U.S. Government Expands Authority in Cyberspace

DHS Proposal Requests Visitors Provide Social Media Account Names

The US government is continuing its quest for greater authority in cyberspace in order to fight crime and protect national security, despite its failure to force Apple to provide access to iPhones earlier this year. Current proposals include changes to Rule 41 of the Federal Rules of Criminal Procedure; a proposal by Senate Majority Leader Mitch McConnell to expand the scope of national security letters (NSLs); and a proposal from the U.S. Customs and Border Protection agency (part of DHS) for visitors to America to provide social media details.

Amendments to Rule 41 of the of the Federal Rules of Criminal Procedure were proposed earlier this year. These were approved by the Supreme Court in April, and will now come into effect on Dec. 1, 2016.

These amendments expand the legality of FBI remote access (hacking). The first change is to relax restrictions on the location for a warrant to be issued. Rule 41 now reads, “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant…” 

This will enable the FBI to choose from a much wider selection of magistrates to approach for a warrant, if “the district where the media or information is located has been concealed through technological means.” This is clearly aimed at Tor and VPN users. However, the loose wording places no geographic limitations on the hacking, which could lead to problems with foreign jurisdictions. Europe, for example, has already made it clear that transnational legal issues should be processed via existing mutual legal aid treaties (MLATs). The Rule 41 changes, however, will enable the US government to hack European computers with a local warrant simply because the FBI believes a particular user is at the end of a VPN or has been using Tor.

There are also concerns that this will lead US authorities to stockpile vulnerabilities for their own use, to the general detriment of overall internet security (notice that it declined to disclose how it broke into the iPhone).

The NSL issue is currently in abeyance. McConnell switched his own vote to ‘no’ and the amendment was not passed by the Senate. The EFF suggests that this is probably a maneuver to allow him to reintroduce the amendment during a future debate.

Since NSLs are issued in secret without judicial oversight, the scope of the NSL has been limited. McConnell’s amendment would expand that scope. The FBI’s position is that it is not an expansion but a ‘typo’ fix that will allow it to do what Congress always intended it should be allowed to do.

The U.S.Customs and Border Protection proposal was posted on the Federal Register on June 23, 2016. It proposes the inclusion of a new data request for persons entering the US, requesting that visitors provide their social media account names. It is not proposed that this should be a mandatory requirement. 

Nevertheless the proposal states, “Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.” There is no immediate indication of what effect declining to give this information will have on the prospective visitor.

The public now has 60 days to comment on this proposal. Details are available in the Federal Register notice.