Google Rails Against Proposal to Give Feds Remote Hacking Authority

Google is fighting a proposed amendment to Rule 41 of the United States Criminal Code that might allow authorities to hack into computers abroad.

The Standing Committee on Rules of Practice and Procedure, which advises the Judicial Conference of the United States, is considering the amendment.

It seeks to empower a magistrate in a district where activities related to a crime may have occurred to issue a warrant for remote search of computers, as well as seizure or copying of their files, when a target computer’s physical location is unknown, or when multiple computers in several districts are used simultaneously to carry out complex criminal schemes.

The use of anonymizing software, or damage to a computer used in interstate or foreign commerce or communications, would add weight to requests for a remote search-and-seizure warrant.

Investigators would be allowed to send an email, remotely install software on the receiving device, and determine its true IP address or identifying information.

The proposed amendment does not address constitutional questions that could be raised by such warrants, such as compliance with the Fourth Amendment, leaving those issues to case law development instead.

Googleplex Battles the G-Men

The proposed amendment likely would be used to search computers and devices around the world, according to Richard Salgado, Google’s director for law enforcement and information security. Salgado last week filedcomments on the issue.

The amendment would allow remote search without defining the meaning of the term, he pointed out, under the assumption that such searches would be constitutional and otherwise legal.

Congress is the proper body to determine whether such changes to electronic surveillance rules are warranted, Salgado argued.

Take the Good With the Bad

“This proposal raises a host of data security, constitutional and international law issues,” said Harley Geiger, senior counsel at the Center for Democracy & Technology. CDT also filed comments in opposition to the proposal.

Remotely searching a computer physically located in another country “may violate the international legal principles of sovereignty and comity,” Geiger told TechNewsWorld.

“What the Justice Department wants is to loosen warrant processes to be able to obtain a court order from any jurisdiction to hack devices whose locations are concealed, or damaged devices,” he said.

Other concerns are the broad legal definition of “damage” — which may encompass the 30 percent of machines worldwide that are degraded, many because they’re victims of hacking — and the fact that there may be legitimate reasons to conceal a computer’s location, Geiger pointed out.

The U.S. government previously has pushed the envelope for international computer searches, notably in the case of Ross Ulbricht, the alleged founder of the infamous Silk Road marketplace on the Dark Web, when a server in Iceland “was apparently accessed without a warrant,” noted Darren Hayes, director of cybersecurity at Pace University’s Seidenberg School of CSIS.

However, giving authorities broader powers to go after pedophiles and other criminal suspects “must be seen as a good thing,” he told TechNewsWorld.

No Free Pass for the Feds

The amendment is arguably the FBI’s bid to broaden its surveillance capabilities in order to strengthen its counterterrorism capabilities.

“We don’t want the FBI to go chasing court orders to do a remote search on a PC in the United States,” said Daniel Castro, senior analyst at the Information Technology & Innovation Foundation. “That’s not terribly efficient.”

On the other hand, “we don’t want to tell criminals that as long as they use a server outside of the U.S. for their attacks, they are safe from law enforcement,” he told TechNewsWorld. “But should the FBI get to hack into any system anywhere in the world with a court order? Probably not — at least not without a high threshold of evidence.”

Google’s opposition “is somewhat similar to the Microsoft case in Ireland,” Castro said. “Companies don’t want governments to make them turn over data stored abroad.”

The Second Circuit Court of Appeals is expected to hear arguments in that case later this year.

Source : technewsworld.com