What: The 188-page “Challenging Government Hacking In Criminal Cases” report, released by the American Civil Liberties Union on March 30, addresses new amendments to Rule 41 of the Federal Rules of Criminal Procedure, which took effect last December.
Why: Federal law enforcement agencies are allowed to deploy malware against investigative targets to access, control, disable or monitor a computer’s use and activity.
Under the changes to criminal procedure rules, feds can remotely search computers in multiple jurisdictions with a single warrant. The rules are touted by law enforcement agencies as a way to streamline 100-year-old rules of criminal procedure, which had posed obstacles to investigating botnets and other computer crimes.
The ACLU, the Electronic Frontier Foundation and the National Association of Criminal Defense Lawyers said in their new report that the new capability can have implications beyond botnets and child pornography rings and result in “increasingly intrusive searches.”
Verbatim: “Most frequently, law enforcement deploys malware in order to identify users who seek to anonymize themselves online. In recent cases, a single … warrant has allowed the FBI to collect identifying information from thousands of computers, including each computer’s IP address, operating system, ‘MAC address’ (a unique identifier assigned to each network interface), and active username (the account under which an individual user has logged onto the device).”