Big Change Coming to Government Hacking Powers
In two weeks, the federal government will gain significant new authority to perform remote searches of devices anywhere in the country, with a single warrant. The new power will go into effect on Dec. 1, and though Congress has the ability to prevent that from happening, it’s looking less and less likely that they will.
The increased authority for law enforcement agencies to hack devices without knowing their locations has been in the works for a long time. The Department of Justice has requested the change to Rule 41 of the Federal Rules of Criminal Procedure and the Supreme Court approved the change earlier this year. Rule 41 concerns the limits of search and seizure, and the proposed change would enable a law enforcement agency to ask a judge anywhere in the country for a warrant that would grant the ability to search remotely any number of machines, regardless of their location inside the U.S.
Civil liberties groups, security experts, and technology providers have expressed serious concerns about the change to Rule 41, saying that it could result in a major expansion of remote hacking of innocent citizens’ computers. Earlier this year, Google, the EFF, and other groups sent a letter to Congress objecting to the change.
“The changes to Rule 41 give federal magistrate judges across the United States new authority to issue warrants for hacking and surveillance in cases where a computer’s location is unknown. This would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once—which it is hard to imagine would not be in direct violation of the Fourth Amendment,” the letter says.
The Justice Department has said that the change would simply allow law enforcement agencies to get a warrant when it isn’t clear which judge would have jurisdiction. But opponents of the amendment worry that the new power could be misused.
“We know that Rule 41 would be a massive expansion of government hacking, putting at risk the liberty of the American people. There’s no telling what kind of impact secret government malware could have on our devices, on the networks that run our hospitals, electric grids and transportation systems,” Sen. Ron Wyden said in a speech in June. “The changes leave Americans more exposed and of course put at risk their liberty.”
Wyden and Sen. Rand Paul have introduced a bill in the Senate that would prevent the change from taking effect, but so far the measure has gone nowhere. But in late October, a group of more than 20 lawmakers from both the House and the Senate sent a letter to Attorney General Loretta Lynch asking for more information about how the department expected to use the new powers.
“We are concerned about the full scope of the new authority that would be provided to the Department of Justice,” the lawmakers wrote in the letter. “We believe that Congress — and the American public — must better understand the Department’s need for the proposed amendments, how the Department intends to use its proposed new powers, and the potential consequences to our digital security before these rules go into effect.”
The amount of public information available on the change is pretty low, and most Americans likely have no idea that it’s in the works. The issue won’t be debated in public, either, and without any sudden movement from Congress the change will happen. Remote searches are a key part of the way that modern law enforcement agencies do their work. But there are strict limits on how and when those searches can be done, and for good reason. The expansion of those powers under Rule 41 will loosen those limits, something that could be the first step down a dangerous road.