How Not to Do Remote Computer Searches
Recently The Guardian reported on FBI demands new powers to hack into computers and carry out surveillance. The FBI is seeking to make several changes to Rule 41 of the Federal Rules of Criminal Procedure, which governs how law enforcement can conduct court-approved searches. Under the proposal, in investigating compromised machines (e.g., those in a botnet), law enforcement wo
Published by The Lawfare Institute
in Cooperation With
Recently The Guardian reported on FBI demands new powers to hack into computers and carry out surveillance. The FBI is seeking to make several changes to Rule 41 of the Federal Rules of Criminal Procedure, which governs how law enforcement can conduct court-approved searches. Under the proposal, in investigating compromised machines (e.g., those in a botnet), law enforcement would use a single warrant to search multiple victims' machines---with the consequent result of no particularization as to how the search would be conducted. In addition, law enforcement would be able to use remote access to plant malware to conduct investigations. Again, there is no requirement of specificity, including no requirements on how narrowly tailored the malware must be. Steve Bellovin, Matt Blaze, and I have submitted Comments on Proposed Search Rules, to the Preliminary Draft of Proposed Amendments to the Federal Rules of Appelate, Bankruptcy, Civil, and Criminal Procedure.
None of this is directly related to to Director Comey's recent statements on encryption, but, of course, as crime increasingly occurs on the network, the FBI is seeking greater abilities to investigate. These efforts must not undermine our abilities to secure ourselves, but that aspect of the issue is being ignored by the bureau.
None of this is directly related to to Director Comey's recent statements on encryption, but, of course, as crime increasingly occurs on the network, the FBI is seeking greater abilities to investigate. These efforts must not undermine our abilities to secure ourselves, but that aspect of the issue is being ignored by the bureau.
Susan Landau is Professor of Cyber Security and Policy in Computer Science, Tufts University. Previously, as Bridge Professor of Cyber Security and Policy at The Fletcher School and School of Engineering, Department of Computer Science, Landau established an innovative MS degree in Cybersecurity and Public Policy joint between the schools. She has been a senior staff privacy analyst at Google, distinguished engineer at Sun Microsystems, and faculty at Worcester Polytechnic Institute, University of Massachusetts Amherst, and Wesleyan University. She has served at various boards at the National Academies of Science, Engineering and Medicine and for several government agencies. She is the author or co-author of four books and numerous research papers. She has received the USENIX Lifetime Achievement Award, shared with Steven Bellovin and Matt Blaze, and the American Mathematical Society's Bertrand Russell Prize.