Botnet Bill Could Give FBI Permission To Take Warrantless Peeks At The Contents Of People's Computers

from the mind-if-we-take-a-look-around,-they-asked-never dept

In a recent ruling in a child porn investigation case, a judge declared that the FBI's Network Investigative Technique (NIT) -- which sent identifying user info from the suspect's computer to the FBI -- was the equivalent of a passing cop peering through broken blinds into a house.

[I]n Minnesota v. Carter, the Supreme Court considered whether a police officer who peered through a gap in a home's closed blinds conducted a search in violation of the Fourth Amendment. 525 U.S. 83, 85 (1998). Although the Court did not reach this question, id at 91, Justice Breyer in concurrence determined that the officer's observation did not violate the respondents' Fourth Amendment rights. Id at 103 (Breyer, J., concurring). Justice Breyer noted that the "precautions that the apartment's dwellers took to maintain their privacy would have failed in respect to an ordinary passerby standing" where the police officer stood.

What would normally be awarded an expectation of privacy under the Fourth Amendment becomes subject to the "plain view" warrant exception. If a passerby could see into the house via the broken blinds, there's nothing to prevent law enforcement from enjoying the same view -- and acting on it with a warrantless search.

Of course, in this analogy, the NIT -- sent from an FBI-controlled server to unsuspecting users' computers -- is the equivalent of a law enforcement officer first entering the house to break the blinds and then claiming he saw something through the busted slats.

The DOJ may be headed into the business of breaking blinds in bulk. Innocuous-sounding legislation that would allow the FBI to shut down botnets contains some serious privacy implications.

Senators Whitehouse (D-RI), Graham (R-SC), and Blumenthal (D-CT) introduced the Botnet Prevention Act in May, which (among other things) amends the portion of federal law (18 U.S.C. § 1345) that authorizes these injunctions. The bill would expand § 1345 by adding violations of a section of the Computer Fraud and Abuse Act (“CFAA”) that covers botnets (and more) to the list of offenses that trigger the DOJ’s ability to get an injunction.

More specifically, it would allow injunctions in all violations or attempted violations of subsection (a)(5) of the CFAA that result or could result in damage to 100 or more computers in a year, including any case involving the “impair[ment of] the availability or integrity of the protected computers without authorization,” or the “install[ation] or maintain[nance of] control over malicious software on the protected computers” that “caused or would cause damage” to the protected computers.

It only sounds like a good idea: the government riding to the rescue of unaware computer users whose devices have been pressed into service by malware purveyors and criminals. But, as Gabe Rottman of CDT points out, there's some vague wording in the existing law that would undercut important Fourth Amendment protections when used in conjunction with the DOJ's botnet-fighting powers.

Buried deep within § 1345(b) is a single phrase that could open up a number of thorny issues when this injunctive authority is applied to botnets. The section not only allows the government to obtain a restraining order that stops someone from doing something nefarious, but also an order that directs someone to “take such other action, as is warranted to prevent a continuing and substantial injury . . . .”'

Rottman points to the FBI's 2011 shutdown of the Coreflood botnet. After obtaining a restraining order under the federal rule, the FBI used its own server to issue commands to infected computers, halting further spread of the malware and shutting down the software on infected host devices. Again, this seems like a good use of the government's resources until you take a closer look at what's actually happening when the FBI does this sort of thing.

The court hearing the Coreflood case accepted the government’s argument that the “community caretaker” doctrine allowed the transmission of the shutdown order, as the action was “totally divorced from the detection, investigation, or acquisition of evidence relating to the violation of a criminal statute.” At the time, the government likened its actions to a police officer who, while responding to a break-in, finds the door to a house open or ajar and then closes it to secure the premises.

The "community caretaker" function is one exception to warrant requirements. Accessing peoples' computers without their permission under these auspices allows the FBI to avail itself of a second warrant exception.

In order to scrub private computers for malware, the government would, by necessity, have to search the computer and its contents for the malware. Once the door is ajar, rather than closing it, the police would actually “walk in” to the computer. And anything they find in “plain view” can be used as evidence of a crime. Nothing in the current version of the bill would prevent such a search or collection, giving the government the potential means to search countless computers of victims of the botnet (not the perpetrators) without a warrant.

While these are both valid exceptions to warrant requirements, they've never been deployed on this sort of scale. Officers can perform community caretaker functions that may result in contraband being discovered in plain view. When the FBI takes on a botnet, however, it will have access to potentially thousands of computers at a time and the legislated permission to not only "enter" these computers, but to take a look around at the contents.

The Fourth Amendment was put into place to end the practice of general warrants. The FBI's botnet-fighting efforts turn court-ordered injunctions into digital general warrants, only without the pesky "warrant" part of the phrase. And, unlike other warrants, the proposed legislation would do away with another Fourth Amendment nicety: notification.

As CDT noted in its comments on the Rule 41 change mentioned above, potentially as many as a third of computers in the United States are infected with some form of malware. And, botnets are extremely hard to clean up, especially when you depend on victims to voluntarily submit their computers for cleaning. Given this reality, unless notice is required by statute, law enforcement would have an incentive to dispense with notice in the much wider array of shutdowns permitted under the Graham-Whitehouse bill.

The bill has only been introduced and there's no forward motion as of yet. It's in need of serious repair before it heads further up the legislative chain. As it's written, there's nothing standing between people's personal files and a host of digital officers wandering through virtual houses in search of malware and searching/seizing anything else that catches their eye.

Filed Under: botnet, botnet prevention act, congress, fbi, hacking, lindsey graham, richard blumenthal, sheldon whitehouse, warrants


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 10 Aug 2016 @ 11:00am

    Just wondering...

    So out of curiosity, what stops them from simply claiming that a given system was infected and searching it without a warrant for potentially incriminating evidence? Or just for fun? If they don't need a warrant, and they don't have to tell the one who's computer they accessed, seems to me they could just search any computer they wanted at whim without any real limit, simply by claiming that they thought it was infected.

    ...

    Nah, I'm sure the paragons of virtue in the FBI would never do something like that given the total respect they have for the rights and privacy of the public, such that they would never abuse their power in such a manner. Never mind, I see now it was a silly thought and one completely divorced from reality.

    reply to this | link to this | view in chronology ]

    • identicon
      David, 10 Aug 2016 @ 11:46am

      Re: Just wondering...

      So out of curiosity, what stops them from simply claiming that a given system was infected

      What makes you think they cannot make bloody sure the system was infected? An attack vector for a secret search and an attack vector for an infection are pretty much the same thing. They just put through a different payload.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 10 Aug 2016 @ 12:15pm

        Re: Re: Just wondering...

        Oh I'm sure he FBI would never do something like that, I mean really now, it's not like we're talking about an agency with a history of setting up patsies just to bust them so they can crow about how awesome they are at stopping criminals/terrorists/communists.

        The very idea that they would themselves infect a system in order to have an excuse to search it is just beyond absurd, and in fact you should feel ashamed for expressing or even having doubt about such a sterling and law abiding agency, as such thoughts are absolutely un-American and dare I say it even a little red.

        reply to this | link to this | view in chronology ]

  • identicon
    AJ, 10 Aug 2016 @ 11:19am

    I wonder what happens when you "peek" through the blinds of the FBI? I'm betting, if you even managed to survive the peeking itself, they would seize your computers, shoot your dog, put you on the sex offender registry and the no fly list, label you a terrorist/traitor, then question you by making you watch reruns of happy days with the volume wide open while waterboarding you..... and of course it would all be legal because the secret court would have had a secret judge sign off on the secret paper that you could never see, or even be told actually existed. ...

    reply to this | link to this | view in chronology ]

    • identicon
      Dheneb, 10 Aug 2016 @ 1:20pm

      Re:

      Bu, but , but, I was doing it for the FBI's own good as part of my civic duty as a good community caretaker! Taking care of our community is everyone's business!

      reply to this | link to this | view in chronology ]

  • icon
    Peter (profile), 10 Aug 2016 @ 11:25am

    Just peek? Or place, then peek?

    This could well be the last bill the senators get to pass without being pressured by a threat of child porn or terrorist materials being 'found' on their computers.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2016 @ 11:30am

    Perhaps they should do exactly this to the IRS and the OPM and fix their own shitty networks before demanding to do the same to the rest of the populace?

    I mean, shouldn't you make sure your own house is clean before telling us that ours aren't?

    reply to this | link to this | view in chronology ]

  • identicon
    Ox, 10 Aug 2016 @ 11:31am

    Unless said cop didn't have permission/reason to be on my property in which my house sits in the middle of 25 acres.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2016 @ 12:14pm

    Anybody charged due to such searches has an automatic defense, "there was malware on my computer, and that was resposible for the illegal stuff you found".

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2016 @ 12:28pm

      Re:

      And what happens when they also seize your bitcoin wallet in the process... do you think you're getting that back?

      Besides, there are other ways to prove the illegal material was put there by you - once they have the evidence, they only need to get a search warrant for your whole house.

      reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 10 Aug 2016 @ 1:00pm

    What exactly is PLAIN VIEW in this case?

    So the FBI's software looks at your network for specific traffic, or looks into your computer files for specific malware, and / or looks into your computer's memory for specific malware in memory.

    So far, I don't have a big problem here -- although I trust the government in my computer even less than I trust the malware.

    Now the question. What is plain view? Even if the FBI injects a software payload into the computer's memory to look for very specific things; what is 'plain view' as far as anything else I have on my computer?

    It's not like this injected software has artificial intelligence and can say: oh, my, that's pr0n! Or that file has a very anti-government file name (gasp!).

    The only way ANYTHING would be in 'plain view' is if they start exhaustively searching the computer for things. And those searches would be by nature of a search, directed at specific targets.

    Or would the FBI have a live agent interacting with the FBI's malware, so the agent could selectively view files with names that seem interesting to the agent? And would such an approach scale?

    reply to this | link to this | view in chronology ]

    • icon
      art guerrilla (profile), 10 Aug 2016 @ 1:21pm

      Re: What exactly is PLAIN VIEW in this case?

      yep, have ZERO trust that ANY gummint agency is actually going to spy on me for my own benefit...
      not to mention one of the reasons WHY we are all extra vulnerable is because the spooks are hoarding zero-day exploits they refuse to reveal which would actually help protect us all; OR, they have actually written (or paid some hackers to program) malware and other intrusive software which i am absolutely certain never finds its way into the sweaty palms of nogoodniks...

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2016 @ 1:09pm

    We have no rights, its all just exception after exception. Bill of rights is now more of a guideline, which can be ignored whenever and the courts will happily twist things to make sure it stays that way.

    The 3 branches are just one branch working together to fuck the citizens over, its getting time to overthrow the tyrants.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 10 Aug 2016 @ 3:03pm

    Coming soon...

    Botnet sniffing dogs.

    reply to this | link to this | view in chronology ]

    • icon
      Atkray (profile), 10 Aug 2016 @ 3:27pm

      Re: Coming sooner...

      FBI operated botnets.

      The government already has shown a willingness to operate CP servers, a botnet would just help fill their "toolbox".

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2016 @ 4:48pm

    I assume the FBI botnets are listening in on members of congress.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 10 Aug 2016 @ 5:20pm

    what is the point of stuff like this when they already do this because they refuse to hold anyone accountable.

    Even if it made past illegal actions retroactively pardoned because of this bill it would never have stopped them from doing it in the first place.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 10 Aug 2016 @ 10:16pm

      Re:

      If they can make what they were doing in the shadows legal(often retroactively), then that means they can and will do even worse down the road.

      "Before this bill we couldn't do X legally(we still did it of course), but now we can. Y was an even more invasive action, but at the time we figured that we were toeing the line enough with X, so we held off. Now that we can do X though, Y's not that much worse..."

      reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 11 Aug 2016 @ 4:22pm

    A government; by any other name, still smells.

    Even a rabbit will fight back when cornered.

    Should be less than a decade now, till we start getting some good old fashioned and obviously-illegal defense software for the home and office.

    You know, little apps that can determine the presence of unauthorized "users", verify that they are indeed unauthorized, backtrack to their origin, ascertain that the origin is indeed the actual source of the intrusion and upload a nastygram-destructo-dragon-worm on the perps there, turning their computers into smouldering door-stops and ending that particular intrusion, in just a few seconds.

    Yeah sure there will be some mistakes at first and a few innocents will be mistakenly cyber-assaulted, but time will force the public to begin demanding something for the defense of their property against a government that follows no rules and obeys no laws.

    I'm hoping it is sooner, rather than later, because this situation is not going to get any better over time, when the perps are also the people who selectively uphold the laws of the land and who are themselves now only accountable to the set of secret rules and laws that they themselves wrote.

    Push the public far enough and often enough and they will push back.

    What does one call a "government" whose actions follow no rules and obey no laws?

    A "gang" might suit.

    ===

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.