License to Hack? DOJ Seeks Expanded Authority to Use Hacking Techniques

License to Hack? DOJ Seeks Expanded Authority to Use Hacking Techniques: As part of its increased focus on combating cybercrime, the U.S. Department of Justice is pushing to loosen requirements for obtaining search warrants in order to allow them greater freedom to hack into the computers of criminal suspects.  Late last year, DOJ submitted a request to modify Federal Rule of Criminal Procedure 41, which governs the issuance of search warrants.  DOJ wants to be able to obtain a single warrant authorizing remote access searches of multiple computers or electronic storage media wherever they are located.  DOJ’s proposal would modify the current rule in two significant ways: (1) it would eliminate the territorial limitations on authorized searches to allow for searches outside of the district where the warrant is issued; and (2) it would require agents to only make “reasonable efforts” to notify a person whose property was searched or information was seized.

In pressing for the changes, DOJ cited to three potential investigative problems caused by the current geographic limitation.  First, DOJ pointed to the difficulty of locating a computer believed to obtain evidence of a crime when the user employs anonymizing tools to disguise the computer’s IP address.  A warrant for a remote access search under the proposed rule would enable an agent to send an email to the computer and remotely install software on the device receiving the email, which would allow the agent to determine the true IP address.  Second, in an investigation involving multiple computers in various locations, such as a “botnet,” the proposal would eliminate the need for agents to obtain multiple warrants in the numerous different districts where the computers are located and even allow for the remote search of networked computers in unknown locations.   Third, the proposed change would permit a search for electronic information accessible from a computer at a known location but stored remotely in another district. For example, under the amended rule, the government could obtain a warrant that allows agents searching a business to access cloud-based storage used by computers at that business.