The Judicial Conference Advisory Committee on Criminal Rules voted 11-1 to modify a federal rule – known as Rule 41 – that expands hacking authority for the FBI, the National Journal reported on Monday, citing a Department of Justice (DOJ) spokesperson.
As the rule stands, judges can only approve search warrants for materials within their own judicial district – modified, courts would have the ability to grant search warrants for electronic information located outside their judicial district, the report indicates.
A variety of organizations – including Google and a number of other civil rights and civil liberties groups – have spoken out against the proposal, but David Bitkower, deputy assistant attorney general of the Criminal Division in the Justice Department, defended it in a December 2014 memo.
Bitkower wrote that “the proposed amendment would ensure that a court has jurisdiction to issue a search warrant in two categories of investigations involving modern Internet crime: cases involving botnets and cases involving Internet anonymizing techniques.”
He went on to say, “The proposal would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law. As with all search warrant applications, such concerns must ultimately be resolved through judicial determination on a case-by-case basis.”
Google responded in February with comments written by Richard Salgado, director of law enforcement and information security with Google.
Salgado took issue that the amendment makes it so the government may use “remote access” to search and seize or copy electronic data, stating that the wording is too vague and does not specify how searches will be conducted and what may be searched.
“The term “remote access” is not defined,” Salgado wrote. “Sample search warrants submitted by the DOJ to the Committee indicate that “remote access” may involve network investigative techniques, or NITs, which include, for example, the installation of software onto a target device to extract and make available to law enforcement certain information from the device, including IP address, MAC address, and other identifying information.”
Salgado went on to add, “In short, “remote access” seems to authorize government hacking of any facility wherever located,” and later wrote that the amendment would authorize remote searches of millions of computers because, according to the FBI, botnets can grow to include of a large number of computers.
The Electronic Frontier Foundation (EFF) shared in Google's concerns. In a comment emailed to SCMagazine.com on Tuesday, Hanni Fakhoury, EFF senior staff attorney, called the amendment a substantive legal change masquerading as a mere procedural rule change.
“That is, by seeking to change the procedural rules about how the government can execute remote searches (which in essence means how they can deploy malware), the government is essentially pushing for approval of the idea that it should have the power to deploy malware and execute remote searches,” Fakhoury said. “To us, it seems like that's a decision Congress should make.”
Piggybacking on that idea, Nathan Freed Wessler, staff attorney with the American Civil Liberties Union (ACLU), said in a comment emailed to SCMagazine.com on Tuesday that the amendment expands the government's ability to use malware and zero-day exploits, and without imposing necessary protections.
“The current proposal fails to strike the right balance between safeguarding privacy and internet security and allowing the government to investigate crimes,” Freed said.
The National Journal report indicated that a number of other steps must a occur before the changes are made official, and the process could take longer than a year.
A Justice Department spokesperson did not respond to a SCMagazine.com request for additional information.