Expats beware, the US now has the authority to hack and search your computer

Expats beware, as of December 1, 2016 the US government has the right to hack and search your computers. They’ve always had the ability to search U.S. based email providers and computers located within our borders. A change to Rule 41 extends this “right” to computers located anywhere in the world.

If you’re living and working offshore, your computer is no longer private. The U.S. government and the IRS have has the right to search it, just as if you were using a U.S. based network. Here’s what happened and why you should take action now to maintain your privacy.

Rule 41 of Criminal Civil Procedure previously allowed a magistrate judge to issue warrants to search any property or place within his or her district. Such a warrant can include the right to plant tracking devices and to surreptitiously hack computers and networks to gain access to information without the owner’s knowledge.   

So, what about computers and property outside of the judge’s district? What if a government agency in New York wants to search a computer in California? They had to go to a judge in California for the warrant.

What about computers located outside of the United States? Especially those not owned or managed by U,S. corporations?

  • Whether the U.S. can force local companies like Microsoft and Google to give them access to systems based in foreign countries is another matter for another day. Surprisingly, Microsoft won an appeal in such a case this year. See: Microsoft Wins Appeal on Overseas Data Searches

Because a U.S. judge wasn’t authorized to issue a warrant to search a foreign network, U.S. law enforcement were forced to go through their foreign counterparts for assistance.

Since the U.S. is the legal and moral compass of the world, this is not acceptable. Our government obviously deserves unlimited powers to hack and search wherever and whenever they desire.

The FBI waited for the perfect case to force a change to Rule 41. A case that the public would find so appalling that they’d give up their rights to privacy without a second thought. One that was so disgusting that no one would bat an eye when the U.S. claimed jurisdiction over computers and persons outside of its borders.

The FBI found its hammer in the Playpen darkweb child pornography case. In February 2015, the FBI seized the site, but instead of shutting it down, ran Playpen from a government server for 13 days.

Even though they had control of the site, investigators were unable to see the IP address of Playpen’s visitors or otherwise identify them because users rerouted through VPNs or connected via tor.

Not to be deterred, the FBI built a virus, which it called a network investigative technique (NIT), to find the location of those who accessed Playpen. That malware broke into the computer of anyone who visited child pornography threads on Playpen and sent the suspect’s real IP address back to the FBI.

Using this hack, the FBI gained access to 1,000 computers throughout the United States.

They also accessed 7,000 computers located in 119 other countries.

And all of this was done under the color of law using a single warrant issued by a magistrate judge in Virginia. No cooperation was sought from foreign law enforcement agencies and no supporting warrants were issued in the districts where U.S. users were located.

Basically, a single magistrate judge from the Eastern District of Virginia allowed the FBI to hack over 8,000 people in 120 countries. Not to mention the moral issues around allowing a government agency to run a child porn site for 13 days.

As I said, the Playpen case was all about forcing a change to Rule 41. The searches of foreign computers, and U.S. systems outside of the Eastern District of Virginia, were obviously improper. The judge didn’t have the authority to approve searches outside of her district.

So far, 14 U.S. courts have ruled the searches were in violation of Rule 41 and 4 courts have thrown out all evidence obtained. I expect most of the Playpen defendants will win their cases… at least, those who can afford high priced lawyers and a couple hundred thousand in legal fees.

This case forced Rule 41 to the forefront, motivating the Supreme court make changes authorizing national and global warrants just like the one used in Playpen. This change gives rank and file law enforcement officers the right to hack and search any computer in the world.

And these search powers won’t be limited to criminal cases. The IRS already has the right to search and seize any account held at a foreign bank with a branch in the United States. They do this by issuing a levy to the U.S. branch, who then passes it to the foreign office. Any agent assigned to a collection case can use this technique… no court order or special procedure required.

With the change to Rule 41, the IRS and all other government agencies capable of bringing criminal charges will use it to search the computers of expats for evidence. Yes, these searches will require the approval of an administrative judge, but that’s no big deal. I expect the IRS to find one judge to issue these warrants all day.

Because any magistrate can now issue national and global warrants, all the Service needs is one friendly judge. He or she will allow the Service to gain access to your computer anywhere in the world and use whatever they find there against you in an audit and a criminal proceeding. The same goes for the government’s “right” to hack and search foreign banks, brokerages, email providers, web servers, networks, and anyone else they wish in search of evidence.

I hope you’ve found this article helpful. If you want to maintain your privacy, you’ll need to set up security measures and take steps to protect your data from the most aggressive and powerful hackers on earth, the United States government.