The Supreme Court has adopted amendments to a rule to give judges the authority to issue warrants to remotely search computers whose locations are concealed using technology.
The proposed move had been criticized by civil rights groups and companies like Google that said it threatened to undermine the privacy rights and computer security of Internet users.
The top court has approved changes to the Federal Rule of Criminal Procedure, including Rule 41, which with some exceptions prohibits a federal judge from issuing a search warrant outside of the judge’s district. The change in the rule was proposed by the Advisory Committee on the Rules of Criminal Procedure at the request of the Department of Justice.
“Remote searches of media or information that have been ‘concealed through technological means’ may take place anywhere in the world,” said Google in a filing to the committee in February last year. It pointed out that a magistrate judge in a court in Texas had denied an application for a Rule 41 warrant to permit U.S. law enforcement agents to hack a computer whose location was unknown, but whose IP address was most recently associated with a country in Southeast Asia.
Under the amendments, which comes into effect on Dec. 1 unless Congress passes legislation changing it, a magistrate judge with authority in any district, where activities related to a crime may have occurred, can issue a warrant to use remote access to search computers and other devices and seize or copy electronically stored information located within or outside that district, if the district where the computer or information is located has been concealed through technological means.
It provides for a similar warrant in investigations under the Computer Fraud and Abuse Act, which involve protected computers that have been damaged without authorization and are located in five or more districts. This provision could allow investigators to obtain warrants to search a large number of computers in many districts simultaneously, if they are suspected to be part of a botnet or even if they are found to contain some malware or virus, according to critics of the provision.
The definition of a “damaged computer” under the CFAA is very broad and could be interpreted for example to include software infected with unwelcome code, malware or viruses, according to the Google filing.
In the wake of the Supreme Court decision, the focus now shifts to Congress. New America’s Open Technology Institute (OTI) has called on legislators to block the changes as they would for the first time “explicitly authorize law enforcement to secretly and remotely hack into targeted computers of both suspects and victims alike.”
“Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime,” said Senator Ron Wyden, a Democrat from Oregon in a statement on Thursday. Wyden said he planned to introduce legislation shortly to reverse the amendments.
U.S. Chief Justice John G. Roberts on Thursday transmitted the amended rules to Congress.
A federal judge in Massachusetts recently rejected evidence in a child pornography case that law enforcement obtained after hacking a child porn service on the Tor network, ruling that a judge in Virginia, who issued the warrant, could not authorize the search of property located outside the Eastern District of Virginia. The ruling is likely to give a boost to the FBI’s demand for a change to Rule 41.