Supreme Court Expands FBI’s International Hacking Powers

The FBI is to be given the authority to search suspect computer systems around the world if they use anonymisation tools

The Supreme Court has approved a rule change that could allow the US’ FBI to hack into computers around the world, and could see investigators accessing the systems of those who have already been attacked by cyber-criminals.

The change (PDF), approved last week, broadens the powers of US magistrate judges to approve searches of computer systems. Previously magistrate judges could only approve such searches if they knew the location of the computer in question, to ensure it was located in their jurisdiction.

Anonymisation

FBI agent - Shutterstock - © Peter Kim

The changes, which are to take effect on 1 December unless Congress modifies or rejects them, mean searches can be approved for computers using tools such as Tor that mask their location – meaning the systems could be located in other countries around the world.

The changes also allow investigators to search computers that have been compromised by botnets, which allow those controlling the botnet to order affected computers to carry out malicious actions.

The US Department of Justice said the changes were necessary to combat the use of anonymisation technologies.

“The use of remote searches is often the only mechanism available to law enforcement to identify and apprehend (criminals),” the DoJ stated. “The amendment makes explicit that it does not change the traditional rules governing probable cause and notice.”

Critics said the change would significantly broaden the FBI’s ability to carry out hacks on computers around the world.

‘Government hacking’

“What we’re talking about is government hacking, and this obscure rule change would authorise a whole lot more of it,” said Kevin Bankston, director of the Open Technology Institute, in a statement.

“Such a monumental change in the law should not be snuck by Congress under the guise of a procedural rule,” said Neema Singh Guliani of the ACLU.

Digital rights group Access Now said the changes risk further traumatising those who have already been attacked by criminal botnets.

“The proposed amendment unilaterally expands [FBI] investigations to further encompass the devices of the victims themselves, those who have already suffered injury and are most at risk by the further utilisation of the botnet,” said Amie Stepanovich, senior policy counsel for Access Now, in testimony before a judicial panel that considered the changes before it reached the Supreme Court.

Democratic Senator Ron Wyden said the amendments would have “significant consequences” for privacy and said he planned to introduce legislation to reverse the move.

Are you a security pro? Try our quiz!