Google has filed public comments opposing a proposed change to procedural rules that would allow a federal judge to issue warrants for “remote access” searches of computers located inside the United States and anywhere else in the world under certain circumstances.
In comments to the Judicial Conference Advisory Committee on Criminal Rules, Google warned that the change would raise “monumental and highly complex constitutional, legal and geopolitical concerns.”
“The implications of this expansion of warrant power are significant, and are better addressed by Congress,” Richard Salgado, Google’s legal director of law enforcement and information security, said in a separate blog post on the issue.
Google’s concern stems from a U.S. Department of Justice proposal to amend the Federal Rule of Criminal Procedure 41, pertaining to the issuance of search warrants by federal judges. The rule, as currently written, prohibits federal judges from issuing search warrants outside their districts.
The proposed change would remove that restriction in cases involving searches of computers and networks. The change is designed to allow the U.S. government to obtain a warrant to conduct remote searches of computers and electronic storage media if the physical location of the devices cannot be determined through technological means. The proposed change would also facilitate botnet investigations in some cases.
According to Google, the change, while seemingly minor, poses two big problems.
By removing the existing warrant limitation, the amendment would basically give the U.S. government the authority to directly search computers and online storage systems regardless of where they are located. Even if the intent of the change is to facilitate domestic investigations, there is nothing that would restrict the government from obtaining warrants to conduct searches on computers located anywhere, Salgado said.
The manner in which the amendment is worded would also mean that banks, retailers and others who use virtual private networks (VPNs) could be subject to such remote searches because a VPN can obscure the actual location of a network, Salgado warned.
Such searches would seriously undermine existing diplomatic measures that the U.S. has in place with other countries, he noted, pointing to Mutual Legal Assistance Treaties (MLATs) as one example. Among other things, MLATs offer a process for U.S. law enforcement agencies to obtain information stored on overseas systems by working with their counterparts in other countries.
The second major problem with the proposed change, according to Salgado, is that it threatens to seriously undermine privacy rights and protections against unreasonable search. The amendment does not clearly define what a remote search is or under what circumstances it should be undertaken. “It merely assumes such searches, whatever they may be, are constitutional and otherwise legal,” Salgado said.
“It carries with it the specter of government hacking without any Congressional debate or democratic policymaking process.”
The issue over the government’s authority to serve warrants that enable searches of content stored overseas is a contentious one.
The DOJ and Microsoft are currently engaged in a high-profile dispute over the issue. In that particular case, the U.S. government wants Microsoft to provide it with the contents of an email account stored on a Microsoft server in Dublin, Ireland.
Microsoft has claimed that the search warrant used to pursue that information amounts to an illegal and extra-territorial application of U.S. law. The company has said it has no objection to providing the information so long as the government uses a process like MLATs to obtain it.
The government, meanwhile, has argued that MLATs are a slow and cumbersome process for obtaining critical information in fast-moving criminal cases. It has argued that Microsoft, as the owner of the server in question, has control over the data and should produce it in the U.S. as required by the warrant. It has also noted that the mere act of retrieving the data from Microsoft’s Dublin-based server does not constitute a search.
It is unclear if the DOJ’s attempt to amend the rule pertaining to search warrants for electronic data is related to issues raised by the Microsoft case. But if the amendment is adopted, it would certainly reinforce the government’s ability to go after such data.
Privacy and rights advocates have warned that if the U.S. were to argue that its search warrants apply overseas, there is nothing to stop other governments from taking the same position with regard to data stored on U.S. servers.