The U.S. Supreme Court passed a proposed change to Rule 41 of the Federal Rules of Criminal Procedure, one of the main bodies of law that governs the powers and behavior of the FBI. Previously, Rule 41 stated that a judge may only hand out a warrant to be issued within the district they represent, but how do you work within that system when you’re tracking someone whose location has been technologically obscured?
The new version of Rule 41, approved on Thursday, removes the requirement in cases where the suspects location cannot be realistically obtained. This means the FBI can ask for, and receive, warrants to hack suspects anywhere in the world.
This comes in the aftermath of a number of legal decisions against the FBI, stemming from the jurisdictional issues presented by the former unrevised Rule 41. The U.S. congress may intervene to stop this rule change, but it’s doubtful that it will choose to do so, especially in an election year. The Supreme Court also changed Rules 4 and 45 in the same decision, but they’re not considered as centrally important by the FBI’s cyber powers.
It’s been difficult until now to get authorization to directly hack anonymous users of the Tor Network and other anonymity groups. In many cases the FBI has had to confirm a user’s rough location before it could ask the appropriate judge for a warrant to conduct further, directed attacks against a known criminal personality. That takes time and in some extra cases may be simply impossible. The Supreme Courts decision means that in cases where the location of a target computer has been concealed through technological means, jurisdiction essentially does not apply at the investigatory phase.
These warrants would still have to meet the normal standards of evidence for a warrant of the type requested, and would have to show that the location of the suspect could not be reasonably attained by other means. In practice, fulfilling this second requirement could be as simple as demonstrating that a suspect uses the Tor Network at all.
To an extent, the FBI’s concerns are unquestionably real, we can’t, as a society, let crime go on simply because technology has been specifically created to run afoul a rule even The Intercept calls a technicality in many situations. The concern is not so much that the FBI will be able to push forward with these sorts of cyber investigations more efficiently, but that the powers will subject to little oversight.
Privacy advocates worry that this could turn into a meta-warrant issued to give the FBI jurisdiction to attack entire anonymity networks like Tor and, potentially the entire user base of such programs. A large proportion of the suspects investigated by the FBI will be found to be outside the Bureau’s ability to prosecute because the criminals will turn out to be in Russia, China, Iran, or just plain old Europe. As UC Hastings, professor of Law Ahmed Ghappour said in a recent paper, The FBI’s increasingly aggressive tactics in pursuing cyber criminals could set off a real international strife, if the FBI is already conducting cyber operations of one kind or another against suspects whose physical location is unknown. With this rule change, it’s expected that activity will become totally routine.
As of right now, the FBI has a real sense of entitlement to try any case in which they’ve done the lions share of the investigation. One instance is the case of Eric Eoin Marques, who will soon be extradited to the U.S. even though he never set foot in the country, or having hosted a single server there. Since the crime was online, it affected the U.S. and can thus motivate an extradition request. The wide open nature of international law has allowed novel modes of cyber crime to more quickly affect the standards for investigation and prosecution than in the U.S.