Streamlined FBI warrant approval raises concerns of 'mass hacking'

Privacy critics say the procedural change will enable 'mass hacking' by federal law enforcement, by allowing judges to issue warrants for federal agents to access computers in any jurisdiction. 

|
Steve Dykes/ AP/ File
Sen. Ron Wyden, D-Ore., addresses the crowd of supporters at the Oregon Convention Center after winning re-election in Portland, Ore., Tuesday, Nov. 8, 2016. Senator Wyden was one of three senators who delivered speeches in Congress on Wednesday in an attempt to block changes to Rule 41 of federal rules for criminal procedure.

A change to US search-and-seizure rules took effect Thursday, after repeated failures to block it in Congress, in what some lawmakers and privacy groups say could give the government unprecedented legal authority to hack into millions of computers belonging to innocent Americans.

Calling the change "one of the biggest mistakes in surveillance policy in years," Sen. Ron Wyden (D) of Oregon made a final push Wednesday from the Senate floor to block or delay implementation of the change. But his efforts were thwarted by Sen. John Cornyn (R) of Texas, the majority whip, meaning American judges will now be permitted to issue search warrants that give the FBI authority to access computers in any jurisdiction remotely.

"By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance," Senator Wyden said, vowing to introduce a bill to repeal the rule in the next Congress, as USA Today reported. "Law-abiding Americans are going to ask 'what were you guys thinking?' when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk."

Sen. Chris Coons (D) of Delaware and Sen. Steve Daines (R) of Montana joined Wyden in unsuccessfully seeking a bill to delay the change to Federal Criminal Rule of Procedure 41 – which was authorized last spring by the US Supreme Court – for at least three to six months so the lawmakers could study it further.

The US Department of Justice (DOJ), which requested the change, argued that it is necessary to keep pace with technological changes and so-called "botnets," which are groups of malware-infected computers that can be controlled remotely for criminal purposes. Under the previous procedural rules, FBI agents had been required to secure judicial approval for warrants in each district where an infected computer was located before lawfully hacking into those machines. With the revised rule, the agents could secure one warrant from one judge to lawfully search all infected machines if their real location has been hidden, or if the machines are located in five or more districts.  

"So, if there are more than five computers in the US, or the world for that matter, that have malware they are all subject to search, seizure, and copying by federal police agencies if they can somehow fuzzily be related to a crime in their jurisdiction," Tor Ekeland, a defense attorney who works on federal computer crime cases, wrote in an op-ed for The Christian Science Monitor, urging the public to back attempts to block the rule:

This is true even where the computer owner is innocent of any wrongdoing and is not under investigation. Indeed, in the case of malicious software or botnets, computer owners may not even be aware of their device's participation. And given that some 30 percent of computers contain malware or are part of a botnet, suddenly the FBI has the ability to scan millions of computers.

The DOJ contends, however, that the Fourth Amendment protections on personal privacy remain fully intact because law enforcement will still be required to demonstrate to a judge that a particular search is warranted and lawful. The change addresses procedural matters of venue, not substantive matters of law, US Assistant Attorney General Leslie Caldwell wrote in a blog post this week.

"The amendments neither endorse particular searches as reasonable, nor do they in any way change the traditional constitutional, statutory, and prudential factors the department relies on to determine whether to seek a warrant. They simply identify the appropriate court to ask," Ms. Caldwell wrote.

In recent months, some judges have dismissed evidence gathered by the FBI as part of a large-scale child pornography sting on the grounds that the search warrants used in those cases exceeded their jurisdiction. Caldwell argued the change is necessary to combat "pedophiles who openly and brazenly discuss their plans to sexually assault children."

After hosting a discussion in October about the change, Stanford Law School privacy experts published an article earlier this month outlining points of consensus and disagreement about the change and its practical impact, to promote clarity in a matter of intense public debate.

"Most of our panelists, both those in favor and opposed to the rules change, agreed that current law does not adequately address situations where the government has probable cause to search but does not know the location of computers likely to contain evidence of a crime. Panelists tended to agree that this gap should be filled," Marshall Erwin and Jennifer Granick wrote. 

But many panelists were concerned about the international implications of the change, they added, warning that American police investigations conducted under the new procedure could violate international law or treaties, or even "violate the principle of reciprocity because we might not want other countries remotely hacking our citizens in violation of the treaties we've established with those countries."

This report includes material from Reuters.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Streamlined FBI warrant approval raises concerns of 'mass hacking'
Read this article in
https://www.csmonitor.com/USA/2016/1201/Streamlined-FBI-warrant-approval-raises-concerns-of-mass-hacking
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe