by John Tisk
Previously published on Elite Investigative Journals
I came across a blog back in March of this year regarding a proposed change in how the United States Department of Justice will be gaining search warrants that can seriously infringe upon our Fourth Amendments Rights. The blog spoke of the Federal Bureau of Investigations using tracking malware on computers “worldwide” to determine any alleged criminal activity. The blog was very vague in detail and implementation, and high on stoking outrage at this unidentified proposal.
Although I never take anything factual from blogs as a general rule, it intrigued me nonetheless. Unfortunately, according to Gallup polls, only 27% of the American population has any trust in our government, which probably answered my own question as to why this blog interested me. To add insult to injury, the Department of Justice’s reputation has taken several hits as of late, from the Fast and Furious gun running debacle, spying on the Associated Press, and culminating with Attorney General Eric Holder’s Contempt of Congress.
Being the professionals that we are, I don’t need to preach about not making a decision or judgement based on emotion or pure speculation. I decided to investigate the facts regarding this proposed procedural change to how the DOJ and the FBI will be filing for search warrants. I readily admit that I am not a legal scholar, but I feel comfortable in adding to the debate and allowing the Reader to make their own decisions if this rule change is good cybercrime prevention of a clear violation of our Civil Rights.
Proposed Amendment to Rule 41 of the Federal Rules of Criminal Procedure:
As with all investigations, the best place to start is at the source. According to the Federal Rules of Criminal Procedure, Rule 41 grants a Magistrate Judge the authority to issue search warrants based upon evidence of probable cause provided by a Federal Law Enforcement Officer. The search warrant, once granted, allows Federal Investigators to seize property that will provide evidence of criminal activity, recover contraband, and/or property designed for use in the commission of a criminal act.
Rule 41, as it stands now, grants Magistrate Judges the authority to issue search warrants for electronically stored information, either seizing or copying the information remotely. The word “remotely” is a politically correct way to say hacking into a perp’s computer. The rule was last amended in 1997 to allow warranted hacking of a perp’s computer.
Rule 41 under Subdivision (f)(1)(C) states that reasonable efforts are to be made by the Investigator executing the warrant to provide notice of the search and/or seizure to the person whose information was seized by remote access or by physically taking the items specified by the warrant.
To get the warrant for the hack, the criteria must be set for probable cause, (more than a reasonable suspicion that a crime has been committed), the criminal activity must be within the district where the U.S. Court and the investigative agency has jurisdiction, the identity of the person and the address where the criminal activity is being perpetrated is known to the investigative agency.
In example: I am investigating a person who uses his computer to fence stolen goods. I know where the person lives, but the stolen goods are not stored there. I swear out an affidavit to the Magistrate Judge, asking for a search warrant to hack his computer to find files, statements, cookies, etc that prove the person is fencing goods and to locate the stolen property.
The proposed rule change to Rule 41 that was issued by the DOJ on 9/18/13 states:
“A Magistrate Judge with authority in any District where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside the District”.
In a subsequent memo the DOJ put out on the same date, the DOJ contends that this proposed amendment to Rule 41 would enable law enforcement to investigate and prosecute criminals who use Internet anonymizing technology/privacy software or botnets.
In example: I am investigating an IP address that appears to be on the market selling stolen goods. I have no idea who the perp is, no idea where the computer is physically located, the IP address is known to me, but uses anonymizing technology which masks the identity and location of the computer operator and address, but I have more than a reasonable suspicion that the person masking the IP address is selling stolen goods.
I feel I should define what a botnet is, as it is mentioned in the DOJ proposal. A botnet is a network of computers deliberately infected with malware by a perpetrator to mask his identity and location. These infected computers and their users have nothing to do with the perp, and are oftentimes infected by opening a suspicious e-mail from said perp. This is how the computers become linked in a botnet.
In example: I am investigating an IP address that appears to be on the market selling stolen goods. The IP address identifies twelve physical locations where the address originates. I have no idea who the perp is, no idea where the master computer of the botnet is physically located, but I have more than a reasonable suspicion that the master computer operator is selling stolen goods and to request a warrant to hack into these twelve computers to determine the identity of the master operator and gain evidence that a crime was committed.
Critics state that it is a clear violation of our 4th Amendment Rights:
Richard Salgado, Google, Inc.
Photo courtesy of webpronews.com
When the DOJ proposal came out, there have been many vocal critics of the change in procedure. According to the Associated Press, hearings were held before the Senate Judiciary Committee’s Privacy, Technology Subcommittee on November 13, 2013. Among the people who testified before the subcommittee about the proposal was Richard Dalgado, the Director of Law Enforcement and Information Security for Google, Inc. Mr. Salgado stated that the proposal is too broad and could have serious repercussions.
“While the proposed amendment ‘purports’ not to substantively expand the government’s search powers under Rule 41, it in effect does so anyway. The proposed amendment is a substantive change that imposes upon the constitutional rights of targets.”
Mr. Salgado also stated that the changes could easily lead to remote searches of computers outside of the United States’ jurisdiction and that even within our jurisdiction, millions of Americans affected by cybercrime by being unknowingly attached to a botnet would have to go through multiple intrusive hacks as law enforcement tries to identify an anonymous suspect. He also stated that if the changes to Rule 41 is to be enacted, it should come through Congress and not through a DOJ rule change because the changes in the rule is too dramatic and has huge ramifications to U.S. Law and International Law to be handled outside of the Legislative Branch.
Besides Mr. Salgado, the Subcommittee also received testimony and correspondence from thirty other sources, including the ACLU, the Electronic Frontier Foundation and the Reporters Committee for Freedom of the Press that mirror Google’s concerns regarding the Constitutional, legal and geopolitical concerns.
In the DOJ’s response to public comments concerning the hearings:
“The existing rules already allow government to obtain and execute such warrants when the District of the targeted computer is known. Thus, the issue before the Committee is not whether to allow warrants to be executed by remote search; it is whether such warrants should be precluded in cases involving anonymizing technology due to a lack of a clearly authorized venue to consider warrant applications.
With the rise of techniques that make it easy for criminals…to hide their true locations, lawfully authorized remote access has become increasingly important to protect people from predators and solve serious crimes.”
An excellent discourse written by Associate Member of the University of Cincinnati Law Review, Jon Kelly took the argument against the rule change even further:
"The Main objections stem from the absence of language that would limit the scope of searches under the new rule or to set a requirement of specificity needed to ensure constitutional protections and protect international relations. The Fourth Amendment requires that warrants specify the 'place to be searched, and the person(s) and things seized.' This specificity requirement is understandably compromised when a federal agency's warrant request does not specify the location of the search, the method in which the search will take place or the scope of such a search."
Mr. Kelly also strongly stated that the rules vague language does not address concerns that Rule 41 will allow searches of innocent computers that are linked to a botnet, and the broadness of the language does not address any potential illicit activity on the botnet computers that is independent of what the warrant would allow for.
Again, the DOJ's response seemed lackluster when they stated that the rule change must be judged on a case by case basis when and if it is challenged in the Courts.
Jon Kelly, Associate Member of the University of Cincinnati Law Review
Photo courtesy of linkedin.com
Mr. Kelly's entire discourse can be found at www.ucla.org/2015/05/07/unwarranted-amendments-criminal-procedure-r...;
Fruits of the Poisonous Tree:
I find this to be a very interesting topic regarding finding criminal activity that is not linked to the original target search. According to www.legal-dictionary.com, The Exclusionary Rule mandates that evidence obtained in an illegal or unreasonable search must be excluded from trial. The Fruits of the Poisonous Tree Doctrine was established to deter law enforcement from violating rights against unreasonable search and seizure. I truly wonder if the DOJ had this scenario in mind when drafting this change.
In example: I am investigating an IP address that appears to be on the market selling stolen goods. The IP address identifies twelve physical locations where the address originates. I have no idea who the perp is, no idea where the master computer of the botnet is physically located, but I have more than a reasonable suspicion that the master computer operator is selling stolen goods and to request a warrant to hack into these twelve computers to determine the identity of the master operator and gain evidence that a crime was committed. While searching for the master computer, I find on a non-targeted computer evidence that the non-target computer owner has been cheating on his taxes for the last five years. Is it warranted to make an arrest based upon this or not?
Ahmad Ghappour, photo courtesy of youtube.com
Another excellent argument that I have read against the changes proposed for Rule 41 was written by a visiting Professor at UC Hastings College of Law located in San Francisco, CA, Ahmed Ghappour. He is an attorney that litigates constitutional issues that arise in espionage, cybersecurity and counter-terrorism prosecutions. He wrote very passionately about international repercussions from this proposed change in the rule:
“The DOJ commentary explicitly states that the proposal does not seek power to extend search authority beyond the United States…The latter standard seems to be a significant loophole in the DOJ’s own formulation of the approach, particularly give the global nature of the Internet.”
Mr. Ghappour targeted the potential risks of creating an international incident by allowing the DOJ/FBI to receive a network access search warrant for a computer that uses anonymizing software, such as TOR, citing that over 85% of computers directly connected to the TOR Network are located outside the United States, where we would have no criminal jurisdiction.
Mr. Ghappour also cited an international incident that occurred between the U.S. and Russia in 2002. Russia’s Federal Security Service filed criminal charges in the UN’s International Court of Justice against a FBI Agent for “illegally accessing” computer servers located in Chelyabinsk, Russia to seize evidence of criminal activity by Russian hackers, who were arrested in Seattle, WA. The FBI gained access to the overseas server using log-in information that they obtained from one of the suspects in custody.
Although there are no prohibitions on cyber-espionage in international law, Mr. Ghappour stated that given the public nature of the U.S. Criminal Justice System, he believes that U.S. Authorities can face prosecution from a “violated country’s” domestic criminal law if the DOJ proposal is approved. To view Mr. Ghappour’s article in its entirety, please visit www.justsecurity.org. ;
When In Doubt, Find an Expert in the Field:
Arthur Rizer, Associate Professor of Law, University of West Virginia.
Photo courtesy of http://law.wvu.edu.
To be fair, I researched Rule 41 and the proposed changes for any positive news, but alas, I found not one single legal article, news story or blog posting that would defend the rule change. I decided to reach out to an old friend of mine who is now currently an Associate Dean and Professor of Law at the University of West Virginia, Anne LoFaso, who in turn gave me the contact information for her associate, Professor of Law at UVA, Arthur Rizer, whom she said is an expert at Constitutional Law, and has given interviews regarding the law to Huffington Post and to Glenn Beck.
I called Mr. Rizer in early May and after brief introductions, we got down to business. Mr. Rizer stated that he has researched the change to Rule 41 and although he finds that the rule change in itself does not meet the "spirit" of the 4th Amendment which guarantees our rights against unlawful search and seizure, the change is lawful and Constitutional.
He went on to explain that the need for warrants as a whole is a means of curbing law enforcement through independent decision-makers in the Judicial Branch. A warrant requirement brings in the professional judgment of a neutral Magistrate who have to review the facts of a case before law enforcement can act. The practical theory is that a Magistrate Judge is not an arm of law enforcement and not likely to attempt to sabotage the 4th Amendment of the U.S. Constitution. Should the DOJ write their own rules and not seek a warrant for a computer hack, that is a clear violation of the 4th Amendment.
When asked about botnet groupings, and finding illegal activity not specified in the warrant, like in a case where law enforcement looks at a botnet for one particular crime but finds another not related to the crime specified in the warrant, he stated that there is a legal argument under the Exclusionary Rule, as detailed earlier in this report if the DOJ/FBI or any law enforcement branch make an arrest for this accidentally found crime.
Mr. Rizer concluded that in order for the rule change to become effective, it has to gain Legislative approval through the Senate Judiciary Committee before the DOJ can enact this change. As for the arguments about the warrant not being specific in the location or District where the warrant will be executed, Mr. Rizer believes that this can be challenged in the Supreme Court and the merits of each case can be taken accordingly.
In history and in practical application, the basic role of the Federal Government is to secure our national safety and to guarantee our rights as human beings and citizens of this great Country. That is one Hell of a balancing act, especially today in the 21st Century with the mis- use of computers by real bad people to do really bad things, such as human trafficking, identity theft, and fencing stolen goods. Just this past May, the Associated Press has reported that the Internal Revenue Service's computers have been hacked and millions of taxpayers' tax return information has been stolen. G-d forbid you or myself are on that list of taxpayers who may get gyped by these thieves, the idea of finding them, bringing them to justice and gaining restitution from them would certainly take a front seat over any arguments we may have regarding the DOJ reaching for more power in their applications for remote access search warrants.
I have to admit that I am still undecided if this rule change is a good thing or a bad thing when it comes to the balance of enforcing the law and our guarantees under the Bill of Rights. Although I am aware that Law Enforcement's past and current efforts to combat cyber-crime is woefully inadequate, perhaps the changes in Rule 41 can give Law Enforcement the wiggle room to carry out a more effective battle against them, and still not infringe upon our basic Constitutional Rights. Only time will tell.