A government request to change federal court rules to make it easier to hack into computers during criminal investigations places a new twist in the debate over privacy rights versus fighting crime in the digital world.
The Justice Department is arguing for warrants that provide law enforcement with more flexibility in tracking down suspects using anonymizing tools, such as Tor, The Wall Street Journal reported.
The government is arguing that the number of criminals taking advantage of anonymization technologies is increasing, so law enforcement needs help in penetrating these cloaks for criminal activity. In essence, the government wants to obtain one warrant that allows it to hack one computer and use it as a springboard for searching systems it is connected to over the Internet.
For example, Tor scrambles governments' ability to identify people on the network by passing communications through many computers run by volunteers. To locate the system used by a suspect, the governments wants one warrant that would allow it to search many computers at the same time, as well as related storage, email and social media accounts.
While the government would break into computers using the same techniques as cybercriminals, such as sending carefully crafted email to get the recipient to click on a malicious attachment, the government avoids the word hacking and prefers such euphemisms as "network investigative tools" (NITs).
Authorizing law enforcement to cast such a wide net during criminal investigations concerns privacy advocates.
"We're obviously very worried about it because the government's 'network investigative tools' are really just invasive malware that should be used only in the most extreme of circumstances," Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, told CSOonline.
Giving the government to much flexibility threatens Americans' rights under the Fourth Amendment, which limits searches only to places where evidence is likely to be found, Fakhoury said. The DoJ proposal would allow "open-ended access to a whole host of information."
In addition, allowing the government to increase its use of exploits for software would hurt Internet security overall, since the malware used by law enforcement would eventually be discovered by cybercriminals.
"The more malware and exploits that are available on the market, the more everyone is exposed, regardless of whether they are criminals or not," Fakhoury said. "I would think it would be in the tech industry's best interest to be against this, as it leaves vulnerabilities exposed to the DoJ and malicious actors alike."
Al Pascual, analyst for security, risk and fraud at Javelin Strategy & Research, believes there is a middle ground. The courts could require greater specificity on what data is collected, from whom and in support of what charge, he said.
Sign up for CIO Asia eNewsletters.