From the post:
The US Department of Justice (DOJ) is proposing a power grab that would make it easier for domestic law enforcement to break into computers of people trying to protect their anonymity via Tor or other anonymizing technologies.
That’s according to a law professor and litigator who deals with constitutional issues that arise in espionage, cybersecurity and counterterrorism prosecutions.
Ahmed Ghappour, a visiting professor at UC Hastings College of the Law, San Francisco, explained the potential ramifications of the legal maneuver in a post published last week.
I dislike government surveillance as much as anyone but let’s get the facts about surveillance straight before debating it.
For example, Lisa says:
…make it easier for domestic law enforcement to break into computers of people trying to protect their anonymity via Tor… (emphasis added)
Certainly gets your attention but I’m with Bill Clinton, it depends on what you mean by “easier.”
If you mean “easier,” as in breaking Tor or other technologies, in a word: NO.
If you mean “easier,” as in issuance of search warrants, YES.
Section (b) of Rule 41 sets out who can issue a search and seizure warrant and just as importantly, where the person or evidence can be located. The present rules of section (b) can be summarized as:
- Person or property located within a district
- Person or property outside a district, if located within the district when issued but might move before execution of the warrant
- Person or property within or outside a district (terrorism)
- Person or property to be tracked within, without a district or both
- Person or property located outside a district or state but within (A) US territory, possession, or commonwealth; (diplomatic/consular locations)
(There are other nuances I have omitted in order to focus on location of the person and property to be seized.)
Rule 41 (b) defines where the person or property to be seized may be located.
With that background, consider the proposed amendment to Rule 41:
(6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside the district if:
(A) the district where the media or information is located has been concealed through technological means; or
(B) in an investigation of a violation of 18 U.S.C. Sec. 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.
The issue is whether the same terms of present Rule 41 (b) (3) in terrorism cases should be expanded to other cases where the location of “media or information…has been concealed through technological means.”
Professor Ahmed Ghappour, in Justice Department Proposal Would Massively Expand FBI Extraterritorial Surveillance is concerned that searches for electronic media at unknown locations will of necessity result in searches of computers located in foreign jurisdictions. No doubt that is the case because to “not know the location of media or information” means just that, you don’t know. Could be on a domestic computer or a foreign one. Unless and until you find the “media or information,” its location will remain unknown.
In the interest of cooperation with foreign law enforcement and some lingering notion of “jurisdiction” of a court being tied to physical boundaries (true historically speaking), Professor Ghappour would resist expanding the same jurisdiction in Rule 41 (b)(3) to non-terrorism crimes under proposed Rule 41 (b)(6)(A).
The essence of the “unknown server location” argument is that United States courts can issue search warrants, if the government can identify the location of a target server, subject to the other provisions of Rule 41. But since Tor prevents discovery of a server location, ipso facto, no search warrant.
To be fair to the government, a physical notion of jurisdiction for search and seizure warrants, as embodied in Rule 41, is a historical artifact and not essential to the Fourth Amendment for U.S. citizens:
The rights of the people to be secure in their persons, houses, papers, and effects, against unreasonable searchers and seizures, shall not be violated; and no Warrants shall issue but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The government’s often flat-footed response to technology is a common topic of conversation. Here an attempt by government to adapt to modern computer network reality is said to be too far and too fast.
Despite my sympathies being with the hare and not the hounds, I don’t think the law should foster an evidentiary shell game based upon antiquated notions of physical jurisdiction. (Leaving it to the government to procure the information it seeks without assistance from innocent bystanders. See Note 1)
Note 1: I don’t see this as contrary to my position in Resisting Tyranny – Customer-Centric-Cloud (CCCl). The issue there was a subpoena to Microsoft for data held in a foreign server. I think Cloud operators have a fiduciary duty to their customers that is prior and superior to the claims of any particular court. If the FBI can obtain the information on such servers with a warrant, on its own, then it should do so. But courts should not be able to press gang others to assist in local law enforcement activities.
Note 2: You may want to review the Advisory Committee on Criminal Rules, New Orleans, April 7-8, 2014 for background materials on the proposed change to Rule 41. Review the Annotated Constitution chapter on Search and Seizure for Fourth Amendment issues.
Note 3: If you are looking for an amusing example for parsing, try 18 U.S.C. Sec. 1030. Far clearer than any part of the Internal Revenue Code or its regulations but still complicated enough to be amusing.