Was the recent FBI action on Microsoft Exchange an outright overreach of the subpoena?
Sort by:
I’ve had this dialogue over the years as well with telecommunications companies. We've certainly seen more takedowns where Microsoft's helped the government take down bots and take over domains. From what I understood, this time there was some attempt to reach out and even then they were still struggling to get a response from people they targeted. They did a precision thing. You don't want them to do it often, but under certain circumstances it might be okay.
I don't think there is a situation that would make the FBI acceptable because of the ramifications. This is akin to someone saying, “We think your house is dangerous. Without any law in place we're going to come in and change it.” In the US at least, companies operate as private citizens and enjoy the same rights as a private citizen, but the targeted companies were instantly suspended.
I would bet that there are sufficient grounds to sue the federal government for this as an overreach of subpoena. This action says the government can hack private individuals and companies for their own good because somebody overrode an insanely broad subpoena permitting it.
But they had a legal document. They did not hack networks willy-nilly. They went through the legal system to obtain that permission. I think it's a valid point that we need to preserve our liberties. But to me it was not as unauthorized as if they didn't have legal permission.
I read the subpoena and thought it was unusual. The FBI action definitely seemed like an overreach, but either way there's a precedent set now. I did see it as a good precedent though, because if I was a chemical manufacturer who had a chemical spill that I wasn't managing well they would take over the site. I would be kicked out of managing it until it was contained.
Every situation is different, it's a spectrum. There was a legal document as well as attempts at communication, so what would have been the alternative? Should they have let this issue fester? Was this backdoor causing leaks? At what point should somebody step in? You can't take this kind of action often, only in dire-case scenarios, and only after due process has been followed to make the best-case attempt. In certain cases, especially when I work with vendors, as with the Solar Winds issue, there’s a lot going in. So I might be okay with somebody coming in to help me block an issue. In other cases I might have a strong reaction. If I do have the option of saying “Get the hell out of my playground,” I will. I don't want to be hacked.