Amendments to Rule 41 and What Is Happening to Stop Them
If something isn’t done by December 1st, the proposed changes to Rule 41 would allow the government to only need a single warrant to search millions of computers at one time. With the majority of these numbers being victim’s computers, not the computers of the cyber criminals themselves.
The proposed changes have come about in light of several judges deeming warrants invalid due to jurisdictional boundaries. The amendments were approved by the supreme court, and would give any magistrate the power to issue a warrant to search computers anywhere in the world. Thus making the jurisdictional limitations vanish, and the FBI’s NIT use wouldn’t be able to be challenged.
The DOJ is justifying their rule changes due to the fact that so many cyber criminals anonymize they’re locations making it almost impossible to find them. It looks grim that congress will take any action on these changes, which were set up to go into effect if congress does just that, nothing. Ron Wyden is heading the opposition, and with little support it would seem.
There are a few others as well that have started to take action against the proposed changes to Rule 41. Access Now, ACLU, Government Accountability Project, Tor, and the National Association of Criminal Defense Lawyers, among others too to the EFF’s declared day of action, which was yesterday.
A group of bipartisan senators have introduced the Stopping Mass Hacking Act to keep the changes to Rule 41 from going into effect. The bill’s sponsor Senator Ron Wyden posted on Twitter and explained why it’s essential that Congress pass the Stopping Mass Hacking Act.
Dozens of websites have started running the “Reject the Rule 41 Proposal” banner on their sites, as well as joined with the EFF in signing a letter to Congress. Tor, Open Technology Institute, R Street Institute, DuckDuckGo, Google, PayPal and a bunch more have all signed the PDF document. Thousands of regular internet users have been urging Congress not to pass the rule changes as well.
“The Senate failed to pass an amendment to expand the FBI’s National Security Letter powers and to make the “lone wolf” provision of the Patriot Act Permanent; however, the amendment will probably be voted on again soon. Senate Majority Leader Mitch McConnell switched his vote to “No” at the last minute so that he may be able to bring up the amendment during future debate. The amendment was included as part of the Commerce, Justice, Science and Related Agencies Appropriations Act, which will have a final vote on the Senate floor later this week,” an update on the EFF website read this morning.
The other issue is Amendments to a surveillance law to let the FBI issue warrantless demands for new types of Interne user records without needing to go before a judge. The FBI already feels entitled to these records using NSLs, this is why FBI Director James Comey feels the amendment is nothing more than a “typo fix”.
Currently the NSL states the types of companies who can be issued NSLs which pertain to only wire or electronic communication service providers. It also limits the records that are obtainable to name, address, length of service, and local and long distance billing records.
Its known that almost all the NSLs issued by the FBI come with a certified gag order, which makes it hard for the public to get any information about it. Out of the multiple thousands of NSLs that have been issued since 2001, the general public have only heard about a few.
An exception that was brought to light was one issued in 2004, to Nicholas Merrill, who ran a rather small ISP named Calyx. The FBI read the law to allow them to request a lot more than the basic information outlined. They asked for assigned IP addresses, as well as a lot of other information. Merrill and Calyx fought the NSL over 10 years before it was unsealed fully. The Judge noted that one key piece of evidence in this unsealing was a JOD manual claiming that the FBI could get even more information, including URL history, email headers and even cell phone location data. This information is quite a few levels above the normal metadata.
It’s pretty crystal that the FBI views the statutes information on using NSLs as guidelines and not a comprehensive list. In 2004 the FBI issued 56,507, and the EFF reported many of these as being used improperly. Its speculated that among these that tens of thousands of NSLs included requests for ECTRs seeing as how the FBI has a broad definition.
The Office of Legal Counsel finally put a stop to the FBI’s abuse of NSLs. The report filed with the OLC limited the list of information, as well as stating that the way the FBI was using NSLs was abuse by referencing ECTRs and allowing themselves to issue NSLs to other than telephone companies and requesting only subscriber information and billing records for regular phone service.
It seems the FBI payed no mind to this, and a testimony by the DOJ was issued in 2011 concluded the FBI could request IP addresses and other non-content information that was being considered ECTRs. The FBI continued to demand ECTR info from Internet companies. In example are EFF’s unnamed client, Yahoo, who published a copy of the NSL from 2013 the FBI issued them. Most of the companies refused.
The FBI has been pushing these changes ever since it was caught abusing the NSL privilege. Two such amendments have already been proposed to help the FBI achieve its goal. Senator Cornyan proposed an amendment to the Email Privacy Act, along with several other amendments. This isn’t the only side to to the fight however. The EFF is fighting on behalf of two unnamed clients that received NSLs, saying that the gag orders are unconstitutional. After the first ruling was in the district court didn’t go their way, the EFF is going to the ninth circuit court of appeals later this year. Even when the FBI uses an NSL correctly, the gag order allows them to work in secrecy, gathering intelligence and hushing up the unlucky recipient of the NSL without the bat of an eye.