Feds seek expanded PC hacking powers for criminal investigations

The FBI and Department of Justice are mulling rules that would allow broader opportunities for domestic law enforcement to hack PCs as part of a criminal investigation

Since earlier this year, the Department of Justice has been eyeing an expansion of the rules governing its ability to hack into PCs as part of a criminal investigation.

Under an expanded version of the key rule, known as Rule 41, many domestic law-enforcement agencies -- the FBI, the ATF, and the DEA -- would be able to remotely hack multiple PCs under a single warrant, even when the physical locations of the machines in question are not known.

As originally reported by Network World, one of the ostensible reasons for this change in the rules is to provide government agencies with more efficient ways to take down botnets, as "the changes would allow the feds to target multiple PCs in various geographical locations and districts with just one warrant."

The current rules allow federal agents to use malware in an investigation, but only on machines known to be in the district where the warrant is being issued; also, a warrant has to be issued for each machine separately. Under the new rules, warrants could be issued targeting multiple machines at once, and targeting machines where "the district where the media or information is located has been concealed through technological means."

The proposal originally went public in May, according to Bloomberg, although the Justice Department emphasized at the time that the proposed changes would not affect "the traditional rules governing probable cause and notice." The investigators still need to provide explicit details about what is being sought, but such hacking operations could be kept secret for up to 30 days, with a judge approving a longer term if needed.

Ahmed Ghappour of Just Security weighed in on the proposal earlier this week. He believes the rule, if enacted, would constitute "the broadest expansion of extraterritorial surveillance power since the FBI's inception." Despite the DOJ professing the proposal isn't intended to expand the scope of search authority beyond the United States, the wording of the rule provides a loophole for ignoring such restrictions.

"Since (according to the DOJ) each computer’s 'unknown location' is virtually indistinguishable from the next," Ghappour wrote, "any law enforcement target pursued under this provision of the amendment may be located overseas." Such actions could generate unexpected blowback, he noted, citing a case where an FBI agent was sued by Russia's Federal Security Service (FSB) for allegedly hacking computers in Russia as part of an investigation.

The American Civil Liberties Union has weighed in and describes the changes to the rules as a way to enable a variety of "forum shopping," where plaintiffs use the court where they are most likely to have their arguments looked upon favorably. (Patent trolls have long used this technique, incorporating in the patent-friendly Eastern District of Texas, where they also file their claims.) Among many other issues, the EFF was also concerned about the impact such changes would have on innocent third parties, given the expanding ubiquity of Internet-connected devices.

Some of the proposed changes may be a response to the obstacles encountered by the FBI in previous investigations. In 2013 the Bureau was denied a request to install spyware on a computer in an unknown location as part of a fraud investigation -- spyware allegedly able to remotely activate a PC's camera and supply a real-time video stream. Houston judge Stephen Smith noted that not knowing where the target computer was, or who might be using it, posed major concerns.

The DOJ started accepting public comment on the proposed rules in August and will continue soliciting comment until Feb.17, 2015.