Google Blasts DOJ's Request For Expanded Search Powers; Calls Proposal A Threat To The Fourth Amendment

from the to-keep-up-with-the-bad-guys,-we're-just-going-to-need-the...-EVERYTHING dept

The DOJ wants to amend Rule 41 (Search and Seizure) to grant its agencies unilateral powers to hack any computer in the world. This would expand its reach beyond the US, using warrants granted by magistrate judges to facilitate searches and seizures of remote data. This would obviously open up a whole diplomatic can of worms, what with the FBI hacking into computers whose locations it can't ascertain until after the fact.

Not that the DOJ is bothered by the implications of the amendment it's pushing. It argues that the law already has determined searches in known jurisdictions legal. What's left to be established is whether it's similarly legal to search computers whose true location is unknown, thanks to the use of proxies and VPNs. That operating extraterritorially might cause some diplomatic strain or possibly even be illegal in the country the search takes place doesn't seem to have crossed its mind. In its opinion, this is the natural progression of Rule 41, which must be updated to reflect the change in technology.

Google has fired back at the DOJ in its comments on the proposed wording change, pointing out not only the damage it could cause to international relationships, but also its further dismantling of Fourth Amendment protections.

Although the proposed amendment disclaims association with any constitutional questions, it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants.

Google then suggests that if the DOJ wishes to keep stripping away these protections, it should have the decency to do it the way it's usually been done: through acts of Congress.

The substantive changes offered by the proposed amendment, if they are to occur, should be the work of congressional lawmaking. Such was the case with a slew of legislation providing law enforcement with the ability to use technological means to conduct invasive searches on targets, including the Foreign Intelligence Surveillance Act, which provides law enforcement with the ability to legally surveil and collect foreign intelligence information; Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which provides law enforcement with the ability to legally intercept wire, oral, and electronic communications; the Stored Communications Act, which provides law enforcement with the ability to legally access electronically stored communications; and the Pen Registers and Trap and Trace Act and USA PATRIOT Act, both of which provide law enforcement with the ability to legally intercept real-time telephony metadata. In passing this legislation, Congress was able to openly debate and weigh the various constitutional issues at play.

This would seem to be the least the DOJ can do, rather than trying to sidestep the process it forces American citizens to use.

"I empathize that it is very hard to get a legislative change," Amie Stepanovich, senior policy counsel with Access, a digital-freedom group, told the judicial panel during a meeting called to review the proposal in November. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority."

Google also warns that the non-specific wording of the proposal lends itself to all sorts of shady tactics.

There are a myriad of serious concerns accompanying the government's use of NITs [Network Investigative Techniques]. These are outlined in detail in other comments submitted to the Committee and include, among other things, the creation of vulnerabilities in the target device thereby increasing the target's risk of exposure to compromise by other parties, actual damage to the target device, the creation of a market for zero-day exploits, and unintended targets' exposure to malware. Additionally, the remote facilities accessed by the government may in fact identify and disclose the 'hack' or take action to prevent it or retaliate against its use. These are serious concerns that are more appropriately considered and balanced by Congress than by the Committee.

Again, with the exception of the eventuality listed last, these are side effects the DOJ couldn't care less about. Collateral damage is almost always acceptable, and at this point -- considering what we've learned about the tactics deployed by the NSA and other intelligence agencies -- making things worse and less safe for the world's citizens is just another essential part of fighting Wars on Things.

The DOJ seems to view its proposal as a necessity in the race against technological advance, rather than a dangerous expansion of power that could result in some very negative repercussions. Unfortunately, the nation's prosecutors and magistrate judges seem to be very much aligned with the DOJ. Both refer to the Rule 41 change as "filling a significant gap" in existing law.

But it does far more than that. The DOJ argues it's just a needed tweak, but it gives its agencies unprecedented extraterritorial powers and encourages these investigators to view anonymous connections as inherently suspicious.

Filed Under: doj, fbi, hacking, overseas, rule 41, search powers, warrants
Companies: google

Civil Liberties Groups Argue Against DOJ's Petition For Expansion Of Hacking Powers And Judicial Jurisdictions

from the please,-sirs,-may-we-have-a-whole-fuckload-more? dept

The DOJ wants the FBI to have the ability to run amok, hacking overseas computers and accessing electronics wherever and whenever, with a minimum of hassle. The DOJ's proposal, which was presented to a judicial advisory committee in September, asks for some major alterations to Rule 41.

As Mike explained back in September, what the DOJ is proposing is an expansion of power that takes the necessarily limited exceptions applied to terrorism investigations and applies them to everyday criminal investigations. Then it goes further, wiping out jurisdictional limitations.

The provision, known as Rule 41 of the federal rules of criminal procedure, typically allows judges to issue search warrants only within their judicial district. But the government has asked to alter this restriction to allow judges to approve electronic surveillance to find and search a computer's contents regardless of its physical location, even if the device is suspected of being abroad.

This expansion is supposedly justified by the technological arms race law enforcement agencies (like the DOJ and FBI) continuing to claim they're somehow losing, despite billions of tax dollars and years of perfecting their skills. Rather than work within the confines of the Fourth Amendment and other related considerations, the government is looking to create a broad and permanent downhill slope to ease its investigative burden.

The DOJ is seeking expanded powers for the FBI, including the permission to implant malware and infiltrate overseas networks, just like its big brother, the NSA. In addition to asking for the codification of Fourth Amendment violations, the DOJ is also asking for permission to place the US in a number of diplomatically tenuous situations with other countries as a result of its agents' actions.

Unsurprisingly, there's plenty of outside resistance to this proposed change.

Technology experts and civil-liberties groups strongly oppose the proposed rule change. On Wednesday, several of them testified before the rule-making committee urging a rejection of the Justice Department's proposal. The rule change, they argued, would be substantive and not merely procedural, making it beyond the intended scope of the advisory panel. They also warned that the expansion would threaten the Fourth Amendment's strict limitations on government search and seizures, and allow the FBI to violate the sovereignty of foreign countries.

The panel hearing the inquiry didn't seem very impressed with those taking the side of the American public.

The judicial panel on Wednesday did little to tip its hand on the issue, but it did aggressively question several witnesses as to what alternative they would prefer that allows federal investigators to keep up with and catch elusive cybercriminals.

This, too, is unsurprising. The courts have a long history of showing deference to law enforcement agencies, and the increasing use of terrorism as a rhetorical device has only made this tendency worse. While there has been some pushback in the wake of the Snowden leaks, by and large the judicial viewpoint is that fighting crime is a noble pursuit and those engaged in this battle should be given every tool needed to succeed, even if that means shaving a few inches off the top of Americans' civil liberties.

But those arguing against this proposed change made a very valid point during their time in front of the panel: if we have to look to legislators for relief, so should the DOJ.

"I empathize that it is very hard to get a legislative change," said Amie Stepanovich, senior policy counsel with Access, a digital-freedom group. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority."

James Comey, of course, will be continuing his attempt to do exactly that. His speaking appearances are still largely composed of encryption complaints, and when not publicly demanding that tech companies get in bed with the FBI, he's meeting secretly with legislators in hopes of bending the nation's laws to his will.

Oddly, the DOJ has previously claimed the FBI doesn't need warrants to hack foreign computers -- an argument it made during the evidentiary hearings in the Dread Pirate Roberts/Silkroad case. Now, it's petitioning to grant US judges the power to sign off on warrants that can be used anywhere -- even overseas. If the panel agrees to this alteration, it would actually limit the FBI's extraterritorial activities, at least as described in federal court.

What this proposal sounds like is an attempt to expand its domestic powers, with a small nod towards extraterritorial activities thrown in as an expendable demand -- something to be given up to keep the domestic power expansion it really wants. Rights of foreigners are similarly expendable and are only respected when diplomatically expedient. Here in the US, it's a bit trickier, and that's the part the FBI actually wants to "simplify."

Filed Under: doj, fbi, hacking, rule 41