> What would a perfect attacker do?
If you had physical access to the computer, some sort of bus interception to exfiltrate data from the machine.
replies(2):
If you had physical access to the computer, some sort of bus interception to exfiltrate data from the machine.
* Require a copy of the badge number, and verify that this officer is assigned and expected to be at this business right now.
* Require them to sign into and out of the site.
* Annotate which systems / compromises are in place.
- That all of the above MIGHT be sealed under a court order; I would hope any such order has an automatic 'sunset' date, and possibly renewal upon review by a different judge.
Well, that’s true in countries like Germany or the US. I suspect in somewhere like Russia or China, formal complaints are unlikely to achieve anything except invite government retaliation.
No, you don't. If they have a warrant then you need to let them in for the purposes specified in the warrant. Otherwise you're free to tell them to piss off. Unfortunately you're also free to acquiesce to any of their demands.
This kind of passive, default-compliant attitude from service providers, while understandable from a "path of least resistance" standpoint, is exactly the kind of behavior that allows the third party doctrine to circumvent so many of our basic rights. As a service provider, often the more difficult path is to challenge authority, rather than to cooperate with it. And unfortunately that means that most service providers will simply cooperate.
Any lawyer will tell you - if law enforcement attempts a warrant-less search, you tell them you do not consent to it, but you do not attempt to physically stop them from performing it. Tell them they are unwelcome and to come back with a warrant, but if they insist on entering in spite of that, you let them in.