For instance, he said, society will need to determine how to “balance private property rights against national security needs in cases like this.” Important and unresolved legal issues are embedded in this case, he said. “This action highlights the precedent, and power, of courts becoming de facto cybersecurity regulators that can empower the Department of Justice to clean up large-scale deployments of malicious code,” Shackelford said via email. Shackelford said the revision to Rule 41 allows the FBI to access computers outside the jurisdiction of the court which issued the search warrant. The 2016 change was designed to help the government more easily battle botnets and to support cybercrime investigations in situations like this one where the criminals’ locations are unknown, according to Scott Shackelford, a law professor and the director of the Ostrom Workshop Program on Cybersecurity and Internet Governance at Indiana University. While the amended rule has been used previously, legal experts say this case appears to be the most sweeping and high-profile application of the rule to date and is a notable example of federal prosecutors using it not just to investigate criminal activity but to disrupt it. The culmination of a three-year deliberation process which included written comments and public testimony before the federal judiciary’s Advisory Committee on the Federal Rules of Criminal Procedure - a committee which includes judges, law professors, and attorneys in private practice - the 2016 amendment was ultimately adopted by the Supreme Court and approved by Congress. The government’s use of a search warrant to gain such remote access to individual computers without notice to the owners relied on a 2016 amendment to Rule 41, a federal rule of criminal procedure. By leveraging physical access to a subset of infected devices, the FBI said it was able to reverse engineer its way into accessing all of the botnet’s command and control devices. The Kremlin-backed hackers responsible for the botnet - a group known to cybersecurity researchers as Sandworm - exploited a vulnerability in WatchGuard Technologies firewall devices to install malware on a network of compromised devices. While the search warrant publicized by DOJ makes clear that this access did not allow the FBI to “search, view, or retrieve a victim device owner’s content or data,” legal experts say the case does raise questions about how far the government’s power should extend under a federal criminal procedure provision known as Rule 41. government calls the “Cyclops Blink” botnet - and did so without the owners’ permission. Using so-called remote access techniques, law enforcement effectively broke into infected devices from afar to destroy what the U.S. In what former prosecutors and legal experts call a landmark operation, the Department of Justice has now tested that principle to disrupt a Russian botnet that was spreading malware on a far-flung network of computers. The notion that citizens are protected from unreasonable search and seizure is a bedrock legal principle: A court must issue a search warrant before police can enter a private home and ransack it looking for evidence.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |