New FBI Hacking Powers

It Just Got Much Easier for the FBI to Hack Your Computer
Just in time for the Trump administration.

Just in time for the Trump administration, the FBI has gotten what critics characterize as broad new hacking powers. As of Thursday, government agents can now use warrants obtained from a single judge to hack computers in multiple jurisdictions, rather than having to get warrants from judges in each distinct jurisdiction, as required under the old rule. The rule went into effect despite the last-ditch efforts by Sen. Ron Wyden (D-Ore.) and others to either kill or delay it in order to give Congress time to study its implications.

In a speech on the Senate floor Wednesday, Wyden said the change to Rule 41 of the Federal Rules of Criminal Procedure was especially troubling given the imminent presidency of Donald Trump, who has “openly said he wants the power to hack his political opponents the same way Russia does.”

“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance.”

The changes were approved by the US Supreme Court in a private vote at the end of April, after several years of discussion within the federal judiciary. They were never debated by Congress. The US Department of Justice says the news rules are necessary, particularly in cases where criminals use anonymizing software to conceal their location while committing crimes such as peddling child pornography. Another concern is the weaponizing of hundreds of thousands of internet-connected devices into “botnets” that are then used to flood websites with traffic to shut them down, or for criminal activities that, in the words of Assistant Attorney General Leslie Caldwell, “siphon wealth and invade privacy on a massive scale.”

Wyden isn’t convinced that the changes are urgent. Along with Sens. Chris Coons (D-Del.) and Steve Daines (R-Mont.), he tried on Wednesday to get the Senate to approve legislation that would have either blocked or delayed the implementation of the new powers.

Those efforts failed.

“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance,” Wyden said in a statement. “Law-abiding Americans are going to ask, ‘What were you guys thinking?’ when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device or an entire hospital system and puts lives at risk.”

Caldwell argued the rules had already been debated and vetted. In a November 28 blog post, she wrote the federal judiciary deliberated on the changes for three years, using the same process used to modify other rules of criminal procedure. The current rule change deals specifically with venue issues—removing traditional jurisdictional constraints—and not what investigators can actually do as part of the search, she wrote. Further, investigators already had the power to search multiple computers at the same time, she noted, and it was already legal for investigators to hack victim computers to understand the scope of the criminal hack.

“It would be strange if the law forbade searching the scene of a crime,” she wrote.

Caldwell also wrote that the rule modification doesn’t change what is and isn’t permissible under the Fourth Amendment protection against unreasonable searches and seizures. “The Constitution already forbids mass, indiscriminate rummaging through victims’ computers, and it will continue to do so,” she wrote. “By contrast, blocking the [rule change] would make it more difficult for law enforcement to combat mass hacking by actual criminals.”

But those reassurances likely will not satisfy privacy advocates. In June, tech writer Mike Masnick noted that the DOJ’s justification for the rule change “skirt[ed] the truth, at best.” The new rule, Masnick wrote, “effectively wipe[s] out the requirement to give a copy of the warrant to the person whose computers are being hacked,” which “pretty much guarantees that some of the people who are hacked following this won’t even know about it.” He suggested that the DOJ’s use of the threat of child exploitation as a way to legitimize the rule change in effect derailed the necessary review of serious modifications to the government’s powers that should be debated and approved by Congress. “The FBI has a rather long history of abusing its surveillance powers, and especially seeking to avoid strict oversight,” Masnick wrote. “Approving such a change just because the DOJ is insisting it’s ‘FOR THE CHILDREN, WON’T YOU PLEASE THINK OF THE CHILDREN!’ isn’t a particularly good reason.”

That’s probably why big tech companies like Google and a host of civil rights organizations have opposed the change for years.

“Google has a significant interest in protecting its users and securing its infrastructure,” wrote Richard Salgado, Google’s director of law enforcement and information security, in a February 2015 letter submitted to the Judicial Advisory Committee on Criminal Rules. “The proposed amendment substantively expands the government’s current authority under Rule 41 and raises a number of monumental and highly complex constitutional, legal, and geopolitical concerns.”


Government Surveillance Timeline

The Domestic Surveillance Boom, From Bush to Obama

Timeline: PRISM, Total Information Awareness, and other moments in electronic eavesdropping after 9/11.

—By , , and

| Fri Jun. 7, 2013 3:56 AM PDT

Recent reports have detailed how the National Security Agency (NSA) has been vacuuming up millions of Americans’ phone data, online communications and files, and credit card transaction details. How did we get here?

2001 September 11: Nearly 3,000 people are killed when terrorists fly planes into the World Trade Center and the Pentagon, and crash another in Pennsylvania. Soon afterward, the NSA begins a “special collection program” to track the communications of Al Qaeda leaders and suspected terrorists.

George W. Bush speaks at the NSA in 2002. NSA

October 4: President George W. Bush secretly authorizes the NSA to track suspected terrorists by monitoring domestic communications without a warrant. The 1978 Foreign Intelligence Surveillance Act prohibits the government from eavesdropping inside the United States without first getting a warrant from the Foreign Intelligence Surveillance Court, also known as the FISA court.

October 26: Bush signs the Patriot Act. The law expands the government’s electronic surveillance powers. “The existing law was written in the era of rotary telephones. This new law that I sign today will allow surveillance of all communications used by terrorists, including emails, the internet, and cellphones,” Bush declares.


TIA logo WikiMedia Commons

February 13: The New York Times reports that the Information Awareness Office, a new Pentagon agency headed by retired vice admiral and Iran-Contra figure John Poindexter, “is developing technologies to give federal officials instant access to vast new surveillance and information-analysis systems.”

November 9: Poindexter’s Total Information Awareness (TIA) project, “a vast electronic dragnet” that could sweep up electronic and voice communications as well as financial data, is revealed in the Times.

2003 September 25: Congress shuts down the Information Awareness Office over fears that TIA could violate Americans’ privacy.
2004 March 10: Deputy Attorney General James Comey prevents White House counsel Alberto R. Gonzales and chief of staff Andrew Card from trying to persuade Attorney General John Ashcroft, who was hospitalized, to reauthorize the NSA warrantless wiretapping program. The progam is modified in 2004 due to objections from the Justice Department and a FISA judge.
2005 December 16: The New York Times unmasks the NSA’s warrantless wiretapping program. Bush says the program was regularly reviewed and that he had reauthorized it more than 30 times.

NSA’s National Security Operations Center NSA

March 6: The Patriot Act is renewed and signed by Bush.

May 11: USA Today reports that the NSA has been tracking tens of millions of Americans’ phone calls using data provided by AT&T, Verizon, and BellSouth.

May 25: Former AT&T technician Mark Klein says that in 2002 the company let the NSA install a device in one of its San Francisco facilities that allowed the government to monitor internet and phone traffic.

June 21: Salon reports that other former AT&T workers say the company’s internet traffic routed through St. Louis may be tapped by a government agency, likely the NSA.

2007 August 1: Presidential candidate Sen. Barack Obama (D-Ill.) says the Bush administration “puts forward a false choice between the liberties we cherish and the security we demand. I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom.”September 11: The NSA’s PRISM program begins getting data from Microsoft, according to official documents recently published by the Guardian. The program’s existence is not revealed until June 2013.
2008 March 12: The NSA’s PRISM program begins getting data from Yahoo, according to official documents.July 10: Bush signs the FISA Amendments Act, which gives the federal government the power to compel telecoms to provide access to emails, phone calls, and text messages if one party is “reasonably believed” to be overseas. The law also gives legal immunity to the phone companies that had participated in the NSA’s warrantless wiretapping program. Sen. Obama opposes extending immunity to the phone companies, but votes for what he calls “an improved but imperfect bill.”

August: In a secret decision, the Foreign Intelligence Surveillance Court of Review rules that telecoms must cooperate with federal requests to monitor the international communications of Americans suspected of being terrorists.


NSA headquarters NSA

January 4: The NSA’s PRISM program begins getting data from Google, according to official documents.

April 15: Intelligence officials tell the New York Times about the “overcollection” of domestic communication by the NSA despite the new limits set in 2008.

June 3: A federal judge affirms the constitutionality of retroactive immunity for the companies that participated in the NSA’s warrantless eavesdropping program. (An appeals court upholds the ruling in December 2011.) On the same day, the NSA’s PRISM program begins getting data from Facebook, according to official documents.

December 7: The NSA’s PRISM program begins getting data from PalTalk, according to official documents.

2010 March 10: A federal judge rules that the NSA warrantless wiretapping program started during the Bush administration is illegal.April 15: Federal authorities charge Thomas Drake, an NSA employee passed information about the agency’s activities to reporters, under the Espionage Act. He accepts a plea deal on a lesser charge in 2011.

September 24: The NSA’s PRISM program begins getting data from YouTube, according to official documents.

2011 January: NSA begins construction of a massive, 1 million square foot, $2 billion data center in Utah. “Just as we defend our lands, America also needs to also defend our cyberspace,” Sen. Orrin Hatch (R-Utah) says at the groundbreaking ceremony. It is scheduled to be completed in September 2013.February 6: The NSA’s PRISM program begins getting data from Skype, according to official documents.

March 31: The NSA’s PRISM program begins getting data from AOL, according to official documents.

May 7: The Patriot Act is renewed and signed by President Barack Obama.

May 26: Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) say that the Department of Justice has been misapplying the Patriot Act to allow expanded domestic surveillance. “When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry,” says Wyden.

2012 June 15: The inspector general of the Office of the Director of National Intelligence says it “would itself violate the privacy of US persons” to reveal how many people the NSA had tracked inside the country.July 20: In a letter to Wyden, the Office of the Director of National Intelligence concedes that some of the surveillance conducted under the 2008 FISA amendment has “sometimes circumvented the spirit of the law” and that one occasion a FISA judge found such “collection” to violate the Fourth Amendment.

October: The NSA’s PRISM program begins getting data from Apple, according to official documents.

December 30: Obama signs a five-year extension of Foreign Intelligence Surveillance Act. Amendments to provide more oversight of untargeted mass wiretapping are defeated in the Senate. Sen. Dianne Feinstein (D-Calif.) says the surveillance of foreigners’ communications in the United States “produced and continues to produce significant information that is vital to defend the nation against international terrorism and other threats.”


PRISM documents NSA/The Guardian

March 12: During an intelligence committee hearing, Sen. Wyden asks Director of National Intelligence James Clapper, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper’s reply: “No sir.”

June 5: The Guardian reports that the NSA has been collecting millions of Verizon customers’ call data. The FISA court approved the surveillance in April.

June 6: The Washington Post and the Guardian reveal the existence of PRISM, a top-secret NSA program that has access to emails, documents, audio, video, photographs, and connection logs from nine internet firms. The program, started in 2007, mines user data from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. The Wall Street Journal reports that the NSA also has been accessing AT&T and Sprint Nextel customer data as well as credit card transaction data.

June 7: “Nobody is listening to your telephone calls. That’s not what this program’s about,” Obama says at a speech in Silicon Valley. “But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism.” He adds, “”You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience.”



Justice Department Blocking Release of Spy Info

Justice Department Fights Release of Secret Court Opinion Finding Unconstitutional Surveillance

Government lawyers are trying to keep buried a classified court finding that a domestic spying program went too far.


| Fri Jun. 7, 2013

In the midst of revelations that the government has conducted extensive top-secret surveillance operations to collect domestic phone records and internet communications, the Justice Department was due to file a court motion Friday in its effort to keep secret an 86-page court opinion that determined that the government had violated the spirit of federal surveillance laws and engaged in unconstitutional spying.

This important case—all the more relevant in the wake of this week’s disclosures—was triggered after Sen. Ron Wyden (D-Ore.), a member of the Senate intelligence committee, started crying foul in 2011 about US government snooping. As a member of the intelligence committee, he had learned about domestic surveillance activity affecting American citizens that he believed was improper. He and Sen. Mark Udall (D-Colo.), another intelligence committee member, raised only vague warnings about this data collection, because they could not reveal the details of the classified program that concerned them. But in July 2012, Wyden was able to get the Office of the Director of National Intelligence to declassify two statements that he wanted to issue publicly. They were:

* On at least one occasion the Foreign Intelligence Surveillance Court held that some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment.

* I believe that the government’s implementation of Section 702 of FISA [the Foreign Intelligence Surveillance Act] has sometimes circumvented the spirit of the law, and on at least one occasion the FISA Court has reached this same conclusion.

For those who follow the secret and often complex world of high-tech government spying, this was an aha moment. The FISA court Wyden referred to oversees the surveillance programs run by the government, authorizing requests for various surveillance activities related to national security, and it does this behind a thick cloak of secrecy. Wyden’s statements led to an obvious conclusion: He had seen a secret FISA court opinion that ruled that one surveillance program was unconstitutional and violated the spirit of the law. But, yet again, Wyden could not publicly identify this program.

“When the government hides court opinions describing unconstitutional government action, America’s national security is harmed,” argues the Electronic Frontier Foundation.

Enter the Electronic Frontier Foundation, a public interest group focused on digital rights. It quickly filed a Freedom of Information Act request with the Justice Department for any written opinion or order of the FISA court that held government surveillance was improper or unconstitutional. The Justice Department did not respond, and EFF was forced to file a lawsuit a month later.

It took the Justice Department four months to reply. The government’s lawyers noted that they had located records responsive to the request, including a FISA court opinion. But the department was withholding the opinion because it was classified.

EFF pushed ahead with its lawsuit, and in a filing in April, the Justice Department acknowledged that the document in question was an 86-page opinion the FISA court had issued on October 3, 2011. Again, there was no reference to the specific surveillance activity that the court had found improper or unconstitutional. And now the department argued that the opinion was controlled by the FISA court and could only be released by that body, not by the Justice Department or through an order of a federal district court. In other words, leave us alone and take this case to the secret FISA court itself.

This was puzzling to EFF, according to David Sobel, a lawyer for the group. In 2007, the American Civil Liberties Union had asked the FISA court to release an opinion, and the court had informed the ACLU to take the matter up with the Justice Department and work through a district court, if necessary.

So there was a contradiction within the government. “It’s a bizarre catch-22,” Sobel says. On its website, EFF compared this situation to a Kafka plot: “A public trapped between conflicting rules and a secret judicial body, with little transparency or public oversight, seems like a page ripped from The Trial.”

Before EFF could get a ruling on whether this opinion can be declassified and released, it had to first sort out this Alice in Wonderland situation. Consequently, last month, it filed a motion with the FISA court to resolve this aspect of the case. “We want the FISA court to say that if the district court says the opinion should be released, there is noting in its rules that prevents that,” Sobel says. Then EFF can resume its battle with the Justice Department in federal district court for the release of the opinion. The Justice Department was ordered by the FISA court to respond by June 7 to the motion EFF submitted to the FISA court.

Currently, given the conflicting positions of the Justice Department and the FISA court, Sobel notes, “there is no court you can go to to challenge the secrecy” protecting an opinion noting that the government acted unconstitutionally. On its website, EFF observes, “Granted, it’s likely that some of the information contained within FISC opinions should be kept secret; but, when the government hides court opinions describing unconstitutional government action, America’s national security is harmed: not by disclosure of our intelligence capabilities, but through the erosion of our commitment to the rule of law.”

As news reports emerge about the massive phone records and internet surveillance programs—each of which began during the Bush administration and were carried out under congressional oversight and FISA court review—critics on the left and right have accused the government of going too far in sweeping up data, including information related to Americans not suspected of any wrongdoing. There’s no telling if the 86-page FISA court opinion EFF seeks is directly related to either of these two programs, but EFF’s pursuit of this document shows just how difficult it is—perhaps impossible—for the public to pry from the government information about domestic surveillance gone wrong.