With the growth of cybercrime facilitated by the global nature of the Internet, law enforcement is adapting their toolsets to better tackle the challenges presented by technologies that blur legal jurisdiction. The Cipher Brief spoke with Elaine Lammert, former Deputy General Counsel at the FBI, about the recent changes made to Rule 41 of the Federal Rules of Criminal Procedure and how these amendments equip law enforcement with the necessary powers to address modern crimes online.
The Cipher Brief: Could you explain the amendments to Rule 41 of the Federal Rules of Criminal Procedure?
Elaine Lammert: Rule 41 of the Federal Rules of Criminal Procedure sets forth the requirements for obtaining a search warrant. A search warrant must be based upon probable cause and must identify the property to be searched and the items to be seized, and a neutral and detached magistrate located where the search will be conducted must approve it.
The amendments to Rule 41 allow the following:
“[A] magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:
(A) the district where the media or information is located has been concealed through technological means; or
(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts. “Rule 41 FRCP (b) (6)”
In circumstances where the location of the computer or information to be searched has been hidden by technological means and therefore difficult to determine the exact venue to apply for a search warrant, law enforcement will nonetheless be able to go to a judge to apply for a search warrant. They would still have to demonstrate probable case and meet all other legal requirements.
The other situation involves individuals who are hacking into or damaging computers in five or more different jurisdictions. Under the previous rule language, law enforcement officers would have to submit a search warrant application in each district where an affected computer was located. Under the amended language, law enforcement officers may go to a judge where one of the affected computers is located to submit a warrant application. Three elements must be satisfied in order to avail oneself of this provision: the investigation must involve an investigation of intentional damage to a protected computer; only computers that have been damaged may be searched; and the computers must be located in at least five different states.
TCB: What is the rationale behind providing the FBI with the power to remotely hack into numerous devices—even those beyond a judge’s jurisdiction—under a single warrant?
EL: The amendments do not authorize the government to remotely search a computer via any techniques that are not already authorized by law. All the protections under the Fourth Amendment remain. The amendments guarantee that there is a judge available to review a search warrant application under the limited circumstances described above. The warrant application must comport with Fourth Amendment requirements.
Computer crime is becoming more sophisticated and computer crimes investigations more complex. The amendments will help law enforcement in investigating and prosecuting crimes that involve anonymizing technologies as well as those where criminals use multiple computers to perpetrate crime. These crimes pose a significant risk to the public. Anonymizing technologies are used by criminals so they may communicate with a victim while disguising their IP address. These crimes may range from fraud to child pornography. So while law enforcement could locate the criminal’s computer via a remote search once they obtained a search warrant, prior to the amendment, a judge could deny the warrant because the government could not satisfy the venue requirement.
As for crimes where multiple computers are used, one way this occurs is through the use of a botnet, a network of private computers that have been infected without the owners’ knowledge and are used to conduct criminal activity such as sending malware, denial of service attacks, or stealing personal information. These cases involve multiple jurisdictions. Requiring law enforcement to go to a court in each jurisdiction district where an infected computer is located would cause unnecessary delays that would negatively impact the investigation as well as be an ineffective use of investigative resources.
TCB: There have been concerns FBI hacking could unpredictably cause harm to innocent people, further facilitate expanded surveillance capabilities, and result in “forum shopping” for a judge mostly likely to approve. What kinds of safeguards and oversight should the FBI put in place to make sure these concerns are addressed?
EL: The safeguards and oversight are found within the rule itself. The authorizing judge must be in the district where the “activities related to the crime occurred.” Law enforcement must show probable cause to justify the search. The rule also requires the agent executing the warrant to promptly return the warrant and a copy of the inventory of property/items seized to the authorizing judge.
