Going incognito? Well theres no point anyways now my friend, after all, now the FBI can now dip their noses into what youre doing if they get a search warrant from the magistrate judges.
The recent amendments made, on Thursday, centers around Rule 41 of the Federal Rules of Criminal Procedure which regulates when and under what particular circumstances, judges can issue warrants for searches and seizures.
Which means that the FBI can now legally hack by search multiple computers, phones and other devices across the country, and even overseas, just on a single warrant.
You might be asking, what is that going to change with this new change of rules?
Since we all know that the US services have been illegally hacking computers for ages, *cough * NSA *cough *.
To be honest with you, it is rather weird of them to be coming out now, saying they can do it legally, when they could just have done it without telling the media.
But before you make any assumptions, you should read on to find out more..
Officially, the amendments read as follows:
41(b): At the request of a federal law enforcement officer or an attorney for the government:
6): a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:
(A) the district where the media or information is located has been concealed through technological means; or
(B) in an investigation of a violation of 18 U.S.C. 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.
Up until now, magistrate judgeswere only able to sign warrants for searches within their own district, however, this changes if the case had some exceptions such as involving terrorism.
These new amendments serves to change that and it has become what the legalexperts have described asthe broadest expansion of extraterritorial surveillance power since the FBI’s inception.
According to the Department of Justice, these new amendments are crucial for policing crime in an age of anonymization technology such as Tor or VPN.
This is especially the case whenever a criminal suspect is using Tor, perhaps to post child pornography on a dark web site, and it proves very difficult to know where that person is located. The same thing goes for VPNs (Virtual Private Networks)
So in those cases, the Rules do not clearly identify which court the investigators should bring their warrant application to,
Assistant Attorney General Leslie R. Caldwellwrote in a blog post.
Oh yes they have.
In 2015 an investigation into a dark web child pornography site called Playpen, ended up with the FBI hacking some 8,700 computers in 120 countries.
Before the undertaking, the FBI asked the magistrate judge to authorize the hacking of computers that were used to view illegal material, wherever located.
But the warrant that was permitted was only to search wherever located within their own district (where in the PlayPen case, it was the Eastern District of Virginia), but 120 countries is way off what the old Rule 41 constitutes.
The aftermath of that case had plenty of courts finding that the Playpen warrant breached the old Rule 41, with attempts to authorize searches outside of the respective district without permission which even lead to some judgeseven throwing out the evidencebecause of the rule violation.
These new amendments, changes all of that and if it were to be issued today, the Playpen warrant would have not violated Rule 41 in the first place.
Caldwell further added that
We believe technology should not create a lawless zone merely because a procedural rule has not kept up with the times,
Its a controversial obscure change, and there are bound to be opposition to this amendment.
Sen. Wyden said in a statement at the time that
This is a dramatic expansion of the government’s hacking and surveillance authority. Such a substantive change with an enormous impact on Americans’ constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process,
Lets take a look at two recent hacking events which might help you give a better insight into how these rules come into play.
In 2015, the FBI, as part of its massive hacking campaign called Operation Pacifier, took over a child pornography website on the Dark Web.
Over the course of two weeks, the FBI deployed malware to users in order to bypass the anonymizing software andcatch 1,500 pedophiles.
It sparked a lot of controversy, but the main problem that the FBI had wasnt catching the 1,500 pedophiles, but it was their very own judiciary system.
The FBI agents responsible carried out this attack on the order of a single warrant issued by a magistrate judge.
The court battles that followed resulted with defense lawyers successfully arguing that the entire operationrelied on an invalid warrant.
Whilst on the other hand, a senior US District Court judge ruled the FBIdid not need a warrant at allto infiltrate a stateside computer, saying,
“Generally, one has no reasonable expectation of privacy in an IP address when using the internet.”
It was a complete mess, and the FBI found themselves having to spend more time dealing with legal issues rather than working on their operation.
With todays new Rule 41, does address this issue head-on and gives the authority to the magistrate judge to issue a warrant to search and seize multiple computers anywhere without being confined to just the district level.
Next up is the Mirai Botnet Attack which happened quite recent actually and it is still making headlines these days all over the world.
The Mirai, if you havent heard what it is, is a really powerful malware and if used to attack specific targets, is capable of bringing down websites, services, or even internet infrastructure, which can mean wide scale outages.
Such was the case when the Mirai botnet attack that happened in late October, resulted in a complete shutdown of the internet across the country.
Following the attack, theweak security protocolsin connected home devices like security cameras, DVRs and routers gave an open window for hackers to launch a distributed denial of service (DDoS) attack at a large domain name server that took out major corporations such as Twitter, Spotify, Reddit, The New York Times and other major websites.
Nonetheless, now with the new amendments, it would let the judge issue a warrant allowing federal agents to search, seize and copy all of the information on these hacked IoT (Internet of Things interconnected via internet) devices
If you were to be are a victim of such a hack, then theres a pretty high chance that the FBI will do a digital search and seizure on you too. This brings us again, back to the controversial part of this new amendment, as this potential scenario worries privacy advocates like the Electronic Frontier Foundation (EFF). The EFF wrote in ablog post explaining their concern that
“Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.”
Not only that, remember when the FBI still went on with their Operation Pacifier despite the warrant they were given was an invalid warrant? Yes, there’s a high chance of that happening again and if you were to read the first part of the new amendment, which targets people using anonymizing software to obscure their location or identity, you’ll find that it is pretty vague enough to apply to a broad range of common services and this undoubtedly has the potential for abuse of power, the EFF argues.
“For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated,” the EFF says. “It might also extend to people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored tweets.”
Amending the rules is both necessary for law enforcement agencies and deeply concerning for digital privacy advocates but rest assured with the new amended Rule 41, law enforcement can be more effective now, especially in this day to day digital age.
In 2001, A study done at University of California, Berkeley estimated that the deep web consisted of about 7.5 petabyes (or 7,500 gigabytes) of information. Whilst a similar study carried out in 2003, was found to have that number increased to 91,850 petabytes.
Researchers also estimated that to the 1 billion indexed pages on the internet (in 2001), there were 550 billion in the deep web.
Its frankly scary to think that there are humans who lurk in the darkest edges of the web, doing inhumane activities such as child pornographic sites, terrorism, drugs, hacking groups, hitman services and so on which not only jeopardizes our lives but our loved ones too.
Dont think that the Rule 41 is the end of the conversation about cyber security and privacy.
Because its not.
Follow me on Snapchat, and I’ll keep you updated with what’s going on every now and then.
What do you think about this newobscure rule by the U.S.?