In a blog from last week, we wrote about a federal judge who was concerned that the FBI and NSA were overstepping their surveillance powers. However, the U.S. Supreme Court has approved a Department of Justice rule to allow broader surveillance authority. The new rule could allow the FBI and other law enforcement to search multiple computers anywhere in the world.
Changes to federal court procedure Rule 41 were approved by the Supreme Court. The change will allow magistrate judges to issue search warrants that extend to computers far outside the judge's jurisdiction, and would allow a single search warrant to be used to search multiple computers in multiple locations. The Department of Justice says the changes are necessary to their job, but civil liberties groups argue the broad changes are a threat to privacy and security of law-abiding citizens.
Internet software like Tor allows for anonymous internet searches and activity. A Tor network allows you to disguise your identity by encrypting and moving internet traffic across different servers. Tor can be used by some people to access illegal material, such as child pornography. However, Tor can also be used by political activists or journalists who are worried about government censorship. It can also be used by people who want some level of privacy while using shared computers.
Under the proposed changes, magistrate judges would be able to issue search warrants for computers outside their jurisdiction if the computer is trying to conceal their whereabouts. Currently, magistrates can issue search warrants primarily for property within their jurisdiction, with exceptions.
Another change would allow magistrate judges to issue a search warrant for computers outside their jurisdiction if the computer to be searched is part of a cybercrime investigation. This change would allow law enforcement to use a single warrant to search multiple jurisdictions, instead of having to seek multiple warrants for the relevant jurisdictions. However, this type of search is aimed at looking for information based on victims' computers.
The Department of Justice claims this type of search is important for botnet investigations, which involve a virus or malware infecting millions of computers. However, technology experts like Steve Bellovin say this type of search is unnecessary in investigating botnet attacks. Rather, “the computer security community has had great success studying botnets and locating their ‘command and control' notes without hacking into other victim computers.”
Many worry that focusing the search on victim computers is an overbroad search that may threaten the privacy of millions of lawful computer users. Given that a large percentage of all computers have been infected by some type of virus or malware, almost anyone could be subject to law enforcement hacking of their computer as part of a cybercrime investigation.
Another change has to do with notification of an individual that their property has been searched. When the police serve a search warrant on your house, it may be pretty obvious that they were there. However, it can be much more difficult to know when law enforcement has been looking around in your computer files. Under the new rules, law enforcement must make all reasonable efforts to serve a search warrant, which may include electronic notification. It is easy to see a situation where an email purporting to be from the FBI may be ignored or deleted as spam, and criminals may take advantage of this confusion.
So far, one senator, Ron Wyden, a democrat from Oregon, has come out against the rule changes. Wyden called for Congress to reject the new rules, and plans to introduce legislation to reverse the amendments. “These amendments will have significant consequences for Americans' privacy and the scope of the government's powers to conduct remote surveillance and searches of electronic devices,” said Wyden.