As part of its increased focus on combating cybercrime, the U.S. Department of Justice is pushing to loosen requirements for obtaining search warrants in order to allow them greater freedom to hack into the computers of criminal suspects. Late last year, DOJ submitted a request to modify Federal Rule of Criminal Procedure 41, which governs the issuance of search warrants. DOJ wants to be able to obtain a single warrant authorizing remote access searches of multiple computers or electronic storage media wherever they are located. DOJ’s proposal would modify the current rule in two significant ways: (1) it would eliminate the territorial limitations on authorized searches to allow for searches outside of the district where the warrant is issued; and (2) it would require agents to only make “reasonable efforts” to notify a person whose property was searched or information was seized.
In pressing for the changes, DOJ cited to three potential investigative problems caused by the current geographic limitation. First, DOJ pointed to the difficulty of locating a computer believed to obtain evidence of a crime when the user employs anonymizing tools to disguise the computer’s IP address. A warrant for a remote access search under the proposed rule would enable an agent to send an email to the computer and remotely install software on the device receiving the email, which would allow the agent to determine the true IP address. Second, in an investigation involving multiple computers in various locations, such as a “botnet,” the proposal would eliminate the need for agents to obtain multiple warrants in the numerous different districts where the computers are located and even allow for the remote search of networked computers in unknown locations. Third, the proposed change would permit a search for electronic information accessible from a computer at a known location but stored remotely in another district. For example, under the amended rule, the government could obtain a warrant that allows agents searching a business to access cloud-based storage used by computers at that business.
Opponents of the rule change have raised both policy based and constitutional concerns. Among other issues, critics have argued that allowing for multiple-computer and multiple-district searches could lead to forum-shopping by the government and reduced judicial oversight of cybercrime investigations. Furthermore, by allowing for searches of unidentified computers at unknown locations, and for searches of multiple computers simultaneously, warrants issued under the proposed rule may nevertheless violate the Fourth Amendment.
DOJ’s proposal has now passed the first obstacle on its way to becoming law. The proposed amendments have been approved (over a strenuous dissent) by a subcommittee of the Criminal Rules Committee. The proposed rule is scheduled to be debated by the full Criminal Rule Committee of the Judicial Conference on April 7, 2014 before being opened for public comment.