Medical Cannabis Data Raids: A Security Case Study

From What The Wiki?!

I gave a talk yesterday about U.S. federal law enforcement raids against the medical cannabis community in San Francisco - and some of the privacy and security tools this community is using to protect itself. The presentation included background on the politics of medical cannabis and efforts by this community to change U.S. drug laws - which account for half of the two million people now serving time in U.S. prisons.

The situation remains critical. A few days ago the U.S. Drug Enforcement Administration joined with police in Vancouver, Canada to raid a group of medical cannabis growers there. The U.S. DEA appears to believe that it has jurisdiction in other countries. Individual U.S. states have decriminalized medical cannabis use and have attempted to protect medical cannabis patient data from federal agents by issuing anonymized ID cards. Medical cananbis dispensaries which sell to cannabis patients are beginning to use tools like Neocrypt, PGPdisk, TOR and PGP encrypted e-mail.

The text of my talk can be found on my blog. It includes a link to a sample search warrant and list of data that federal investigators are looking for when they raid a house or business.