DOJ Describes Its Use Of Malware As 'Augmenting Content' As It Pushes For Great Ability To Hack Computers

from the augment-that-content dept

Over at the Wall Street Journal, there's a good article about the DOJ's push for greater powers to use malware and to hack into computers in pursuit of criminals. The key issue, as the DOJ sees it, is that it normally needs a warrant from a local judge in order to make use of a malware exploit -- and when you're talking about networked computers, it's not always clear what's local. Thus, at least one warrant request for installing malware has been rejected over privacy concerns when the physical location of a computer was unknown (other courts, however, have approved such warrants). Given that, the DOJ is seeking to expand the rules making it easier to use malware (and to use it across multiple computers, rather than just a single computer per warrant).

The article points to a massive 402 page document to the rule making body of the courts, in which it explains how it has used malware to find criminal suspects. Of course, this is the DOJ that we're talking about, so it's not going to come right out and say "hey, here's the malware we used and how we use it." Instead, as noted by the ACLU's Christopher Soghoian, the DOJ hides its description of malware on page 201 (smack dab in the middle of such a giant document) in a single paragraph using some rather incredible language:
In the normal course of operation, websites send content to visitors. A user's computer downloads that content and uses it to display web pages on the user's computer. Under the NIT authorized by this warrant, the website would augment that content with some additional computer instructions. When a computer successfully downloads those instructions from Website A, the instructions are designed to cause the "activating" computer to deliver certain information to a computer controlled by or known to the government. That information is described with particularity on the warrant (in Attachment B of this affidavit), and the warrant authorizes obtaining no other information. The NIT will not deny the user of the "activating" computer access to any data or functionality of that computer.
As Soghoian notes, if you blink, you might miss it. The DOJ calls its malware insertion man-in-the-middle attack by describing it as "augmenting" the content sought by the user "with some additional computer instructions." That's certainly one way to look at it, but you have to assume that less than technologically savvy judges aren't likely to understand what this means at all.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: augmenting content, doj, legal authority, malware, man in the middle, warrants

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 27 Mar 2014 @ 2:39pm

    Acts of war

    These days, there's little serious argument that the President of the United States has constitutional authority to order the armed forces to invade the territory of another nation. Further, this principle seems to extend into the military's “cyber domain”. In short, the President can authorize DoD (NSA) to invade another nation's computing infrastructure.

    But, under our current constitution, does a U.S. magistrate judge have the authority to order an act of war?

    DoJ wants to get a magistrate judge in any district to ok breaking into a computer located “outside that district”. There's no additional language limiting the breakin to some U.S. judicial district, rather, “within or outside that district” reads as the whole world. The whole world.

    DoJ says they need this rule change because sometimes they don't know the location of the computer they want to break into.

    Does a U.S. magistrate judge have the authority to order armed men to break into someone's house in Canada? In Mexico? In Russia? Does a U.S. magistrate judge have the constitutional authority to start a war?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.