How an obscure rule lets law enforcement search any computer
With today’s amendments to Rule 41, the statute that regulates legal search and seizure, the US Department of Justice has a new weapon to fight cyber crime — but it’s a double-edged sword. The changes expand the FBI’s ability to search multiple computers, phones and other devices across the country, and even overseas, on a single warrant. In an increasingly connected world, amending the rules is both necessary for law enforcement agencies and deeply concerning for digital privacy advocates. And for everyday citizens, it’s a little bit of both.
Today’s changes allow judges to issue warrants for federal agencies to remotely access, search, seize and copy digital information that’s been concealed via anonymizing software like Tor or a VPN. The changes also allow judges to grant warrants for the search, seizure and copying of information on any connected device that’s attacked in a hacking campaign.
Two recent hacking instances offer insight into how these new rules might play out in the real world.
First up, the FBI’s global Dark Web pedophilia sting, Operation Pacifier: In 2015, the FBI took over a child pornography website on the Dark Web and,over the course of two weeks, deployed malware to users in order to bypass the anonymizing software and catch 1,500 pedophiles. FBI agents did this on the order of a single warrant issued by a magistrate judge. In the ensuing court battles, some defense lawyers successfully argued that the entire sting relied on an invalid warrant.
At the same time, a senior US District Court judge ruled the FBI did not need a warrant at all to infiltrate a stateside computer, saying, “Generally, one has no reasonable expectation of privacy in an IP address when using the internet.”
The new Rule 41 addresses this issue head-on. Now, a magistrate judge does indeed have the authority to issue a warrant allowing federal agents to search and seize any number of computers within or outside of that judge’s district.
Secondly, there’s the Mirai botnet attack that shut down internet service across the country in late October. Hackers took advantage of weak security protocols in connected home devices like security cameras, DVRs and routers to hit a large domain name server with a distributed denial of service attack that took out Twitter, Spotify, Reddit, The New York Times and other major websites.
In this case, the new rules would let a judge issue a warrant allowing federal agents to search, seize and copy all of the information on these hacked IoT devices. Yes, the victims of the hack are open to digital search and seizure.
This potential scenario worries privacy advocates like the Electronic Frontier Foundation. The organization wrote in a blog post, “Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.”
this got passed under the fog of trump..
“The changes expand the FBI’s ability to search multiple computers, phones and other devices across the country, and even overseas, on a single warrant.”
“The new Rule 41 addresses this issue head-on. Now, a magistrate judge does indeed have the authority to issue a warrant allowing federal agents to search and seize any number of computers within or outside of that judge’s district.”
the net literally tightens..