Tuesday, August 9, 2016

Department of Justice Hacking Expanding

A headline in The Atlantic in April caught my eye. It declared The Supreme Court Expands FBI Hacking Powers. That has an ominous tone. Usually, when you hear the word "hacking," it is in the context of someone doing something inappropriate or illegal, stealing identities, invading networks, etc. But not in this context. This one is about expanding federal authority to invade privacy. 
The law is all about “jurisdiction,” which is really just a way of saying “authority.” Jurisdiction can be confusing because it comes in a variety of flavors. It can be “personal jurisdiction” (who you have authority over), “subject matter jurisdiction” (what kind of cases you have authority over), “geographic jurisdiction” (where you have authority) and more. Law students struggle with the concept, as do a fair number of attorneys. Jurisdiction is sometimes not easy. 

The U.S. Supreme Court has changed its rules regarding where federal judges may issue certain warrants (a judicial command allowing search and seizure). There was a time in America that your government needed a warrant to get into your home or your business. In a post-09/11 world, this changed significantly. Through the Patriot act and other legalities, your government has had significant, easy, warrant-less access to a great deal of arguably private information for years.

The Atlantic article tells us that the Supreme Court rule amendment is yet another expansion in federal authority. It will allow judges to issue warrants that “target computers outside their (geographic) jurisdiction.” This sets “the stage for a major expansion of surveillance and hacking powers by federal law-enforcement agencies,” according to the Atlantic.
Currently, “federal magistrate judges can typically only authorize searches and seizures within their own (geographic) jurisdiction.” So, if there is data on a computer server in your town, or county or state, the magistrates can allow investigators authority to search that data. The data, after all, is in the state, and authorizing a search of a server in your state is really no different than a warrant to search a house or office in your state. There is a logic to that. 
But currently, if the server is in the next state over, or on the opposite coast, a law enforcement agency would have to (a) figure out where that server physically is, and (b) get a judge in that geographic jurisdiction to approve the warrant for a search.
The rule changes recently published “would allow a magistrate judge to issue a warrant to hack into and seize data stored on a computer, even if that computer’s actual location” is either not known, or perhaps is not knowable. We have learned over the years that there are those who excel at concealing identity and location. Just try tracing those folks who send you spam email phishing for data. Unfortunately, the cyberworld is a place in which finding things and information can be a daunting task for all of us, including law enforcement.
This rule change expands the judge’s authority by allowing them to reach beyond their geographic location. But, more importantly, it allows a warrant to be issued when no one really knows where the data or the server physically is. Step (a), above, is eliminated completely. The Atlantic says that “Justice Department officials defended the change.” They say it is a critical tool in a world of “changing technologies.” In other words, when faced with the impractical or impossible, the solution is simply expand government authority and power. 
Not everyone shares that sentiment. The Atlantic says that “tech and privacy experts raised concerns about the amendments’ reach.” Some refer to it as a “sprawling expansion of government surveillance.” They warn that the changes “will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices.” Critics say that this could give power through “a single warrant to access and search thousands or millions of computers at once.” 

Arguably, this is not of much concern since it is the “bad guys” computer that is being searched. But privacy experts warn that such a search for the "bad guys" could as easily now involve all of the victim’s computers (your computer) as well, wherever they might be and however free from probable cause their owners might be. The government gets a warrant to search the "bad guys," and the search includes all the computers of all the "bad guys" innocent victims. Thus, having done nothing but be victimized by the "bad guy," you are victimized again by your government "hackers."  

With the pervasive nature of the Internet and such electronic devices in our lives, it will be interesting to see how far this expansion goes. Some have threatened legislation to restrict this expansion. But, unless Congress acts by December 1, 2016, these changes to federal magistrate jurisdiction will be the law of the land. We have seen that Congress can pass legislation when it chooses to do so, but can also become mired in procedure and delay when it chooses. Time will tell. 

No comments:

Post a Comment