Supreme Court OKs expanded hacking power for FBI

The Supreme Court approved a controversial rule on April 28 that would allow U.S. judges to issue search warrants for computers outside their jurisdictions, a move critics say would significantly expand the FBI's hacking powers.

The Justice Department has long sought the broadened authority to tackle criminals' ability to conceal their online activity. The amendment to Rule 41 of the Federal Rules of Criminal Procedure would allow judges to issue warrants for computers whose location has "been concealed through technological means," such as the web anonymizing service Tor.

Congress has until Dec. 1 to reverse the decision before it takes effect. Sen. Ron Wyden (D-Ore.), a frequent critic of online surveillance, said he will soon introduce legislation that would overturn the amendment.

Justice spokesman Peter Carr said the remote searches the amendment authorizes are often the only way to find criminals who have access to "sophisticated anonymizing technologies to conceal their identity while they engage in crime over the Internet."

The amendment "ensures that courts can be asked to review warrant applications in situations where is it currently unclear what judge has that authority," Carr said in a statement. "The amendment makes explicit that it does not change the traditional rules governing probable cause and notice."

The amendment opens a new front in the FBI's ongoing efforts to target criminals' use of web anonymity services. Those services, however, are also used for any number of legal purposes by dissidents, journalists and other individuals.

Last November, representatives of Tor, which began as a U.S. government-funded initiative, accused the FBI of paying researchers at Carnegie Mellon University to unmask Tor users. The FBI and CMU vaguely denied the allegations.

The general concern among some computer security experts is that any effort by the FBI to unmask a small subset of Tor users could ensnare any number of innocent users.  

"In my opinion, we aren't becoming safer by giving the government a legal ability to hack any computer anywhere," Justin Harvey, chief security officer at Fidelis Cybersecurity, told FCW. "We know that the FBI has purchased malware toolkits from companies like Hacking Team, and these types of actions could lead us down a very dark path."

Harvey was referring to evidence that the FBI paid an Italian firm nearly $775,000 for software tools. Outsourced hacking is another front in the bureau's war on criminal anonymity on the Internet.

The FBI's fiscal 2017 budget request seeks $69.3 million to spend on breaking encryption and tackling Internet anonymity -- more than double the amount the bureau spent on those issues in fiscal 2016. That money could be spent on contractors or in-house development. When asked by FCW in February to detail what is in that "going dark" budget, FBI Director James Comey declined to comment.

Michael Adams, a cybersecurity specialist and former sergeant major at U.S. Special Operations Command, predicted that the Supreme Court amendment would have bigger implications for Internet security than the feud between the FBI and Apple over unlocking an iPhone used by one of the the San Bernardino, Calif., shooters.

The FBI has presented its case for expanded hacking authority to judges who lack the technical expertise to understand the cybersecurity ramifications of their decisions, Adams told FCW.