FBI wants easier process to hack suspects’ computers

The Justice Department is seeking a change in criminal rules that would make it easier for the FBI to obtain warrants to hack into suspects’ computers for evidence when the computer’s physical location is unknown — a problem that officials say is increasing as more and more crime is conducted online with tools to conceal identity.

But the proposal, which was posted for public comment on a U.S. court Web site Friday, is raising concerns among privacy advocates who see it as expanding the power of federal agents to insert malware on computers, which they say could weaken overall Internet security.

The proposed change would also make it easier for agents to use one warrant to obtain evidence on possibly hundreds or thousands of computers spread across the country when the machines have been secretly commandeered into “botnets” by criminals to conduct cyberattacks.

“Criminals are increasingly using sophisticated technologies that pose technical challenges to law enforcement, and remote searches of computers are often essential to the successful investigation of botnets and crimes involving Internet technologies,” said Mythili Raman, then-acting assistant attorney general for the Justice Department’s criminal division, in a letter to a U.S. Courts advisory committee last year that previewed the proposal.

Justice Department officials stress that the proposal would not authorize any searches or efforts to gain remote access that are not already permitted by law. What they’d like to do is update the rules governing physical search warrants to accommodate the digital age, officials said. Currently, judges may issue a search warrant in most cases only if the property to be examined is located in their district.

That complicates investigators' efforts when suspects have routed their activities through multiple servers to hide their locations and identities, officials say. They point to an online financial fraud case last year in southern Texas where a judge denied a warrant to prosecutors who wanted to use remote access tools to, among other things, locate a suspect’s computer.

“Since the current location of the target computer is unknown, it necessarily follows that the current location of the information on the target computer is also unknown,” wrote Magistrate Judge Stephen W. Smith. “This means that the government’s application cannot satisfy the territorial” requirement, which governs search warrants.

A rule change, Justice Department spokesman Peter Carr said, would reassure judges such as Smith that such searches are proper. It would allow them to issue warrants to use software to gain access to computers outside their district where the hacker’s identity and location have been “concealed through technological means.”

It would also allow a single warrant to be issued in hacking cases involving computers “located in five or more districts,” which typically involve botnets, according to the proposed rule.

But civil liberties advocates fear that the proposal, if adopted, would gradually lead to more invasive searches of property.

“The underlying current behind all of this is they’re basically talking about allowing police to break into people’s computers,” said Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation. “That gives me pause.”

At issue is a question more fundamental than whether a judge has jurisdiction to issue a warrant, said Nathan Freed Wessler, a staff attorney for the American Civil Liberties Union. “The overarching concern is that it’s unclear whether it is ever allowable under the Fourth Amendment to conduct these kinds of searches, sending out zero-day vulnerabilities over the Internet and weakening Internet security for everybody,” he said, referring to a type of computer software flaw that can be exploited to gain access to someone’s computer.

Wessler said that if investigators do not know where a computer is, it would be difficult for them to assure a judge that they are targeting the right computer. In a 2012 Colorado case, agents made an error in the e-mail address they were targeting, which could have resulted in the hacking software being sent to an innocent person, he said. He added that remote searches can end up revealing highly private information, beyond what investigators describe.

Another reason why Smith rejected the warrant application was what he described as the “extremely intrusive” nature of the FBI’s proposed search, which included activating a computer’s built-in camera.

But Carr said, under the proposal, “warrants such as these would not permit seizure and review of the owner’s personal files or similar activities.”

Michael Vatis, a partner at Steptoe & Johnson and a former head of the FBI’s computer crime program, said that sometimes the only way to determine the location of criminals, who may themselves be spreading destructive malware, is “to use software that goes across the Internet to reach the originating computer. There’s no reason to prohibit that.”

He said the government should be careful to limit the effects of its actions so they do not cause harm to innocent people’s computers. “But as a general matter, I don’t see anything wrong” with law enforcement agents using remote access tools in investigations.

In the case of botnets, officials said, investigations often require law enforcement to act in many jurisdictions all at once. “A large botnet investigation is likely to require action in all 94 districts, but coordinating 94 simultaneous warrants in the 94 districts would be impossible as a practical matter,” Raman wrote.

The proposal does not alter requirements that the prosecutor show probable cause of a crime to obtain a warrant and that the items to be searched and seized be described with “particularity,” officials said.

Former magistrate judge Brian Owsley, who has written critically about the government’s expanding use of surveillance tools, gave qualified support to the proposal. “I tend to agree with it as long as the government has exhausted all other options and considers people’s privacy,” said Owsley, who served until last May in the southern district of Texas. “I think this is a relatively extreme measure for law enforcement. It shouldn’t be the first option that pops into their head.”

The proposal must still go through several layers of court and congressional review.

SECTION: {section=world, subsection=national-security}!!!
INITIAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=bg52e9xhqr, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=3, includereport=true, source=washpost.com, allow_photos=false, maxitems=5, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!!

UGC FROM ARTICLE: {allow_comments=true, allow_photos=false, allow_videos=false, comments_period=14, comments_source=washpost.com, default_sort=, default_tab=, display_comments=true, is_ugc_gallery=false, max_items_to_display=15, max_items_to_display_top=3, moderation_required=false, stream_id=}!!!

FINAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=bg52e9xhqr, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=3, includereport=true, source=washpost.com, allow_photos=false, maxitems=5, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!
Comments
SECTION: {section=world, subsection=national-security}!!!
INITIAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=bg52e9xhqr, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=3, includereport=true, source=washpost.com, allow_photos=false, maxitems=5, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!!

UGC FROM ARTICLE: {allow_comments=true, allow_photos=false, allow_videos=false, comments_period=14, comments_source=washpost.com, default_sort=, default_tab=, display_comments=true, is_ugc_gallery=false, max_items_to_display=15, max_items_to_display_top=3, moderation_required=false, stream_id=}!!!

FINAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=bg52e9xhqr, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, childrenitemsperpage=3, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, includesorts=true, includeheader=true, defaulttab=all, includeverifiedcommenters=true, includerecommend=true, maxitemstop=3, includereport=true, source=washpost.com, allow_photos=false, maxitems=5, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!
Show Comments