As Congress considers changes to a federal rule that would allow law enforcement to get so-called global warrants to remotely search users’ machines in many jurisdictions, civil liberties groups are urging congressional leaders to reject the modification, which the groups say are “dangerously broad”.
The change under consideration is for Rule 41 of the Federal Rules of Criminal Procedure, which concerns the limits of government search and seizure. The rule has specific language about the circumstances under which a judge can issue a warrant for a search. The change that is under consideration right now would amend the circumstances under which judges can issue warrants for remote searches of electronic devices, enabling law enforcement agencies to obtain a warrant for many devices in multiple jurisdictions.
One of the motivations for the proposed modification of the rule is the increased use of tools such as Tor and VPNs to hide the location of computers. The change to Rule 41 would address this by allowing agents to apply for a warrant to unmask the location of a suspect’s computer through the use of hacking techniques.
In May, Sen. Ron Wyden (D-Ore.) introduced a bill that would prevent the changes from going into effect. Because of the way that the rulemaking process works, unless Congress passes legislation to prevent any changes, the modifications to Rule 41 will go into effect in December. Civil liberties groups and privacy advocates worry that the change would give law enforcement agencies too much power to remotely hack suspects’ and other people’s computers. In a letter sent to leaders of both the House and the Senate, dozens of groups asked legislators to stop the proposed change, which they say could have serious negative effects on many users.
“The changes to Rule 41 give federal magistrate judges across the United States new authority to issue warrants for hacking and surveillance in cases where a computer’s location is unknown. This would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once—which it is hard to imagine would not be in direct violation of the Fourth Amendment,” the letter says.
“It would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet. This proposal is dangerously broad. It fails to provide appropriate guidelines for safeguarding privacy and security, and it circumvents the legislative process that would provide Congress and the public the critically necessary opportunity to evaluate these issues.”
“Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking.”
The letter is signed by the ACLU, Center for Democracy and Technology, the EFF, Google, the Internet Archive, and many other groups, and they say the proposed change would give law enforcement agencies too much latitude. The change also would allow agencies to get access to sensitive information on targets’ machines, data that may have nothing to do with the investigation at hand.
“In order to conduct searches and seizures under the rule change, government agents will exploit security vulnerabilities that impact millions of compute r users. Whenever the U.S. government uses such vulnerabilities instead of working to see them swiftly fixed, other governments and malicious hackers will be able to exploit them as well. Furthermore, when using hacking techniques, government agents will have access to huge amounts of sensitive information,” the letter says.
On the other side of the issue, lawyers at the Department of Justice say that the change to Rule 41 has nothing to do with hacking, but is instead designed to allow law enforcement agents to identify the right judge for a given warrant application.
“The amendments would not authorize the government to undertake any search or seizure or use any remote search technique, whether inside or outside the United States, that is not already permitted under current law. The use of remote searches is not new and warrants for remote searches are currently issued under Rule 41. In addition, most courts already permit the search of multiple computers pursuant to a single warrant so long as necessary legal requirements are met,” Leslie R. Caldwell, assistant attorney general in the criminal division at the Department of Justice, said in a post on the proposed change.
But EFF officials say the change would, in fact, lead to a spike in government hacking.
“Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking. The government is trying to avoid scrutiny and sneak these new powers past the public and Congress through an obscure administrative process,” Rainey Reitman, activism director at the EFF, said.