According to the revised Rule 41, law enforcement can now request one warrant for hacking anyone in the US, even multiple targets, from one single judge.
Furthermore, if the target is using Tor, I2P, VPNs, or other technologies that mask his IP address, the FBI has the legal power (in their eyes) to hack anyone across the globe.
The FBI isn’t strange to such scenarios, and it didn’t wait for the new Rule 41 amendment to pass. In 2015, the FBI obtained one warrant, which it used to hack over 8,000 computers in 120 countries.
FBI can hack anyone part of a “botnet”
Also included in Rule 41 is a clause that allows judges to issue warrants that allow law enforcement to hack or seize devices part of a botnet.
Nowadays we have botnets of IoT smart devices, botnets of infected home WiFi routers, botnets of infected PCs, botnets of infected mobile devices, and so on. Any malware that infects any device and uses an online command and control server is a botnet, even annoying adware families. Almost all malware families today use C&C servers, and indirectly form a botnet.
Technically, the FBI and US law enforcement can hack anything they want on the suspicion a device has been infected with malware.
DoJ says Fourth Amendment rights still valid
In a statement published in June, the US Department of Justice has tried to reassure the US population that protections provided by the Fourth Amendment are still into play and law enforcement must establish probable cause before requesting such warrants.
Nevertheless, judges are still the ones ruling on these warrants. Just this spring, the media blasted a clueless judge that oversaw the copyright battle between Oracle and Google. The judge had a very hard time understanding basic principles such as APIs and programming languages. Throwing around words like botnets and malware at such judge would likely result in approval of any warrant the FBI would be requesting.
While the FBI and other law enforcement agencies try to push the agenda for new laws that fight new “cyber” threats, nobody’s talking about educating members of the judicial system.
It’s happening all over the world
There’s a trend across the world with several countries passing privacy-intrusive and sweeping surveillance laws. Just two weeks back, the UK has approved the most extreme surveillance law ever passed in the history of a Western democracy, as Edward Snowden characterized the new Investigatory Powers Bill (IP Bill), which was passed into law this week.
Similarly, also this month, China passed new a cyber-security law that allows it to restrict Internet access in the country in the case of a “national security” issue.
This week, Russia and China signed a pact that would allow the Kremlin government access to Chinas’ famous Great Firewall technology. Russia is already running its own “blocklist,” but now hopes to gather know-how on running a proper Internet censorship tool from the world’s best, which is with no doubt the Chinese administration.