When the FBI hacks people to attempt to uncover a pedophile ring, it is hard to argue. Our children’s safety is paramount, and catching those that are disgusting and insane enough to do our children harm is fundamental. Now Electronic Frontier Foundation (EFF), however, is concerned about the type of FBI hacking is rapidly becoming the norm following the Playpen investigation. EFF is a privacy advocacy group based in the US, and it feels strongly that procedures that have become the norm (during the Playpen investigation) are a worrying sign of things to come.
Now, changes to Rule 41 due to become law worryingly soon – and without oversight – prove that the EFF is right to be concerned. The FBI is hijacking what happened in the high-profile Playpen case to pass unscrutinized laws, creating new legislation that will enable legal hacking of US citizens at unprecedented levels.
‘Make no mistake,’ says Mark Rumold from EFF. ‘These cases are laying the foundation for the future expansion of law enforcement hacking in domestic criminal investigations, and the precedent these cases create is likely to impact the digital privacy rights of Internet users for years to come.’
The Playpen case
In December of 2014, the FBI received a tip-off about the deep-web child pornography site Playpen. That informant told the FBI that Playpen was configured incorrectly. The slip-up allowed anybody to discover the IP address that the deplorable site was being run from. That IP was in the US, and so the FBI decided to investigate further. Now under the FBI’s watchful eye, a warrant was obtained to seize the server running the hideous deep-web site.
Once in FBI hands, instead of closing the evil server down the bureau decided to do something far more cunning. The agents agreed that the opportunity was too good not to exploit and allowed the site to continue operating for two more weeks.
During that time thousands of child porn images were downloaded, giving the FBI a huge repository of information about the sick-minded people using the Playpen site.
What happened from that moment on, however, is what EFF is concerned about. It is also what could have serious repercussions for the general public, should the FBI be granted the new powers that are all set to become law in 90 days.
The FBI decided to use malware to target the visitors of the site. A program nicknamed “Network Investigative Technique” or NIT for short was placed on suspects’ computers. That malware is believed by EFF to have exploited ‘a vulnerability in Firefox bundled in the Tor browser.’
The malware then collected identifying data from the users’ computers and returned the information back to the FBI. In total, more than 1000 suspects were discovered with the NIT malware in what EFF describes as,
‘The most extensive use of malware a U.S. law enforcement agency has ever employed in a domestic criminal investigation.’
‘And, to top it all off,’ comments Rumold. ‘All of the hacking was done on the basis of a single warrant.’
While there is no doubt that catching child sex offenders is one of the most well-deserved reasons for FBI hacking with malware. EFF is concerned that the general precedent that the use of this malware sets, could soon creep into investigations of lesser crimes.
A Frightening Prospect?
Although we can agree that, in the Playpen case, any sane person can easily forgive the FBI for their intrusion: How do we feel about these methods going forward?
The US is a nation where despite the widespread use of marijuana, young men and women are sent to prison for a ‘dime bag’ of weed. As such, it is easy to understand why the EFF is more than a little troubled by the prospect of the FBI (and other agencies) taking this procedure forward into other criminal investigations.
In the ongoing cases that are currently going through the courts (from the Playpen investigation), defendants have been pushing back against the intrusive manner in which they were caught out. That method was technically illegal and in breach of the accused’s constitutional rights.
So far, however, because of the particularly despicable nature of the crimes that were perpetrated (and the public outcry and feelings that knowledge of the case creates) the courts have sided with the FBI, and what the EFF describes as it’s ‘dangerous decisions.’
EFF VS. FBI hacking
EFF has been doing its utmost to approach the Federal judges involved in the hundreds of cases that have arisen out of the use of the NIT malware in the Playpen case. Their aim? To educate the attorneys and judges involved in the case about the gravity of the precedent that these cases set,
‘There are very few rules that currently govern law enforcement hacking, and the decisions being generated in these cases will likely shape those rules for years to come. These cases raise serious questions related to the Fourth Amendment, Rule 41,’ comments EFF.
Changes to Rule 41
It is that part of the Fourth Amendment, that the FBI is now about to have changed. Alterations that when combined with the precedents (that the cases running through federal courts create) could mean a lot more legal hacking in future.
On Thursday, Senator Wyden spoke confidently on the floor of the Senate in favor of a last gasp single line bill that it is hoped will stop the FBI from getting their changes to Rule 41. That Bill is called ‘The Stop Mass Hacking Act’ (S. 2952, H.R. 5321), and reads as follows,
‘To prevent the proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure from taking effect.’
Wyden’s bill has bipartisan support and is being rushed through parliament in an attempt to curb the FBI’s proposed new hacking powers before the changes to Rule 41 are codified into law in around 90 days.
The amendments to Rule 41 will allow judges to grant warrants to seize electronic metadata from US citizens. If their location is ‘concealed through technological means.’ Judges may even issue the warrant to gather electronic media from citizens living outside of the districts where they reside.
If a person were using Tor or a VPN, for example, the FBI would be granted permission – with a single warrant – to attempt to put malware on that person’s machine. The reason? To collect identifying information (and anything else they desired) from the subjects machine.
Foreigners not safe either
Incredibly, this even applies to people living outside of the US. Even if they are journalists, lawyers or in some other position that requires taking extra care with privacy.
What the amendments don’t appear to consider is the harm that is caused by an FBI backdoor into people’s lives. Sadly, if targeted those (quite possibly innocent) people are also left vulnerable to attack from other more malevolent parties. After all, anybody that knows anything about security understands that a vulnerability set up by ‘the good guy’ is still just as gaping and ready to be exploited by the bad guys.
The danger is enormous, and as Daniel Shuman from Demand Progress has commented; these changes to US law are being brought into existence under the radar. “Even if you like mass FBI hacking, shouldn’t the Senate hold a hearing first before it automatically becomes law?” He recently commented.
The changes to Rule 41 are approaching quickly. In addition, because the FBI works for the Department of Justice – who in turn answer to the White House – this gives the administrative branch of government the power to hack into the lives of millions of US citizens, and people all over the world. Without the approval of Congress.
Anybody living in the US who cares about digital privacy and doesn’t believe that the FBI should be able to use it’s NIT malware on anyone but proven downloaders of child porn (as in the playpen case) should contact their local senator with a phone call. Applying pressure on senators with phone calls, letters, emails and Tweets in support of The Stop Mass Hacking Act (S. 2952, H.R. 5321), is essential at this stage!