Personal privacy has just been dealt another blow by a recent decision by the US Supreme Court, and, as a result, unless the US Congress introduces legislation in the next seven months, the FBI will gain unprecedented new powers to hack into computers with impunity.
The Supreme Court, operating with the handicap of being a justice short, due to the death of Justice Scalia, ruled in favor of an FBI petition. At the FBI’s request this week, the court reasoned that judges should be able to issue hacking warrants to federal law enforcement for anywhere in the US if the suspect has tried to hide their location, as criminal suspects are wont to do. Additionally, the FBI could get authority to infiltrate any computer, regardless of the owner, if it has already been taken over by “bad hackers”.
At issue is the questionable application of Rule 41 covering warrants – or at least a new reading of Rule 41 if the change is approved – and whether it can be broadly applied to the digital world of today. The controversy offers a glimpse at the struggle to maintain Americans’ protections against unreasonable searches in the present Internet age. Many of the rules were written for a world based on searching physical spaces (such as a desk) and at distinct locations (like an office). Such rules often don’t adapt well to the era of the internet and myriad online services, where it is also possible to, in theory, search millions of computers at the same time.
The debate has flared due to recent decisions by judges that granted local law enforcement sweeping latitude in pursuing digital information on computers, as police attempted to snag alleged child pornographers or child sex abusers. The suspects were accused of trying to hide their location using Tor. Civil liberties advocates, acknowledging the delicacy of the charges and related crimes, have nonetheless cried foul. Not because they want to defend child sex abuse material, but because domestic law enforcement shouldn’t be able to search potentially millions of computers based on the authority of one judge’s order.
Another thorny issue is one of jurisdiction, i.e., of limiting the reach of law enforcement in executing their searches. Under the old language of Rule 41, judges could approve warrants authorizing hacking (or as the FBI calls it, network investigative technique, or NIT) only within their jurisdiction. Under the current rule, federal judges, in most cases, can only order searches and seizures within their jurisdictions. Now, under the new rules written by federal judges at the behest of the Justice Department, a magistrate can approve a warrant to hack into a computer in an unknown location under technical concealment, and take control of its data. For example, a federal judge on the East Cost would be able to issue a warrant to FBI agents on the West Coast that authorizes them to access a computer without knowing its real location.
A frequent and prominent civil liberties advocate, Sen Ron Wyden, (D-Ore.), is up in arms over the proposed change to Rule 41, and is introducing legislation to bar its 1 December implementation,
“These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices… Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime,”
The SCOTUS decision opens a Pandora’s box, and is fraught with peril for prospective suspects and, potentially indeed, the personal freedom of the ordinary citizen.