US can remotely access and seize computers anywhere in the world

10 January 2017

Assistant attorney general Leslie R. Caldwell said law enforcers no longer need to go to different judges to seek search warrants.

Assistant attorney general Leslie R. Caldwell said law enforcers no longer need to go to different judges to seek search warrants.

Federal magistrate judges in the US can now issue warrants enabling the country’s law enforcement agencies to remotely access data located anywhere in the world.

Rule 41 of the Federal Rules of Criminal Procedure defines what magistrate judges are authorised to do when it comes to providing warrants for searches and seizures to help an investigation. Up until now, it only allowed judges to issue warrants for searches in the judicial district where they were located. 

An amendment to Rule 41 was approved by the US Supreme Court earlier in 2016 and came into effect on 1 December.

For the first time, federal judges are now authorised to issue warrants when technological means and proxy networks – such as Tor or VPNs – obscure the location of a computer. They can issue warrants to remotely access, search, seize or copy data on computers located anywhere in the world. 

In addition, a judge can issue a single warrant authorising the search of potentially thousands or millions of devices. Warrants could cover any number of searches in any jurisdiction.

Speaking at an event highlighting cyber crime enforcement held earlier this month in Washington D.C, assistant attorney general Leslie R. Caldwell said: “We regularly encounter crimes like mass hacking through botnets that are carried out in multiple districts at once, all across the country.

But in order to respond in a timely, comprehensive manner, the prior version of the rule arguably required authorities to obtain a warrant in each district – up to 94 in all, across nine time zones, ranging from the Virgin Islands to Guam.

“Now, when criminals hide the location of their computers through anonymising technology, we don’t have to figure out in which federal district the computers are physically located before we can act to stop criminal activity.”

Simon Hansford, CEO of UKCloud, said the US legislation highlights the importance of data sovereignty and of ‘buying British’ when it comes to cloud services.

UKCloud CEO Simon Hansford believes you should ‘buy British’ when it comes to cloud services.

UKCloud CEO Simon Hansford believes you should ‘buy British’ when it comes to cloud services.

He said that the major public cloud providers – including Amazon Web Services, Apple iCloud, Microsoft and Google – are all US-headquartered firms so are subject to US law and therefore Rule 41. 

“Data stored in their data centres, regardless of whether these facilities are located in the UK or anywhere else in the world, will be subject to the Rule.

"This means that, with the correct warrants in place, US judges will be able to authorise legal access to any data that British citizens and organisations choose to store using these services.”

In contrast, Hansford pointed out that UKCloud holds all of its data at facilities in Hampshire and Wiltshire, and is subject only to UK law.

“This protects its customers – which are exclusively public sector organisations, many of which are storing data about British residents – from the jurisdiction of foreign courts and regulations.”