The US Supreme Court has approved on Thursday several changes to the federal rules around search warrants, one of which would allow US federal law enforcement agents to remotely access suspects’ systems when they don’t know the systems’ IP address because it has been concealed, as well as to access computers that have already been compromised by attackers.
Rule 41 of the new Federal Rules of Criminal Procedure states that “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (a) the district where the media or information is located has been concealed through technological means; or (b) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.”
At the moment, US law enforcement can get search warrants only for computers for which they know the location, and from a judge that has jurisdiction of that physical location.
This new rule, along the other proposed amendments, will go into effect on December 1, 2016, if the US Congress does not oppose them.
Privacy and civil liberties groups, and companies like Google have previously testified before the Supreme Court about the dangers of such changes, but they obviously went unheard.
“Whatever euphemism the FBI uses to describe it – whether they call it a ‘remote access search’ or a ‘network investigative technique’ – what we’re talking about is government hacking, and this obscure rule change would authorize a whole lot more of it,” says Kevin Bankston, Director of New America’s Open Technology Institute.
“Like wiretapping, hacking is uniquely invasive compared to regular searches and raises serious issues under our Fourth Amendment, which protects us from unreasonable searches. Unlike wiretapping, however, Congress has never authorized government hacking nor established protective rules for the road to ensure it’s not abused. Government hacking also raises a host of new and serious risks to privacy and security that wiretapping doesn’t, including the risk that the malware used by the government might spread to innocent people’s computers or cause unintended damage.”
“Instead of directly asking Congress for authorization to break into computers, the Justice Department is now trying to quietly circumvent the legislative process by pushing for a change in court rules, pretending that its government hacking proposal is a mere procedural formality rather than the massive change to the law that it really is,” he pointed out.
“Congress shouldn’t let the Justice Department and an obscure judicial rules committee write substantive law, especially on a novel and complex issue with serious privacy, security, and civil liberties implications. If government hacking is to be allowed at all, it should only be done with authorization from Congress, with strong protective rules in place, and after deep investigation and robust debate.”
US Senator Ron Wyden (D-Ore) has announced his plan to “introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government.”