Announcement

Collapse
No announcement yet.

Long arm of law reaches into World of Warcraft

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Long arm of law reaches into World of Warcraft

    http://kokomoperspective.com/news/lo...cc4c03286.html

    You might want to re-think using WOW if you like your security.

    Blizzard did more than cooperate. It gave Roberson everything he needed to track down Hightower, including his IP address, his account information and history, his billing address, and even his online screen name and preferred server. From there it was a simple matter to zero in on the suspect’s location.
    I know it's a great game and all. I know a lot of people play it, and I could understand if they were compelled by law to give out this information, but they were not. Yeah, that's right. Blizzard did not need to give out any information. All the government gave them was a letter that asked for the information. It really wasn't even a legal requirement or anything.

    “They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things. Then I finally got a response from them. They sent me a package of information. They were very cooperative. It was nice that they were that willing to provide information.”
    Ugh, this really sucks. I wonder if this is the new precedent for online gaming. Watch out guys.

  • #2
    Re: Long arm of law reaches into World of Warcraft

    So, let me get this straight. A local LEO in cooperation with the US Marshals and the RCMP used WOW to hunt down a wanted fugitive from justice?

    It sounds as though the original LEO did send a subpoena to Blizzard, and they complied with it, even though they didn't have to. Chances are, they consulted with their lawyer's and they said it would be best to comply and send the requested information. Since Blizzard probably wouldn't like the bad press of concealing the information about a known and wanted fugitive.

    So I should be outraged why?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment


    • #3
      Re: Long arm of law reaches into World of Warcraft

      Originally posted by streaker69 View Post
      So, let me get this straight. A local LEO in cooperation with the US Marshals and the RCMP used WOW to hunt down a wanted fugitive from justice?

      It sounds as though the original LEO did send a subpoena to Blizzard, and they complied with it, even though they didn't have to. Chances are, they consulted with their lawyer's and they said it would be best to comply and send the requested information. Since Blizzard probably wouldn't like the bad press of concealing the information about a known and wanted fugitive.

      So I should be outraged why?
      It's not about this particular idiot, that probably deserved to go to jail. Its about freedom and privacy. Its about Blizzard giving out information about customers without being required to by law. Along with billing information that includes credit card information.

      If they sidestep the legal process, who knows if the Marshal would be real next time. This is just a small social engineering hack and a PO Box away from any hacker getting anyone's information.

      There are also other reasons why there are privacy laws. There are reasons there are checks and balances in the legal system. This is part of the democratic process. This is part of our freedom. This is what our country was founded on.

      I don't think I explained that as well as I should have. Can anyone else think of reasons why we should be outraged?

      Comment


      • #4
        Re: Long arm of law reaches into World of Warcraft

        Originally posted by heisenbug View Post
        I know it's a great game and all. I know a lot of people play it, and I could understand if they were compelled by law to give out this information, but they were not. Yeah, that's right. Blizzard did not need to give out any information. All the government gave them was a letter that asked for the information. It really wasn't even a legal requirement or anything.
        This is a non-issue. Nothing personal, but you need to brush up on your knowledge of investigative techniques and legal procedures before you make statement like this.

        This isn't anything new. Subpoenas are routinely requested for all sorts of information pertaining to an investigation. Information requests from utilities/information common carriers for both usage levels and addresses are very common: telephone (including Internet), cable (ditto), power, gas, are all usual subjects of subpoenas.

        Out of state subpoenas are routinely honored. If they are not, then the next step becomes more formalized, involving the Attorney General's offices of the two states, and an instate subpoena will be issued that mirrors the original. In the end the results are the same. Most legal staff know that they can legally ignore an out of state subpoena, but they also know that if they do, they are doing nothing but delaying the inevitable. As long as they have a valid subpoena from a valid jurisdiction somewhere, their clients' butts are covered. That's all they care about.

        Originally posted by heisenbug View Post
        It's not about this particular idiot, that probably deserved to go to jail. Its about freedom and privacy. Its about Blizzard giving out information about customers without being required to by law. Along with billing information that includes credit card information.

        If they sidestep the legal process, who knows if the Marshal would be real next time. This is just a small social engineering hack and a PO Box away from any hacker getting anyone's information.

        There are also other reasons why there are privacy laws. There are reasons there are checks and balances in the legal system. This is part of the democratic process. This is part of our freedom. This is what our country was founded on.

        I don't think I explained that as well as I should have. Can anyone else think of reasons why we should be outraged?
        Nope. The checks and balances were observed. This 'outrage' is clearly your ignorance of legal proceedings. No one 'sidestepped' any legal requirements.
        Thorn
        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

        Comment


        • #5
          Re: Long arm of law reaches into World of Warcraft

          heisenbug, the other guys are right that proper legal procedure was followed. But this does bring up a couple of good points: 1) if you do plan to be a criminal, "hiding" on the internet is not really hiding at all (we think that would be obvious by now, but some people just don't get it), and 2) I think you are right that some criminals might read this story and get the idea to pose as law enforcement and use falsified documents to try to gather information about someone from an online service. Especially a lesser-known online service that cannot afford their own legal team and has no knowledge of the law. It is easy to intimidate the ignorant and trick them into compliance.
          "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

          Comment


          • #6
            Re: Long arm of law reaches into World of Warcraft

            Originally posted by AgentDarkApple View Post
            heisenbug, the other guys are right that proper legal procedure was followed. But this does bring up a couple of good points: 1) if you do plan to be a criminal, "hiding" on the internet is not really hiding at all (we think that would be obvious by now, but some people just don't get it), and 2) I think you are right that some criminals might read this story and get the idea to pose as law enforcement and use falsified documents to try to gather information about someone from an online service. Especially a lesser-known online service that cannot afford their own legal team and has no knowledge of the law. It is easy to intimidate the ignorant and trick them into compliance.
            As far as point #2, it's VERY unlikely. Subpoenas are an everyday occurrence for utilities and common carriers. In all my years as a LEO, I never saw any utility not know a subpoena would be needed to cover an information request. They all know that they need subpoenas to cover themselves legally, otherwise they might be subject to civil lawsuits.

            Could a criminal forge legal papers? Sure. However, they rarely do. Most don't know a lot of that level of detail, despite their continued contact with the legal system. Besides, a subpoena like this is very targeted. It says, in effect that the LEO's agency needs all available information on one subject. They are not requests that say "we want all your credit card records for all your customers". The LEO has to know very specific information about the person they are looking at as the subject of an investigation.

            Besides, there are easier ways for criminals to do get that kind of general information on a whole pile of customers besides trying to forge a subpoena. Just ask Albert Gonzales and T.J. Maxx.
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: Long arm of law reaches into World of Warcraft

              I would like to respectfully disagree. The article was fairly clear on the issue that the subpoena was merely a request.

              Roberson’s subpoena was nothing more than a politely worded request, considering the limits of his law enforcement jurisdiction and the ambiguity of the online world.
              I am not saying that the police did anything illegal, nor that Blizzard did. Nor am I saying that Blizzard was immoral in their decision to get a drug dealer off the streets and into jail. LOL, well I did say, "I don't think I explained that as well as I should have." This is probably the case.

              I am saying that the security and privacy of their customers are at risk if they are willing to give out information about their customers without being obligated to. I am saying they are setting a bad precedent. Are they going to give out information to any government organization, for any customer, on any charge? Remember, their customers are innocent until proven guilty.

              I am also a little concerned about the lack of concern for privacy in the hacker community here. What if this was your bank giving out this information? What if this was your ISP giving out information of what sites you visit (including this one)? What if this was Google, giving out your search history, or software projects, or all of your Google documents (including proprietary work documents)? What if Defcon took names at the entrance instead of just cash and gave out those names without a proper warrant?

              These may be all things that bring down the bad guys, but at what cost? I am not saying that anyone breaking the law shouldn't be prosecuted, or that police shouldn't have access to this information when required to by law. I am just saying that it is concerning to me that customer information is given out by Blizzard so readily.

              Comment


              • #8
                Re: Long arm of law reaches into World of Warcraft

                Originally posted by heisenbug View Post
                I would like to respectfully disagree. The article was fairly clear on the issue that the subpoena was merely a request.
                I think you misunderstand the meaning of "request" in this sense. I read it as "you are not legally obligated to respond to this out of state subpeona, but it would be nice if you did, because we can take this a step higher and make it legally enforceable if need be."

                I think you should re-read this quote from Thorn:
                Originally posted by Thorn
                Out of state subpoenas are routinely honored. If they are not, then the next step becomes more formalized, involving the Attorney General's offices of the two states, and an instate subpoena will be issued that mirrors the original. In the end the results are the same.
                Considering Thorn's background, I would differ to his opinion on how the process works.
                Last edited by theprez98; January 2, 2010, 13:50.
                "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                Comment


                • #9
                  Re: Long arm of law reaches into World of Warcraft

                  Originally posted by heisenbug View Post
                  I would like to respectfully disagree. The article was fairly clear on the issue that the subpoena was merely a request.

                  Quote:
                  Roberson’s subpoena was nothing more than a politely worded request, considering the limits of his law enforcement jurisdiction and the ambiguity of the online world.
                  Sorry, but the paper's summary is incorrect; reporters aren't attorneys, and they rarely have legal training. A subpoena is a legal document, issued by a court system that say's in effect, "You have certain information. You are compelled to turn it over to the investigative agency." Technically, in this particular case, it would only be "a politely worded request" as it is an out of state subpoena, but as I previously explained, it can still be honored.

                  Originally posted by heisenbug View Post
                  I am not saying that the police did anything illegal, nor that Blizzard did.
                  Good. Because they did not do anything illegal. In fact, they did it all by the book.

                  Originally posted by heisenbug View Post
                  Nor am I saying that Blizzard was immoral in their decision to get a drug dealer off the streets and into jail. LOL, well I did say, "I don't think I explained that as well as I should have." This is probably the case.

                  I am saying that the security and privacy of their customers are at risk if they are willing to give out information about their customers without being obligated to. I am saying they are setting a bad precedent. Are they going to give out information to any government organization, for any customer, on any charge? Remember, their customers are innocent until proven guilty.
                  The legal precedents for police agencies collecting information were set LONG ago.

                  Furthermore, there is nothing about guilt or innocence here. You're clearly confusing warrants (a seizure of potential evidence or a person based on Reasonable Suspicion or Probable Cause) with subpoenas (a legally obligating requirement to provide records only).

                  Originally posted by heisenbug View Post
                  I am also a little concerned about the lack of concern for privacy in the hacker community here. What if this was your bank giving out this information? What if this was your ISP giving out information of what sites you visit (including this one)? What if this was Google, giving out your search history, or software projects, or all of your Google documents (including proprietary work documents)? What if Defcon took names at the entrance instead of just cash and gave out those names without a proper warrant?
                  I hate to tell you, but banks honor subpoenas all the time, as does Google. I can't speak for DT, but I suspect part of the reason that DC doesn't collect names is to avoid that kind of situation.

                  But again, you're clearly confusing warrants with subpoenas.

                  Originally posted by heisenbug View Post
                  These may be all things that bring down the bad guys, but at what cost? I am not saying that anyone breaking the law shouldn't be prosecuted, or that police shouldn't have access to this information when required to by law. I am just saying that it is concerning to me that customer information is given out by Blizzard so readily.
                  Your beliefs about the legal system are not based in any way upon the way things actually work.
                  Last edited by Thorn; January 2, 2010, 14:38. Reason: Clarified warrants vs subpoenas
                  Thorn
                  "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                  Comment


                  • #10
                    Re: Long arm of law reaches into World of Warcraft

                    Originally posted by heisenbug View Post
                    These may be all things that bring down the bad guys, but at what cost? I am not saying that anyone breaking the law shouldn't be prosecuted, or that police shouldn't have access to this information when required to by law. I am just saying that it is concerning to me that customer information is given out by Blizzard so readily.
                    If you are so truly concerned about your privacy being invaded by Law Enforcement and people holding that information giving it out. Then you should consider canceling all your utilities, closing all your bank accounts, cutting up all your credit cards, selling your house so you don't have a mortgage and doing all your transactions in cash.
                    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                    Comment


                    • #11
                      Re: Long arm of law reaches into World of Warcraft

                      Some fugitive needs to attend one of Steven Rambam's talks. If you are running from the law, it might be a good idea to stay away from the computer. At least not use the same character name you have used all along.

                      A psychologist might say that he wanted to be caught.

                      xor
                      Last edited by xor; January 2, 2010, 15:31.
                      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                      Comment


                      • #12
                        Re: Long arm of law reaches into World of Warcraft

                        Originally posted by Thorn View Post
                        Your beliefs about the legal system are not based in any way upon the way things actually work.
                        First, I would like to make this clear that I am not trolling here for a reaction. Quite the contrary, I was amazed more people did not feel the same way I did. Your points are well taken. Many of them I agree with, and some I do not.

                        I do appreciate the healthy debate. I have changed my mind on a few of my points, but as far as thePrez's quote: "Considering Thorn's background, I would differ to his opinion on how the process works." I respect your opinion also, but I'm too old to blindly agree with someone simply because of their background. Call it a healthy skepticism (or more likely stupidity).

                        I am not a lawyer, and clearly nor do have the personal experience with subpoenas and warrants as you. I merely am a R&D software and hardware developer, and my experience lies more in an understanding of electronics, software design, and networking than in law. (I also know a little about welding, chemistry, and beer, but that doesn't help much here either.)

                        I have seen too many ISP's stand up to subpoenas and win to completely agree with you. I have seen several cases where the government has asked for more than they were legally allowed to. There have been others where the government gave up because they could get the information from an easier source. Although Blizzard may have eventually have had a legal requirement to give out the information they did not have one when they submitted the information to the government.

                        “They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things.
                        This quote makes me think that Robertson wasn't expecting a response from Blizzard. It seems to me that they didn't need to submit the information yet, and if they put it off they may have never needed to.

                        Comment


                        • #13
                          Re: Long arm of law reaches into World of Warcraft

                          Originally posted by heisenbug View Post
                          I do appreciate the healthy debate. I have changed my mind on a few of my points, but as far as thePrez's quote: "Considering Thorn's background, I would differ to his opinion on how the process works." I respect your opinion also, but I'm too old to blindly agree with someone simply because of their background. Call it a healthy skepticism (or more likely stupidity).
                          It's not about blindly agreeing with anything. It's about assessing the situation and realizing that someone with a long career in law enforcement better understands the legal nuances of subpoenas better than me (or some journalist).
                          "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                          Comment


                          • #14
                            Re: Long arm of law reaches into World of Warcraft

                            Originally posted by heisenbug View Post
                            First, I would like to make this clear that I am not trolling here for a reaction. Quite the contrary, I was amazed more people did not feel the same way I did. Your points are well taken. Many of them I agree with, and some I do not.

                            I do appreciate the healthy debate. I have changed my mind on a few of my points, but as far as thePrez's quote: "Considering Thorn's background, I would differ to his opinion on how the process works." I respect your opinion also, but I'm too old to blindly agree with someone simply because of their background. Call it a healthy skepticism (or more likely stupidity).

                            I am not a lawyer, and clearly nor do have the personal experience with subpoenas and warrants as you. I merely am a R&D software and hardware developer, and my experience lies more in an understanding of electronics, software design, and networking than in law. (I also know a little about welding, chemistry, and beer, but that doesn't help much here either.)

                            I have seen too many ISP's stand up to subpoenas and win to completely agree with you. I have seen several cases where the government has asked for more than they were legally allowed to. There have been others where the government gave up because they could get the information from an easier source. Although Blizzard may have eventually have had a legal requirement to give out the information they did not have one when they submitted the information to the government.

                            Quote:
                            “They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things.

                            This quote makes me think that Robertson wasn't expecting a response from Blizzard. It seems to me that they didn't need to submit the information yet, and if they put it off they may have never needed to.
                            That's fine, I both like discussion/debate and have a healthy skepticism, too. As far as ISP's defeating subpoena's, it's never heard of it happening as far as I know, but it certainly could have occurred. That's the kind of thing that keeps lawyers employed.

                            As far as what Robertson said, he may have had an expectation that he would not get the info without pushing for the in-state subpoena, but that's just a guess. Personally, I'd be surprised if it hadn't worked. I've obtained plenty of info by corporations such as AT&T honoring such out of state subpoenas.

                            I do understand the want and need for privacy, but a person has to have realistic expectations, know what the legal limits are, and the point where those limits will be crossed. Besides, I'm more concerned about Google et al and 'the cloud' in regards to privacy. The information that is freely exchanged or between parties that have no real interest is a very gray area legally (and I'm generally against it), whereas the limitations of criminal legal system have been fairly well defined previously.

                            The real answers here are "cash", "TOR" and "don't trust other people to keep things hidden you don't want known."
                            Thorn
                            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                            Comment


                            • #15
                              Re: Long arm of law reaches into World of Warcraft

                              Originally posted by Thorn View Post
                              Besides, I'm more concerned about Google et al and 'the cloud' in regards to privacy. The information that is freely exchanged or between parties that have no real interest is a very gray area legally (and I'm generally against it), whereas the limitations of criminal legal system have been fairly well defined previously.

                              The real answers here are "cash", "TOR" and "don't trust other people to keep things hidden you don't want known."
                              I definitely agree with you on this. I dumped Gmail and other Google services a long time ago and only use it for a junk mail box. I am also very wary of Facebook. I think they would sell someone out in a heartbeat.
                              "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                              Comment

                              Working...
                              X