Advertisement

DOJ praises vastly expanded government hacking power

The Justice Department is celebrating “good news” in next month’s adoption of new and expansive rules that make it easier for them to hack potentially thousands or millions of computers involved in criminal investigations, as well as to obtain warrants for hacking computers when the location is unknown.

The Department of Justice is celebrating “good news” in next month’s adoption of new and expansive rules that make it easier for the DOJ to hack potentially thousands or millions of computers involved in criminal investigations, as well as to obtain warrants for hacking computers when the location is unknown.

Critics, on the other hand, are worried the department’s new powers will enable mass hacking and hacking across borders without oversight, debate or guidance.

Civil liberties groups like the American Civil Liberties Union have criticized the new rules for months, warning that Justice “has sidestepped the legislative process by seeking to expand their authority through a procedural rule change” instead of going through Congress where the issue would be up for public debate. But congressional efforts like the bipartisan Stop Mass Hacking Act have so far failed to halt the expansion of police power in the face of new technology.

On Dec. 1, updates to Rule 41 of the Federal Rules of Criminal Procedure will go into effect allowing law enforcement to obtain a single search warrant for hacking potentially thousands of computers at once and warrants even when the location of the target is hidden by tools like virtual private networks or the Tor system.

Advertisement

Judges in one district will be able to authorize searches of computers not only in other districts, but also in others states and countries without, critics charge, the necessary judicial oversight.

The new changes will also affect police requirements to notify targets of searches and hacking.

In a blog post published on Monday, Assistant Attorney General Leslie R. Caldwell argued that anonymity software created a “lawless zone” enabling “dozens of websites [to] openly distribute images of child rape and sexual exploitation.” One recent investigation into a popular child abuse website involved hacking and searches of computers on multiple continents.

Caldwell has held up child pornography and botnets as the two most prominent examples of modern cybercrime that necessitate the new rule changes. She called it “good news for victims of child sexual exploitation and their families” that the new rules are going into effect on Dec. 1.

The Assistant Attorney General said court-authorized remote searches in one specific child abuse case against an anonymous site called Playpen led to over 200 active prosecutions and identified or rescued “at least 49 American children who were subject to sexual abuse.”

Advertisement

As hacking against anonymized suspects becomes more common, there’s been debate and disagreements in courts around the country about how the law works in this new frontier. Different judges have come to different conclusions about whether hacking requires a warrant, whether it qualifies as a search under the Fourth Amendment and where investigators would properly obtain a warrant when needed.

“If the DOJ believes that hacking should be permitted, they should ask Congress to pass legislation clarifying when hacking can be used, the protections in place to protect innocent third parties, and the recourse in cases where government hacking damages networks or devices,” ACLU Legislative Counsel Neema Singh Guliani told CyberScoop.

“To me, that’s clearly a policy change that’s outside the scope of an ‘administrative change,’ and it is something that Congress should consider,” Sen. Ron Wyden, D-Ore., argued earlier this year. “An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers.”

“Congress should not sit idly by while the DOJ continues to hack without clear standards in place in place; instead, they should halt the rule change from going into effect and demand information about DOJ’s current hacking practices,” Guliani said.

The Electronic Frontier Foundation has also argued forcefully against the rule changes, saying that changes to substantive rights and new avenues for government hacking should have to be approved by congress.

Advertisement

Prominent technologists have argued against the rule changes, saying mass hacking can damage computers not just of criminals but of the victims of crimes as well.

Latest Podcasts