Privacy

by Tim Cushing


Filed Under:
doj, fbi, hacking, overseas, rule 41, search powers, warrants

Companies:
google



Google Blasts DOJ's Request For Expanded Search Powers; Calls Proposal A Threat To The Fourth Amendment

from the to-keep-up-with-the-bad-guys,-we're-just-going-to-need-the...-EVERYTHING dept

The DOJ wants to amend Rule 41 (Search and Seizure) to grant its agencies unilateral powers to hack any computer in the world. This would expand its reach beyond the US, using warrants granted by magistrate judges to facilitate searches and seizures of remote data. This would obviously open up a whole diplomatic can of worms, what with the FBI hacking into computers whose locations it can't ascertain until after the fact.

Not that the DOJ is bothered by the implications of the amendment it's pushing. It argues that the law already has determined searches in known jurisdictions legal. What's left to be established is whether it's similarly legal to search computers whose true location is unknown, thanks to the use of proxies and VPNs. That operating extraterritorially might cause some diplomatic strain or possibly even be illegal in the country the search takes place doesn't seem to have crossed its mind. In its opinion, this is the natural progression of Rule 41, which must be updated to reflect the change in technology.

Google has fired back at the DOJ in its comments on the proposed wording change, pointing out not only the damage it could cause to international relationships, but also its further dismantling of Fourth Amendment protections.

Although the proposed amendment disclaims association with any constitutional questions, it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants.
Google then suggests that if the DOJ wishes to keep stripping away these protections, it should have the decency to do it the way it's usually been done: through acts of Congress.
The substantive changes offered by the proposed amendment, if they are to occur, should be the work of congressional lawmaking. Such was the case with a slew of legislation providing law enforcement with the ability to use technological means to conduct invasive searches on targets, including the Foreign Intelligence Surveillance Act, which provides law enforcement with the ability to legally surveil and collect foreign intelligence information; Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which provides law enforcement with the ability to legally intercept wire, oral, and electronic communications; the Stored Communications Act, which provides law enforcement with the ability to legally access electronically stored communications; and the Pen Registers and Trap and Trace Act and USA PATRIOT Act, both of which provide law enforcement with the ability to legally intercept real-time telephony metadata. In passing this legislation, Congress was able to openly debate and weigh the various constitutional issues at play.
This would seem to be the least the DOJ can do, rather than trying to sidestep the process it forces American citizens to use.
"I empathize that it is very hard to get a legislative change," Amie Stepanovich, senior policy counsel with Access, a digital-freedom group, told the judicial panel during a meeting called to review the proposal in November. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority."
Google also warns that the non-specific wording of the proposal lends itself to all sorts of shady tactics.
There are a myriad of serious concerns accompanying the government's use of NITs [Network Investigative Techniques]. These are outlined in detail in other comments submitted to the Committee and include, among other things, the creation of vulnerabilities in the target device thereby increasing the target's risk of exposure to compromise by other parties, actual damage to the target device, the creation of a market for zero-day exploits, and unintended targets' exposure to malware. Additionally, the remote facilities accessed by the government may in fact identify and disclose the 'hack' or take action to prevent it or retaliate against its use. These are serious concerns that are more appropriately considered and balanced by Congress than by the Committee.
Again, with the exception of the eventuality listed last, these are side effects the DOJ couldn't care less about. Collateral damage is almost always acceptable, and at this point -- considering what we've learned about the tactics deployed by the NSA and other intelligence agencies -- making things worse and less safe for the world's citizens is just another essential part of fighting Wars on Things.

The DOJ seems to view its proposal as a necessity in the race against technological advance, rather than a dangerous expansion of power that could result in some very negative repercussions. Unfortunately, the nation's prosecutors and magistrate judges seem to be very much aligned with the DOJ. Both refer to the Rule 41 change as "filling a significant gap" in existing law.

But it does far more than that. The DOJ argues it's just a needed tweak, but it gives its agencies unprecedented extraterritorial powers and encourages these investigators to view anonymous connections as inherently suspicious.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 23 Feb 2015 @ 2:16am

    Say hello to plausible deniability

    I wonder if it's even crossed their little minds that by making it legal for them to hack foreign targets, they open themselves up for the same?

    Wasn't too long ago the USG was throwing a (symbolic and utterly useless) fit about some chinese hackers, but with something like this in play all those hackers and their government backers would have to do is point out the USG's claims that such actions are perfectly legal. Or perhaps just claim that they had no idea that their targets were systems located in the US, and only learned that after they'd hacked in.

    At that point any further protests by the USG would just make them look all kinds of stupid and hypocritical, though I suppose that's a specialty of politicians these days.

    ... actually, I take it back, I'm sure it has occurred to them, it's just that they, much like pretty much every other government agency, simple don't care. Who cares if their actions cause massive collateral damage and open up US systems to being hacked with impunity, as long as it makes their job easier, it's all good as far as they're concerned.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 23 Feb 2015 @ 3:13am

    They should change their name to more properly reflect what they are doing/care right now. I suggest Department For State Security. And we can all warmly call them Stasi.

    reply to this | link to this | view in chronology ]

  • icon
    Violynne (profile), 23 Feb 2015 @ 3:22am

    There's a great deal of hypocrisy coming from Google.

    "We don't want the government intruding on our services, bypassing security, and invading the privacy of our millions of users.

    Instead, they should just pay for the data we capture like everyone else does, as we waste little time tracking each and every one of our users."

    Furthermore, if Google doesn't like what you do with its services, they'll be more than happy to give this information to the very same entity it's screaming about.

    Google can go straight to hell.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 23 Feb 2015 @ 3:45am

      Re:

      Why do people continue to bring this comparison up, as though they are even remotely similar?

      Don't like Google tracking you and/or harvesting your data to sell to others? Don't use their services, and block their stuff. All they really care about is maximising profits, so if you make it too difficult for them to do so via you, they'll move on to someone else.

      Don't like a government agency tracking you and/or harvesting your data to use against you? Too bad, other than an incredibly expensive lawsuit that will almost certainly be shot down by a judge sympathetic to the government, there's pretty much nothing you can do about it, and in fact even trying will garner you even more attention.

      Don't like what Google does? Don't use their stuff.
      Don't like what the government does? Tough luck.

      reply to this | link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 23 Feb 2015 @ 4:28am

        Re: Re:

        Never mind that Google isn't hacking into systems under ridiculous pretenses, and generally causing misery wherever they go for no damned good reason whatsoever.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Feb 2015 @ 4:31am

        Re: Re:

        Also, Google does not possess and use Hellfire Missiles, the USG does.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 23 Feb 2015 @ 7:28am

          Re: Re: Re:

          Also, Google does not possess and use Hellfire Missiles, the USG does.

          If you have nothing to strike, you have nothing to fear.

          reply to this | link to this | view in chronology ]

      • identicon
        jjim, 23 Feb 2015 @ 6:24am

        Re: Re:

        Love it, just another way to say, turn your head and cough. I totally agree. We always hope for better from our government, because they are us, but a business that you can opt out of, is always a they?

        reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 23 Feb 2015 @ 7:40am

        Re: Re:

        Have a first word. This can't be stressed enough.

        reply to this | link to this | view in chronology ]

      • icon
        Violynne (profile), 23 Feb 2015 @ 8:21am

        Re: Re:

        This is the apologist thinking of people who don't understand how Google works (as well as other companies).

        Let's get something clear: I don't use Google services but I'm still being tracked.

        In fact, Techdirt uses the same tools offered by these companies which tracks me. Google analytics is nothing we can "stop using", nor does the FB API prevent it.

        That's the problem, and you need to know this because while you're defending "my" problem with Google, it underscores the true issue.

        Do you really think it matters that Google isn't "breaking into" networks or circumventing security to achieve the same goal of abusing our right to privacy?

        That's absurd. Yes, I know other companies are doing the same thing, from my ISP to Microsoft, but therein lies the problem the public excuses because it's NOT the government doing it.

        It's the same dichotomy as screaming "FREE SPEECH!" as companies shut down the conversation because it's NOT the US government.

        You can pretend all you want that our choices are based on usage service (or the lack of not using them), but what goes on behind the scenes is irrelevant.

        Try to remember this the next time a company decides to stick in a "super cookie" into a service you AREN'T EVEN USING because a third party is.

        PRIVACY INVASION ISN'T THE RESULT OF GOVERNMENT SNOOPING ALONE.

        That's why I said it was hypocritical of Google to be calling out the government for doing the same damn thing and that's INVADING OUR PRIVACY.

        How one invades the 4th Amendment should be the scope, not who is doing it.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 23 Feb 2015 @ 8:43am

          Re: Re: Re:

          "Google analytics is nothing we can "stop using", nor does the FB API prevent it."

          Of course it is. There are browser plugins to do this (like NoScript) or you can firewall off access to google-analytics.com, or block access to that domain through your hosts file. That's what I do.

          As to the FB API, I would argue that if you're OK with using Facebook or anything that uses Facebook APIs, then you shouldn't be worried about Google.

          reply to this | link to this | view in chronology ]

        • icon
          Ninja (profile), 23 Feb 2015 @ 9:25am

          Re: Re: Re:

          Google is optional and generally Google employees have no access to the data. And yes, analytics can be stopped and it's fairly easy. You should be concerned with smaller or less known companies that are not easy to spot with a simple no-script.

          The super cookies are a clear abuse of the ISPs position as the conduits and it's way more serious than what Google may do in your wild fantasies.

          But nothing, NOTHING compares to Government surveillance. If they tap directly in the servers you CANNOT opt-out and you CAN be arrested or harassed (or tortured, go figure) by the Government if they decide they don't like you or read something out of context. Google is plain right and there is no hypocrisy at all considering how easy it is to avoid them.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2015 @ 11:30am

            Re: Re: Re: Re:

            "Google spends billions on marketing, paying lobbyists and buying influence. It funds over 150 organisations and
            overtook Goldman Sachs last year as the biggest corporate political donor in the USA."
            http://www.theregister.co.uk/2015/01/29/oops_google_somebody_left_a_tape_running/

            No. Google is a cancer in many, many ways. Our interests may sometimes coincide with theirs, but google (et al) lobbying dollars are the main thing preventing serious data protection legislation from getting up. It is not even really a separate thing from the USA coup government/security state at this point.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 23 Feb 2015 @ 1:12pm

              Re: Re: Re: Re: Re:

              Cancer consume, like the MPAA/RIAA and friends obtaining and controlling cultural artifacts. Google on the other hand provides various services, including Search, Youtube and Blogger which allow people to create and share culture, without giving control to Google.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 24 Feb 2015 @ 3:46am

                Re: Re: Re: Re: Re: Re:

                Read the The Register article. The shit You Tube is pulling now on independent artists is worse than what the legacy middlemen did.

                reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Feb 2015 @ 4:17pm

        Re: Re:

        Don't like what Google does? Don't use their stuff.
        Don't like what the government does? Move to another country.

        reply to this | link to this | view in chronology ]

  • identicon
    lars626, 23 Feb 2015 @ 4:43am

    And then ...

    The judges and law enforcement agents in these cases need to consider that some foreign country could issue an arrest warrant for them as part of a conspiracy to violate that countries privacy laws.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 5:30am

    Hey, guys.

    Remember when the Americans were The Good Guys(tm)?

    reply to this | link to this | view in chronology ]

  • identicon
    aerilus, 23 Feb 2015 @ 5:30am

    holder has the chance of a lifetime to leave do things that he couldn't get away with while in office and this is the shit he chooses to leave as a legacy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 5:48am

    Its like one big fucking experiment and were the fucking lab rats

    ...... what gives them the FUCKING right

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 5:57am

    "Search" powers

    The DOJ wants [...] to grant its agencies unilateral powers to hack any computer in the world.
    The headlines buries the lead. Please don't refer to these as "search powers"—they go well beyond that.

    reply to this | link to this | view in chronology ]

  • identicon
    avideogameplayer, 23 Feb 2015 @ 6:07am

    I wish we could rename the DoJ as Department of Jokes...but I haven't seen the punchline yet...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 6:33am

    The agency wants to amend it to legalize it's past activities and to cement current practices. It's clear from the Snowden revelations that the United States government does not care about 'unalienable' rights.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 7:27am

    Remember when the Americans were The Good Guys?

    when you say were, do you mean really were or really were pretending to be?  there's a big difference.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 7:57am

    https://www.youtube.com/watch?v=AMIrmt9sZyY&feature=youtube_gdata_player

    New nsa whistleblower came forward recently, bless her, seemed very nervous at the begining, just wanted to hug her, protect her, and thank her for her bravery

    Anyway, very insightful speech discussing a first person perspective of someone who was there at the time this all started, what she saw, what she did, and she actually cares

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Feb 2015 @ 8:06am

      Re:

      https://www.youtube.com/watch?v=XDM3MqHln8U&feature=youtube_gdata_player

      Also, Jessylyn Radack, who was i beleive nsa's ethical lawyer at some point during early 2000 (dont quote me, might have been another department within the govrnment), who spoke up through official channels against the first time she saw torture going on

      does'nt work for them anymore and is still to this day being harrsed by our respective empires, a recent occurance her and thomas drake being singled out in a uk airport for "questioning"(not the first time)...........anyway, she now spends her time defending whistleblowers

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 8:17am

    @Tim
    I'm curious what you think a better idea would be. I understand you prefer a different procedure for changing the law, but in the end, what should DOJ do to conduct online searches where it doesn't know the location of the target machine with much certainty? Is it not better if the rules allow judges to issue warrants in these situations?

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 23 Feb 2015 @ 8:40am

      Re:

      If you want to see if something is dodgy, just try this simple thought exercise: Flip the positions.

      Would you see anything wrong with a government agency from another country hacking into US systems(whether private, public, government or corporate), knowingly or not, who when caught claimed that they were doing so in order to check where the system was based and to gather data from the hacked system? If yes, then why, as that's what the DOJ is claiming they should be able to do here.

      Is it not better if the rules allow judges to issue warrants in these situations?

      How exactly does a judge issue a legal, valid warrant when they do not know where the location to be searched is, or even if they have jurisdiction over it?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 8:36am

    Both refer to the Rule 41 change as "filling a significant gap" in existing law.
    This change fills a much needed gap.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2015 @ 8:42am

    We should be leading by example, not forcing our will on others, our example should not be one of imperialism, but an example of defending freedom, rights, and a pursuit of happiness..........THATS the example ALL on earth should be trying to strive for.........not look at the monumental task and just give up, hence guaranteing endless violence.
    All it takes is to believe, all it takes is to be vigilant, even if its just in the confines of ones own mind........infact, ESPECIALLY that

    Each generation striving to improve as much as they can for the next generation to take it even further.............give that up, and we might aswell nuke ourselves now and avoid the long suffering pain were heading towards

    Im sorry, that last bit was depressing and fatalistic even for me to imagine...........i hope to god im wrong with that assesment, that we reach a point that a nuke would have been preferable to the current missery............i wont give up just yet, join me in not giving up

    reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 24 Feb 2015 @ 8:19pm

    All these doors and all these keys - all we need is an auto-warrant!

    Hmmmm.... Komodia (and likely a few dozen other companies) inserts backdoors in computers via software, worldwide...

    DOJ wants to be able to enter and search computers legally, worldwide, without even having to know where the computer might be located....

    Nah. No connection there, I'm sure. :)

    ---

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
New And For A Limited Time
New Gear By Techdirt: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.