In September, I wrote about Rule 41 of the Federal Rules of Criminal Procedure, which outlines what federal agencies like the FBI can and can’t do during law enforcement investigations.
You see, the Department of Justice quietly changed this rule and hardly anyone noticed. It was a huge power grab for digital surveillance by the Obama administration.
- As the Electronic Frontier Foundation explains, it “would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one’s location.” There are lots of innocent reasons to use privacy-protective tools — in fact, the federal government strongly recommends using VPNs, one such tool, on public networks — and now, if the government wants to hack a computer using this software, federal agents can shop around for judges until they find one who will rubberstamp their requests. (Previously, they were limited to judges with direct geographic jurisdiction.)
- The second part of the rule change is arguably even worse. It’s about investigating botnets, which are virtual networks created when a hacker infects thousands or even millions of computers with malware, allowing him to remotely control them. Compromised computers in botnets can be used for illegal activities without their owners’ knowledge. With the new Rule 41, if the FBI is investigating a botnet, it can get a judge (again, this could be just about any federal magistrate judge) to issue a single warrant letting the agency hack any computer they suspect might be infected. For a really big botnet, that means the feds would be allowed to secretly poke around literally millions of Americans’ computers under just one warrant.
Civil libertarian senators Rand Paul and Ron Wyden introduced the the Stopping Mass Hacking Act in an attempt to nix these rule changes, which are due to go into effect Dec. 1 — Thursday of this week.
So far, their bill hasn’t passed.
Now, Wyden is partnering with two other senators to delay the rule change by three months. If he succeeds in getting the delay approved, Congress may still let this trampling of our Fourth Amendment rights move forward — but at least we’d have a real shot at shutting it down.
If you don’t believe Washington should be able to secretly hack millions of Americans’ computers on “suspicion” of botnet activity, take a moment to give your representative and senators a call today (and I do mean a call, not an email).
Because once this rule goes into effect, it is almost entirely certain this power grab will never be undone.
UPDATE: The Hill reports: “A last-ditch effort in the Senate to prevent changes to a rule that will ease the process for law enforcement to use hacking in investigations failed Wednesday morning, allowing the controversial updates to Rule 41 to take effect at midnight.”
“Sens. Ron Wyden (D-Ore.), Steve Daines (R-Mont.) and Chris Coons (D-Del) took to the floor and unsuccessfully asked for unanimous consent to either pass or formally vote on three bills to delay or prevent updates to the process used by law enforcement to get a warrant to hack suspects’ computers,” the reported continued.
“We simply can’t give unlimited power for unlimited hacking,’ Daines argued.”