> What would a perfect attacker do?
If you had physical access to the computer, some sort of bus interception to exfiltrate data from the machine.
replies(2):
If you had physical access to the computer, some sort of bus interception to exfiltrate data from the machine.
* Require a copy of the badge number, and verify that this officer is assigned and expected to be at this business right now.
* Require them to sign into and out of the site.
* Annotate which systems / compromises are in place.
- That all of the above MIGHT be sealed under a court order; I would hope any such order has an automatic 'sunset' date, and possibly renewal upon review by a different judge.
Well, that’s true in countries like Germany or the US. I suspect in somewhere like Russia or China, formal complaints are unlikely to achieve anything except invite government retaliation.
No, you don't. If they have a warrant then you need to let them in for the purposes specified in the warrant. Otherwise you're free to tell them to piss off. Unfortunately you're also free to acquiesce to any of their demands.
This kind of passive, default-compliant attitude from service providers, while understandable from a "path of least resistance" standpoint, is exactly the kind of behavior that allows the third party doctrine to circumvent so many of our basic rights. As a service provider, often the more difficult path is to challenge authority, rather than to cooperate with it. And unfortunately that means that most service providers will simply cooperate.