DOJ seeks new authority to hack and search remote computers
The agency asks that judges be allowed to issue warrants to search computers outside their judicial districts
IDG News Service - The U.S. Department of Justice wants new authority to hack and search remote computers during investigations, saying the new rules are needed because of complex criminal schemes sometimes using millions of machines spread across the country.
Digital rights groups say the request from the DOJ for authority to search computers outside the district where an investigation is based raises concerns about Internet security and Fourth Amendment protections against unreasonable searches and seizures.
"By expanding federal law enforcement's power to secretly exploit 'zero-day' vulnerabilities in software and Internet platforms, the proposal threatens to weaken Internet security for all of us," Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union, said by email.
The proposal, which was made public Friday, raises serious privacy concerns, Wessler added, because it would "significantly expand the circumstances under which law enforcement can conduct secret, remote searches of the sensitiveA contents of people's computers. Our computers contain a wealth of private information about us, and it is crucial that the courts place strict limitsA on secret electronic searches by law enforcement."
The DOJ proposal comes after nearly a year of leaks about broad U.S. National Security Agency surveillance programs.
But a change in the federal rules of criminal procedure is needed to investigate botnets and crimes involving anonymizing technologies, the DOJ said in a September letter to the Advisory Committee on the Criminal Rules. The DOJ has asked the U.S. court system to give judges authority to issue search warrants for computers outside their districts.
Investigators are increasingly encountering crimes where they "can identify the target computer, but not the district in which it is located," Mythili Raman, then an acting assistant attorney general, wrote in the letter. "Criminals are increasingly using sophisticated anonymizing technologies when they engage in crime over the Internet."
Raman, now working at a private law firm, also pointed to criminals' use of botnets as a need for the rules change. A large botnet investigation could involve computers in dozens of judicial districts, she wrote.
"Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effective investigation and disruption of these schemes often requires remote access to Internet-connected computers in many different districts," Raman wrote. "Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers."
Yet, current rules of criminal procedure established by the U.S. court system allow magistrate judges to issue search warrants for property outside the judge's district in only limited circumstances, the DOJ noted. The DOJ's request for the rules change is scheduled to be discussed at the meeting of the U.S. courts' Committee on Rules of Practice and Procedure in Washington, D.C., later this month.
A DOJ spokesman downplayed privacy concerns, saying judges would have to issue warrants for the remote computer searches. The rules change would relate only to expanded venues for warrant applications, he said.
"The key thing to highlight is that our proposal would not authorize any searches or remote access not already authorized under current law," spokesman Peter Carr said by email. "The probable cause and particularity standards we have to meet to obtain the warrant from the court do not change, and the execution of the warrant remains under the supervision of the court."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- City Solved Network Mystery - Saves $30K The City of Jacksonville put their hunch to work and not only solved a mystery, but found a new and innovative use for...
- Using Video to Gain a Competitive Advantage: A Business Strategy for Mid-Market Companies The insights provided in this white paper are based on industry analysts and 30+ years of experience from the Video Collaboration Group at...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Network Security White Papers | Webcasts