FBI Plans to Expand its Hacking Powers

Uploaded on 2015-03-24 in FREE TO VIEW, GOVERNMENT-Law Enforcement, INTELLIGENCE--USA, NEWS-Cybersecurity News

A US judicial advisory panel has quietly approved a rule change that will broaden the FBI’s hacking authority despite fears raised by Google that the amended language represents a “monumental” constitutional concern.
The Judicial Conference Advisory Committee on Criminal Rules voted 11-1 to modify an arcane federal rule to allow judges more flexibility in how they approve search warrants for electronic data, according to a Justice Department spokesman.
Known as Rule 41, the existing provision generally allows judges to approve search warrants only for material within the geographic bounds of their judicial district. But the rule change, as requested by the department, would allow judges to grant warrants for remote searches of computers located outside their district or when the location is unknown.

The government has defended the maneuver as a necessary update of protocol intended to modernize criminal procedure to address the increasingly complex digital realities of the 21st century. The FBI wants the expanded authority, which would allow it to more easily infiltrate computer networks to install malicious tracking software. This way, investigators can better monitor suspected criminals who use technology to conceal their identity.

But the plan has been widely opposed by privacy advocates, such as the American Civil Liberties Union, as well as some technologists, who say it amounts to a substantial rewriting of the rule and not just a procedural tweak. Such a change could threaten the Fourth Amendment’s protections against unreasonable search and seizures, they warn, and possibly allow the FBI to violate the sovereignty of foreign nations. The rule change also could let the agency simultaneously target millions of computers at once, even potentially those belonging to users who aren’t suspected of any wrongdoing.
Google weighed in last month with public comments that warned that the tweak “raises a number of monumental and highly complex constitutional, legal and geopolitical concerns that should be left to Congress to decide.”

In an unusual move, Justice Department lawyers rebutted Google’s concerns, saying the search giant was misreading the proposal and that it would not result in any search or seizures not “already permitted under current law.”

The judicial advisory committee’s vote is only the first of several stamps of approval required within the federal judicial branch before the rule change can formally take place—a process that will likely take over a year. The proposal is now subject to review by the Standing Committee on Rules of Practice and Procedure, which normally can approve amendments at its June meeting. The Judicial Conference is next in line to approve the rule, a move that would likely occur in September.
The Supreme Court would have until May 1, 2016 to review and accept the amendment, which Congress would then have seven months to reject, modify or defer. Absent any congressional action, the rule would take place on Dec. 1, 2016.
Privacy groups vowed to continue fighting the rule change as it winds its way through the additional layers of review.
“Although presented as a minor procedural update, the proposal threatens to expand the government’s ability to use malware and so-called ‘zero-day exploits’ without imposing necessary protections,” said ACLU attorney Nathan Freed Wessler in a statement. “The current proposal fails to strike the right balance between safeguarding privacy and Internet security and allowing the government to investigate crimes.”
Drew Mitnick, policy counsel with digital rights group Access, said the policy “should only be considered through an open and accountable legislative process.”
Defenseone http://ow.ly/KINhX

« Self-driving Cars May Lead to Human Driver Ban
US Loses Contact with Drone Aircraft in Syria »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.