FBI's TOR, VPN-targeted Warrants Amount to Court Sanctioned Mass Surveillance

Anonymous Web surfing, VPNs, TOR, and even falling victim to malware could soon be enough justification for the FBI to brand you a criminal. Proposed Federal court changes will give judges the authority to issue mass search and seizure warrants—including remotely hacking into computers anywhere—that include victims of crimes as well as suspects. The rule amendments are so broad sweeping they amount to court sanctioned mass surveillance.

New warrant rules give DOJ sweeping surveillance powersNew warrant rules give DOJ sweeping computer surveillance powers

The changes where made at the Department of Justice's request and are part of what's known as Rule 41. Unless Congress overrides them, they will go into effect on December 1. The key change states:

A magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means; or (B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.

The change affects two groups: technology users who have taken any action that obscures who they are online, or their physical location; and devices with any form of malware installed. It also lets Federal judges authorize related search and seizure warrants outside their own jurisdiction, which ultimately could include other states or countries.

Targeting internet users who hide their online activity or location makes sense from the perspective that criminals are likely to do just that. DOJ spokesperson Peter Carr said,

Criminals now have ready access to sophisticated anonymizing technologies to conceal their identity while they engage in crime over the Internet, and the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend them.

The problem is that criminals, hackers, and terrorists aren't the only people using these technologies. Considering far more people use these tools for legitimate purposes, the likelihood is high the FBI will ultimately intrude into private lives where it has no legitimate business snooping.

"There are countless reasons people may want to use technology to shield their privacy," said EFF Activism Director Rainey Reitman. "From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security."

She added,

If this rule change is not stopped, anyone who is using any technological means to safeguard their location privacy could find themselves suddenly in the jurisdiction of a prosecutor-friendly or technically-naïve judge, anywhere in the country.

The second group of people, those using malware-laden computers, face a double threat: not only is their computer susceptible to data loss and theft, but they could be hacked by the government who are remotely accessing their data, as well. Considering the government's less than stellar history with securing its own intrusion code, that creates a new potential security weakness for hackers to exploit.

In other words, the DOJ could be creating new security weaknesses in the computers it targets with remote surveillance warrants. Since the warrants can include 

While the DOJ and FBI say these new rules are necessary to protect us, not everyone agrees. Senator Ron Wyden (D-OR), who sits on the Senate Intelligence Committee, said the changes will treat victims like criminals, so he's going to introduce a bill in a move to block them from going into effect.

Senator Wyden said,

Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime.

Passing legislation to block the amendments to Rule 41 sounds like a good move, but it may be difficult to implement. The DOJ has many supporters for its efforts to extend its reach into personal and private data, and passing legislation linked to controversial topics is painful at best during a presidential election year.

Hopefully Senator Wyden will be able to find enough support in both the House and Senate to block the changes before December. If not, get ready for the FBI's criminal investigation search warrants that amount to little more than mass surveillance tools.