Google Blasts DOJ's Request For Expanded Search Powers; Calls Proposal A Threat To The Fourth Amendment
from the to-keep-up-with-the-bad-guys,-we're-just-going-to-need-the...-EVERYTHING dept
The DOJ wants to amend Rule 41 (Search and Seizure) to grant its agencies unilateral powers to hack any computer in the world. This would expand its reach beyond the US, using warrants granted by magistrate judges to facilitate searches and seizures of remote data. This would obviously open up a whole diplomatic can of worms, what with the FBI hacking into computers whose locations it can't ascertain until after the fact.
Not that the DOJ is bothered by the implications of the amendment it's pushing. It argues that the law already has determined searches in known jurisdictions legal. What's left to be established is whether it's similarly legal to search computers whose true location is unknown, thanks to the use of proxies and VPNs. That operating extraterritorially might cause some diplomatic strain or possibly even be illegal in the country the search takes place doesn't seem to have crossed its mind. In its opinion, this is the natural progression of Rule 41, which must be updated to reflect the change in technology.
Google has fired back at the DOJ in its comments on the proposed wording change, pointing out not only the damage it could cause to international relationships, but also its further dismantling of Fourth Amendment protections.
Although the proposed amendment disclaims association with any constitutional questions, it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants.Google then suggests that if the DOJ wishes to keep stripping away these protections, it should have the decency to do it the way it's usually been done: through acts of Congress.
The substantive changes offered by the proposed amendment, if they are to occur, should be the work of congressional lawmaking. Such was the case with a slew of legislation providing law enforcement with the ability to use technological means to conduct invasive searches on targets, including the Foreign Intelligence Surveillance Act, which provides law enforcement with the ability to legally surveil and collect foreign intelligence information; Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which provides law enforcement with the ability to legally intercept wire, oral, and electronic communications; the Stored Communications Act, which provides law enforcement with the ability to legally access electronically stored communications; and the Pen Registers and Trap and Trace Act and USA PATRIOT Act, both of which provide law enforcement with the ability to legally intercept real-time telephony metadata. In passing this legislation, Congress was able to openly debate and weigh the various constitutional issues at play.This would seem to be the least the DOJ can do, rather than trying to sidestep the process it forces American citizens to use.
"I empathize that it is very hard to get a legislative change," Amie Stepanovich, senior policy counsel with Access, a digital-freedom group, told the judicial panel during a meeting called to review the proposal in November. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority."Google also warns that the non-specific wording of the proposal lends itself to all sorts of shady tactics.
There are a myriad of serious concerns accompanying the government's use of NITs [Network Investigative Techniques]. These are outlined in detail in other comments submitted to the Committee and include, among other things, the creation of vulnerabilities in the target device thereby increasing the target's risk of exposure to compromise by other parties, actual damage to the target device, the creation of a market for zero-day exploits, and unintended targets' exposure to malware. Additionally, the remote facilities accessed by the government may in fact identify and disclose the 'hack' or take action to prevent it or retaliate against its use. These are serious concerns that are more appropriately considered and balanced by Congress than by the Committee.Again, with the exception of the eventuality listed last, these are side effects the DOJ couldn't care less about. Collateral damage is almost always acceptable, and at this point -- considering what we've learned about the tactics deployed by the NSA and other intelligence agencies -- making things worse and less safe for the world's citizens is just another essential part of fighting Wars on Things.
The DOJ seems to view its proposal as a necessity in the race against technological advance, rather than a dangerous expansion of power that could result in some very negative repercussions. Unfortunately, the nation's prosecutors and magistrate judges seem to be very much aligned with the DOJ. Both refer to the Rule 41 change as "filling a significant gap" in existing law.
But it does far more than that. The DOJ argues it's just a needed tweak, but it gives its agencies unprecedented extraterritorial powers and encourages these investigators to view anonymous connections as inherently suspicious.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, fbi, hacking, overseas, rule 41, search powers, warrants
Companies: google
Reader Comments
The First Word
“Don't like Google tracking you and/or harvesting your data to sell to others? Don't use their services, and block their stuff. All they really care about is maximising profits, so if you make it too difficult for them to do so via you, they'll move on to someone else.
Don't like a government agency tracking you and/or harvesting your data to use against you? Too bad, other than an incredibly expensive lawsuit that will almost certainly be shot down by a judge sympathetic to the government, there's pretty much nothing you can do about it, and in fact even trying will garner you even more attention.
Don't like what Google does? Don't use their stuff.
Don't like what the government does? Tough luck.
Subscribe: RSS
View by: Time | Thread
Say hello to plausible deniability
Wasn't too long ago the USG was throwing a (symbolic and utterly useless) fit about some chinese hackers, but with something like this in play all those hackers and their government backers would have to do is point out the USG's claims that such actions are perfectly legal. Or perhaps just claim that they had no idea that their targets were systems located in the US, and only learned that after they'd hacked in.
At that point any further protests by the USG would just make them look all kinds of stupid and hypocritical, though I suppose that's a specialty of politicians these days.
... actually, I take it back, I'm sure it has occurred to them, it's just that they, much like pretty much every other government agency, simple don't care. Who cares if their actions cause massive collateral damage and open up US systems to being hacked with impunity, as long as it makes their job easier, it's all good as far as they're concerned.
[ link to this | view in chronology ]
Re: Say hello to plausible deniability
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"We don't want the government intruding on our services, bypassing security, and invading the privacy of our millions of users.
Instead, they should just pay for the data we capture like everyone else does, as we waste little time tracking each and every one of our users."
Furthermore, if Google doesn't like what you do with its services, they'll be more than happy to give this information to the very same entity it's screaming about.
Google can go straight to hell.
[ link to this | view in chronology ]
Re:
Don't like Google tracking you and/or harvesting your data to sell to others? Don't use their services, and block their stuff. All they really care about is maximising profits, so if you make it too difficult for them to do so via you, they'll move on to someone else.
Don't like a government agency tracking you and/or harvesting your data to use against you? Too bad, other than an incredibly expensive lawsuit that will almost certainly be shot down by a judge sympathetic to the government, there's pretty much nothing you can do about it, and in fact even trying will garner you even more attention.
Don't like what Google does? Don't use their stuff.
Don't like what the government does? Tough luck.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
If you have nothing to strike, you have nothing to fear.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Let's get something clear: I don't use Google services but I'm still being tracked.
In fact, Techdirt uses the same tools offered by these companies which tracks me. Google analytics is nothing we can "stop using", nor does the FB API prevent it.
That's the problem, and you need to know this because while you're defending "my" problem with Google, it underscores the true issue.
Do you really think it matters that Google isn't "breaking into" networks or circumventing security to achieve the same goal of abusing our right to privacy?
That's absurd. Yes, I know other companies are doing the same thing, from my ISP to Microsoft, but therein lies the problem the public excuses because it's NOT the government doing it.
It's the same dichotomy as screaming "FREE SPEECH!" as companies shut down the conversation because it's NOT the US government.
You can pretend all you want that our choices are based on usage service (or the lack of not using them), but what goes on behind the scenes is irrelevant.
Try to remember this the next time a company decides to stick in a "super cookie" into a service you AREN'T EVEN USING because a third party is.
PRIVACY INVASION ISN'T THE RESULT OF GOVERNMENT SNOOPING ALONE.
That's why I said it was hypocritical of Google to be calling out the government for doing the same damn thing and that's INVADING OUR PRIVACY.
How one invades the 4th Amendment should be the scope, not who is doing it.
[ link to this | view in chronology ]
Re: Re: Re:
Of course it is. There are browser plugins to do this (like NoScript) or you can firewall off access to google-analytics.com, or block access to that domain through your hosts file. That's what I do.
As to the FB API, I would argue that if you're OK with using Facebook or anything that uses Facebook APIs, then you shouldn't be worried about Google.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The super cookies are a clear abuse of the ISPs position as the conduits and it's way more serious than what Google may do in your wild fantasies.
But nothing, NOTHING compares to Government surveillance. If they tap directly in the servers you CANNOT opt-out and you CAN be arrested or harassed (or tortured, go figure) by the Government if they decide they don't like you or read something out of context. Google is plain right and there is no hypocrisy at all considering how easy it is to avoid them.
[ link to this | view in chronology ]
Re: Re: Re: Re:
No. Google is a cancer in many, many ways. Our interests may sometimes coincide with theirs, but google (et al) lobbying dollars are the main thing preventing serious data protection legislation from getting up. It is not even really a separate thing from the USA coup government/security state at this point.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Don't like what the government does? Move to another country.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
And then ...
[ link to this | view in chronology ]
Re: And then ...
[ link to this | view in chronology ]
Re: And then ...
[ link to this | view in chronology ]
Remember when the Americans were The Good Guys(tm)?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
No. And I'm over 50.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
...... what gives them the FUCKING right
[ link to this | view in chronology ]
"Search" powers
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
when you say were, do you mean really were or really were pretending to be? there's a big difference.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
New nsa whistleblower came forward recently, bless her, seemed very nervous at the begining, just wanted to hug her, protect her, and thank her for her bravery
Anyway, very insightful speech discussing a first person perspective of someone who was there at the time this all started, what she saw, what she did, and she actually cares
[ link to this | view in chronology ]
Re:
Also, Jessylyn Radack, who was i beleive nsa's ethical lawyer at some point during early 2000 (dont quote me, might have been another department within the govrnment), who spoke up through official channels against the first time she saw torture going on
does'nt work for them anymore and is still to this day being harrsed by our respective empires, a recent occurance her and thomas drake being singled out in a uk airport for "questioning"(not the first time)...........anyway, she now spends her time defending whistleblowers
[ link to this | view in chronology ]
Re: Re:
Jessylyn Radack
Thankyou
William Binney
Thankyou
Thomas Drake
Thankyou
Bradley Manning
Thankyou
Edward Snowden
Thankyou
Diane Roark you sweetie
The bravest among us
Thankyou
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
I'm curious what you think a better idea would be. I understand you prefer a different procedure for changing the law, but in the end, what should DOJ do to conduct online searches where it doesn't know the location of the target machine with much certainty? Is it not better if the rules allow judges to issue warrants in these situations?
[ link to this | view in chronology ]
Re:
Would you see anything wrong with a government agency from another country hacking into US systems(whether private, public, government or corporate), knowingly or not, who when caught claimed that they were doing so in order to check where the system was based and to gather data from the hacked system? If yes, then why, as that's what the DOJ is claiming they should be able to do here.
Is it not better if the rules allow judges to issue warrants in these situations?
How exactly does a judge issue a legal, valid warrant when they do not know where the location to be searched is, or even if they have jurisdiction over it?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
All it takes is to believe, all it takes is to be vigilant, even if its just in the confines of ones own mind........infact, ESPECIALLY that
Each generation striving to improve as much as they can for the next generation to take it even further.............give that up, and we might aswell nuke ourselves now and avoid the long suffering pain were heading towards
Im sorry, that last bit was depressing and fatalistic even for me to imagine...........i hope to god im wrong with that assesment, that we reach a point that a nuke would have been preferable to the current missery............i wont give up just yet, join me in not giving up
[ link to this | view in chronology ]
All these doors and all these keys - all we need is an auto-warrant!
DOJ wants to be able to enter and search computers legally, worldwide, without even having to know where the computer might be located....
Nah. No connection there, I'm sure. :)
---
[ link to this | view in chronology ]