Legislators Demand Answers From DOJ On Expanded Hacking Powers It's Seeking

from the the-first-rule-of-the-new-Rule-41:-there-are-no-rules dept

There’s only a couple of months left until the DOJ’s proposed Rule 41 changes become law. All Congress has to do is nothing. This is a level of effort Congress is mostly amenable to. If this becomes law, worldwide deployments of malware/spyware during investigations will be unable to be challenged in court. In addition, the DOJ wants to be part of the cyberwar. It’s seeking permission to remotely access zombie computers/devices used in cyberattacks to “clean” them.

The rule changes would also add a presumption of guilt to an activity performed by millions of computer users around the world:

Opponents of the pending change to Rule 41 say that it unlawfully confers a new authority that changes substantive rights. First off, they contend that it adds a criminal taint to a perfectly legal practice: using location to cloak your location.

“There are countless reasons people may want to use technology to shield their privacy,” wrote the Electronic Frontier Foundation earlier this year. “From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security.”

The DOJ has argued that these Rule 41 amendments are just “clarifications” of existing law:

“The amendment would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law,” the DOJ told Consumerist in May, noting that law enforcement would still need to demonstrate probable cause.

This statement obviously isn’t true considering how many federal judges have agreed the warrant it used in the Playpen investigation exceeded existing jurisdictional limits.

Fortunately, there are legislators pushing back against the DOJ’s proposed changes. Ron Wyden has sent a letter [PDF] to the DOJ — co-signed by 22 other legislators — asking for clarification on the DOJ’s interpretation of the changes it’s seeking.

One of the questions the group has is how the DOJ can produce probable cause to search thousands of devices.

Please describe any differences in legal requirements between obtaining a warrant for a physical search versus obtaining a warrant for a remote electronic search. In particular, and if applicable, please describe how the principle of probable cause may be used to justify the remote search of tens of thousands of devices. Is it sufficient probable cause for a search that a device merely be “damaged” and connected to a crime?

The letter also raises the issue of forum shopping. With jurisdictional limits removed, federal law enforcement officers are free to find judges more willing to sign off on their warrant requests, rather than being forced to work with those in the locality the alleged criminal activity took place.

The DOJ’s proposed botnet cleaning efforts raise a whole set of new troubling questions, ones that Wyden and co. would like to see answered before allowing the rule changes to slide by unopposed. First, there’s the question of unforeseen collateral damage — efforts that hurt more than help.

We are concerned that the deployment of software to search for and possibly disable a botnet may have unintended consequences on internet-connected devices, from smartphones to medical devices. Please describe the testing that is conducted on the viability of “network investigative techniques” to safely search devices such as phones, tablets, hospital information systems, and internet-connected video monitoring systems.

Then there’s the question about the proposed “cleaning” efforts. Under what authority will law enforcement break into Americans’ computers and screw around with their software and hardware?

Will law enforcement use authority under the proposed amendments to disable or otherwise render inoperable software that is damaging or has damaged a protected device? In other words, will network investigative techniques be used to “clean” infected devices, including devices that belong to innocent Americans? Has the Department ever attempted to “clean” infected computers in the past? If so, under what legal authority?

Good questions. Hopefully, we’ll see the answers sometime before December 31st.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Legislators Demand Answers From DOJ On Expanded Hacking Powers It's Seeking”

Subscribe: RSS Leave a comment
Christenson says:

Re: Trust the DoJ!

My confidence in the DOJ is very high

I’m confident they are the very scum they say they are trying to stop, and I have faith that they will stop at nothing.

See James Comey and this weekend’s very public re-opening of the Hillary Clinton e-mail investigation because her aide’s husband is possibly a child molester and somehow that might be classified information!

Anonymous Coward says:

Re: Re: Trust the DoJ!

The FBI and the DoJ aren’t the same; the DoJ has been shown to have no control over the FBI.

And the re-opening of the e-mail investigation has to do with other emails found on Weiner’s computer while investigating his racy communications with a 15 yo. Emails between his wife and the Clinton Foundation.

So you should base your confidence/lack thereof on other failings of the DoJ itself (there’s lots to choose from) instead of inserting straw men and muddying up the issue.

Anonymous Coward says:

Once upon a time, the kind folks at the Windows Technical Support called me and wanted remote access to my computer. They said my computer had lots of viruses. I asked them how they knew, and they told me that they monitor this sort of thing. I didn’t want to spread viruses, so I installed a program that let them remotely access my computer.

They proceeded to show me lots of scary warnings and errors and then directed me to an anti-virus program. The program founds lots more problems! I was happy to pay $150 to clean up the viruses.

I thank the kind folks at Windows Technical Support for cleaning my computer. And I would be glad to see the government get in the business of remote access as well! Think of all the problems the DOJ could clean if the DOJ had remote access to my computer!

I don’t want to be a bad Internet citizen. Do you?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...