DOJ: Concerns About Expanded Government Hacking Much Ado About Nothing

Image courtesy of afagen

Earlier today, a bipartisan group of senators introduced legislation intended to combat new rules that some critics believe gives expanded hacking authority to federal law enforcement agencies. In response, the Justice Department claims that this bill isn’t necessary to protect consumers’ privacy.

At the core of this debate is a little something known as Rule 41, which is not the name of an early ’80s post-punk band from Spokane. Instead, it refers to Rule 41 of the Federal Rules of Criminal Procedure, which deals with issues of legal searches and seizures.

The U.S. Supreme Court recently signed off on amendments to Rule 41 that have raised alarm bells among privacy-minded consumers, lawmakers, and advocates.

One of the biggest concerns in the proposed amendments [PDF] involves a new addition granting magistrate judges the authority to “issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information” if the location of that information has been “concealed through technological means,” or if there’s a hacking incident that involves damaged devices in multiple locations.

Opponents of this change to Rule 41 say that it unlawfully confers a new authority that changes substantive rights. There’s nothing against the law about disguising your location electronically, this is why phone number spoofing — however frequently it’s misused by scammers — is legal, because there are people (victims of domestic violence, whistleblowers, and journalists to name a few) who may have a good, legitimate reason to disguise their location.

But in an emailed statement to Consumerist, a spokesperson for the DOJ contends that “The amendment would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law,” and that law enforcement would still be required to demonstrate probable cause.

The amendment, claims the DOJ rep, “would merely ensure that some court is available to consider whether a particular warrant application comports with the Fourth Amendment.”

In the DOJ’s view of the Rule 41 amendments, the hiding of the location isn’t the crime; it’s just the reason that the government would need a warrant to remotely access a suspect’s information. The amendment does state that “the officer must make reasonable efforts to serve a copy of the warrant on the person whose property was searched or whose information was seized or copied.” The government would be allowed to try to serve this warrant electronically if need be.

The other issue of concern for opponents of the amendment involves the authority to remotely search computers that have been damaged as part of a widespread cyber attack. Specifically, it would allow the government to seek a warrant to remotely peek at computers that are part of a botnet, where your device is — unbeknownst to you — being used by a malicious third party to send spam or crash a website with a denial of service attack.

To the EFF, allowing this sort of remote access to people who have already been victimized by malware makes them a victim all over again.

“Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer,” explains the EFF’s Rainey Reitman. “Malicious actors may even be able to hijack the malware the government uses to infiltrate botnets, because the government often doesn’t design its malware securely.”

But the DOJ spokesperson contends that this change to Rule 41 is needed for the sake of expediency when trying to take down a widespread attack like a botnet.

“This rule change would permit agents to go to one federal judge, rather than submit separate warrant applications to each of the 94 federal districts,” explains the DOJ. “That duplication of effort makes no sense.”

The DOJ successfully convinced the Supreme Court that this amendment is purely procedural and does not change the “underlying substantive law regulating these searches. Allowing venue in a single district in no way alters the constitutional requirements that must be met before search warrants can be issued.”

Congress has until Dec. 1 to decide on whether to adopt the Rule 41 amendments or leave them as-is.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.