FBI Hacking Authority Expanded By Supreme Court - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
News
5/2/2016
08:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

FBI Hacking Authority Expanded By Supreme Court

With the US Supreme Court's approval, warrants to search and seize digital data will be able to authorize government hacking anywhere.

Google Cloud Conundrum: 7 Questions That Need Answering
Google Cloud Conundrum: 7 Questions That Need Answering
(Click image for larger view and slideshow.)

On Thursday, the US Supreme Court presented Congress with changes in the Rules of Criminal Procedure that will allow judges to issue warrants directed at electronic devices outside their jurisdiction. These changes vastly expand the government's surveillance and hacking power.

Magistrate judges are mostly limited to authorizing search and seizures in their jurisdiction. The changes to Rule 41, requested by the Department of Justice and endorsed by the Supreme Court justices, give judges the ability "to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district" if the information sought has been "concealed through technological means" or the device has been damaged without authorization and is held in five or more districts.

Compromised computers are considered "damaged" for the purpose of these rules. This definition allows investigators to infiltrate botnets anywhere in the world using a warrant. But the Center for Democracy and Technology (CDT) contends the rule is overly broad because about 30% of the world's computers could be considered "damaged" -- infected with malware -- and thus could be subject to Rule 41 searches.

(Image: skeeze via Pixabay)

(Image: skeeze via Pixabay)

Among other objections to the changed rules, the CDT has argued that authorizing a search warrant for an unknown location violates the Fourth Amendment requirement that warrants should "[describe] the place to be searched, and the persons or things to be seized."

David Bitkower, Principal Deputy Assistant Attorney General, has defended the constitutionality of the rule change and the utility of adopting the change as a way to deal with anonymization technology. In a Dec. 22, 2014 letter to Judge Reena Raggi, chair of the Advisory Committee on Criminal Rules, he wrote the issue is "whether [search warrants using certain remote search techniques] should as a practical matter be precluded in cases involving anonymizing technology due to lack of a clearly authorized venue to consider warrant applications."

The government use of Network Investigative Techniques, or hacking, as seen in the FBI's recent effort to break into an iPhone used by one of the San Bernardino shooters, has attracted the attention of lawmakers.

In June last year, Senate Judiciary Committee chairman Chuck Grassley (R-IA), wrote a letter to FBI Director James Comey inquiring about government-authorized hacking. "Obviously, the use of such capabilities by the government can raise serious privacy concerns," he wrote, asking for details about FBI policies and procedures when the agency employs spyware. Among the questions he asked was which companies the FBI has impersonated when trying to install spyware through phishing and whether the agency has informed those companies.

[Read Email Privacy Act Wins Sweeping Approval in House.]

US Sen. Ron Wyden (D-OR) issued a statement on Thursday asking members of Congress to reject the government's expanded hacking and surveillance powers. Such significant rule changes should be addressed by Congress, he said.

"Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime," said Wyden. "These are complex issues involving privacy, digital security and our Fourth Amendment rights, which require thoughtful debate and public vetting."

The rule change will take effect on Dec. 1, 2016 unless Congress takes action to alter the rules. Wyden said he plans to introduce legislation to reverse the rule amendments soon.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Commentary
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll