ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices. Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free.
The U.S. Supreme Court last week approved a series of amendments to the federal rules of criminal procedure that would let judges issue search warrants for computers located outside their jurisdiction.
In letters to Congress, Chief Justice John Roberts announced the changes in the Supreme Court's interpretation of the rules.
The changes would allow a judge to issue warrants to search remote sites where the exact location of a suspect was not known, but where the suspect might be hiding evidence electronically, for example, or a group of computers might be storing damaged digital evidence.
The proposed amendments were scheduled to go into effect Dec. 1.
The changes essentially could authorize government hacking into thousands of computers, said U.S. Sen. Ron Wyden, D-Ore., who called on Congress to reject them.
"These amendments will have significant consequences for Americans' privacy and the scope of the government's powers to conduct remote surveillance and searches of electronic devices," he said.
Under the revised rules, the Department of Justice would be able to access thousands of computers with a single warrant from a single judge, he said.
He planned to introduce legislation to have the amendments immediately reversed and to request details on what the "opaque process of the authorization and use of hacking techniques by the government," he said.
The DoJ is trying to expand its powers while Congress and the public have been focused on the encryption fight going on with Apple, according to Access Now.
"While Congress is distracted rehashing long-settled debates about the use of encryption, the Department of Justice is quietly trying to grant themselves substantive authority to hack into computers and masking it as a bureaucratic update," said Amie Stepanovich, U.S. policy manager at Access Now.
"Instead of directly asking Congress for authorization to break into computers, the Justice Department is now trying to quietly circumvent the legislative process by pushing for a change in court rules, pretending that its government hacking proposal is a mere procedural formality rather than the massive change to the law that it really is," said Ross Schulman, codirector of New America's Cybersecurity Initiative.
"Congress shouldn't let the Justice Department and an obscure judicial rules committee write substantive law, especially on a novel and complex issue with serious privacy, security and civil liberties implications," he told the E-Commerce Times.
Criminals have ready access to technologies that allow them to operate in secret over the Internet, and the use of remote searches is the only way for law enforcement to catch them, according to the DoJ.
"This amendment ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has the authority," said DoJ spokesperson Peter Carr.
The amendment makes it explicit that it does not change traditional rules governing probable cause and notice and does not authorize any search and seizure not allowed by existing law, he told the E-Commerce Times.
"Rather, the amendment would merely ensure that some court is available to consider whether a particular warrant application comports with the Fourth Amendment," he said.
The proposed changes could allow the U.S. to conduct searches against computers worldwide, according to Richard Salgado, Google's director of law enforcement and information security.
However, DoJ officials cite cases like the 2014 investigation into the Gameover Zeus botnet and Cryptolocker ransomware, which resulted in more than US$100 million being stolen from consumers and business around the world.
Authorities from more than 10 countries worked on the case, and the U.S. filed charges against the alleged administrator of the botnet scheme, a Russian national named Evgeniy Bogachev.
The FBI, DoJ and State Department put out a $3 million reward for his capture, but so far he remains at large.
The proposed changes have been in the works for years, and in November 2014, Kevin Bankston, director of New America's Open Technology Institute, testified against it before the Judicial Conference Advisory Committee.
The changes are unconstitutional in the same way that New York state's electronic eavesdropping law was struck down in Berger v. New York in 1967, he testified. In 1968, Congress passed a federal wiretapping statute that is now often referred to as Title III, which provides four key safeguards against the abuse of government surveillance powers.
"Whatever euphemism the FBI uses to describe it -- whether they call it a 'remote access search' or a 'network investigative technique' -- what we're talking about is government hacking, and this obscure rule change would authorize a whole lot more of it," New America's Schulman said.
"Like wiretapping, hacking is uniquely invasive compared to regular searches and raises serious issues under our Fourth Amendment, which protects us from unreasonable searches," he said.
"Unlike wiretapping, however, Congress has never authorized government hacking nor established protective rules for the road to ensure it's not abused," Schulman said.
Government hacking raises new risks to privacy and security, including the possibility that the malware the government uses would spread to innocent people's computers or cause unintended damage, he said.
"If government hacking is to be allowed at all, it should only be done with authorization from Congress, with strong protective rules in place, and after deep investigation and robust debate," Schulman said.
"We've never had any public debate about this important issue, even though the feds have quietly been doing remote hacks on computers since the turn of the century," he said. "Now is the time for that debate."