Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Congress Is About to Expand Government Hacking Powers

Privacy advocates and legal scholars are worried about the consequences of making it easier for investigators to obtain warrants for devices they don’t have in custody.

Unless Congress steps in before Thursday, the FBI is about to get a lot more authority to hack into computers during criminal investigations.

Investigators can already get a warrant to remotely access information on the device of a suspect in a criminal case. But the warrant has to come from a judge located in the same district as the target device. If the agents don’t know the location and guess wrong—which can happen if the suspects use tools like the anonymizing service Tor—they could have evidence thrown out. That’s happened in a number of cases stemming from a 2014 investigation into hundreds of individuals involved with a child pornography site.

Under new rules set to take effect Thursday, a federal judge will be able to issue a warrant to remotely access, search, and seize or copy data from a computer outside the district if that computer’s location has been “concealed by technological means.” A similar rule change will also make it easier to investigate botnets like the one that caused a massive Internet outage last month. Investigators will be able to ask a judge to issue a single warrant to remotely search computers that are in five or more jurisdictions and have been “damaged without authorization.”

The U.S. Department of Justice says the changes—which are being made to Rule 41 of the Federal Rules of Criminal Procedure—are necessary for law enforcement to keep up with the kinds of crimes that are being committed online and do little more than streamline the warrant process. In a November 18 letter to Senator Ron Wyden of Oregon, assistant attorney general Peter Kadzik said the amendments “would not authorize the government to undertake any search and seizure or use any remote search technique … that is not already permitted under current law.”

But advocates for privacy and civil liberties, technology companies including Google, and opponents in Congress say the amendments open the door to a dangerous expansion of the government’s authority to conduct surveillance. They say the broad language in the amendments could apply to circumstances far beyond the ones the government describes. “Major policy decisions” like this should have to go through Congress, argues Wyden.

For example, concealing one’s location “by technological means” could refer to a wide range of technologies and behaviors, like using a virtual private network, using ad-blocking software that conceals geolocation, or even changing the location setting on a social-media profile. The language of the new rules suggests that if you do one of those things, and a judge deems your device relevant to a crime, law enforcement could get permission to access it. “If this rule is not stopped, anyone who is using any technological means to safeguard their location privacy could find themselves suddenly in the jurisdiction of a prosecutor-friendly or technically naive judge, anywhere in the country,” argues Rainey Reitman, activism director at the Electronic Frontier Foundation.

The other rule change is raising concerns about the Fourth Amendment rights of innocent people whose computers have been co-opted into a botnet, which can be composed of millions of computers located all around the world. Orin Kerr, a law professor at George Washington University who specializes in criminal procedure and computer crime—and who was part of the committee that proposed the rule changes—says Congress should consider what the government owes those machines’ owners. “Should the government do nothing, leaving the victim computers infected? Or should the government take steps to patch those computers, or to encourage others to patch them? And if so, how?”

Given such unanswered questions, opponents of the changes say Congress needs more time to deliberate; last week, a bipartisan group of senators introduced legislation that would delay action for six months. Whether Congress decides to allow the changes to take effect this week or delays them will help set the stage for debates over online privacy and cybersecurity policy under the Trump administration.

Woodrow Hartzog, a law professor at Samford University who specializes in privacy law, says the history of computer crime law shows that vague language can lead to unintended consequences as technology evolves. “Even slight vagaries or miscalculations can result in dramatic expansions of power,” he says, citing language in the Computer Fraud and Abuse Act, passed in 1986, that has created “an incredible amount of confusion” over what constitutes a crime. Given the stakes, Hartzog says, the changes to Rule 41 “would seem to require more deliberation and probably some sort of legislative corrective.”

Hear more about security at EmTech MIT 2017.

Register now

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.