The federal government is looking for a way to relax the laws to make it simpler for law enforcement agents to target and compromise the computers of suspects involved in criminal cases. The Department of Justice has forwarded a request to the body that considers such changes, asking that judges in one district be allowed to issue warrants for remote access operations in that district–or any other.
The change, first reported by the Wall Street Journal, would be a major one, allowing investigators to obtain warrants from a given judge to conduct remote access attacks against suspects’ machines in any other district in the United States. The government’s request also seeks the ability to obtain one warrant that would apply to several computers, as in a large-scale botnet investigation.
“The Department of Justice recommends an amendment to Rule 41 of the Federal Rules of Criminal Procedure to update the provisions relating to the territorial limits for searches of electronic storage media. The amendment would establish a court-supervised framework through which law enforcement can successfully investigate and prosecute sophisticated Internet crimes, by authorizing a court in a district where activities related to a crime have occurred to issue a warrant – to be executed via remote access – for electronic storage media and electronically stored information located within or outside that district,” Mythili Raman, acting assistant attorney general, wrote in a letter supporting the change.
“The proposed amendment would better enable law enforcement to investigate and prosecute botnets and crimes involving Internet anonymizing technologies, both which pose substantial threats to members of the public.”
In a document that lays out the government’s reasoning for the request, which will be considered in two weeks, the government gives a couple examples of the types of investigations that could benefit from this change. One of the examples is a warrant request in an investigation into a child pornography ring that was hosting a site as a Tor hidden service.
“The second example is based on a warrant used in an investigation of a child pornography website operating as a ‘hidden service’ on the Tor network. Tor masks its users’ actual IP addresses by routing their communications through a distributed network o f relay computers run by volunteers around the world. In this case, law enforcement knew the physical location of the server used to host the hidden service. However, without use of a NIT, investigators could not identify the administrators or users of the hidden service. This warrant would authorize the collection of IP addresses, MAC addresses, and other similar information from users and administrators o f the website,” Jonathan J. Wroblewski, director of Justice’s Office of Policy and Legislation, write in a letter to the chair of the subcommittee considering the rule change.
The letter also includes a sample affidavit in support of a warrant request that describes a “network investigative technique”–the government’s euphemism for hacking–that closely resembles a watering hole attack.
“I make this affidavit in support of an application under Rule 41 of the Federal Rules of Criminal Procedure for a warrant to use a network investigative technique (“NIT”) on computers that access Website A, identified by Tor URL example.onion (collectively, TARGET COMPUTERS), as further described in this affidavit and its attachments, in order to search the TARGET COMPUTERS for the information described in Attachment B,” the sample affidavit says.
The proposed change will be considered by the U.S. Judicial Conference April 7-8.