By Chris Strohm May 9, 2014
The top U.S. law-enforcement agency wants to give investigators greater leeway to secretly access suspected criminals’ computers in bunches, not simply one at a time.
The Justice Department says the proposal, set to be made public today, is an attempt to keep up with technology that lets people hide identities online. Privacy advocates contend the more aggressive hacking powers may violate rights of the innocent.
The proposal arrives at a precipitous time for a government still managing backlash to electronic-spying practices by the National Security Agency that were exposed last year by former contractor Edward Snowden.
“I don’t think many Americans would be comfortable with the government sending code onto their computers without their knowledge or consent,” Nathan Freed Wessler, a lawyer with the American Civil Liberties Union, said in a telephone interview. “The power they’re seeking is certainly a broad one.”
A committee of judges that sets national policy governing criminal investigations will have to sort it out, taking rules written for searching property and modernizing them for the Internet age.
“We have real concerns about allowing the police too much ability to search with too little oversight,” said Hanni Fakhoury, a lawyer at the San Francisco-based Electronic Frontier Foundation, a privacy group. The DOJ proposal would “dramatically expand the reach of federal prosecutors and investigators.”
The proposed rule, obtained by Bloomberg News, would lift the geographical restriction on warrants for computer investigations, permit agents to remotely access computers when locations have been “concealed through technological means,” and allow a single warrant for searches of certain computers located in five or more judicial districts.
“This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority,” a Justice Department spokesman, Peter Carr, said in an e-mailed statement. “The proposal makes explicit that it does not change the traditional rules governing probable cause and notice.”
The proposal is scheduled to be published today for consideration by the Judicial Conference Committee on Rules of Practice and Procedure, commonly called the standing committee.
It has a long way to go before getting approval.
If the standing committee agrees to take up the matter, the proposal would be opened for public comment in August for six months. It could be amended before the comment period begins and would eventually need to be reviewed by Congress for changes.
The Justice Department includes the Federal Bureau of Investigation, Drug Enforcement Administration and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
The department said the new power is needed to find child pornographers and other criminals taking advantage of technological advancements to shield their identities. Such technology includes proxy servers that mask the true Internet addresses of a criminal’s computer, or the use of hundreds or thousands of compromised computers known as a botnet.
Federal agents now can obtain warrants allowing them to send malicious software over the Internet to computers suspected of being used in crimes. The government can keep these so-called remote access operations secret from their target for as many as 30 days -- longer if an extension is approved by a judge.
The law limits those remote searches to the district where the judge who issued the warrant is located, when the actual locations of computers used in crimes may not be known.
Botnet computers could be spread across many or all of the nation’s 94 judicial districts. Going after them requires judges in each different district to issue warrants, a time consuming process that creates delays and wastes investigative resources, according to the Justice Department.
The department must describe the computer it wants to target with as much detail as possible. For example, an investigator may be covertly communicating with a suspected child molester and know an IP address, and then obtain a warrant to use malware to find the actual location. In the case of botnets, malware might be used to try to free the compromised computers from a criminal’s control.
Obtaining a single warrant to use malware to search potentially thousands of computers in unknown locations would violate constitutional requirements that court-authorized searches be narrow and particular, Fakhoury of the Electronic Frontier Foundation said.
He said he questions whether investigators could use the new rule to bypass legal requirements in accessing data stored online, such as within Google Inc.’s Drive cloud service or Microsoft Corp.’s Outlook e-mail accounts.
A Google spokeswoman, Niki Christoff, and a Microsoft spokeswoman, Kathy Roeder, said their companies declined to comment.
The Justice Department’s effort appears to be in response to an April 2013 court ruling denying a search warrant for a remote-access operation, said Wessler, with the ACLU.
In that case, U.S. Magistrate Judge Stephen Smith of the Southern District of Texas picked apart the government’s request to secretly install software on an unknown computer in an unknown location that could extract stored electronic records and even activate the computer’s built-in camera.
Smith said the computer could be located in a public place or used by family members or friends not involved in illegal activity, and that the request didn’t satisfy constitutional requirements.
Wessler said the government should be required to exhaust other options for finding and accessing computers suspected of being used in crimes, such as serving individual warrants on Internet service providers.
While federal investigators make efforts to use other tactics, “the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend” criminals, said Carr, the Justice Department spokesman.