Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

U.S. Government Expands Authority in Cyberspace

DHS Proposal Requests Visitors Provide Social Media Account Names

DHS Proposal Requests Visitors Provide Social Media Account Names

The US government is continuing its quest for greater authority in cyberspace in order to fight crime and protect national security, despite its failure to force Apple to provide access to iPhones earlier this year. Current proposals include changes to Rule 41 of the Federal Rules of Criminal Procedure; a proposal by Senate Majority Leader Mitch McConnell to expand the scope of national security letters (NSLs); and a proposal from the U.S. Customs and Border Protection agency (part of DHS) for visitors to America to provide social media details.

Amendments to Rule 41 of the of the Federal Rules of Criminal Procedure were proposed earlier this year. These were approved by the Supreme Court in April, and will now come into effect on Dec. 1, 2016.

These amendments expand the legality of FBI remote access (hacking). The first change is to relax restrictions on the location for a warrant to be issued. Rule 41 now reads, “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant…” 

This will enable the FBI to choose from a much wider selection of magistrates to approach for a warrant, if “the district where the media or information is located has been concealed through technological means.” This is clearly aimed at Tor and VPN users. However, the loose wording places no geographic limitations on the hacking, which could lead to problems with foreign jurisdictions. Europe, for example, has already made it clear that transnational legal issues should be processed via existing mutual legal aid treaties (MLATs). The Rule 41 changes, however, will enable the US government to hack European computers with a local warrant simply because the FBI believes a particular user is at the end of a VPN or has been using Tor.

There are also concerns that this will lead US authorities to stockpile vulnerabilities for their own use, to the general detriment of overall internet security (notice that it declined to disclose how it broke into the iPhone).

The NSL issue is currently in abeyance. McConnell switched his own vote to ‘no’ and the amendment was not passed by the Senate. The EFF suggests that this is probably a maneuver to allow him to reintroduce the amendment during a future debate.

Since NSLs are issued in secret without judicial oversight, the scope of the NSL has been limited. McConnell’s amendment would expand that scope. The FBI’s position is that it is not an expansion but a ‘typo’ fix that will allow it to do what Congress always intended it should be allowed to do.

Advertisement. Scroll to continue reading.

The U.S.Customs and Border Protection proposal was posted on the Federal Register on June 23, 2016. It proposes the inclusion of a new data request for persons entering the US, requesting that visitors provide their social media account names. It is not proposed that this should be a mandatory requirement. 

Nevertheless the proposal states, “Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.” There is no immediate indication of what effect declining to give this information will have on the prospective visitor.

The public now has 60 days to comment on this proposal. Details are available in the Federal Register notice.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights