SAN FRANCISCO — A group of senators are making a last-ditch effort to delay proposed changes to a federal rule that would greatly expand the government current hacking powers.
The Review the Rule Act would delay the proposed changes to Rule 41, officially known as the Federal Rule of Criminal Procedure 41, from going into effect until July 1, 2017. Earlier this year, the Supreme Court approved proposed changes to Rule 41, giving Congress until Dec. 1 to modify, reject, or postpone the changes established by the court before they become law.
Broadly speaking, Rule 41 deals with circumstances in which the government is allowed to tap into citizen's computers.
The bipartisan group backing the bill includes Democratic Senators Chris Coons, Steve Daines, Ron Wyden, and Al Franken and Republican Senator Mike Lee, together with Representatives John Conyers Jr., and Ted Poe, a Democrat and Republican respectively.
“This rule change would give the government unprecedented power to hack into Americans’ personal devices,” Wyden said in a statement accompanying the bill's release. “This was an alarming proposition before the election. Today, Congress needs to think long and hard about whether to hand this power to James Comey and the administration of someone who openly said he wants the power to hack his political opponents the same way Russia does.”
Under Rule 41 as it currently stands, warrants into computers and smartphones are approved by judges within the same jurisdictions as warrants for physical searches, with law enforcement officials forced to specify a computer in a specific location that they will be breaching.
The proposed change to Rule 41 has three parts. The first allows warrants to be issued to hack into computers, even if they are in undisclosed locations or hidden by “technological means” such as Tor browsers that mask a user’s identity. The second part grants permission for one warrant to be used on multiple computers, which privacy advocates say could affect tens of thousands of computers that are unknowingly infected, for instance, with botnets.
The third part, say privacy experts, is a subtle shift in language on how the government must notify individuals who are being hacked into. While current law states that the government must notify individuals who are involved in search and seizure, the new wording says the government must “make a reasonable effort.” Privacy advocates say this leaves the door open for the government to start hacking into people’s personal devices without their knowledge.
PayPal, Google, and the American Civil Liberties Union have joined privacy advocacy groups in speaking out against Rule 41, saying, in an open letter to lawmakers, that it would “give federal magistrate judges across the United States new authority to issue warrants for hacking and surveillance in cases where a computer’s location is unknown.” In the week since Trump won the presidency, privacy advocates have pushed harder on Congress to reconsider Rule 41.
“We cannot give the federal government a blank check to infringe on Americans’ civil liberties,” said Daines in the statement. “Congress needs the appropriate time to investigate the implications of this rule on Americans’ Fourth Amendment rights.”
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.