Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computers and Warrants: Some Senators Oppose Justice Plan (go.com)

Posted by msmash on from the throttling-FBI's-hacking-authority dept.

A group of bipartisan senators introduced a bill on Thursday that blocks a pending judicial rule change allowing U.S judges to issue search warrants for remote access to computers in any jurisdiction, even overseas. Associated Press reports: Justice Department officials say that requirement is not practical in complex computer crime cases where investigators don't know the physical location of the device they want to search. In instances when cybercriminals operate on networks that conceal their identity and location, the government wants to ensure that any magistrate in a judicial district where a crime may have occurred can sign off on a search warrant that gives investigators remote access to the computer. The Obama administration says that authority is especially critical in cases involving botnets, which are networks of computers infected with a virus that spill across those districts. As it now stands, federal officials say, they might have to apply for nearly identical warrants in 94 different courthouses to disrupt a botnet.The U.S. Justice Department has pushed for the rule change since 2013. It has assumed it as a "procedural tweak" needed to modernize the criminal code to pursue sophisticated 21st century criminals, reports Reuters. Congress has until Dec 1 to vote to reject, amend or postpone the changes to Rule 41 of the federal rules of criminal procedure. If lawmakers fail to act, the change will automatically take effect, a scenario seen as likely given the short timeline. ZDNet has more details.

47 comments

  1. You're Under Arrest! by Anonymous Coward · · Score: 0

    So said the kookoo Debbie Harry.

  2. Where is the server, exactly? by myowntrueself · · Score: 4, Funny

    What are they going to do to figure out the jurisdiction anyway? Use Maxmind Geoip? Thats hopelessly unreliable! How else are they supposed to do this?

    Hey, I know! Lets set up a special UN taskforce!

    We can call it UNIT; United Nations Internet Taskforce! Need some kind of doctor and brigadier though.

    --
    In the free world the media isn't government run; the government is media run.
    1. Re:Where is the server, exactly? by Anonymous Coward · · Score: 0

      I see the problem they face and i'm not totally against the rule, but it must be passed in a bill by congress and signed by the president. Can't let one branch make that big of a change on it's own.

    2. Re:Where is the server, exactly? by sjames · · Score: 4, Insightful

      There are already judges that can give them the warrants they need. The only rational purpose of the rule change is to let them ask less experienced judges when they want to slip something past them.

    3. Re:Where is the server, exactly? by BlueStrat · · Score: 5, Insightful

      There are already judges that can give them the warrants they need. The only rational purpose of the rule change is to let them ask less experienced judges when they want to slip something past them.

      This.

      This makes judge-shopping so much easier! No more pesky jurisdictional issues! Simply pick the judge most in-line ideologically/politically with your prosecutorial/investigative agenda and goals, and bam! A done deal!

      If allowed to stand this rule would permit some wack-job ideologue/extremist judge in some backwater hick jurisdiction to issue warrants to search computers anywhere including in Washington D.C., Alexandria VA, Hollywood CA...or Hong Kong.

      If they allow this I say find a backwater-jurisdiction judge who leans hard libertarian and have him issue a warrant to search computers of those in Congress, the SCOTUS, and the DoJ/Executive branches in Washington, D.C. on suspicion of RICO/racketeering/criminal corruption violations.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    4. Re:Where is the server, exactly? by GLMDesigns · · Score: 1

      A judge "who leans hard libertarian" wouldn't want to search Congress or Executive Branch employees without a warrant either. That's what makes him a "hard libertarian."

      And there are plenty of "wack-job ideologue/extremist judges" in SF and NYC. You needn't go to "some backwater hick jurisdiction" to find them.

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    5. Re:Where is the server, exactly? by Anonymous Coward · · Score: 0

      One branch?

      You mean, the Executive branch (DoJ) asking the Judicial branch (SCOTUS) to approve a rules change, which is then passed on to the Legislative branch (Congress) for approval?

      Seriously, guys, this is hardly a unilateral process here.

    6. Re:Where is the server, exactly? by Anonymous Coward · · Score: 0

      No, it doesn't.
      The magistrate that can issue the warrant is the one in the district that the crime occurred in, aka the victim's district. And before the magistrate can issue this warrant, Federal Law Enforcement will first need to get a warrant to attempt to determine the attacker's location (usually by going to the ISP) and then, if they discover the attacker is preventing IP tracing or geolocation (usually by using Tor or some other darknet), only THEN, can the magistrate issue a warrant to hack the remote computer in an unknown location.

      The Federal Law Enforcement would then need to serve notice as soon as possible to the owner of the hacked machine. At the same time, if the machine is not in the US jurisdiction, the evidence cannot be used and would need to be retrieved some other way, as the magistrate has no authority to issue warrants against foreign locations.

      They cannot 'magistrate shop' because they are limited to certain districts based on the crime. They cannot get a warrant for computers that they know the location of through this rule change. They cannot go on fishing expeditions, because the warrant allowing them to hack cannot even be the first warrant for information.
      If you think it is too easy to get a warrant, that's a legitimate complaint. But that has absolutely NOTHING to do with the rule change.

    7. Re:Where is the server, exactly? by BlueStrat · · Score: 2

      The magistrate that can issue the warrant is the one in the district that the crime occurred in, aka the victim's district.

      The Feds have been known to choose where to deem a computer/internet crime occurred to favor jurisdictions where they feel they have the best chance of a favorable outcome. This just turns it around so that they don't have to care where the crime occurred, any magistrate of their choosing can issue a warrant. It's a huge judicial/executive power-grab.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    8. Re:Where is the server, exactly? by MobyDisk · · Score: 1

      IANAL, but I thought you cannot simply file a case in any jurisdiction you want. You can only file it in a jurisdiction where the court has an interest. A New York company wanting to go after a hacker in Thailand can't go to a court in Virginia can they?

    9. Re:Where is the server, exactly? by nbauman · · Score: 2

      The Feds have been known to choose where to deem a computer/internet crime occurred to favor jurisdictions where they feel they have the best chance of a favorable outcome.

      You mean forum shopping.

      Like prosecuting a California web site in Tennessee or Florida on pornography charges. http://www.pcworld.com/article...

  3. Doubt it applies anywhere in the world by Anonymous Coward · · Score: 0

    I don't see how this could apply to a computer anywhere in the world. Last time I checked, the US courts did not have authority to conduct searches on foreign soil. If they do in fact believe they have this right, I guess they are OK with the Chinese or Russian authorities searching computers on U.S. soil for evidence of their laws being broken.

    1. Re:Doubt it applies anywhere in the world by Anonymous Coward · · Score: 0

      Reciprocity is not beneficial for any state. You guess wrong. US has the authority and doesn't legally care about other nations, just like every other nation....

    2. Re:Doubt it applies anywhere in the world by MobyDisk · · Score: 2

      The physical issue you bring up doesn't really prevent them from *issuing* a search warrant. But it does inhibit their ability to *execute* the warrant. Executing it might require working with another government, or remotely hacking a server, or something like that. Do warrants state *how* they will be executed? Ex: If they get a warrant to search a computer, does the warrant state that they can or cannot hack it -vs- that they can sieze it -vs- they can copy the HD contents?

    3. Re:Doubt it applies anywhere in the world by olsmeister · · Score: 1

      What's to stop someone from setting up a bogus server, planting a lot of fake 'evidence' on it, and allowing the government to hack into it and discover whatever they want them to discover?

    4. Re:Doubt it applies anywhere in the world by Anonymous Coward · · Score: 0

      There are already laws on the US Statue Book that apply to the whole world. The most well known is the one allowing the IRS to tax you for any income anywhere on the planet.

      Sadly a good proportion of the world will just give the USA the finger w.r.t this proposed law.

      Why these politicians believe that they can force their laws onto other counties is IMHO just silly if not downright stupid.
      Oh wait, it is election year. That explains it perfectly.
      Time for a fillbuster perhaps?

    5. Re: Doubt it applies anywhere in the world by Anonymous Coward · · Score: 0

      Nothing. If the State wants to screw you over there's nothing you can do. Don't make waves and move on with your life.

  4. Wait. Who does what where? by fahrbot-bot · · Score: 1

    ... the government wants to ensure that any magistrate in a judicial district where a crime may have occurred can sign off on a search warrant that gives investigators remote access to the computer.

    And if the remote computer is located somewhere that local magistrate doesn't have any jurisdiction?

    --
    It must have been something you assimilated. . . .
    1. Re:Wait. Who does what where? by Anonymous Coward · · Score: 0

      I think you'll find that they don't care. It certainly didn't stop them before.

    2. Re:Wait. Who does what where? by pr0fessor · · Score: 1

      Here is the short and skivvy if we are to believe the general numbers found by a Google search there are about 15 million reports of identity theft a year at a cost of over $50 billion in the US many of which are computer related crimes and a lot of social engineering. What do you purpose we do about it? Better security sure but if there is no way to locate or stop them they will just keep trying until they beat that too.

    3. Re:Wait. Who does what where? by EvilSS · · Score: 3, Informative

      ... the government wants to ensure that any magistrate in a judicial district where a crime may have occurred can sign off on a search warrant that gives investigators remote access to the computer.

      And if the remote computer is located somewhere that local magistrate doesn't have any jurisdiction?

      That's the whole point of the rule change. It would allow them to go to one magistrate and get the required warrant in situations where either they would need warrants from dozens of magistrates due to multiple locations (bot net example) or if they simply can't geolocate the computer they need to get into. It makes sense, on the surface at least. However this is law enforcement so you know there is some way they can use this to completely screw over the people.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    4. Re:Wait. Who does what where? by mysidia · · Score: 1

      due to multiple locations (bot net example) or if they simply can't geolocate the computer they need to get into.

      Should you be subject to total loss of personal privacy and having your digital life turned upside-down by the gov't due to a search warrant of your machines, just because a computer on your LAN (Possibly a visiting friend's computer) happened to be compromised and joined in a Botnet? I don't think so. These foreign judges are not part of our local representative government

      They should pursue means of willing cooperation that provide limited information, but just enough information for the necessary part of their job (To attempt to find the source of the botnet).

      The notion of having a capability for judges to write search warrants against people in outside jurisdictions, where the judge is not accountable to the local populous is very dangerous and anti-democratic as well....

    5. Re:Wait. Who does what where? by sjames · · Score: 1

      They can already go to a district court judge for that. The downside for them is that district judges tend to be more experienced and harder to slip things past.

    6. Re:Wait. Who does what where? by EvilSS · · Score: 1

      due to multiple locations (bot net example) or if they simply can't geolocate the computer they need to get into.

      Should you be subject to total loss of personal privacy and having your digital life turned upside-down by the gov't due to a search warrant of your machines, just because a computer on your LAN (Possibly a visiting friend's computer) happened to be compromised and joined in a Botnet?

      Why are you asking me? I'm just responding to the OP on WHY they wanted the change. My name is EvilSS not Obama

      The notion of having a capability for judges to write search warrants against people in outside jurisdictions, where the judge is not accountable to the local populous is very dangerous and anti-democratic as well....

      Since when are federal judges accountable to the local populous of their districts? They are appointed at the federal level, not elected.

      --
      I browse on +1 so AC's need not respond, I won't see it.
  5. If they're worried about botnets by Anonymous Coward · · Score: 0

    Then write a law specific to botnets.

  6. Full list of senators? by XxtraLarGe · · Score: 1

    A group of bipartisan senators introduced a bill on Thursday that blocks a pending judicial rule change allowing U.S judges to issue search warrants for remote access to computers in any jurisdiction, even overseas.

    I saw Rand Paul on their, but certainly this is something Bernie Sanders would support as well, right? Does anyone have a link for the full list?

    --
    Taking guns away from the 99% gives the 1% 100% of the power.
    1. Re:Full list of senators? by Anonymous Coward · · Score: 1

      There's more information at Wyden's press release.

      In addition to Senators Ron Wyden, D-Ore., and Rand Paul, R-Ky., the original cosponsors are Sens. Tammy Baldwin, D-Wis., Steve Daines, R-Mont., and Jon Tester, D-Mont. I would hope Bernie Sanders would support the bill but I don't personally know how much one can read into him not being an original cosponsor.

      The above press release includes a link to a readable (warning, PDF) 1-page summary. The last sentence lists other supporters/commenters of the bill:

      For more information, see comments by ACLU, Google, EFF/Access, OTI, CDT, NACDL, the security researchers Bellovin, Blaze, and Landau, and the Agenda Books from the U.S. Courts.

  7. Really? by ledow · · Score: 1

    But yet a Chinese IP "attacking" their systems is grounds enough to start a war with China.

    Strange world you Americans live in.

    1. Re:Really? by 110010001000 · · Score: 1

      Government agencies are getting hacked from Chinese IP's every day, but no war so far. Strange world YOU live in.

    2. Re:Really? by ledow · · Score: 1

      http://www.wsj.com/articles/SB...

  8. And thus Global Hacking War 1 starts by Anonymous Coward · · Score: 1

    Here in the Netherlands, and probably everywhere else as well, we have the exact same discussion. Law enforcement wants the capability to remotely hack into computers, even when the jurisdiction is unclear and the remote computer my be abroad.

    This could in theory end up in a Global Hacking War where law enforcement of countries will hack law enforcement of other countries because they hacked into systems in the first countries jurisdiction which the first country considers to be illegal. repeat ad infinitum.

    This is unlikely to happen between Europe and the US, they will most likely come to some kind of agreement that will, as usual, be detrimental for their mutual citizens but benefits both states.
    Between other states it will just serve to be more verbal ammunition to accuse each other of wrongdoings by accusing the other of 'hacking' and claiming the moral high ground for oneself, which then escalates.. In other words, business as usual.

  9. Cyberattack as provocation for war. by SeattleLawGuy · · Score: 3, Informative

    But yet a Chinese IP "attacking" their systems is grounds enough to start a war with China.

    Strange world you Americans live in.

    It depends what they're doing with the "attacks." A cyberattack that kills people can obviously be grounds for war.

    Nobody is saying a cyberattack is enough to provoke a nuclear response. But if you don't want to get hit and the world has no policemen, you learn to defend yourself and you learn to hit back, until you both realize that it's more productive not to fight.

    Your response doesn't need to be the same kind of hit the other person used--it just has to hurt them enough to show them it is unprofitable to continue. (But not so much that they must retaliate because of public demand).

    --
    Real lawyers write in C++
  10. Better Solution by maz2331 · · Score: 4, Insightful

    Perhaps a better idea is to create a new court that can issue warrants in a "cyber jurisdiction" - ie an IP address or address space. That court can be highly specialized and have expertise in issuing such warrants, and have no jurisdiction over any physical area. Once the results of any searches authorized under the "cyber warrant" are resolved to a physical location, then new warrants can be obtained from the traditional courts for those jurisdictions.

    1. Re:Better Solution by Anonymous Coward · · Score: 0

      No, no. That's entirely too sensible and logical.

    2. Re:Better Solution by david_bonn · · Score: 2

      I suggested a similar idea to that in a face-to-face meeting with a United States Senator in May of 2000 after the MafiaBoy DDOS attacks. He thought that sounded like a great idea.

      You'll notice that nothing has been done on that front.

  11. Group of bipartisan senators by edittard · · Score: 1

    Surely it's a bipartisan group of senators. I find it hard to believe that anyone bipartisan could get selected by one party, let alone both.

    --
    At the bottom of the /. main page it says 'Yesterday's News'. Well they got that right.
  12. What's wrong with the usual jurisdictional rules? by Anonymous Coward · · Score: 0

    If you sell a product to someone in another location, the laws of both may apply, and suit can be brought in either jurisdiction.

    If a spammer sends email, he is legally required to comply with laws in the recipient's location.

    Why not just apply the same rule to computer searches? If connection attempts are addressed to hardware in the local jurisdiction, the local courts have jurisdiction over the connection and can grant a search warrant affecting the remote end. That should take care of botnets being used in DDoS attacks just fine. Perhaps the rule that the connection has to originate on the other computer can be relaxed to cover malware connecting home to its control network.

    Anything beyond this is overreach -- law enforcement *shouldn't* have jurisdiction over computer systems that aren't engaged in commerce and/or communications in their local area.

  13. A cyberattack that kills people can obviously be by whathappenedtomonday · · Score: 1

    grounds for war? You, Sir, have obviously been throughly brainwashed. Either that, or you have no idea what you are talking about.

    --
    I hope I didn't brain my damage.
  14. Now in America by Anonymous Coward · · Score: 0

    Laws get passed by default and have to be explicitly repealed?

    Nice...

  15. Botnets by Anonymous Coward · · Score: 0

    Except MAYBE for a single PR stunt once, this will never and was never intended to do anything about any kind of botnet, terrorist, ransomware hacker or pedophile.

    There is nothing but abuse in those changes.

  16. International Law by Anonymous Coward · · Score: 0

    So what is going to happen when the FBI breaks into China Mobile and the Chinese government demands to prosecute these notorious internet hackers in the International Court of Justice (China has no extradition treaties with the US). Will the US find a scapegoat, or will we thumb our nose and be labeled a rogue nation in the eyes of the world and end up with economic sanctions levied against our companies. Just so the FBI can snoop without any restrictions or evidence.

    It does not sound to me this plan is in the best interest of the US.

  17. Partisan political hacks, take note: by Anonymous Coward · · Score: 0

    This is Obama, the quasi-messiah of the left, rather than some supposedly fascist GOP pig as the brain-dead stereotypes usually go, and he is being opposed by BOTH Republicans and Democrats on capitol hill. The usual fake political propaganda fails on this one.

    This demonstrates several things:

    First, the most left-wing president in US History is doing the dirty deed - evil is possible in ANY party

    Second, even in a toxic hyper-partisan environment it's possible to get bipartisan unity on a policy IF the unity is on something sufficiently important and sufficiently correct - which is what our founders intended.

    Third, for all the romanticizing of so-called whistle-blowers and the like, entire branches of government filled with lawyers and bureaucrats and political appointees will do anything they are told to do and support any policy of their leaders - something administrations of both parties have repeatedly demonstrated. This is why our founders divided powers among the branches and why a solitary guy armed with "a pen and a phone" is a VERY BAD idea completely contrary to the Constitution.

    Our government is supposed to be small and it's supposed to be very hard to get it to do stuff; the "checks and balances" are there for a set of good reasons. This is supposed to make it very hard for evil leaders to arise and use the government for ill in the US. On those occasions when the machine of government in engages, it's supposed to be because it was important enough and correct enough to get broad support of representatives of all parties.

  18. Team America fuck yeah!! by Anonymous Coward · · Score: 0

    Team America fuck yeah!!!

  19. What's the point? by Anonymous Coward · · Score: 0

    What's the point of issuing a warrant in a jurisdiction the issuer has no authority over? That warrant won't make the action any less illegal.

  20. We don't need warrants- we need better technology by Anonymous Coward · · Score: 0

    The only reason we have a problem with botnets is because the systems are horribly designed and coded. The government shouldn't even be able to get a warrant to search a computer IMHO. The internet should be off limits. Computers should be off limits. What is illegal in one place is not illegal elsewhere. Even if there is something that is illegal everywhere the risk to democracy is too profound to accept warrants. Once you allow warrants you end up with censorship and intimation of expression. Warrants for speech (which *all* internet communications is) should not exist. People are prone to disregard the speech of the minority overlooking it as even speech.

  21. Re: A cyberattack that kills people can obviously by Coren22 · · Score: 1

    If a Chinese, state sponsored, cyberattack were to cause a nuclear missile (somehow...) to launch and take out DC, would you consider that good enough to start a war? If not, why not?

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  22. Re: A cyberattack that kills people can obviously by whathappenedtomonday · · Score: 1

    Due to the nature of IP packets they are inherently unsuitable as a casus belli. This is common sense and whoever says otherwise wants to make sure to be able to construct grounds for war whenever necessary. If your scenario originated in Russia and the Russians made it look like the attack came from China, or from Norway, New Guinea or the Philippines, who'd you attack? Besides, where's the "I am part of a state sponsored cyberattack" flag inside the packet and why would I as an attacker set it? You've been lied to about Iraq's WMD, so why wouldn't they lie to you about the origin of TCP packets (the source of which can be spoofed)? Etc. etc. If you think of it, the whole "a cyberattack that kills people can obviously be grounds for war" nonsense is just that -- nonsense. Don't let them brainwash you into believing it's not.

    --
    I hope I didn't brain my damage.