The Supreme Court approved new rules on Thursday that would potentially give the FBI the authority to hack any computer in the United States, and potentially computers located overseas as well. Those hidden by Tor technology will also be vulnerable.
Now the Congress have until December 1 to either approve the rule, reject or make changes to it – then any magistrate judge in the country could grant the FBI warrants authorizing hacks into computers whose whereabouts are unknown.
In its letter to Congress, the Supreme Court approved the following change to Rule 41 of the Federal Rule of Criminal Procedure:
“A magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means; or (B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts."
Under the phrase “concealed through technological means,” the court is referring to computers whose location is hidden via the use of anonymity software such as the Tor web browser.
Currently, magistrate judges cannot issue warrants for “remote searches” to the FBI if law enforcement doesn’t know where a computer in question is physically located, since its location could potentially be outside of the court’s jurisdiction.
Not only does the new rule change that, it also could allow the FBI to gain access to computers that have been already hacked by malicious software, meaning that victims of cyberattacks could see their computers searched by the government. If a computer is suspected to be part of compromised network, that network could also be searched. If a computer is ultimately located overseas but hidden via Tor, then authorities may potentially be able to hack into it as well.
For its part, the Justice Department believes that the modified rule is necessary to keep up with criminals using the latest technology to avoid detection. If an individual is trying to hide his location, the argument goes, then search warrants should be able to bypass jurisdiction limitations.
“Criminals now have ready access to sophisticated anonymizing technologies to conceal their identity while they engage in crime over the Internet, and the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend them,” DOJ spokesperson Peter Carr said in a statement to Motherboard.
“This amendment ensures that courts can be asked to review warrant applications in situations where is it currently unclear what judge has that authority. The amendment makes explicit that it does not change the traditional rules governing probable cause and notice.”
The Supreme Court’s approval comes as courts in Massachusetts and Oklahoma have recently opted to toss out evidence collected by the government in relation to child pornography investigations, since the original search warrant obtained by the FBI came from a judge in Virginia. If the new rules approved by the Supreme Court go into effect, the evidence would have been allowed.
However, not everyone is buying the Justice Department’s argument. Senator Ron Wyden (D-Oregon) questioned the wisdom of the changes to Rule 41, adding that he will ask the government to detail its hacking process. He also said he will propose legislation to reverse the amendments.
"These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices," he said Thursday in a statement. “Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime.”
Some major technology companies have also criticized the proposed changes, arguing they threaten to “undermine the privacy rights and computer security of Internet users.” Google has stated that US officials would “likely” use the altered rules to search computers overseas.
“Even if the intent of the proposed change is to permit U.S. authorities to obtain a warrant to directly access and retrieve data only from computers and devices within the US, there is nothing in the proposed change to Rule 41 that would prevent access to computers and devices worldwide,” the company stated back in February.
Meanwhile, privacy activists and tech organizations have also raised concerns, including Kevin Bankston of the Open Technology Institute.
“Whatever euphemism the FBI uses to describe it – whether they call it a ‘remote access search’ or a ‘network investigative technique’ – what we’re talking about is government hacking,” he said to the Intercept, “and this obscure rule change would authorize a whole lot more of it.”