Senators Not Impressed By DOJ's Answers On Rule 41 Changes

from the answer-the-damn-question dept

The DOJ has finally responded to questions posed by several senators about its interpretation of the proposed Rule 41 changes, due to go into effect on December 1st. Arriving shortly before the deadline -- and during the Thanksgiving holiday Black Friday news rush -- the DOJ's letter [PDF] contains a few explanations of its jurisdiction limitation-stripping and roving botnet warrants.

Unfortunately, not much is clarified other than that the DOJ still feels its proposal is nothing more than Rule 41 64-bit -- an update of existing law more in line with today's connected reality. (The DOJ offers no insight on its reluctance to update other outdated laws like the CFAA…) It also appears to believe the Fourth Amendment impact of its "one warrant, thousands of searches" proposal will be minimal and that it will maintain the same level of respect it has shown for privacy protections (also minimal) under the updated rule.

Needless to say, Sen. Wyden and co. aren't impressed by the DOJ's response.

Wyden and Coons were among 11 senators and 12 House members who queried DOJ about the hacking powers expansion last month. The department’s reply, which arrived today, should be “a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices,” Wyden wrote.

The DOJ is still dodging a few questions. One question in particular was completely unaddressed in the DOJ's response. Wyden and his co-signers asked what the DOJ was going to do to prevent forum shopping for compliant judges -- something that would become far more common with jurisdictional limits removed.

The letter does not recount any specific department policies or training that would prevent forum shopping. It does stress police will only be able to seek warrants in districts where activity related to a crime has occurred and that the revised rule uses the same language as existing out-of-district warrant authorities for terrorism cases.

The DOJ either can't answer this or won't answer this. In either case, the lack of response indicates the DOJ isn't interested in preventing law enforcement agencies (like the FBI) from shopping for judges. If there's nothing in place now, it's highly unlikely any guidance will be in place by December 1st. If there is something in place, it's apparently nothing more than a suggestion that law enforcement seek warrants in their own jurisdictions. If the DOJ was truly interested in shutting down forum shopping, it would have begun putting policies in place at any point over the last couple of years while it pursued this "update" of Rule 41.

The letter does say law enforcement agencies won't be able to peek at private files while mucking about the insides of citizens' computers to shut down botnets. But the letter (and the Constitution) both say a lot of things that are great in theory, but less so in practice. Fourth Amendment violations can only be cured by visits to courtrooms, but it's something that's prohibitively expensive and subject to a large number of "GET OUT OF VIOLATION" cards (good faith, plain view, close-but-no-suppression, etc.) issued by presiding judges.

The redux of the changes is still this: if anonymization efforts are made by anyone targeted in a criminal investigation, the FBI, etc. can go find the most compliant judge available to sign off on a single warrant that can be used to search thousands of computers worldwide. It can also do this under the pretext of fighting botnets, performing the same sort of limited search for identifying info, even when all the hundreds or thousands of targets are not suspected of any wrongdoing.

Pretty much the only thing standing between the DOJ's proposal and the December 1st implementation is Congressional members' decision to "opt in" to a shutdown fight -- something the DOJ is clearly hoping won't happen. Wyden's recently-introduced bill would push the adoption back until the middle of next year, but it still requires representatives to express some sort of opinion (yes/no) on rule changes that could easily coast into existence while everyone in Congress is distracted by upcoming holidays and annual budget battles.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chris coons, doj, fbi, hacking, jurisdiction, malware, nit, ron wyden, rule 41