On Thursday, April 28, Chief Justice John Roberts submitted to Congress, the amendments to the Federal Rules of Criminal Procedure that have been adopted by the Supreme Court.[1] The Supreme Court amended Rule 41(b), governing ‘Search and Seizure’ by expanding the scope of venue in which a warrant could apply.[2] Under certain circumstances, a federal judge could issue a warrant that would allow law enforcement to hack into a computer that may be located outside the district in which the warrant is being sought.[3] The rule states:
“[A] magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:
(A) the district where the media or information is located has been concealed through technological means; or
(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.”[4]
At present, Rule 41(b) authorizes search warrants for property located outside the judge’s district only in four specific situations: for property that might be removed before execution of the warrant; for tracking devices installed in the district, which may move across districts; for investigations of domestic or international terrorism; and for property located in a U.S. territory or a U.S. diplomatic or consular mission. [5]
The government has run into this capability gap before as demonstrated in 2013 when the Federal Bureau of Investigation (FBI) asked the Southern District Court of Texas to approve a warrant to remotely hack a computer suspected of criminal use.[6] The FBI applied for a Rule 41 search and seizure warrant in order to install software onto a computer that would collect electronic records, user photographs, and location information over a 30 day period.[7] The warrant was the result of an FBI investigation into unidentified persons who had gained unauthorized access to the personal email account of a private citizen and used that email address to access the victim’s local bank account.[8] Judge Stephen Smith denied the warrant in part because it violated Rule 41(b), which requires that the property being seized be located within the district.[9] The government argued that while the location of the targeted computer was unknown, the warrant is authorized because information collected from the target would first be examined in the district where the warrant was being sought.[10] Judge Smith denied the application, although he acknowledged “[T]here may well be a good reason to update the territorial limits of that rule in light of advancing computer search technology.”[11]
Under the amended Rule 41(b), law enforcement could search computers if their location has been “concealed through technological means.”[12] Computer criminals often conceal their identity or the specific locations of proxy computers they have used to conduct illegal activity.[13] Justice Department spokesman, Peter Carr, argued that this is an important evolution of the Criminal Rules; “Criminals now have ready access to sophisticated anonymizing technologies to conceal their identity while they engage in crime over the Internet, and the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend them.”[14] Carr noted that the rule does not grant law enforcement any additional power to carry out searches that are prohibited under the law.[15] Rule 41(b) is also specifically updated to address criminal schemes in which multiple computers in many districts may have been fraudulently accessed under 18 U.S.C. § 1030(a)(5), the Computer Fraud and Abuse Act.[16]
Privacy groups and advocates have expressed great concern with this expansion of a warrant’s reach.[17] Senator Ron Wyden, a staunch privacy and civil liberties advocate, released a statement; “Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime.”[18] Senator Wyden stated he would introduce legislation to block the amendment.[19]
The amendment to Rule 41 was developed by the Judiciary Conference’s Committee on Rules of Practice and Procedure and submitted to the Supreme Court in October 2015.[20] The committee received forty-four written public comments on the proposed change, and eight witnesses testified at a public hearing.[21] The Committee characterized opposition as “a misunderstanding of the scope of the proposal,” noting that the change was of a procedural nature as opposed to a change in the constitutional requirements for issuing a warrant.[22] While the change may not create new authority for electronic searches of property, it expands the scope of property a single warrant could capture. Congress has until December 1, 2016, to act to prevent the amended rules from going into effect.[23]
[1] Letter from Chief Justice of the United States Supreme Court, John G. Roberts, to the Speaker of the House of Representatives, the Honorable Paul D. Ryan, and President of the United States Senate, the Honorable Joseph R. Biden, Jr. (Apr. 28, 2016).
[2] Id. at 6.
[3] Id.
[4] Id. at 6-7.
[5] Report of the Advisory Comm. on Criminal Rules to the Comm. on Rules of Practice and Procedure of the Judicial Conference of the United States (May 6, 2015).
[6] In re Warrant to Search a Target Computer at Premises Unknown, 958 F. Supp. 2d 753, (S.D. Tex. 2013).
[7] Id. at 755.
[8] Id. at 756.
[9] Id.
[10] Id.
[11] Id. at 761.
[12] Letter from Chief Justice of the United States Supreme Court at 6.
[13] Elias Groll, Supreme Court Widens FBI Hacking Powers, Foreign Policy (Apr. 28, 2016, 7:46 PM), http://foreignpolicy.com/2016/04/28/supreme-court-widens-fbi-hacking-powers/?wp_login_redirect=0.
[14] Id.
[15] Id.
[16] Report of the Advisory Comm. on Criminal Rules to the Comm. on Rules of Practice and Procedure of the Judicial Conf. of the United States (May 6, 2015).
[17] Tim Starks, Rule 41 change nets Supreme Court thumbs-up, but where’s it going next? POLITICO (Apr. 29, 2016, 10:00 AM), http://www.politico.com/tipsheets/morning-cybersecurity/2016/04/rule-41-change-nets-supreme-court-thumbs-up-but-wheres-it-going-next-a-new-group-is-thinking-about-car-cybersecurity-isil-hackers-get-organized-sorta-214040.
[18] Press Release, Ron Wyden, United States Senator, Statement on Rule 41 Revision (Apr. 28, 2016), https://www.wyden.senate.gov/news/press-releases/wyden-congress-must-reject-sprawling-expansion-of-government-surveillance.
[19] Id.
[20] Memorandum from the Comm. on Rules of Practice and Procedure of the Judicial Conf. of the United States to the United States Supreme Court (Oct. 9, 2015).
[21] Id.
[22] Id.
[23] Rule 41 change nets Supreme Court thumbs-up, but where’s it going next?
Comments