Expanded Federal Hacking Authority Goes Into Effect (12/1/2016)
As of Today(DECEMBER 1, 2016), Rule 41 goes into action. Making it is considerably easier for the FBI to hack into computers during investigations, despite congressional efforts to block the changes.
The federal rule change, which passed through several judicial panels before being approved by the U.S. Supreme Court in April, FBI employees can now seek warrants from magistrate judges to remotely access computers even when targets might be outside those judges’ districts, including when the targets’ location is disguised by anonymity software like Tor. FBI employees can now search computers infected by malware that makes them part of a botnet — a method used by criminals to disrupt internet service, distribute spam, or spread viruses on a mass scale.
Privacy advocates like Sen. Ron Wyden, D-Ore., called the impending rule change “one of the biggest mistakes in surveillance policy in years” as he fought on the Senate floor the day before it was scheduled to take effect, joined by colleagues Sens. Chris Coons, D-Del., and Steve Daines, R-Mont. “Law-abiding Americans are going to ask ‘What were you guys thinking?’ when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk,” he said in a statement.
The Justice Department feels the rule changes are needed to investigate crimes, like online distribution of child pornography. If the FBI needed to obtain a warrant from a magistrate judge in order to discover where the offending computer is located, the preexisting standards left them handicapped.
In one recent case involving a massive investigation into the child porn site Playpen, the court tossed out evidence because the agents applied for the warrant outside the district where the computers were located.
Assistant Attorney General of the Department of Justice’s Criminal Division Leslie Caldwell has insisted that the “straightforward” changes are several years in the making — and will combat “the dizzying rise of two forms of modern crime: crime committed over the internet by anonymous users … and botnets, or networks of illegally hacked computers that siphon wealth and invade privacy on a massive scale.”
She wrote that the federal changes will not allow the FBI to hack any more computers than it is already allowed to — just change where it can apply for permission. Additionally, she argues, victims’ computers will only be searched for identifying information so the government can notify them of the compromise, to determine the extent of the infection, or to conduct an operation to disrupt that botnet.
Nicholas Weaver, a senior staff researcher at the International Computer Science Institute has written that the actual practice “doesn’t add weaknesses to the systems — in sharp contrast to backdoors,” referring to the FBI’s urgency to mandate technology companies install a way to access encrypted communications. Weaver, though critical of the FBI’s deceptive tactics when requesting warrants from judges to hack computers, says targeted hacking doesn’t pose the same security risks as mandating a security flaw.
However, there’s also a real concern that law enforcement’s use of invasive hacking techniques has not been subject to congressional scrutiny. “Remote computer search rules, which were never debated by Congress, go into effect tomorrow unless stopped,” tweeted Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania.
Rule 41 - FBI Gets Expanded Power to Hack any Computer In the World
U.S. Supreme Court allows the FBI to Hack any Computer in the World
Feds Get Expanded Hacking Powers
Mozilla and Tor release urgent update for Firefox 0-day under active attack
With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government