The FBI’s Quiet Plan to Expand Its Hacking Powers
Authorities are asking a little-known rule-making panel to increase the FBI’s search warrant powers to remotely hack into computers.
Government officials are trying to expand their authority to hack into and locate computers by changing an arcane federal rule governing how judges can approve search warrants.
The Justice Department has petitioned a judicial advisory committee to amend a rule that specifies under what conditions magistrate judges can grant the government search warrants.
The provision, known as Rule 41 of the federal rules of criminal procedure, typically allows judges to issue search warrants only within their judicial district. But the government has asked to alter this restriction to allow judges to approve electronic surveillance to find and search a computer's contents regardless of its physical location, even if the device is suspected of being abroad.
Law-enforcement investigators are seeking the additional powers to better track and investigate criminals who use technology to conceal their identity and location, a practice that has become more common and sophisticated in recent years. Intelligence analysts, when given a warrant, can infiltrate computer networks and covertly install malicious software, or malware, that gives them the ability to control the targeted device and download its contents.
Technology experts and civil-liberties groups strongly oppose the proposed rule change. On Wednesday, several of them testified before the rule-making committee urging a rejection of the Justice Department's proposal. The rule change, they argued, would be substantive and not merely procedural, making it beyond the intended scope of the advisory panel. They also warned that the expansion would threaten the Fourth Amendment's strict limitations on government search and seizures, and allow the FBI to violate the sovereignty of foreign countries.
The judicial panel on Wednesday did little to tip its hand on the issue, but it did aggressively question several witnesses as to what alternative they would prefer that allows federal investigators to keep up with and catch elusive cybercriminals. Many of the rule's critics pleaded that a rule change like this should not be decided by an obscure regulatory panel of legal experts but by Congress.
"I empathize that it is very hard to get a legislative change," said Amie Stepanovich, senior policy counsel with Access, a digital-freedom group. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority."
Stepanovich also warned that the rule change could be applied to large computer networks, such as botnets, and breach the privacy of all users communicating via that network. While botnets, which can sometimes involve millions of computers, are often viewed as sinister, not all of them are, Stepanovich said.
Others noted that the amendment could have dramatic and unintended consequences on foreign relations. Surveillance orders granted for computers located in another country or where the location is unknown would lack the Fourth Amendment's protection against unreasonable search and seizures, said Ahmed Ghappour, a computer law professor at the University of California's Hastings college of law.
"It's like turning on a switch, but instead of turning on a faucet, it's like turning on a fire hose," Ghappour, added, noting that the rule change could usher in unprecedented powers to spy on foreign computer networks.
The FBI has launched an aggressive campaign in recent weeks to preserve and in some cases expand its electronic-surveillance capabilities. FBI Director James Comey has warned that tighter encryption protections on Apple and Google smartphones could lock out agents trying to track criminals ranging from terrorist suspects to child pornographers. Last week, the agencysecretly met with House staffers to discuss legislation that would force U.S. tech companies to grant the government greater backdoor access to their devices.
Despite the FBI's efforts, Congress is unlikely to be supportive of such an agreement, as the tech industry has stated it would undermine its global competitiveness.
The judicial advisory panel will meet again in January to discuss the Justice Department's proposal.
(Image via Jeff Wasserman/Shutterstock.com)
NEXT STORY: Cybersecurity specialist wins House seat