The FBI is seeking more power to pierce the veil of criminals seeking anonymity on the Internet, including those using the Tor internet browser, with a Department of Justice proposal that would expand its constitutional reach when it comes to information that can be encompassed under a warrant. At least one legal scholar says that, if granted, the proposal would also give the Feds a green light to hack in and seize records held in foreign countries.
The DoJ is recommending an amendment to Rule 41 of the Federal Rules of Criminal Procedure that would make it easier for domestic law enforcement to hack into computers of people attempting to protect their anonymity on the Internet. Right now, the rule says that a judge can issue a warrant only for a target that is known to be located within his or her district. The change would eliminate the geographical requirement.
The new language reads, “A magistrate judge with authority in any district where activities related to crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside of that district if (A) the district where the media or information is located has been concealed through technological means.”
Essentially, the FBI seeks the ability to use “network investigative techniques” (NITs) covertly to upload files, photographs and stored emails to an FBI controlled server, use a computer’s camera or microphone to gather images and sound, or take over computers wholesale.
According to Ahmed Ghappour, visiting professor at UC Hastings College of the Law and director of the Liberty, Security and Technology Clinic where he litigates constitutional issues that arise in espionage, cybersecurity and counterterrorism prosecutions, the change would constitute “possibly the broadest expansion of extraterritorial surveillance power since the FBI’s inception.”
“The DoJ has explicitly stated that the amendment is not meant to give courts the power to issue warrants that authorize searches in foreign countries—but the practical reality of the underlying technology means doing so is almost unavoidable,” he wrote in a blog.
And, it’s not just within the context of homeland security that this would be applicable. Jonathan J. Wroblewski, director of the DoJ’s Office of Policy and Legislation, explained in a memo that the amended rule would apply to crimes outside of terrorism as well: “The Department’s proposal is intended to clarify that the issuance of such a warrant is proper in other criminal investigations as well.”
Thus, “the DOJ proposal will result in significant departures from the FBI’s customary practice abroad: overseas cyber operations will be unilateral and invasive; they will not be limited to matters of national security; nor will they be executed with the consent of the host country, or any meaningful coordination with the Department of State or other relevant agency,” warned Ghappour.
The problem of course is that the FBI somewhat has its back up against the wall thanks to the very nature of Tor and its ilk—these privacy browsers obscure locations. So tracking down child molesters, drug kingpins and the like—who are known to prefer anonymizing software for obvious reasons—becomes that much more of a red-tape infested process if jurisdictional issues are brought to bear.
“Since [NITs] work by sending surveillance software over the internet, the physical location of the target computer is not essential to the execution of the search,” Ghappour explained. “Indeed, the DOJ proposal is justified as the only reasonable way to confront the use of anonymizing software, because the target of the search has deliberately disguised the location of the media or information to be searched.”