Law Change Could Let Feds Spy On Malware Victims

John Lister's picture

Opponents of proposed changes that could make government surveillance of computers easier have warned time is running out. The changes will take effect on December 1 unless Congress passes a law to stop them.

The debate involves the Federal Rules of Criminal Procedure, which is effectively the rulebook of the judicial system. Rule 41 sets out how search warrants work in federal cases.

Earlier this year the Supreme Court agreed to a request from the Justice Department for three changes to Rule 41. The first is an exception to the usual principle that a local judge can only issue a search warrant for law enforcement officials to remotely access computers that are physically within the court's geographical jurisdictions. That's the same principle that applies to physical searches of property and possessions.

The change would mean that in cases where the suspect had intentionally concealed the true location of the computer, the judge could issue a warrant that applied regardless of where the computer actually was. Critics says overturning that principle goes too far and argue it could even mean encouraging unlawful remote searches of computers located outside the US.

Malware Victim Computers Could Be Searched

The second change is that judges would be allowed to issue a single warrant covering multiple machines in multiple districts (even ones outside their jurisdiction) in cases involving networks of infected computers. Opponents say that's misguided as it would mean law enforcement getting the power to access the computers of people who are victims of malware and aren't suspected of any wrongdoing.

The final change is that officials would no longer need to physically hand over or post a notice of the search at the relevant location. Instead, with remote computer searches, they could simply issue an electronic notice to the target such as an email or even a popup message. Critics say this isn't sufficient as the recipients might well assume the message was a fake and part of a phishing scam - and that it might even inspire such scams. (Source: wired.com)

Clock Ticking Before Rules Takes Force

Once the Supreme Court agreed to the changes, they were automatically put on hold for 180 days before taking effect. That period is to give Congress the opportunity to block the changes by passing a law that specifically stops the changes from taking force.

A bipartisan bill to do so has been proposed but has yet to proceed to a formal hearing or a vote. Politicians who support blocking the changes have accused Congressional leaders of dragging their feet and warn that the clock is ticking, particularly with the Congressional timetable interrupted by the elections process. (Source: sophos.com)

What's Your Opinion?

Do you support the changes or should they be blocked? Is this a simple case of either national security or civil liberties being the key? Or is it a case of the Justice Department pursuing worthwhile aims with the changes but leaving loopholes that are open to abuse?

Rate this article: 
Average: 5 (7 votes)

Comments

Dennis Faas's picture

The last part which reads: "... with remote computer searches, they could simply issue an electronic notice to the target such as an email or even a popup message. Critics say this isn't sufficient as the recipients might well assume the message was a fake and part of a phishing scam - and that it might even inspire such scams."

I guarantee 100% that the Indian tech support scammers will jump on this like it's the greatest thing since sliced bread. I predict they will start cold calling people pretending they are from the FBI (located in India of course), demanding access to machines or risk being put in jail. Oh, man! I just received an email from a lady yesterday telling me she received a 1-800 scam, and they told her they were going to disconnect her phone if they didn't get access to her machine.

matt_2058's picture

Very bad. It sucks the Supreme Court didn't think this through enough.

Even worse is the process that changes take effect UNLESS action is taken. Also that so much time is between the decision and the effective date. Many times the issue just goes away since it becomes old news, and the shady proponents get it slipped in. By the time the subject gains traction, it's too late and would take 10x the effort to repeal the change.

Mr Fass....how about one of those links to the US and Canadian elected officials specifically addressing the subject for stuff like this? It would make it easy for your readers to be heard and maybe get you some attention for your exceptional site.

Gotta go and let my reps know this is bad for their constituents.

DarthSolo's picture

I completely agree with you Dennis; I can see how this will go every which way but right. For a few months I would get calls 2-3 times a week from “Microsoft” and “Dell”, telling me about how bad of shape my computer was in. After I got sick of them calling, I talked to them on the phone all the while I was filing an online complaint with the FCC, and haven’t heard from them since.

With the current VOIP technology out there, you can make the caller ID say whatever you want, any number and any location. Heck sometimes they would screw up the caller ID and the number would read 000-000-0000, for the most part the numbers and locations where random, but none of them where from where they were actually calling from. If the scammers want, they can even use the FBI’s own number on the caller ID. This is going to end very badly.