
FBI to gain expanded hacking powers as Senate effort to block fails - uptown
http://www.reuters.com/article/us-usa-cyber-congress-idUSKBN13P2ER
======
uabstraction
Well, this combined with the snoopers charter just motivated me to sign up for
an EFF membership. It's not much, but it's something.

It really feels like we're marching towards a brave new world. They can pry my
copy of Applied Cryptography from my cold dead hands.

~~~
techdragon
That book might one day be considered as dangerous as an unregistered
firearm... Sadly.

~~~
unethical_ban
I accidentally downvoted on mobile. I'll fix later.

I own many unregistered firearms. Fortunately, that is likely to remain legal
for some time.

~~~
pjc50
I think it's quite likely that the US will end up with total surveillance of
everything except guns. Guns don't threaten the power structure.

~~~
cmdrfred
Gun homicides are down dramatically[0], yet we hear a constant drum beat from
the media about terrorists and mass shooters. Guns absolutely threaten the
power structure they will be coming for them soon enough.

[0][https://static.ijr.com/wp-
content/uploads/2016/01/guns4.jpg](https://static.ijr.com/wp-
content/uploads/2016/01/guns4.jpg)

~~~
pjc50
No they don't, at least not in the hands of white people and rightwing fringe
groups. We can see this by contrasting the treatment of the Malheur occupiers
versus the non-armed Standing Rock occupiers.

The Malheur occupiers carried out an armed takeover of a Federal building in
the middle of nowhere. No economic threat, no political threat, so they were
basically surrounded and left alone. The Standing Rock occupiers are not armed
and are standing in the way of money, so they get the water cannon and worse
treatment.

If there was a time for terrorism to be used as a pretext, it was much closer
to 9/11\. Similarly for mass shootings. Most of the public accept them as
routine and children are drilled about the possibility at school. That isn't
enough to make even minor gun restrictions happen. Obviously nothing is going
to happen under a Republican government, especially a Trump presidency. "Soon
enough" isn't this decade.

(The only thing which _could_ provoke serious disarmament efforts would be an
armed Black Lives Matter movement..)

~~~
harambaebae69
As you mention though, Malheur vs Standing Rock is an apples to oranges
comparison. The Bundy's took over a very remote ranger station that no one
honestly cared about. The Standing Rock occupiers were actually in the way of
something.

------
throw2016
Instead of arbritary abuse of power by a despot we are doing the same only
with processes and the law but the effect is the same.

Surveillance, secret courts, gag orders, harassment of activists and
whisteblowers, no fly lists, militarization of the police, infiltration of
dissenters and protest, and dubious relationships with terrorist sponsoring
states show things are in a sinister and precarious state.

Our media and human right orgs so quick to turn the spotlight on others remain
strangely reticent when it comes to self reflection. There is no frenzy and
hysteria and no one is raising the bogey of totalitarianism and campaigning
for sanctions.

Our media won't do its job and our instinctive rush to the moral high ground
has lulled us in a sense of complacency.

But our moral highground and soft power built over generations is now toast.
Every single bit of posturing about human rights by western media, NGOs and
government will be met with derision and mockery. It is propaganda.

The use of surveillance both in the private and public sector is a 'gift' from
our 'freedom loving' technologists. Ignore these naysayers and colloboraters,
often found here. They have posed about freedom and liberty for decades only
to suck up to authoritarianism given the slightest opportunity. The only thing
they can do now is deny it, diminish it or wave it away making HN the single
worst place to have a discussion on privacy and surveillance.

------
thomaskcr
Here is the actual text:
[https://www.law.cornell.edu/rules/frcrmp/rule_41](https://www.law.cornell.edu/rules/frcrmp/rule_41)

There's nothing wrong with being against this, but this seems like a huge
stretch of the words "new" and "hacking" to the point of absurdity.

They are already allowed to remotely access this information based on the case
that fired this off - the issue wasn't with their methodology but who issued
the warrant. The entirety of what this rule changes is it defines special
circumstances where it is appropriate for the judges in a district of a victim
instead of the perpetrator to issue a warrant __to do things that are already
allowed __.

> Under the proposed amendment, however, investigators could not obtain a
> search warrant merely because a user's location is concealed through
> technological means.

> The proposed amendment does not alter that rule, but instead provides an
> alternative means of satisfying Rule 41's venue provisions.

The rule clearly does not change anything about what is required to get a
warrant, and concealment does not lower the bar for getting a warrant. The
only thing that changes under this rule is it lays out scenarios where you
would not be able to suppress evidence due to improper venue just because the
warrant wasn't issued in the district you performed the crime from but instead
where the crime actually occurred.

I'm not dismissing the concerns of all of those writing about this - just
based on the comments and scenarios being laid out in them I think technically
knowledgeable people are assuming the words "new" and "hacking" are being used
correctly here without even looking into what has actually changed.

This also means people are completely unaware of what the government is
already allowed to do apparently.

If everyone here got their way and this was magically blocked right now,
absolutely nothing would change about what the FBI is allowed to do - only
what evidence could be challenged if they ask judge A when they should have
asked judge B (and can show they couldn't figure out that they were supposed
to ask judge B (that's where the technological concealment comes in)).

------
coldcode
Snooper's Charter US version. I wonder if their new found hacking powers will
survive a court challenge, or will it only be used in parallel prosecutions so
no court ever sees it. Guessing the latter.

~~~
tzs
> Snooper's Charter US version.

That's complete and utter nonsense. The Snooper's Charter grants the UK
government many new powers, and places obligations and restrictions on ISPs.
It makes substantial substantive changes to the requirements for law
enforcement to justify snooping and spying in the UK.

The Rule 41 change only applies to warrants seeking to access electronic
documents, and makes no changes to what evidence must be presented to justify
a warrant. It just changes, in two specific situations, _where_ that evidence
can be presented.

These situations are:

1\. If it cannot be determined where the computer containing the documents is
located, and the location has been hidden by technological means, then the
warrant can be issued by a judge in any district in which the crime being
investigated may have taken place. Under the old rule, the warrant had to be
issued by a judge in the district where the computer was located, and so if
that location could not be determined then investigators were out of luck.

2\. If the crime being investigated is a violation of the Computer Fraud and
Abuse Act, and the damaged computer are in five or more districts, then the
warrant can be issued in any district where the crime may have occurred. Under
the old rule, it had to be issued in the district where the computer was
located.

This is not even remotely like the Snooper's Charter.

~~~
shostack
Which means they can now shop around for judges until they get the answer they
want. Right up there with the UK in terms of severity since this means they
can keep up doing what they have been doing.

------
JumpCrisscross
Countdown to an FBI case where someone in their target list using HTTPS
justifies wiretapping thousands...

~~~
tzs
You'll have a long wait, since this change is completely orthogonal to that.

The key change is to Rule 41(b), "Authority to Issue a Warrant". It contained
a list of 5 circumstances under which a magistrate just can issue a warrant. A
6th is being added:

===={ begin quote

(6)

a magistrate judge with authority in any district where activities related to
a crime may have occurred has authority to issue a warrant to use remote
access to search electronic storage media and to seize or copy electronically
stored information located within or outside that district if:

(A) the district where the media or information is located has been concealed
through technological means; or

(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media
are protected computers that have been damaged without authorization and are
located in five or more districts.

=====} end quote

There is also a change to 41(f)(1)(C), which concerns serving a warrant. The
prior version read:

===={ begin quote

The officer executing the warrant must give a copy of the warrant and a
receipt for the property taken to the person from whom, or from whose
premises, the property was taken or leave a copy of the warrant and receipt at
the place where the officer took the property.

=====} end quote

The update adds another sentence to that:

===={ begin quote

For a warrant to use remote access to search electronic storage media and
seize or copy electronically stored information, the officer must make
reasonable efforts to serve a copy of the warrant on the person whose property
was searched or whose information was seized or copied. Service may be
accomplished by any means, including electronic means, reasonably calculated
to reach that person.

=====} end quote

~~~
losvedir
> _issue a warrant to use remote access to search electronic storage media and
> to seize or copy electronically stored information located within or outside
> that district if ... the district where the media or information is located
> has been concealed through technological means_

Remote access to a computer and they don't know where it is? This basically
means a Tor hidden service or something like that?

------
junto
In a perverse way, these kind of restrictive laws starting in the US are good
for the rest of the world. Let me explain.

Without doubt the concentration of computer science brilliance and investment
is centred in the US, specifically in Silicon Valley. These kinds of
restrictions on privacy and freedom upon those individuals will drive a kick
back, investment and research into secure messaging and communication systems.

The encryption horse has already bolted, the proverbial stable door is wide
open, and this could trigger the enabled and invested to bridle that horse for
the good of mankind.

That's my hope anyway.

~~~
benevol
Even end-to-end encryption is of no use as soon as one has a single backdoor
into your system.

Again, technology alone is never the whole answer. The legal framework must be
sane as well.

------
alexandercrohde
>> especially troubling in the hands of an administration of President-elect
Trump, a Republican who has "openly said he wants the power to hack his
political opponents the same way Russia does."

Who exactly are they quoting here, and is there a source? This is damning to
trump if it's true, and damning to the authenticity of reuters if it's not.

~~~
amdolan
possibly this[1]? Trump encourages Russia to "find the 30,000 emails that are
missing."

[1]
[https://www.youtube.com/watch?v=gNa2B5zHfbQ](https://www.youtube.com/watch?v=gNa2B5zHfbQ)

------
bryanrasmussen
It wasn't a Senate effort to block, it was a Democratic effort in the Senate.

Otherwise the headline nonsensical - hey the whole Senate tried to block but
it didn't work?

------
ZoeZoeBee
Why does it take legislation by the Senate to block or delay rule changes,
giving the FBI authority to remotely access computers in any jurisdiction,
seems it should have required legislation to enact the changes in the first
place. Unfortunately this will go unnoticed by the public until it is too late

~~~
nickff
The legislative branch has delegated extensive 'policy' and 'rule-making'
(arguable legislative) powers to the executive agencies, though vague
statements in legislation, and broad interpretations by the courts. The same
'deference' which has allowed HHS to re-sculpt Obamacare on-the-fly is what
gives the FBI, CIA, and NSA the authority to pursue these massive surveillance
programs.

As a result of the tacit support the courts and legislature have given the
executive agencies in the past, the legislature is now required to
affirmatively act to stop most executive actions.

There have been some proposals to require legislation to enact any large
change in executive branch rules/policy/interpretations, but there is little
support for such measures, as most people do not want to rule back the
administrative state, they just want the state to do different things.

------
nullc
"We totally weren't trying to hack that vote tallying machine... it used a VPN
so we weren't sure of it's location and thought it might have been a foreign
system."

------
siegecraft
This is the same rule change that says if you use a VPN or TOR you can legally
be hacked by the FBI, yes? I wonder if people who use work VPNs will be
exempted since afaik the wording is about services that obscure your location,
and most business VPNs aren't concerned with that (especially if they have
split routing configured properly).

~~~
existencebox
To be honest the answer seems simple. Get _EVERYONE_ on VPNs, regardless. Even
if you don't really use it for much, make it connect automatically via some
browser plugin and send some trash random data.

As a "data scientist" the most painful thing I have to deal with is data
cleaning and data quality. Add to that the difficulty of actually getting into
a (hopefully broad) array of VPN providers and tracking every person yelling
into the pipe will make their (FBI/NSA) lives very very difficult, and this
makes me happy on a rather visceral level.

~~~
lettergram
That's actually why my group of friends all tag each others faces on Facebook
as the other. Rather than not posting our faces, Facebook auto tags me as
random people now (most often my wife).

~~~
owly
Why not completely abandon FB? Build your own personal free network.

~~~
lawnchair_larry
The network would have one person, challenging the definition of network.

------
zaroth
In the Goldman Sachs case I do recall charges being brought in certain states
where CFAA laws were more favorable for the prosecution, and those charges
being thrown out on appeal because they were brought in the wrong
jurisdiction. I don't see how this changes that.

This is a procedural change the Surpeme Court already voted in favor of. The
title is clickbait from what I can tell. I'm much more concerned with recent
erosion of the right to remain silent.

Hacking powers are not being expanded. A loophole that has stymied
investigations had been closed.

Now what we _do_ need is reasonable limits on the scope of allowable warrants
to prevent dragnets. The more interesting question is whether the FBI should
be allowed to use drive-by malware to infect all visitors of a site, and if so
under which very well defined circumstances?

What TFA missed is the reason we are worried about this rule change is that it
could make dragnets easier to get seemingly valid warrants for. E.g. Even if
Hidden Services are not being used, investigator claims it's not 'reasonable'
to get warrants for each IP accessing a site and so just infects all visitors
with malware to scan the hard drive and local network for some evidence.

But that needs to be illegal for more than just the reason of not knowing what
jurisdiction to get the warrant in.

------
arca_vorago
One of the most important stories of the year, on HN for 6 hours, with 11
comments and 105 points. Is everyone already afraid? I always said "I told you
so" would ring hollow and have no satisfaction in it, but this is what happens
when everyone forgets about our foundational principles and waves injustice
away with arguments such as 234dd57d2c8db's.

The constitution is the supreme law of the land, created to protect, _not
establish_ , natural rights. As such, such general _warrants_ do not properly
satisfy the constitutional requirements our country established.

Actions like this, are the result of the allowed slippage, from both sides of
the isle, as prescribed to them by the shadow masters.

We have allowed our true foreign enemies to infiltrate and subvert our system,
falsely focus our efforts on foreign boogeymen, all the while our domestic
enemies run rampant (often backed, or blackmailed, by foreign ones).

The true, the capable, the already somewhat successful enemies of the
constitution don't wear hijabs, they wear business suits and ties.

This is a turning point for America, where we either cower in fear of the
coming totalitarian surveillance dystopia, or we speak up and push back.
Silence now will be nothing less than acquiescence.

As Hitchens said, the American revolution is the only revolution that still
stands a chance.

~~~
roscoebeezie
Queue John Quincy Adams:
[https://www.mtholyoke.edu/acad/intrel/jqadams.htm](https://www.mtholyoke.edu/acad/intrel/jqadams.htm)

~~~
orly_bookz
I'd like to summon James Otis, Jr:

"I will to my dying day oppose, with all the powers and faculties God has
given me, all such instruments of slavery on the one hand and villainy on the
other as this Writ of Assistance is."

[http://www.constitution.org/bor/otis_against_writs.htm](http://www.constitution.org/bor/otis_against_writs.htm)

------
mindcrime
Time to disband the FBI. And the ATF. Whatever good they do isn't justified by
the threat they represent.

