By Kevin DeLong
An Update for Digital Forensic Professionals
Law enforcement digital forensic professionals may soon see a spike in remote digital search and seizure projects. In April, the U.S. Supreme Court
approved changes to Rule 41(b) of the Federal Rules of Criminal Procedure that permit federal judges to issue warrants for remote searches of computers if
the computer location is concealed by anonymization technology, or in cybercrime Bot investigations spanning
several federal districts. The new rule appears to authorize warrants for computer searches both inside and outside the United States. Congress has until
December 1 to act, or new Rule 41 becomes law.
Modernizing for 21st Century Crime
The Department of Justice (DOJ) drove the change, saying modernization of the criminal code is a must in 21st century criminal cases, where sophisticated actors can easily mask their computer locations. Criminals frequently use services such as TOR (The Onion Router) or proxy servers to hide the IP addresses of their devices. Law enforcement wants to be able to seize electronic information from computers when they do not know their precise location. Searches of two of the most common such situations—concealed locations and Bots that can take over thousands of computers—are permitted under section (A) and (B) of the new rule.
“(6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote
access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:
(A) the district where the media or information is located has been concealed through technological means; or
(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are
located in five or more districts.”
Transmittal Letter, April 28, 2016, from Chief Justice John Roberts to Paul Ryan, Speaker of the House
Government digital investigators would be authorized to use Internet surveillance software to attempt to track down and extract evidence from computers
located outside of the federal court’s district. Current rules allow judges to issue search warrants only within the bounds of their district, with a few
What Types of Crimes?
DOJ’s push for the changes is partly fueled by a string of suspected child pornography cases where evidence was thrown out due to an invalid warrant. In the case, United States v. Alex Levin, 15-10271-WGY (United States District Court, District of Massachusetts, 2016), a judge suppressed evidence, ruling that the Virginia court lacked jurisdiction to issue a warrant to search a computer located in Massachusetts. In this operation, the government shut down a dark web child porn site and leveraged it on government servers in Virginia to track down users, seizing evidence from their computers. The government commented that this site involved particularly “gruesome” child pornography.
In what other criminal investigations might we see use of the expanded remote computer searches? Trade secret theft has been suggested, at least for those cases that are deemed a federal crime. Identity theft and bank fraud cases are also likely, given that the Advisory Committee referenced a bank fraud and identity case where the judge denied a warrant to surreptitiously install data extraction software on a computer where the government did not have the exact location of the target computer. Securities fraud, money laundering, drug trafficking, corruption and tax evasion criminal investigations also come to mind.
Will Congress Stop It?
Senators introduced a bill in May to block the Rule 41(b) (6) changes. One senator commented, “[s]uch a substantive change with an enormous impact on Americans’ constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process.” Privacy groups such as the Electronic Frontier Foundation have launched campaigns to get Congress to act against the Rule 41(b) changes. Alphabet’s Google has argued the language is too broad, expressing concern about Bot victims’ computers being searched to track anonymous Bot actors.
Watch for a blog update as the December 1 deadline approaches. In the meantime, be prepared for more changes as law enforcement strives to modernize criminal procedures to combat cybercriminals.