Going incognito? Well there’s no point anyways now my friend, after all, now the FBI can now dip their noses into what you’re doing if they get a search warrant from the magistrate judges.
The recent amendments made, on Thursday, centers around Rule 41 of the Federal Rules of Criminal Procedure which regulates when and under what particular circumstances, judges can issue warrants for searches and seizures.
Which means that the FBI can now legally hack by search multiple computers, phones and other devices across the country, and even overseas, just on a single warrant.
You might be asking, what is that going to change with this new change of rules?
Since we all know that the US services have been illegally hacking computers for ages, *cough * NSA *cough *.
To be honest with you, it is rather weird of them to be coming out now, saying they can do it legally, when they could just have done it without telling the media.
But before you make any assumptions, you should read on to find out more..
What is Rule 41?
Officially, the amendments read as follows:
41(b): At the request of a federal law enforcement officer or an attorney for the government:
6): a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:
(A) the district where the media or information is located has been concealed through technological means; or
(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.
Up until now, magistrate judges were only able to sign warrants for searches within their own district, however, this changes if the case had some exceptions such as involving terrorism.
These new amendments serves to change that and it has become what the legal experts have described as “the broadest expansion of extraterritorial surveillance power since the FBI’s inception.”
According to the Department of Justice, these new amendments are crucial for policing crime in an age of anonymization technology such as Tor or VPN.
This is especially the case whenever a criminal suspect is using Tor, perhaps to post child pornography on a dark web site, and it proves very difficult to know where that person is located. The same thing goes for VPNs (Virtual Private Networks)
“So in those cases, the Rules do not clearly identify which court the investigators should bring their warrant application to,”
Assistant Attorney General Leslie R. Caldwell wrote in a blog post.
Has the FBI ever violated Rule 41?
Oh yes they have.
In 2015 an investigation into a dark web child pornography site called Playpen, ended up with the FBI hacking some 8,700 computers in 120 countries.
Before the undertaking, the FBI asked the magistrate judge to authorize the hacking of computers that were used to view illegal material, “wherever located.”
But the warrant that was permitted was only to search “wherever located” within their own district (where in the PlayPen case, it was the Eastern District of Virginia), but 120 countries is way off what the old Rule 41 constitutes.
The aftermath of that case had plenty of courts finding that the Playpen warrant breached the old Rule 41, with attempts to authorize searches outside of the respective district without permission which even lead to some judges even throwing out the evidence because of the rule violation.
These new amendments, changes all of that and if it were to be issued today, the Playpen warrant would have not violated Rule 41 in the first place.
Caldwell further added that
“We believe technology should not create a lawless zone merely because a procedural rule has not kept up with the times,”
The People Who Would Not Put Up With This
It’s a controversial obscure change, and there are bound to be opposition to this amendment.
Senator Ron Wyden (D-OR) and a group of bipartisan senators have attempted to block the Rule 41 changes by introducing a bill, the Stopping Mass Hacking Act.
Sen. Wyden said in a statement at the time that
“This is a dramatic expansion of the government’s hacking and surveillance authority. Such a substantive change with an enormous impact on Americans’ constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process,”
How this new amendment would have changed past attacks
Let’s take a look at two recent hacking events which might help you give a better insight into how these rules come into play.
Operation Pacifier (2015)
In 2015, the FBI, as part of its massive hacking campaign called ‘Operation Pacifier’, took over a child pornography website on the Dark Web.
Over the course of two weeks, the FBI deployed malware to users in order to bypass the anonymizing software and catch 1,500 pedophiles.
It sparked a lot of controversy, but the main problem that the FBI had wasn’t catching the 1,500 pedophiles, but it was their very own judiciary system.
The FBI agents responsible carried out this attack on the order of a single warrant issued by a magistrate judge.
The court battles that followed resulted with defense lawyers successfully arguing that the entire operation relied on an invalid warrant.
Whilst on the other hand, a senior US District Court judge ruled the FBI did not need a warrant at all to infiltrate a stateside computer, saying,
“Generally, one has no reasonable expectation of privacy in an IP address when using the internet.”
It was a complete mess, and the FBI found themselves having to spend more time dealing with legal issues rather than working on their operation.
With today’s new Rule 41, does address this issue head-on and gives the authority to the magistrate judge to issue a warrant to search and seize multiple computers anywhere without being confined to just the district level.
Mirai Botnet Attack (2016)
Next up is the Mirai Botnet Attack which happened quite recent actually and it is still making headlines these days all over the world.
The Mirai, if you haven’t heard what it is, is a really powerful malware and if used to attack specific targets, is capable of bringing down websites, services, or even internet infrastructure, which can mean wide scale outages.
Such was the case when the Mirai botnet attack that happened in late October, resulted in a complete shutdown of the internet across the country.
Following the attack, the weak security protocols in connected home devices like security cameras, DVRs and routers gave an open window for hackers to launch a distributed denial of service (DDoS) attack at a large domain name server that took out major corporations such as Twitter, Spotify, Reddit, The New York Times and other major websites.
Nonetheless, now with the new amendments, it would let the judge issue a warrant allowing federal agents to search, seize and copy all of the information on these hacked IoT (Internet of Things – interconnected via internet) devices
But there’s something you might not like
If you were to be are a victim of such a hack, then there’s a pretty high chance that the FBI will do a digital search and seizure on you too. This brings us again, back to the controversial part of this new amendment, as this potential scenario worries privacy advocates like the Electronic Frontier Foundation (EFF). The EFF wrote in a blog post explaining their concern that
“Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.”
Not only that, remember when the FBI still went on with their ‘Operation Pacifier’ despite the warrant they were given was an invalid warrant? Yes, there’s a high chance of that happening again and if you were to read the first part of the new amendment, which targets people using anonymizing software to obscure their location or identity, you’ll find that it is pretty vague enough to apply to a broad range of common services and this undoubtedly has the potential for abuse of power, the EFF argues.
“For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated,” the EFF says. “It might also extend to people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored tweets.”
The Positives to Look Forward To
Amending the rules is both necessary for law enforcement agencies and deeply concerning for digital privacy advocates but rest assured with the new amended Rule 41, law enforcement can be more effective now, especially in this day to day digital age.
In 2001, A study done at University of California, Berkeley estimated that the deep web consisted of about 7.5 petabyes (or 7,500 gigabytes) of information. Whilst a similar study carried out in 2003, was found to have that number increased to 91,850 petabytes.
Researchers also estimated that to the 1 billion indexed pages on the internet (in 2001), there were 550 billion in the deep web.
It’s frankly scary to think that there are humans who lurk in the darkest edges of the web, doing inhumane activities such as child pornographic sites, terrorism, drugs, hacking groups, hitman services and so on which not only jeopardizes our lives but our loved ones too.
Don’t think that the Rule 41 is the end of the conversation about cyber security and privacy.
Because it’s not.
Follow me on Snapchat, and I’ll keep you updated with what’s going on every now and then. 🙂
What do you think about this new obscure rule by the U.S.?