How Not to Do Remote Computer Searches
Recently The Guardian reported on FBI demands new powers to hack into computers and carry out surveillance. The FBI is seeking to make several changes to Rule 41 of the Federal Rules of Criminal Procedure, which governs how law enforcement can conduct court-approved searches. Under the proposal, in investigating compromised machines (e.g., those in a botnet), law enforcement wo
Published by The Lawfare Institute
in Cooperation With
Recently The Guardian reported on FBI demands new powers to hack into computers and carry out surveillance. The FBI is seeking to make several changes to Rule 41 of the Federal Rules of Criminal Procedure, which governs how law enforcement can conduct court-approved searches. Under the proposal, in investigating compromised machines (e.g., those in a botnet), law enforcement would use a single warrant to search multiple victims' machines---with the consequent result of no particularization as to how the search would be conducted. In addition, law enforcement would be able to use remote access to plant malware to conduct investigations. Again, there is no requirement of specificity, including no requirements on how narrowly tailored the malware must be. Steve Bellovin, Matt Blaze, and I have submitted Comments on Proposed Search Rules, to the Preliminary Draft of Proposed Amendments to the Federal Rules of Appelate, Bankruptcy, Civil, and Criminal Procedure.
None of this is directly related to to Director Comey's recent statements on encryption, but, of course, as crime increasingly occurs on the network, the FBI is seeking greater abilities to investigate. These efforts must not undermine our abilities to secure ourselves, but that aspect of the issue is being ignored by the bureau.
None of this is directly related to to Director Comey's recent statements on encryption, but, of course, as crime increasingly occurs on the network, the FBI is seeking greater abilities to investigate. These efforts must not undermine our abilities to secure ourselves, but that aspect of the issue is being ignored by the bureau.
Susan Landau is Bridge Professor in The Fletcher School and Tufts School of Engineering, Department of Computer Science, Tufts University, and is founding director of Tufts MS program in Cybersecurity and Public Policy. Landau has testified before Congress and briefed U.S. and European policymakers on encryption, surveillance, and cybersecurity issues.
