Feds seek to broaden hack warrant authority

Feds seek to broaden hack warrant authority

Summary: A proposed modification to the Federal Rules of Criminal Procedure would allow a judge to issue a warrant to search computers where their physical location is unclear, or where criminal activity takes place in five or more areas. Think of them as "botnet warrants."

SHARE:
9

The US Department of Justice is seeking a modification to the Federal Rules of Criminal Procedure to make it easier to obtain warrants to use remote access to search computers and seize information from them in certain circumstances.

There are two basic elements to the proposal: Normally, in order to obtain a search and/or seizure warrant from a judge (specifically, a magistrate judge, one who rules on motions) the government needs to go to the judge in the particular federal district where the search or seizure will take place.

But computers on which criminal activity is performed may be impossible to locate physically (they may not even be in the United States). In such cases, or where the activity is occurring in more than five districts, the proposed rule allows the government to seek the warrant from a judge in any district in which the activity is taking place. That one judge can oversee the entire case.

The second part of the rule addresses the obligation to serve notice to the target of the search, another task which may be difficult or impossible when the target is an anonymous computer somewhere on the Internet. The proposed rule requires the government to make "reasonable efforts" to serve notice to the target(s) of the search.

For the exact proposal, see page 499 of the proceedings of the Committee on Rules of Practice and Procedure. The Committee is a standing committee of the Judicial Conference of the United States, a body that administers the Federal Court system and is headed by the Chief Justice of the Supreme Court. Before taking force, the rule would have to be approved by Congress.

The rule relates to criminal investigations under 18 U.S.C. § 1030 : US Code - Section 1030: Fraud and related activity in connection with computers, included below:

(5)(A) [Whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

The proposal would allow surveillance and seizure of malware-infected computers belonging to unknowing, innocent bystanders. This has led some to express concern for privacy as a result of the change. Bloomberg News quotes Nathan Freed Wessler, a lawyer with the American Civil Liberties Union, calling the proposed power a broad one. "I don't think many Americans would be comfortable with the government sending code onto their computers without their knowledge or consent."

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • This is illegal

    Gaining access to computers and either altering or adding programs is HACKING, and is illegal no matter who does it. On top of that, spying on people who aren't hacking but have been hacked themselves? Really, as if giving the government more oversight and power has worked out well for the internet EVER. This is a VERY dangerous slope that should not be started. Pretty soon most Americans will be spied on due to "Malware". It's just another way for the government to gain access to most computers WITH our permission openly. Fight this tooth and nail, if they can't get the hackers... hire better people and pay them enough to get the job done.
    speshul
    • not if you have a warrant

      It's a search. The constitution doesn't say you can't search people's homes and other property, it says you can't do so unreasonably and without a warrant. There's nothing new about that here, all that's new is that instead of having to get a warrant in every district in which the computer is found, one judge can issue a warrant for all.
      larry@...
      • Still is, even with a warrant.

        Each district the computer is found? The COMPUTER, indicating that it's a single computer rather than a bunch of computers networked together but at seperate locations, has a single physical location. It sounds like to me they are using this as a way to try and trace where the DDOS attacks are originating from by examining the computers that sent the attack, look at the logs, and keep moving through the chain. The problem with that is that it's a lot of leg room to do as you please.

        "The proposal would allow surveillance and seizure of malware-infected computers belonging to unknowing, innocent bystanders."

        That means exactly what it says. The problem with that is that most americans are infected with malware. This leave most of the general public open to another group of the government to be spying on them simply for being infected with bad software. That is DEFINITELY new. Claiming that you have a reason to spy on citizens because of malware is absolutely insane. That leaves most of the U.S. population up for grabs. And with them trying to make it easier to get warrants to spy, I see this happening on a broad scale with very little oversight (They're trying to diminish the oversight needed to perform their actions.). This will likely lead to another spying problem like the one with the NSA. Citizens shouldn't have to worry about being spied on simply because they installed a bad toolbar. That's the exact opposite to what we're being told about with the NSA, they're only spying on those they have reason to suspect, and if we have nothing to hide we shouldn't worry. The problem is that with most of the population having malware and viruses, EVERYONE can be spied on for no reason other than what software they have installed.
        speshul
        • "most americans are infected with malware"

          nonsense. do you have a source for this?
          larry@...
          • Sort of yes

            This is based on a report by Panda Labs 2 years ago. Panda antivirus is very small and barely catches anything. Plus a small percentage use panda. Now imagine if Norton, Mcafee, Kaspersky, Bitdefender, Spybot search and destroy, malware bytes, etc. all posted reports together... it would be massive.

            http://www.infoworld.com/t/cyber-crime/malware-infects-30-percent-of-computers-in-us-199598

            And after 20 years of working on computers, there has only 2 been times where I came across a completely clean computer. Most get malware installed through toolbars and plugins from ads. If you've worked I.T. at all then you'll understand how significant a number it is that are infected, even businesses. I recently caught several instances of malware on machines here at my work. Malware that Kaspersky didn't pick up at all.

            The problem with getting an actual percentage is that none of these security companies are willing to work together or share their information. So you have to go with the companies that do post stuff like this and go on experienced based.


            Here's the big question though, why are you even defending this? Why is malware a good enough reason to spy on citizens? Why even put that in there? As if they're suddenly going to act like the best antivirus in the world and track down the attackers. Our government couldn't afford something like that. It's non-sense and shouldn't be included. How do you justify search and seizure of computers simply for having malware?
            speshul
          • Are you for real?

            Not just Americans. You don't live on Earth perhaps? Don't use Windows? Or are you infected out the wazzo and do not realize it? If not I say you experience is completely utterly different from all other users. Or perhaps you just say strange things?
            Altotus
          • Exactly

            Most windows users are infected and don't even know it. It's gotten so bad that most people replace Internet Explorer immediately when getting a new computer. Plus Microsoft has had to come out with their own anti-malware scanner because of so many infections. The average users computer I work on has at least 10 different major malwares on their computer installed. Usually due to toolbars that were installed through installing other software. The toolbar then downloads up updates with malware and shit goes to hell.

            Larry@... is just talking nonsense and defending a position that doesn't even deserve to be defended.
            speshul
  • larry@

    I started fighting malware when Michaelangelo hit one of my customers in 1991 or 1992, and it started going uphill from there. Less than 3% of the PC's that came into my shop from about 2000 on, with problems, were not infected. Approximately 90% of my business income was from Malware infections. The other 10% was from repairs, upgrades, and new builds. I've made a lot of money from malware. Heck, it kept me in business during slow times. This gives the Gov. free reign to spy on just about any personal PC in America. Complete B.S. Larry.
    Denny Fry
  • Baldly Unconstitutional

    There's a reason behind the wording of the Fourth Amendment to the Constitution and that is General Warrants. Warrants are required to be specific in all their particulars, weasel wording of this type is specifically disallowed. I'm certainly not a lawyer but I'm firmly grounded. If you're oath-bound to protect and defend something, it's nice to understand what you're defending and why in all particulars.

    One odd point. The people doing this would belong to Cyber-Command which is part of the Armed Forces of the United States. If operating against computers within these United States, who granted this exception to Posse Comitatus? That should cause some fur to fly in Congress. And if the target is foreign, what happens when it is a military unit of that foreign power? Wars start this way and I've done enough of those as has my extended family.

    I'd really rather NOT add this power to the Chief Justice of the Supreme Court nor his appointees. Given his track record, and the FISC's track record, surrounding the current forms of General Warrant (Subsections 215 & 708: grab it all, let the computers sort it out), not a good idea at all.
    Brian J. Bartlett