The FBI is not a fan of computer security, nor is it a fan of disclosing how it collects information. Just ask anybody trying to track its domestic drones and what they’re listening to. And the agency just got an enormous expansion of its hacking powers that fundamentally changes how the government is allowed to see cyberspace, and allowed to invade your computer without your knowledge even if you’re completely innocent.
In effect as of 12:01am today (after Congress’ last-ditch attempt to block an applicable bill proved unsuccessful), the FBI can now get a warrant that allows it to hack any computer tied to an investigation, regardless of where that computer may be and who owns it. Before, if the FBI wanted to breach computers in different states or countries, it needed a warrant for each area. Now, as long as the computer involved falls under the first warrant, the FBI can pretty much do what it wants, even if you’re innocent.
If this sounds familiar, it should: This looks to be largely the same blank check that led to the NSA’s PRISM scandal, where it was revealed that basically the NSA was possibly taking everything on your phone and looking at it for giggles. The FBI’s argument is that it needs expanded search powers online to more effectively deal with cybercrime, using “network intelligence-gathering techniques,” which is true. The FBI needs some sort of search power to track down hackers who run massive networks of computers called “botnets” to commit what amounts to acts of digital vandalism as well as complex thefts and other problems.
The issue, though, is how loose the rule is, and the complete lack of transparency around the techniques the FBI uses. We don’t know much about the FBI’s “Network Investigative Technique,” or NIT, a set of malware programs it uses to crack computers, except for the fact that they don’t consider it “malware” because the FBI are the “good guys.” However, the FBI has a questionable history of being the “good guys,” depending on who you ask and the fact that the FBI can likely keep anything it finds on your computer, regardless of whether you’re the target of an investigation or not, is deeply troubling.
Similarly, there’s no way to know what the NIT does to your computer, because the FBI hasn’t told anyone. It might disable or destroy privacy protections and settings, it might crash your computer or rearrange files without your knowledge, heck, it might replace all your Wilco MP3s with Florida-Georgia Lines songs, for all we know. The FBI has actively defied a court order to turn over the code, to the point where it would rather let evidence in child pornography cases be dismissed as lacking relevance than let privacy advocates see what they’re doing.
Paired with the FBI’s repeated attempts to force device manufacturers to create a backdoor into their products, and the fact that the FBI can collect reams of digital data in the first place with no warrant, it seems worth asking why the agency needs a power this broad. It’s true the law needs to keep up with the times, but so should the justifications for the powers we grant any branch of government.