FBI inches towards expanded hacking powers

Federal investigators are now one stop closer to having the authority to spy on faraway servers following the advancement of a proposed rule change that could expand certain law enforcement powers this week.

On Monday, the Judicial Conference Advisory Committee on Criminal Rules voted 11-1 in favor of updating "Rule 41," a provision that currently limits courts to granting search warrants only within certain geographical bounds. Under the proposed changes, however, judges would be able to approve warrants for remote searches of computers outside of their district, or in instances where the location is not known, widely expanding the Federal Bureau of Investigation's reach when it comes to targeting suspected cybercriminals.

Tech giant Google warned earlier this year that the Department of Justice's proposed change "raises a number of monumental and highly complex constitutional, legal and geopolitical concerns that should be left to Congress to decide" because it would let the FBI hack computer

Richard Salgado, Google's director of law enforcement and information security, said previously that the proposal "invariably expands the scope of law enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures and expands the practice of covert entry warrants."

The passage of the rule change would mean the government "may use 'remote access to search and seize or copy electronically stored data," Salgado said. But because "remote access" isn't defined, he warned, adoption of the proposal could mean that FBI agents in any part of the country may soon be authorized to target and infect servers elsewhere, including abroad, for the sake of compromising a computer to conduct surveillance.

Deputy Assistant Attorney General David Bitkower countered critics when word of the proposed change made headlines earlier this year and insisted "the proposal would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law." Others disagree, however, including Chris Soghoian– the American Civil Liberties Union's chief technology – who said that "the government is seeking a troubling expansion of its power to surreptitiously hack into computers, including using malware," adding, "Although this proposal is cloaked in the garb of a minor procedural update, in reality it would be a major and substantive change that would be better addressed by Congress."

Nathan Freed Wessler, an attorney with ACLU, told the National Journal this week that he agreed that the proposed update "threatens to expand the government's ability to use malware and so-called 'zero-day exploits' without imposing necessary protections," and "fails to strike the right balance between safeguarding privacy and Internet security and allowing the government to investigate crimes."

But according to Dustin Volz, the journal article which broke news of Monday's vote, any update to Rule 41 would still be a long time coming: although the proposal nearly unanimously passed the Judicial Conference Advisory Committee on Criminal Rules, it still has to be approved by the Standing Committee on Rules of Practice and Procedure, likely during a June meeting, then the full Judicial Conference and eventually the Supreme Court of the United States; according to Volz, SCOTUS would have until May 2016 to accept the proposal, and it would be put on the rule books later that year pending any possible interference from Congress.

The above article by Lucas Jackson, Reuters