Feds seek to broaden hack warrant authority

A proposed modification to the Federal Rules of Criminal Procedure would allow a judge to issue a warrant to search computers where their physical location is unclear, or where criminal activity takes place in five or more areas. Think of them as "botnet warrants."

The US Department of Justice is seeking a modification to the Federal Rules of Criminal Procedure to make it easier to obtain warrants to use remote access to search computers and seize information from them in certain circumstances.

There are two basic elements to the proposal: Normally, in order to obtain a search and/or seizure warrant from a judge (specifically, a magistrate judge, one who rules on motions) the government needs to go to the judge in the particular federal district where the search or seizure will take place.

But computers on which criminal activity is performed may be impossible to locate physically (they may not even be in the United States). In such cases, or where the activity is occurring in more than five districts, the proposed rule allows the government to seek the warrant from a judge in any district in which the activity is taking place. That one judge can oversee the entire case.

The second part of the rule addresses the obligation to serve notice to the target of the search, another task which may be difficult or impossible when the target is an anonymous computer somewhere on the Internet. The proposed rule requires the government to make "reasonable efforts" to serve notice to the target(s) of the search.

For the exact proposal, see page 499 of the proceedings of the Committee on Rules of Practice and Procedure. The Committee is a standing committee of the Judicial Conference of the United States, a body that administers the Federal Court system and is headed by the Chief Justice of the Supreme Court. Before taking force, the rule would have to be approved by Congress.

The rule relates to criminal investigations under 18 U.S.C. § 1030 : US Code - Section 1030: Fraud and related activity in connection with computers, included below:

(5)(A) [Whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

The proposal would allow surveillance and seizure of malware-infected computers belonging to unknowing, innocent bystanders. This has led some to express concern for privacy as a result of the change. Bloomberg News quotes Nathan Freed Wessler, a lawyer with the American Civil Liberties Union, calling the proposed power a broad one. "I don't think many Americans would be comfortable with the government sending code onto their computers without their knowledge or consent."