[Infowarrior] - Cybersecurity researchers halt work with law enforcement, cancel conferences in travel ban's wake

[Richard Forno]

Cybersecurity researchers halt work with law enforcement, cancel conferences in travel ban's wake

Joe Uchill

http://thehill.com/policy/cybersecurity/317355-travel-ban-sways-researchers-not-to-work-with-law-enforcement-cancel

Cybersecurity researchers are not working with law enforcement agencies and conferences are reconsidering events in the U.S. in the wake of President Trump’s executive order temporarily halting travel from seven predominantly Muslim countries and refugee resettlement. 

“I have incredible respect for the law enforcement community,” Jon Sawyer, a well-known Android phone hacker, told The Hill in an interview. “I have a brother that’s a sheriff — who is a good sheriff. But when you have law enforcement blatantly ignoring the courts, that’s a big issue.” 

Sawyer announced via Twitter over the weekend that he would no longer assist law enforcement in forensic investigations until Customs and Border Patrol (CBP) “complies with the court orders, and again when we have sane leadership.”

Though the American Civil Liberties Union (ACLU) won a spate of lawsuits over the executive order, the CBP did not immediately comply with several court orders involving detainment of travelers who took off before the order was signed. 

The ACLU remains unconvinced the administration is fully compliant with the judge's order. An email from government lawyers to the ACLU Tuesday evening said CBP could not yet confirm it had released all detained travelers across the country. 

“We may have no choice but to go back to court,” Lee Gelernt, deputy director of the ACLU’s Immigrants’ Rights Project, told The Hill via email.

At a press conference Tuesday, Department of Homeland Security Secretary John Kelly said “no member of the Homeland Security team knowingly ignored a court order.”

But whether or not the intention was there, initial reports CPB had not abided by the judicial orders jarred many researchers. 

University of Washington robotics law expert Ryan Calo said via email that while Homeland Security has “amazing and dedicated" people, “I'm not going to organize another workshop for them or advise as an expert if it turns out the agency defied a lawful court order.”

Sawyer said that he is also concerned by reports that Border Patrol agents were requiring travelers to unlock phones and provide access to social media accounts for inspection before allowing them to cross. 

“It makes me wonder if something I coded to help with one kind of investigation might be used to violate someone’s privacy in a different investigation,” he said. 

Sawyer says he does formal forensic work for law enforcement agencies “several” times a year and provides help via email even more often. 

“My brother, the sheriff, could call me tomorrow and ask for help and I would have to turn him down,” he said. 

Tech conferences have been similarly impacted by Trump’s travel ban, in part because the order makes it difficult to gather international researchers into the same place. 

The Internet Engineering Task Force (IETF), for example, is already reconsidering future American events.

The IETF determines communications standards used on the internet. 

“The IETF does not make comments on political matters. But we do comment on topics that affect the IETF and the Internet. Specifically, the recent action by the United States government to bar entry by individuals from specific nations raises concerns for us—not only because upcoming IETF meetings are currently scheduled to take place in the U.S., but also because the action raises uncertainty about the ability of U.S.-based IETF participants to travel to and return from IETF meetings held outside the United States,” it wrote on its website Monday. 

The reaction comes after a sibling organization in internet governance, the Internet Corporation for Assigned Names and Numbers, discovered that one of its 20 board members is now barred from entering the United States despite living in the Netherlands and serving as the chief information officer of RIPE NCC, the organization in charge of allotting Europe’s domain names. 

“I have both Iranian and Dutch nationalities and passports and I even have a multiple entry US visa in my Dutch passport but apparently none of that matters! Being born in Tehran means that at least for the next 90 days, I can’t get into the US. This also means I will miss Chicago IETF, where I am being officially appointed as [the Internet Architecture Board’s] liaison to the [IETF Administrative Oversight Committee],” Kaveh Ranijabar wrote Monday on Facebook.
Organizer Per Thorsheim outright canceled the U.S. date of PasswordsCon. 

The conference, pitched as “the first and only conference about passwords,” had held yearly events in both the United States and Netherlands. Its U.S. gathering had been affiliated with the BSides Las Vegas conference in June since 2015. 

“As a Norwegian I can pretty much go anywhere in the world without fear based on my country of origin. It troubles me deeply that people — refugees — are excluded solely on their country of origin. Or religion, as this #MuslimBan EO really seems to be about,” wrote Thorsheim in a post on PasteBin.