FBI’s plan to expand hacking power advances despite privacy fears

Privacy news
3 mins
fbi-hacking

This post was originally published on March 30, 2015.

Last Monday the Judicial Conference Advisory Committee on Criminal Rules sanctioned a rule change that will expand the FBI’s authority to use hacking techniques to gain access to electronic data.

The committee ruled 11 to 1 in favor of a modification to an old federal rule – Rule 41 – thereby granting judges more leeway in approving search warrants for electronic data, the National Journal reports.

Before the change, judges could only approve a search warrant for material residing within their own judicial district. Now, however, courts will be able to grant search warrants for data located elsewhere.

The federal government says the change to Rule 41 is an essential upgrade to an antiquated rule that will bring it into the 21st century.

The Federal Bureau of Investigation will, it says, benefit from the increased authority which will allow easier access to networks which it can then monitor via tracking software. This, it says, will allow the agency to better monitor criminals who are adept at using technology to cover their tracks.

A number of organisations, including civil rights and civil liberties groups, have spoken out against the rule change, saying the amendment went way beyond a minor tweak and was in fact a major change that could represent a conflict with the Fourth Amendment and the protection it conveys to US citizens against unreasonable search and seizures.

Organisations, such as the American Civil Liberties Union (ACLU), also claimed the rule change could, in theory at least, afford the FBI the ability to target multiple computers simultaneously, possibly including millions belonging to users who are not implicated in any crime.

Search giant Google also added its might to the argument last month, saying it “raises a number of monumental and highly complex constitutional, legal and geopolitical concerns that should be left to Congress to decide”.

Google’s director of law enforcement and information security, Richard Salgado, said the wording of the amendment was too vague, potentially allowing the government to use “remote access” to search and seize or copy electronic data, adding that the specifics of how and what may be searched were missing from the text:

“The term “remote access” is not defined. Sample search warrants submitted by the DOJ to the Committee indicate that “remote access” may involve network investigative techniques, or NITs, which include, for example, the installation of software onto a target device to extract and make available to law enforcement certain information from the device, including IP address, MAC address, and other identifying information.”

Salgado also suggested that the term “remote access” seemed to imply that the government could in fact hack any facility, anywhere, and that the wording around botnets – which can infect millions of computers at a time – could mean that the amendment effectively opened up access to all of those machines to the FBI.

The Justice Department, as to be expected, is all in favour of it though. In December 2014 deputy assistant attorney general of the Criminal Division in the DOJ, David Bitkower, noted in a memo that:

“The proposed amendment would ensure that a court has jurisdiction to issue a search warrant in two categories of investigations involving modern Internet crime: cases involving botnets and cases involving Internet anonymizing techniques”.

Bitkower used the memo to add further clarification, explaining how the proposal would merely simplify the search process without adding any additional authority not already permitted under existing legislation. Bitkower was also keen to stress how judicial oversight would remain, with judges ruling on warrant applications on a case by case basis.

Privacy groups will, however, continue to fight the rule change which is subject to review by the Standing Committee on Rules of Practice and Proceedings, most likely in June, and by the Judicial Conference in September.

American Civil Liberties Union lawyer American Civil Liberties Union issued a statement in which he said:

“Although presented as a minor procedural update, the proposal threatens to expand the government’s ability to use malware and so-called ‘zero-day exploits’ without imposing necessary protections. The current proposal fails to strike the right balance between safeguarding privacy and Internet security and allowing the government to investigate crimes.”

Featured image: J. Jones / ExpressVPN