Posted 7 months ago on April 23, 2014, 5:57 p.m. EST by LeoYo
This content is user submitted and not an official statement
The DOJ Wants to Hack Your Webcam
Wednesday, 23 April 2014 13:04
By Dan Massoglia, Truthout | Report
At a meeting April 7 and 8 in Louisiana, a group of lawyers and academics prepared the rules for when law enforcement is allowed to hack people's computers for a dramatic, and troubling, expansion. Government hacks - the FBI's secretly accessing your hard drive, email, webcam, and more - which have unfolded in headlines as a push and pull between privacy-concerned judges and activists and secrecy-obsessed law enforcement, appear poised to see the strict judicial restrictions on their use loosened. As is often the case with wide-reaching changes to the criminal law, the law at issue is not a big-name bill, like the Affordable Care Act, but rather one more closely held to the legal system - here, Rule 41(b) of the Federal Rules of Criminal Procedure.
The Federal Rules are the procedural guidelines for courts, lawyers, and investigators guiding important parts of investigations and trials. They determine, for example, who gets to take a plea, and how, or who gets screwed, and how, by a federal grand jury. Currently, they place limits on warrant authority in addition to constitutional protections and other restrictions, generally requiring that for the FBI to receive a warrant to perform a domestic hack, computers to be infected must be inside the jurisdiction of the court issuing the warrant and must each receive a warrant. This concern for place and emphasis on conservativism in warrant authorizations is one of the many ways a colonial memory abhorring general warrants has refracted into the set of legal protections that, inadequate as they are, provide safeguards on privacy today.
Federal hacking, while not a wholly new phenomenon, is of rising interest in domestic policing. In the past decade, well-publicized domestic instances of law enforcement use of malware have not provided a clear set of standards for the technology's use, and - typical of questions of police procedure and technology - find transparency at the center of the fight about the operation of the law.
Last year, the debate went into overdrive when Federal Magistrate Judge Steven Smith, of the Southern District of Texas, denied an FBI warrant application to hack a suspect's computer, and, challenging the normal secrecy that surrounds domestic hacking, rendered the decision publicly.
The order laid bare the FBI's plans to use quasi-targeted spam email to install a Remote Administration Tool, or RAT, capable of activating the webcam, searching messages and the hard drive and logging location to further a fraud investigation. One of Magistrate Judge Smith's many reasons for denying the application, in a thoughtful, vitally important opinion, was the fact that the FBI had no idea of where the computer it wanted to hack was, and had no guarantee that the hack or even the search of the contents itself would take place within his authority. Recognizing that malware-aided electronic searches do not "take place in the airy nothing of cyberspace," he denied the warrant, chiding the agency along the way for the lack of detail it provided about the operations of its hacking units. Magistrate Judge Smith noted, particularly, that video surveillance is known as "a potentially indiscriminate and most intrusive method of surveillance." Worth remembering in the context of this debate is that federal judges have jurisdiction over clearly delineated geographic areas only - judicial authority in a region does not mean the extension of that authority over the country writ large.
All of this, then, leaves the agency in something of a quandary. Assuming it as simultaneously true that a) federal law enforcement fundamentally operates in good faith and with respect for constitutional and other safeguards and b) that there may be legitimate uses for forms of remote exploitation less invasive than webcam spying, the ruling presents an invitation to rethink the way that Rule 41(b) - the portion of federal criminal procedure that limits warrant authority to a single judicial district - works on the web. And indeed, just months after the decision in In Re Warrant to Search a Target Computer, the government began to do just that.
The Department of Justice's Advisory Committee on Criminal Rules, one of many judicial sub-bodies whose internal deliberations contribute to the patchwork of American regulation and legal procedure, has for almost a year considered the question, via subcommittee, recently arriving - though with subcommittee membership divided - at proposed language that would vastly expand judicial authority to authorize the use of invasive malware in routine law enforcement. Removing the requirement that warrants be limited to a given magistrate judge's district, the proposed change, Rule 41(b)(6) would expand existing regulation to allow magistrate judges "... to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district."