An emergency data request is a procedure used by U.S. law enforcement agencies for obtaining information from service providers in emergency situations where there is not time to get a subpoena. In 2022, Brian Krebs reported that emergency data requests were being spoofed by hackers to obtain confidential information.[1][2]
There have been proposals to secure emergency data requests using digital signatures, but this would require substantial technical and legal effort to implement.[1][3]
Implementing digital signatures would not solve the problem of compromised government and law enforcement email accounts. Hackers could still compromise these accounts and use them to submit fraudulent emergency data requests. Additionally, there is no validated master list of authorized law enforcement personnel, making it difficult for service providers to verify the legitimacy of the requests. [4]
References
edit- ^ a b "Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" – Krebs on Security". Retrieved 2022-03-29.
- ^ "Hackers are using fake 'emergency' requests to obtain customer data". SiliconANGLE. 2022-03-29. Retrieved 2024-07-19.
- ^ Wolff, Josephine (2022-04-05). "Apple, Meta, and Discord All Handed User Data Over to Hackers. Now What?". Slate. ISSN 1091-2339. Retrieved 2024-07-19.
- ^ "Compromised email behind fake emergency data requests". Route Fifty. 2022-04-04. Retrieved 2024-07-19.