Cybersecurity

Privacy advocates seek DC’s help to restrain FBI

The FBI is seeking authority to file warrants that are vague, secretive, patently unconstitutional and potentially crippling to security. 

At least that’s what civil liberties advocates and computer scientists told a little-known regulatory committee at a Wednesday meeting.

The FBI wants to get warrants to search mobile devices, even if law enforcement officials can’t physically locate the device. It’s also seeking the ability to file one warrant to search an entire network that might be located in multiple jurisdictions. 

{mosads}Judges are restricted to issuing warrants for searches on devices only within their jurisdiction.

The request has pitted law enforcement against privacy advocates and technologists while raising serious questions about how criminal investigations and the Constitution coexist in the digital world. 

The committee — known as the Advisory Committee on Criminal Rules — indicated it is not the correct authority to weigh these complex issues. The panel just sets the rules on where law enforcement can seek a warrant, said member Reena Raggi, a federal appeals court judge in New York City.

“We are trying to tell people what courthouse they have to go to,” she said, not intrude on Congress or the court’s ability to determine what constitutional requirements are needed to obtain certain search warrants. 

“To create that rule, you need to first assume that such a warrant would be constitutional,” countered Kevin Bankston, policy director of the New America Foundation’s Open Technology Institute, which promotes Internet privacy. 

The committee should let Congress rule first on the structural limits for remote digital investigations, argued the proposal’s detractors.

In lieu of those restraints, the FBI’s proposal could allow searches that target every single person visiting a website, or any computer whose Internet traffic is routed through a specific server.

That’s thousands, perhaps millions of people dragged into a search based on one warrant, said Amie Stepanovich, senior policy counsel at digital rights advocate Accessnow.org.

The proposal includes few requirements to notify search subjects, no need to disclose search methods to the courts and no prohibition of destructive search tactics — all major flaws, the advocates argued.

The FBI has been secretly hacking computers for well over a decade, explained Chris Soghoian, the principal technologist for the American Civil Liberties Union (ACLU). 

It recently surfaced that the FBI in 2007 wrote a fake news story and planted it on a bogus Seattle Times website in order to infiltrate a suspect’s computer and plant tracking software.

Soghoian read the warrant granting that search. 

“I still struggle to figure out what the government is asking the courts to approve,” said Soghoian, whose PhD focused on law enforcement surveillance techniques. 

Once the FBI publicly releases malware “it’s difficult to control where it ends up,” said Nathan Freed Wessler, an ACLU staff attorney.

But committee members consistently pushed back. 

Their role is not to dictate what searches are legal, or how the FBI should construct a warrant, simply to set the process for filing a warrant, they insisted. Without a rule change, what is the FBI to do? Simply shut down its remote digital searches?

“That’s a wonderful question to be debated in a policy arena,” Bankston said.