Legislators Demand Answers From DOJ On Expanded Hacking Powers It's Seeking
from the the-first-rule-of-the-new-Rule-41:-there-are-no-rules dept
There's only a couple of months left until the DOJ's proposed Rule 41 changes become law. All Congress has to do is nothing. This is a level of effort Congress is mostly amenable to. If this becomes law, worldwide deployments of malware/spyware during investigations will be unable to be challenged in court. In addition, the DOJ wants to be part of the cyberwar. It's seeking permission to remotely access zombie computers/devices used in cyberattacks to "clean" them.
The rule changes would also add a presumption of guilt to an activity performed by millions of computer users around the world:
Opponents of the pending change to Rule 41 say that it unlawfully confers a new authority that changes substantive rights. First off, they contend that it adds a criminal taint to a perfectly legal practice: using location to cloak your location.
“There are countless reasons people may want to use technology to shield their privacy,” wrote the Electronic Frontier Foundation earlier this year. “From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security.”
The DOJ has argued that these Rule 41 amendments are just "clarifications" of existing law:
“The amendment would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law,” the DOJ told Consumerist in May, noting that law enforcement would still need to demonstrate probable cause.
This statement obviously isn't true considering how many federal judges have agreed the warrant it used in the Playpen investigation exceeded existing jurisdictional limits.
Fortunately, there are legislators pushing back against the DOJ's proposed changes. Ron Wyden has sent a letter [PDF] to the DOJ -- co-signed by 22 other legislators -- asking for clarification on the DOJ's interpretation of the changes it's seeking.
One of the questions the group has is how the DOJ can produce probable cause to search thousands of devices.
Please describe any differences in legal requirements between obtaining a warrant for a physical search versus obtaining a warrant for a remote electronic search. In particular, and if applicable, please describe how the principle of probable cause may be used to justify the remote search of tens of thousands of devices. Is it sufficient probable cause for a search that a device merely be "damaged" and connected to a crime?
The letter also raises the issue of forum shopping. With jurisdictional limits removed, federal law enforcement officers are free to find judges more willing to sign off on their warrant requests, rather than being forced to work with those in the locality the alleged criminal activity took place.
The DOJ's proposed botnet cleaning efforts raise a whole set of new troubling questions, ones that Wyden and co. would like to see answered before allowing the rule changes to slide by unopposed. First, there's the question of unforeseen collateral damage -- efforts that hurt more than help.
We are concerned that the deployment of software to search for and possibly disable a botnet may have unintended consequences on internet-connected devices, from smartphones to medical devices. Please describe the testing that is conducted on the viability of "network investigative techniques" to safely search devices such as phones, tablets, hospital information systems, and internet-connected video monitoring systems.
Then there's the question about the proposed "cleaning" efforts. Under what authority will law enforcement break into Americans' computers and screw around with their software and hardware?
Will law enforcement use authority under the proposed amendments to disable or otherwise render inoperable software that is damaging or has damaged a protected device? In other words, will network investigative techniques be used to "clean" infected devices, including devices that belong to innocent Americans? Has the Department ever attempted to "clean" infected computers in the past? If so, under what legal authority?
Good questions. Hopefully, we'll see the answers sometime before December 31st.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: congress, doj, fbi, hacking, oversight, rule 41
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
The DOJ's point of view is justice is what we say it is, now get off my lawn.
[ link to this | view in thread ]
Re: Trust the DoJ!
I'm confident they are the very scum they say they are trying to stop, and I have faith that they will stop at nothing.
See James Comey and this weekend's very public re-opening of the Hillary Clinton e-mail investigation because her aide's husband is possibly a child molester and somehow that might be classified information!
[ link to this | view in thread ]
Evidence against the DoJ
What evidence to we have that the DoJ acts more as a rogue agency than in service of the United States public?
Oh yeah! This.
[ link to this | view in thread ]
More retro-cover
for many years now, nee decade plus.
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html?m=1
Note that ms not happy about this
disclosure and that ms has been
'backporting' 'fixes' to win7+.
[ link to this | view in thread ]
Re: Re: Trust the DoJ!
[ link to this | view in thread ]
Re: Re: Trust the DoJ!
And the re-opening of the e-mail investigation has to do with other emails found on Weiner's computer while investigating his racy communications with a 15 yo. Emails between his wife and the Clinton Foundation.
So you should base your confidence/lack thereof on other failings of the DoJ itself (there's lots to choose from) instead of inserting straw men and muddying up the issue.
[ link to this | view in thread ]
Re: Re: Re: Trust the DoJ!
[ link to this | view in thread ]
Re: I somehow doubt they demanded and more likely politely asked.
[ link to this | view in thread ]
I'm willimg to bet
[ link to this | view in thread ]
But have you seen the ads from the military? Sexy.
[ link to this | view in thread ]
They proceeded to show me lots of scary warnings and errors and then directed me to an anti-virus program. The program founds lots more problems! I was happy to pay $150 to clean up the viruses.
I thank the kind folks at Windows Technical Support for cleaning my computer. And I would be glad to see the government get in the business of remote access as well! Think of all the problems the DOJ could clean if the DOJ had remote access to my computer!
I don't want to be a bad Internet citizen. Do you?
[ link to this | view in thread ]
Typo
Perhaps you meant "using technoogy", "encryption"? "trained mice"?
[ link to this | view in thread ]