Could You Detect This?

Military prosecutors who are prosecuting a Navy SEAL for killing an Islamic State prisoner are now charged with bugging emails and documents that they sent to defense lawyers.

The bugs, known in the trade as beacons, tell the person who installed it who has opened the document based on their IP address and also provides other information that is returned by the beacon.

In the case of attorney-client communications, these beacons could represent prosecutorial misconduct when installed by the government and may also violate attorney-client protections.

The government claims that they bugged the documents because they are investigating leaks, but the defense says that it must be the government doing the leaking because the media is reporting on the documents before the defense even receives them.

Without regard to this particular case, bugging documents is relatively normal in business – to see if documents shared in confidence are being distributed further than the creator intended.  There are even commercial products that facilitate doing this.  One such product is Thinkst Canary.

Would you be able to detect this kind of surveillance if someone were to bug documents sent to you?  Do you think that if someone were to bug documents sent to you, that would be a violation of trust or privacy?

One simple way to temporarily defeat this kind of beaconing is to disconnect the system that the document is on from any network connection of any kind  before opening the document and leave it disconnected while the document is open.  While not impossible, normal commercial beacons do not persist once the document is closed or deleted.

It is likely that installing this sort of beacon may violate state privacy laws due to the data the comes back to the company who installed it.

While there is zero case law on the subject that I am aware of, as the use of beacons becomes more common – both legally and illegally – that will likely end.   This particular case is going on behind closed doors – for now, but that doesn’t mean that the next case will do the same.

Right now, the question is, would you even detect such a beacon if someone sent you an infected (I use that word intentionally because if they can send a beacon, they can send malware) document?

Source: Navy Times.



Leave a Reply

Your email address will not be published.