Legislators Demand Answers From DOJ On Expanded Hacking Powers It's Seeking
from the the-first-rule-of-the-new-Rule-41:-there-are-no-rules dept
There’s only a couple of months left until the DOJ’s proposed Rule 41 changes become law. All Congress has to do is nothing. This is a level of effort Congress is mostly amenable to. If this becomes law, worldwide deployments of malware/spyware during investigations will be unable to be challenged in court. In addition, the DOJ wants to be part of the cyberwar. It’s seeking permission to remotely access zombie computers/devices used in cyberattacks to “clean” them.
The rule changes would also add a presumption of guilt to an activity performed by millions of computer users around the world:
Opponents of the pending change to Rule 41 say that it unlawfully confers a new authority that changes substantive rights. First off, they contend that it adds a criminal taint to a perfectly legal practice: using location to cloak your location.
“There are countless reasons people may want to use technology to shield their privacy,” wrote the Electronic Frontier Foundation earlier this year. “From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security.”
The DOJ has argued that these Rule 41 amendments are just “clarifications” of existing law:
“The amendment would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law,” the DOJ told Consumerist in May, noting that law enforcement would still need to demonstrate probable cause.
This statement obviously isn’t true considering how many federal judges have agreed the warrant it used in the Playpen investigation exceeded existing jurisdictional limits.
Fortunately, there are legislators pushing back against the DOJ’s proposed changes. Ron Wyden has sent a letter [PDF] to the DOJ — co-signed by 22 other legislators — asking for clarification on the DOJ’s interpretation of the changes it’s seeking.
One of the questions the group has is how the DOJ can produce probable cause to search thousands of devices.
Please describe any differences in legal requirements between obtaining a warrant for a physical search versus obtaining a warrant for a remote electronic search. In particular, and if applicable, please describe how the principle of probable cause may be used to justify the remote search of tens of thousands of devices. Is it sufficient probable cause for a search that a device merely be “damaged” and connected to a crime?
The letter also raises the issue of forum shopping. With jurisdictional limits removed, federal law enforcement officers are free to find judges more willing to sign off on their warrant requests, rather than being forced to work with those in the locality the alleged criminal activity took place.
The DOJ’s proposed botnet cleaning efforts raise a whole set of new troubling questions, ones that Wyden and co. would like to see answered before allowing the rule changes to slide by unopposed. First, there’s the question of unforeseen collateral damage — efforts that hurt more than help.
We are concerned that the deployment of software to search for and possibly disable a botnet may have unintended consequences on internet-connected devices, from smartphones to medical devices. Please describe the testing that is conducted on the viability of “network investigative techniques” to safely search devices such as phones, tablets, hospital information systems, and internet-connected video monitoring systems.
Then there’s the question about the proposed “cleaning” efforts. Under what authority will law enforcement break into Americans’ computers and screw around with their software and hardware?
Will law enforcement use authority under the proposed amendments to disable or otherwise render inoperable software that is damaging or has damaged a protected device? In other words, will network investigative techniques be used to “clean” infected devices, including devices that belong to innocent Americans? Has the Department ever attempted to “clean” infected computers in the past? If so, under what legal authority?
Good questions. Hopefully, we’ll see the answers sometime before December 31st.
Filed Under: congress, doj, fbi, hacking, oversight, rule 41
Comments on “Legislators Demand Answers From DOJ On Expanded Hacking Powers It's Seeking”
My confidence in the DoJ is very low. I have no faith in the DoJ to so much as entertain a debate on the Rule 41 changes they want.
Re: Trust the DoJ!
My confidence in the DOJ is very high…
I’m confident they are the very scum they say they are trying to stop, and I have faith that they will stop at nothing.
See James Comey and this weekend’s very public re-opening of the Hillary Clinton e-mail investigation because her aide’s husband is possibly a child molester and somehow that might be classified information!
Re: Re: Trust the DoJ!
You’re mixing up the FBI with the DoJ.
Re: Re: Re: Trust the DoJ!
The FBI is an integral part of the DOJ.
Re: Re: Trust the DoJ!
The FBI and the DoJ aren’t the same; the DoJ has been shown to have no control over the FBI.
And the re-opening of the e-mail investigation has to do with other emails found on Weiner’s computer while investigating his racy communications with a 15 yo. Emails between his wife and the Clinton Foundation.
So you should base your confidence/lack thereof on other failings of the DoJ itself (there’s lots to choose from) instead of inserting straw men and muddying up the issue.
I somehow doubt they demanded and more likely politely asked.
Re: Re:
Not only that, the response will be in doublespeak, filled with lies and false innuendo. When all is said and done, they will go out and do exactly what they intended from the get go, despite anything Congress has to say about it.
The DOJ’s point of view is justice is what we say it is, now get off my lawn.
Re: I somehow doubt they demanded and more likely politely asked.
More like: photo copied the letter they agreed on in closed meetings, and sent it back to them through public channels to create a paper trail.
Evidence against the DoJ
What evidence to we have that the DoJ acts more as a rogue agency than in service of the United States public?
Oh yeah! This.
More retro-cover
Likely has already been happening
for many years now, nee decade plus.
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html?m=1
Note that ms not happy about this
disclosure and that ms has been
‘backporting’ ‘fixes’ to win7+.
I'm willimg to bet
I’m willing to bet the DOJ will delay their response until 2017 so the Rule 41 changes will go into effect. And whatever response they do give won’t mean a thing since they will just go ahead and interpret it however they want.
But have you seen the ads from the military? Sexy.
Once upon a time, the kind folks at the Windows Technical Support called me and wanted remote access to my computer. They said my computer had lots of viruses. I asked them how they knew, and they told me that they monitor this sort of thing. I didn’t want to spread viruses, so I installed a program that let them remotely access my computer.
They proceeded to show me lots of scary warnings and errors and then directed me to an anti-virus program. The program founds lots more problems! I was happy to pay $150 to clean up the viruses.
I thank the kind folks at Windows Technical Support for cleaning my computer. And I would be glad to see the government get in the business of remote access as well! Think of all the problems the DOJ could clean if the DOJ had remote access to my computer!
I don’t want to be a bad Internet citizen. Do you?
Typo
You wrote “using location to cloak your location.”
Perhaps you meant “using technoogy”, “encryption”? “trained mice”?