Fighting cybercrime knows no national boundaries, so the Department of Justice (DOJ) proposed a change to the location requirement for search warrants applicable to cybercrime cases pursued by the Federal Bureau of Investigation (FBI). DOJ proposed an amendment to the FBI crime rules, Rule 41, that would expand the location requirement to cover cybercrimes affected in multiple locations and cybercrimes affected in unknown locations.
Multiple locations are relevant when networks of computers affect cybercrime, as in the international Carbanak cybertheft, or are victimized by cybercrime. Unknown locations are relevant when anonymizing networks are used to disguise the locations of computers affecting cybercrime.
Ramifications
The ramifications of these proposed expanded FBI search warrant powers are ominous. Multiple location networks used for cybercrime can include servers hosting innocent individuals unaware of the nefarious uses the network is being put to. For Americans living in the U.S., search and seizure of digital data are protected under the Fourth Amendment, although U.S. citizens located outside of the U.S. are not under the same protection since “reasonableness of search” then applies. Anonymous computer locations may be routed and rerouted through numerous countries with the originating point hidden but potentially anywhere in the world, including North Korea, China or Iran.
Google’s Protest
Google has joined with civil liberties and privacy advocates to denounce the sweeping powers that would be bestowed by such FBI blanket warrants. Google spokesman Richard Salgado testified in a letter to the DOJ Advisory Committee on the Criminal Rules — part of the Committee on Rules of Practice and Procedure under the purview of the Supreme Court and made up of judges, attorneys, DOJ representatives and legal scholars — that such potent covert warrants required “congressional debate and democratic policymaking process” in order to protect Fourth Amendment rights and to restrain “the specter of government hacking” through the “practice of covert entry warrants.” Google pleads for:
Protection of Fourth Amendment search and seizure rights.
Protection of privacy and due process advance notice of searches.
Congressional debate and due policymaking procedure.
Restraint on FBI hacking on covert entry warrants.
Advisory Committee on the Criminal Rules actions are reviewed and approved first by the Judicial Conference, then the Supreme Court, and then Congress. Google contends that the import of the DOJ proposed amendment to Rule 41(b) covering FBI warrant rules and procedures is so great — so substantive, not procedural in nature — that the amendment should come from Congressional or Executive branches for debate or policymaking.
FBI Espionage Network Investigative Techniques
The proposed amendment to Rule 41(b) does not grant the FBI new tools for cyber-investigations. It covers only the jurisdiction requirement of warrants: crime locations must be in or originate in the jurisdiction area of the issuing judge. Under the amendment, one judge in one jurisdiction could grant a warrant covering searches in multiple U.S. locations when a network of cybercrime is involved. Without this multiple location authority, multiple jurisdictions and law enforcement agencies must coordinate and issue simultaneous warrants. The difficulty increases when the locations and identities are unknown because they have been disguised through anonymizing networks, principally Tor (The Onion Router).
According to Ahmed Ghappour writing for JustSecurity.org, the tools the FBI uses for fighting cybercrime are already in place and in operation. Called Network Investigative Techniques (NITs), these tools already allow the FBI, through websites on secret FBI servers, to activate remote access hacking (illegal entry to a computer or computer system) to infect and “install malicious software [called malware] on computers without the knowledge or permission” of the user or owner. Malware overrides control of the computer at the command of the hacker, in these cases, the FBI. In this form of investigative espionage, NITs can move anything from the target computer to an FBI server at any time by FBI command. NITs can upload or manipulate or initiate: files, emails, images, video camera or microphone, other computers in the network, recordings of images or sound.
As Ghappour points out, in 2002, the FBI used NITs in an investigation leading to Russian hackers. An FBI agent electronically seized “digital evidence” to use in the trial against the hackers. When the public trial revealed to the Russians the FBI’s extraterritorial cyber-espionage, they initiated criminal charges against the agent who illegally accessed the servers in Chelyabinsk, Russia.
FBI warrant authority exists only in the U.S. Since 1980, the FBI can operate on foreign soil under very restricted circumstances and only with the sovereign nation’s permission and in cases when an American is under direct threat as in assault, terrorism or murder. The very nature of cyber-espionage and of tracking computers with unknown locations means that permission cannot be sought. In the case of an unfriendly nation, this has potential to be disastrous.
Currently, no international law governs cyber-espionage. Nations agree that each has sovereignty over their own cyber infrastructure. FBI cyber-infiltration using NITs might conceivably be perceived as cyber-invasion of a sovereign state and, if extensive enough, might be seen as cyber-attack under the UN Charter definition in Article 51. Such cyber-attack would justify armed retaliation.
INTERPOL, Dutch High Tech Crimes Unit and the FBI
The recent Carbanak cybergang cyberheist illustrates the complexity of cybercrime networks and of anonymizing computer locations. The Carbanak cybergang network is located in Russia, China and European locations. Carbanak also illustrates the FBI’s present warrant limitations and the difference between the FBI, INTERPOL, and the Dutch High Tech Crime Unit (DHTCU).
The Carbanak cyberheist investigation is coordinated by INTERPOL with cooperation from DHTCU. INTERPOL is an international crime fighting organization of worldwide member nations. DHTCU is an crime fighting organization of the Netherlands but has international relationships and works internationally to pursue and prevent transnational cybercrime. Both agencies confirm that the “internet does not respect national borders” and that “international cooperation” is needed in “the fight against cyber crime.”
The FBI has no international partnerships, cooperation or membership. What the FBI does in extraterritorial nations, it does as the U.S. Federal Bureau of Investigation. As such it has no authority, no effect, no jurisdiction anywhere outside of American territory. To expand DOJ FBI warrants to cover extraterritorial computer crime locations when the actual locations are unknown is to invite retaliation and reprisal, like the 2002 Chelyabinsk criminal charges, resulting from infringement of international sovereignty.
Is Google Right?
While broad FBI search warrant powers have the potential to violate protected Fourth Amendment rights, they have further potential to violate international sovereignty laws. Google’s protesting assertion that network and, thus, transnational warrant power is a matter for Congress appears to be justified: the FBI is not INTERPOL; it has no authority outside U.S. territory; and such power seems beyond the purview of the Advisory Committee on the Criminal Rules. It seems that Google is justified in calling for Congressional debate and appropriate policymaking. The proposed Rule 41(b) amendment seems to meet the description of substantive and not procedural changes.
