers cannot commandeer, lodge themselves into, or otherwise tamper with your property just to carry out their missions.

War — What is it Good For?

Nonetheless, war remains good for absolutely nothing. In a time of war Congress would need to vote to approve explicitly what kind of quartering must be allowed by citizens, and that hasn’t happened yet. This is moot anyway, because we aren’t in a time of war, nor have we been since WWII.

Hey Dummy! It Says “House,” not “Computer”

Some may object to using the term “house” to describe a computer. But it is certainly reasonable to consider a computer under this definition. These days, many individuals have more of their lives inside of their personal computing devices — their PCs, smartphones, and Fitbits — than inside their actual domiciles. Modernity has even brought us to a point where the concept of the digital nomad is an actual thing.

Still not convinced?

  • Where do you read the majority of your news — online, or in the newspaper?
  • Where do you have more photos stored — on your smartphone, or in physical photo albums?
  • Where are the majority of your 2017 financial documents and records stored — a computer, or a filing cabinet?

Exactly.

This is an Important Amendment that Most People Forget About

The Third Amendment was briefly debated before the ratification of the US Constitution, because the consensus was broad: we had to make sure that the Quartering Acts could not happen again. They were, after all, one of the primary tensions that led to the American Revolution in the first place. The Founders knew that the forceful quartering of an occupying force was no burden to force onto a free citizenry.

Perhaps this is why the Third Amendment is so stunningly broad in its definition. Its text begins by placing a restriction on the soldier, so the Third Amendment grants not a positive right per se, but rather a negative right — one that explicitly restricts the actions that may be taken by a soldier of the US. It then goes on to state that it protects the rights of the owner of any house, which means that the house need not even exist on American soil to be protected.

What Now?

What we are trying to stop here is not the mere digital canoodling of the local police or even the FBI. This isn’t an effort to thwart the CIA’s numerous cyber warfare tools exposed by WikiLeaks. What is at risk by not taking appropriate action with respect to the government’s violation of the Third Amendment is the continued sanctioning of their actions by the world’s citizens and, more troubling, the corporations they patronize. (Fuck you, AT&T!)

At the end of the day, the Third Amendment is a federal law that establishes behavioral requirements for the United States military — the very same group committing by far the most atrocious cyber offensives throughout the world. All because lawmakers, politicians, and yes, statistically even you — don’t understand a damn thing about cybersecurity and the evolving digital war frontier.

What’s worse is that people know just as little about the way American government and law is designed to work, so most digital citizens are unprepared to grasp this proverbial double-edged sword from either end. That needs to change immediately. The best takeaway I could ask a layperson to have after considering this is that the ability to intelligently communicate about Constitutional law is something that computer experts and computer users alike must begin to take seriously. What we do for a living is not child’s play — even a child playing on an iPad is no longer mere child’s play. We all have something significant to lose if we lose our fight for our digital rights against the state.

We could try to blame our broken education system for our citizens’ inability to grasp basic American civics. However, I’m sure most Americans agree by now that this once great and meaningful aspect to American life — our public education system — is a lost cause beyond any kind of meaningful repair.

Don’t Consent!!!

I don’t have any truly good advice about where to go from here. I’m not a lawyer, so nothing I say will be even close to helpful on a legal front. So, my best advice is simply: don’t consent.

Make it abundantly, explicitly clear to any intruder into your network that you do not consent to their illegal activities, and that you would like them to exit your property immediately. This won’t help protect you against anything, but maybe if enough people start to do this, it will catch on, and then somebody with actual legal expertise could inform us on how to best proceed in getting our Third Amendment protections back in some legislative fashion.

You can signal your lack of consent to an attacker by learning how to set your computer’s login “message of the day” — aka your /etc/motd file. Better yet, donate to the Electronic Frontier Foundation and get yourself some of these lovely stickers to proclaim your distrust of government surveillance in both the physical and digital realms.

If you’ve got some chutzpah, ask the attacker for their dog tag or badge number on their way out!