Looser rules sought in computer probes

Justice Dept. wants to keep up with technology letting people hide ID online

Share with others:

Print Email Read Later

WASHINGTON -- The top U.S. law-enforcement agency wants to give investigators greater leeway to secretly access suspected criminals' computers in bunches, not simply one at a time.

The Justice Department says the proposal, made public Friday, is an attempt to keep up with technology that lets people hide identities online. Privacy advocates contend the more aggressive hacking powers may violate rights of the innocent.

The proposal arrives at a precipitous time for a government still managing backlash to electronic-spying practices by the National Security Agency that were exposed last year by former contractor Edward Snowden.

"I don't think many Americans would be comfortable with the government sending code onto their computers without their knowledge or consent," Nathan Freed Wessler, a lawyer with the American Civil Liberties Union, said in a telephone interview. "The power they're seeking is certainly a broad one."

A committee of judges that sets national policy governing criminal investigations will have to sort it out, taking rules written for searching property and modernizing them for the Internet age.

"We have real concerns about allowing the police too much ability to search with too little oversight," said Hanni Fakhoury, a lawyer at the San Francisco-based Electronic Frontier Foundation, a privacy group. The DOJ proposal would "dramatically expand the reach of federal prosecutors and investigators."

The rule would lift the geographical restriction on warrants for computer investigations, permit agents to remotely access computers when locations have been "concealed through technological means," and allow a single warrant for searches of certain computers located in five or more judicial districts.

"This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority," a Justice Department spokesman, Peter Carr, said in an emailed statement. "The proposal makes explicit that it does not change the traditional rules governing probable cause and notice."

The proposal was published Friday for consideration by the Judicial Conference Committee on Rules of Practice and Procedure, commonly called the standing committee, which meets at the end of the month.

"The proposed amendment would enable investigators to conduct a search and seize electronically stored information by remotely installing software on a large number of affected victim computers pursuant to one warrant issued by a single judge," according to an analysis by the committee. "The current rule, in contrast, requires obtaining multiple warrants to do so, in each of the many districts in which an affected computer may be located."

It has a long way to go before getting approval.

If the standing committee agrees to take up the matter, the proposal would be opened for public comment in August for six months. It could be amended before the comment period begins and would eventually need to be reviewed by Congress for changes.

The Justice Department includes the Federal Bureau of Investigation, Drug Enforcement Administration and the Bureau of Alcohol, Tobacco, Firearms and Explosives.

The department said the new power is needed to find child pornographers and other criminals taking advantage of technological advancements to shield their identities. Such technology includes proxy servers that mask the true Internet addresses of a criminal's computer, or the use of hundreds or thousands of compromised computers known as a botnet.

Federal agents now can obtain warrants allowing them to send malicious software over the Internet to computers suspected of being used in crimes. The government can keep these so-called remote access operations secret from their target for as many as 30 days -- longer if an extension is approved by a judge.

The law limits those remote searches to the district where the judge who issued the warrant is located, when the actual locations of computers used in crimes may not be known.

Botnet computers could be spread across many or all of the nation's 94 judicial districts. Going after them requires judges in each different district to issue warrants, a time consuming process that creates delays and wastes investigative resources, according to the Justice Department.

The department must describe the computer it wants to target with as much detail as possible.

Obtaining a single warrant to use malware to search potentially thousands of computers in unknown locations would violate constitutional requirements that court-authorized searches be narrow and particular, Mr. Fakhoury of the Electronic Frontier Foundation said.

The Justice Department's effort appears to be in response to an April 2013 court ruling denying a search warrant for a remote-access operation, said Mr. Wessler, with the ACLU.


You have 2 remaining free articles this month

Try unlimited digital access

If you are an existing subscriber,
link your account for free access. Start here

You’ve reached the limit of free articles this month.

To continue unlimited reading

If you are an existing subscriber,
link your account for free access. Start here