I have so many questions about the FBI's warrant to patch compromised Microsoft Exchange servers: washingtonpost.com/politics/2021/…
The changes to Rule 41 from several years ago allow magistrate judges to authorize searches outside of their districts in cases such as this one, but they don't authorize the FBI to patch or delete code on other people's machines.
@Riana_Crypto and I hosted a series of conversations about government hacking @StanfordCIS , including a discussion of these changes to Rule 41: cyberlaw.stanford.edu/events/governm…
Notably, at the time the govt argued that the changes were procedural and are needed for the effective *investigation* of cybercrime. Privacy experts said it was a dangerous expansion of law enforcement’s hacking authority. Guess we were right.
I don't think Rule 41 authorizes what the FBI did. It doesn't change the fundamental rule that searches and seizures must be searches, or seizures, and be based on probable cause that evidence will be found. This intrusions weren't only searches, they were alterations in code.
And the DOJ says that this maneuver was to "disrupt hacking activity", not to collect evidence. justice.gov/usao-sdtx/pr/j…
Another thing: The FBI got permission to delay notice to "individual victim users". On what basis?
Are there any analog examples of the FBI secretly fixing/altering something in the name of helping the victim?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
