Supreme Court Approves Rule 41 Changes, Putting FBI Closer To Searching Any Computer Anywhere With A Single Warrant

from the impeccable-timing dept

Fri, Apr 29th 2016 12:41pm — Tim Cushing

The DOJ is one step closer to being allowed to remotely access computers anywhere in the world using a normal search warrant issued by a magistrate judge. The proposed amendments to Rule 41 remove jurisdiction limitations, which would allow the FBI to obtain a search warrant in, say, Virginia, and use it to "search" computers across the nation using Network Investigative Techniques (NITs).

This won't save evidence obtained in some high-profile cases linked to the FBI's two-week gig as child porn site administrators. Two judges have ruled that the warrants obtained in this investigation are void due to Rule 41(b) jurisdiction limitations. (Another has reached the same conclusion in an unrelated case in Kansas). The amendments recently approved by the US Supreme Court would strip away the jurisdiction limitation, making FBI NIT use unchallengeable, at least on jurisdiction grounds.

Rule 41. Search and Seizure

(b) Venue for a Warrant Application. At the request of a federal law enforcement officer or an attorney for the government:

(6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:

(A) the district where the media or information is located has been concealed through technological means; or

(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.

The DOJ claims the updates are needed because suspects routinely anonymize their connections, making it difficult to determine where they're actually located. Opponents of the changes point out that this significantly broadens the power of magistrate judges, who would now be able to approve search warrants targeting any computer anywhere in the world.

The real problem, though, is this: there's no significant Congressional opposition (save Ron Wyden) to the proposed amendments.

“These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices. I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government,” said Wyden.

“Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime. These are complex issues involving privacy, digital security and our Fourth Amendment rights, which require thoughtful debate and public vetting. Substantive policy changes like these are clearly a job for Congress, the American people and their elected representatives, not an obscure bureaucratic process.”

Worse, the amendments will be adopted if Congress does what it frequently does best: nothing. Congress actually needs to take action to block the amendments, but seeing as it only has until December 1, 2016, to do it, it seems highly unlikely that it will make the effort to do so -- not during an election year and certainly not during the annual struggle of approving a budget.

On the bright side, Ron Wyden is generally pretty good at mobilizing opposition, even when there appears to be little support for his efforts. We can also expect a variety of civil liberties groups and activists to start pushing Congress to "opt out" of the proposed changes.

Rule-41-Amendments (PDF)Rule-41-Amendments (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fbi, hacking, rule 41, scotus, supreme court

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 29 Apr 2016 @ 12:53pm

what the hell does the Supreme Court think it's doing? it sure as hell doesn't have the authority to do this! what makes it think it can give this authority to computers in other countries? does it think because it's come from the USA that every other country MUST take notice and do what it says? disgraceful attitude to have and i can see there being problems coming from the EU and other places if the US tries to exert it's way!
[ link to this | view in chronology ]
- Anonymous Coward, 29 Apr 2016 @ 4:09pm
  
  Re:
  a powerful military that is constantly used to attack other countries without a declaration of war, might have something to do with it.
  
  Might makes right to a bully.
  [ link to this | view in chronology ]
Median Wilfred, 29 Apr 2016 @ 12:58pm

How is this supposed to work?
Does this mean that US citizens have to use a computer that the FBI can hack? Surely even the FBI, as notoriously good hackers that they are, can't claim to have 0days for everything. What if I'm running a full-disk-encrypted Minix or something? A very customized Linux kernel, or OpenBSD?

I'll grant that less than 2% of the populace runs something other than Windows or Mac, but that's probably the 2% these FBI chaps are most interested in, eh?
[ link to this | view in chronology ]
- Anonymous Coward, 29 Apr 2016 @ 1:48pm
  
  Re: How is this supposed to work?
  No, it does not impose any requirement for easy breaching. This is saying that if they can find any judge who can be convinced that hacking a computer is a good idea (on the government's say-so, and likely without any opportunity for a counterparty to argue against it), then they can try to hack their target without worrying about whether that judge has traditional jurisdiction over the target or its owner. The judge may not be able to issue a legally valid warrant to arrest the owner or search the owner's physical property, but this change means he/she can issue a warrant to break into the owner's digital assets and the citizen's only recourse is to try to be a hard enough target that the attack fails.
  [ link to this | view in chronology ]
  - Median Wilfred, 29 Apr 2016 @ 1:58pm
    
    Re: Re: How is this supposed to work?
    No, it does not impose any requirement for easy breaching.
    
    How do we know this? And what happens to the first "San Bernadino iPhone" laptop that the FBI tries to hack? It'll be just like the damn SOPA and CIPA, or the "fashion copyright" idiocy - every session, a new congressperson will file a bill to mandate an Official US Citizen's Computer (a.k.a. Windows 11) to "facilitate law enforcement".
    [ link to this | view in chronology ]
That One Guy (profile), 29 Apr 2016 @ 1:02pm

Turnabout however is /not/ fair play
Well, that's certainly going to be handy the next time a foreign government wants to hack into US systems, they just need to get a warrant or the legal equivalent from their courts and off they go. USG can't complain, after all if the FBI or other US agencies can hack foreign systems without issue then clearly foreign agencies can hack US systems in return, and unless the USG wants to look like a gigantic hypocrite again they'll have no grounds to complain so long as the hacker in question claims to be operating under legal authority.
[ link to this | view in chronology ]
- Ninja (profile), 29 Apr 2016 @ 1:08pm
  
  Re: Turnabout however is /not/ fair play
  I also thought about that. If you ignore jurisdiction you give others the right to ignore yours.
  [ link to this | view in chronology ]
  - Anonymous Coward, 29 Apr 2016 @ 1:51pm
    
    Re: Re: Turnabout however is /not/ fair play
    You'd think so. But the aggressive pursuit of entitled stupidity contains within it the happy realization that God's Own cannot, by definition, be hypocritical.
    [ link to this | view in chronology ]
Ninja (profile), 29 Apr 2016 @ 1:07pm

So the computer seems to be in San Francisco but they discover afterwards that it's actually in Atlanta. If they call Atlanta and ask for a warrant to keep searching it's all clear, correct? Why do we need any changes? And if it's something international you can still get cooperation, specially if you find out it's from some VPN. Go to the country where their hq are located and ask for cooperation.

May not be as fast as they want but it can be feasible and it respects rights and privacy of everybody else while at it.
[ link to this | view in chronology ]
Anonymous Coward, 29 Apr 2016 @ 1:16pm

Yet another dagger in the credibility of the FBI.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Apr 2016 @ 1:54pm
  
  Re:
  AND the Supreme Court "of jesters"
  [ link to this | view in chronology ]
- Median Wilfred, 29 Apr 2016 @ 1:55pm
  
  Re: FBI's credibility
  I want to agree, but I feel bad because I can't. As near as I can tell, the FBI hasn't ever had that much credibility. Apparently J. Edgar Hoover used the FBI as his personal weapon against the US Congress from the very beginning.
  
  It's often noted that Lyndon Johnson said, "Don't get caught sleeping with a live pig or a dead woman". Nobody ever says why ol' LBJ knew this, but I think we can all guess that the FBI caught him doing one or the other.
  [ link to this | view in chronology ]
Anonymous Coward, 29 Apr 2016 @ 1:32pm

people used to tell me about the coming world govt, and i'd laugh at them syrup-tissues-ly. . i don't laugh anymore. . that world govt is a stone's throw from virginia if you can believe ol' george.
[ link to this | view in chronology ]
Anonymous Coward, 29 Apr 2016 @ 4:05pm

Even easier to plant evidence of a crime on a target they do not like, then claim the method used to discover it is secret evidence that would harm the national defense(the FBI's ability to frame people), and therefore cannot be allowed to be seen by the defense of the accused.
[ link to this | view in chronology ]
Anonymous Coward, 29 Apr 2016 @ 4:11pm

Thankfully it was not called rule 34.
[ link to this | view in chronology ]
Coyne Tibbets (profile), 30 Apr 2016 @ 1:14am

The problem: particularity
To me, this seems a reasonable change--mostly. The primary purpose of the existing rule 41 under discussion is to prevent venue shopping for warrants, not to prevent warrants entirely when the FBI has no idea where someone resides.

Where it falls down is "particularity"; with respect to the Fourth Amendment clause, "...particularly describing the place to be searched, and the persons or things to be seized."

As I see it, the problem isn't that a warrant was used to access a computer at an unknown location, the problem was that a single warrant was used to access every computer at every location.

Warrants under a new rule 41 should serve only for technical identification of a computer. Once a computer has been identified particularly, the FBI should have to obtain a specific warrant to search that computer particularly.

Suppose the government gained control of a drug distribution point, and decided to continue to ship drugs...along with a free tracker in every bag. A single NIT-equivalent warrant should be good for that, even though the government has no idea where the bags are going (could be going to another state).

But once a particular bag has been delivered to a particular warehouse, for example, the government should have to obtain a warrant particular to that warehouse.

Rule 41 did fall down, I just disagree as to the extent of the breakdown and the flaws of the proposed correction.
[ link to this | view in chronology ]
Whatever, 30 Apr 2016 @ 2:34am

Finally, some good news for a change. Of course, the Techdirties have to ruin it by referring to it as a "problem".
[ link to this | view in chronology ]
Anonymous Coward, 30 Apr 2016 @ 10:34am

Judge Shopping
If the FBI can go judge shopping, I wonder if defendants are going to be able to do the same when it comes time for trial.

Ha, ha, ha. Of course not.
[ link to this | view in chronology ]