Among the Judicial Conference Advisory Committees on Appellate, Bankruptcy, Civil, and Criminal Rules proposed amendments are changes to Criminal Rule 41. We already looked at one expert\u2019s opinion back in September after the DOJ proposed changes to Rule 41\u00a0that\u00a0would allow the FBI to hack into and remotely control PCs located anywhere in the world if the user is using anonymizing tech such as Tor or a VPN that "deliberately" disguises the location of the PC. Law professor Ahmed Ghappour explained constitutional and Fourth Amendment issues as well as how it would apply investigative powers normally associated with terrorism to investigating "general crimes."While there is an impressive lineup of witnesses to give testimony on the Rule 41 proposed amendments, let\u2019s turn our attention toward comments submitted by a trio of experts who understand it\u2019s likely that \u201csurreptitious remote computer searchers will become an increasingly prevalent law enforcement technique in the future\u201d and addressed some of the dangers of the proposed changes to search rules.The changes to Rule 41 have not been properly vetted by technical minds and the technical side of remotely hacking into PCs is problematic. The entire document is worth a read as it spells out \u201chow not to do remote computer searches.\u201d These comments (pdf) were submitted by Columbia University computer science professor Steve Bellovin, University of Pennsylvania computer science professor and cryptology expert Matt Blaze, and Worcester Polytechnic Institute professor of cybersecurity policy and former senior staff privacy analyst at Google Susan Landau.The draft of proposed changes points out that botnets \u201cmay range in size from hundreds to millions of compromised computers.\u201d Because botnets can take over a very large number of victims\u2019 computers, law enforcement wants a one-size-fits-all warrant. \u201cBut this approach must be avoided,\u201d the team of technical experts wrote. \u201cIt is legally and technically dangerous to use a \u2018common scheme to infect the victim computers with malware\u2019.\u201d From a technical standpoint, that common scheme could \u201ceasily go out of control,\u201d and \u201cfrom a legal standpoint, the lack of specificity is highly problematic.\u201d They urged the committee to \u201creject the multiple-victims-one-search-warrant approach.\u201dThe people behind those infected machines are already victims, and \u201callowing broader seizures of information from millions of machines simply because they were the victims of computer crime seems wrong,\u201d the draft said. Planting malware could cause more damage to their PCs, or the malware could spread from the victims\u2019 computers to other machines. Look at what happened with Stuxnet. They suggested that law enforcement should use honeypots first when trying to get a \u201cclear understanding of exactly how the malware in question works,\u201d rather than hacking into victims\u2019 computers to study a botnet.The trio explained that, in the future, technically sophisticated criminals could split botnet command-and-control malware in several pieces and plant those files in many different places on victims\u2019 machines. Will law enforcement intrusively root around anywhere on the PC? \u201cRather than rummaging more broadly through the computer,\u201d they suggested \u201cthat language mandating narrow searches, especially of victim machines, be added to the rule":An application for a warrant issued pursuant to (b)(6)(B) must include a statement specifying precisely which data is to be seized. The warrant itself must limit the investigation to those specific facts.To do otherwise would be to turn a phishing attack into a fishing expedition.Then what about giving the victim notice about a search warrant? Of four feasible mechanisms of notifying a target\u2026\u201ca file left on the computer; a pop-up window; an email message; or a physical letter, all are problematic, especially for mass searches.\u201dBoth location and jurisdiction present problems under the proposed changes to Rule 41. Masking location or identity does not imply some shady motive on a user\u2019s behalf. For example, people use a VPN, \u201cnot to conceal location or identity but because public and hotel networks are notoriously insecure; indeed, even some cellular network providers are known to tamper with web traffic.\u201d Tor makes knowing the location \u201cextremely difficult or impossible\u201d and could mean the FBI ends up hacking into computers in another country\u2026and that could potentially break the laws of that country and start a cyberwar. \u201cWhile U.S. law may permit such searches, the law of the host country almost certainly does not.\u201dAlthough law enforcement would rather not disclose specific tools and techniques used to compromise and surreptitiously collect evidence from target computers, non-techie judges need to fully understand those highly technical techniques. Does the judge about to approve a one-size-fits-all warrant comprehend the security implications of law enforcement exploiting a \u201cvulnerability (whether due to a software flaw or an explicit \u2018backdoor\u2019)\u201d that \u201chas the potential for illicit exploitation by criminals and foreign intelligence services?\u201dThe security implications are staggering. They wrote:And the computer software, hardware, and devices used by criminals (and from which evidence is collected) are also used by thousands\u2014or millions\u2014of innocent citizens to store, process, and communicate the most important and sensitive details of their lives and businesses. This means that that any flaw used by law enforcement for laudable evidence collection purposes also represents a risk to innocent people.\u201cIt is natural to expect law enforcement to hold information about exploitable flaws closely, to maximize their useful lifetime for investigative use. But other public policy goals must be weighed against this\u2026there is the broader question of reporting the vulnerabilities that law enforcement exploits to vendors so they can be fixed. That is, the use of vulnerabilities for law enforcement must be balanced against the need to protect citizens from criminals who might exploit them themselves.\u201dThe team of experts recommended that any proposal to change Rule 41 should not include \u201cblanket warrants\u201d or one warrant \u201cto conduct multiple simultaneous searches on victims\u2019 computers.\u201d Any remote search warrant issued should \u201cinclude precise, particularized specifications of the area of the computer that is to be searched.\u201d Due to potential international complications, \u201cexcept for extremely serious cases, such searches should be done only with the cooperation of the host country.\u201d They also recommended a \u201ctwo-pronged approach\u201d to giving victims notice of a search.In closing, they wrote:There is, to our knowledge, no explicit statutory authority for law enforcement to hack into computers; given the intrusiveness and danger of such activities, there is a need for balance. The legislative process is best suited to address this.You can read the above remote search comments in full here (pdf). The public can comment on the preliminary draft changes (pdf) until Feb. 17, 2015.