WASHINGTON -- The top U.S. law enforcement agency wants to give investigators greater leeway to secretly access suspected criminals' computers in bunches, not simply one at a time.
The Justice Department says the proposal, which was posted for public comment on a U.S. court website Friday, is an attempt to keep up with technology that lets people hide identities online. Privacy advocates contend the more aggressive hacking powers may violate rights of the innocent.
The proposal arrives as the government still is managing backlash to electronic-spying practices by the National Security Agency that were exposed last year by former contractor Edward Snowden.
"I don't think many Americans would be comfortable with the government sending code onto their computers without their knowledge or consent," Nathan Freed Wessler, a lawyer with the American Civil Liberties Union, said in a telephone interview. "The power they're seeking is certainly a broad one."
A committee of judges that sets national policy governing criminal investigations will have to sort it out, taking rules written for searching property and modernizing them for the Internet age.
"We have real concerns about allowing the police too much ability to search with too little oversight," said Hanni Fakhoury, a lawyer at the San Francisco-based Electronic Frontier Foundation, a privacy group. The Justice Department proposal would "dramatically expand the reach of federal prosecutors and investigators."
The rule would lift the geographical restriction on warrants for computer investigations, permit agents to remotely access computers when locations have been "concealed through technological means" and allow a single warrant for searches of certain computers located in five or more judicial districts.
"This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority," Justice Department spokesman Peter Carr said in an emailed statement. "The proposal makes explicit that it does not change the traditional rules governing probable cause and notice."
The proposal was published Friday for consideration by the Judicial Conference Committee on Rules of Practice and Procedure, commonly called the standing committee, which meets at the end of the month.
"The proposed amendment would enable investigators to conduct a search and seize electronically stored information by remotely installing software on a large number of affected victim computers pursuant to one warrant issued by a single judge," according to an analysis by the committee. "The current rule, in contrast, requires obtaining multiple warrants to do so, in each of the many districts in which an affected computer may be located."
"Victim computers" would be ones being used surreptitiously by criminals.
Justice Department officials stress that the proposal would not authorize any searches or efforts to gain remote access that are not already permitted by law. What they'd like to do is update the rules governing physical search warrants to accommodate the digital age, they said.
It has a long way to go before getting approval.
If the standing committee agrees to take up the matter, the proposal would be opened for public comment in August for six months. It could be amended before the comment period begins and would need to be reviewed by Congress for changes.
The Justice Department includes the FBI, the Drug Enforcement Administration and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
The department said the new power is needed to find child pornographers and other criminals taking advantage of technological advancements to shield their identities. Such technology includes proxy servers that mask the true Internet addresses of a criminal's computer, or the use of hundreds or thousands of compromised computers known as a botnet.
Federal agents now can obtain warrants allowing them to send malicious software over the Internet to computers suspected of being used in crimes. The government can keep these so-called remote-access operations secret from their target for as many as 30 days -- longer if an extension is approved by a judge.
The law limits those remote searches to the district where the judge who issued the warrant is located, when the actual locations of computers used in crimes may not be known.
Botnet computers could be spread across many or all of the nation's 94 judicial districts. Going after them requires judges in each district to issue warrants, a time-consuming process that creates delays and wastes investigative resources, according to the Justice Department.
"A large botnet investigation is likely to require action in all 94 districts, but coordinating 94 simultaneous warrants in the 94 districts would be impossible as a practical matter," said Mythili Raman, then-acting assistant attorney general for the Justice Department's criminal division, in a letter to a U.S. Courts advisory committee last year that previewed the proposal.
The department must describe the computer it wants to target with as much detail as possible. For example, an investigator may be communicating covertly with a suspected child molester and know an IP address, and then obtain a warrant to use malware to find the actual location. In the case of botnets, malware might be used to try to free the compromised computers from a criminal's control.
Obtaining a single warrant to use malware to search potentially thousands of computers in unknown locations would violate constitutional requirements that court-authorized searches be narrow and particular, Fakhoury said.
He said he questions whether investigators could use the new rule to bypass legal requirements in accessing data stored online, such as within Google Inc.'s Drive cloud service or Microsoft's Outlook email accounts.
A Google spokesman, Niki Christoff, and a Microsoft spokesman, Kathy Roeder, said their companies declined to comment.
The Justice Department's effort appears to be in response to an April 2013 court ruling denying a search warrant for a remote-access operation, Wessler said.
In that case, U.S. Magistrate Judge Stephen Smith of the Southern District of Texas picked apart the government's request to secretly install software on an unknown computer in an unknown location that could extract stored electronic records and even activate the computer's built-in camera.
Smith said the computer could be located in a public place or used by family members or friends not involved in illegal activity, and that the request didn't satisfy constitutional requirements.
Wessler said the government should be required to exhaust other options for finding and accessing computers suspected of being used in crimes, such as serving individual warrants on Internet service providers.
While federal investigators make efforts to use other tactics, "the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend" criminals, said Carr, the Justice Department spokesman.
Information for this article was contributed by Chris Strohm of Bloomberg News and by Ellen Nakashima of The Washington Post.
A Section on 05/10/2014