Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

U.S. Government Expands Authority in Cyberspace

DHS Proposal Requests Visitors Provide Social Media Account Names

DHS Proposal Requests Visitors Provide Social Media Account Names

The US government is continuing its quest for greater authority in cyberspace in order to fight crime and protect national security, despite its failure to force Apple to provide access to iPhones earlier this year. Current proposals include changes to Rule 41 of the Federal Rules of Criminal Procedure; a proposal by Senate Majority Leader Mitch McConnell to expand the scope of national security letters (NSLs); and a proposal from the U.S. Customs and Border Protection agency (part of DHS) for visitors to America to provide social media details.

Amendments to Rule 41 of the of the Federal Rules of Criminal Procedure were proposed earlier this year. These were approved by the Supreme Court in April, and will now come into effect on Dec. 1, 2016.

These amendments expand the legality of FBI remote access (hacking). The first change is to relax restrictions on the location for a warrant to be issued. Rule 41 now reads, “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant…” 

This will enable the FBI to choose from a much wider selection of magistrates to approach for a warrant, if “the district where the media or information is located has been concealed through technological means.” This is clearly aimed at Tor and VPN users. However, the loose wording places no geographic limitations on the hacking, which could lead to problems with foreign jurisdictions. Europe, for example, has already made it clear that transnational legal issues should be processed via existing mutual legal aid treaties (MLATs). The Rule 41 changes, however, will enable the US government to hack European computers with a local warrant simply because the FBI believes a particular user is at the end of a VPN or has been using Tor.

There are also concerns that this will lead US authorities to stockpile vulnerabilities for their own use, to the general detriment of overall internet security (notice that it declined to disclose how it broke into the iPhone).

The NSL issue is currently in abeyance. McConnell switched his own vote to ‘no’ and the amendment was not passed by the Senate. The EFF suggests that this is probably a maneuver to allow him to reintroduce the amendment during a future debate.

Since NSLs are issued in secret without judicial oversight, the scope of the NSL has been limited. McConnell’s amendment would expand that scope. The FBI’s position is that it is not an expansion but a ‘typo’ fix that will allow it to do what Congress always intended it should be allowed to do.

Advertisement. Scroll to continue reading.

The U.S.Customs and Border Protection proposal was posted on the Federal Register on June 23, 2016. It proposes the inclusion of a new data request for persons entering the US, requesting that visitors provide their social media account names. It is not proposed that this should be a mandatory requirement. 

Nevertheless the proposal states, “Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.” There is no immediate indication of what effect declining to give this information will have on the prospective visitor.

The public now has 60 days to comment on this proposal. Details are available in the Federal Register notice.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.