SAN FRANCISCO — A last-ditch effort to stop a rule change in the federal court system that would vastly increase the ability of the government to hack into private computers and smartphones will be taking place in the Senate on Thursday.
Sen. Ron Wyden, one of the most outspoken privacy advocates in the Senate, told BuzzFeed News he would go to the Senate floor to force a discussion on a rule federal courts have to follow known as "Rule 41." Though currently obscure, the rule — if enacted — will give the government broad hacking powers come Dec. 1.
“Without so much as a vote or even a hearing, letting this procedural rule go forward amounts to congressional consent for government mass hacking,” Wyden told BuzzFeed News. “The government would have a blank check to hack hundreds of thousands of computers with a single warrant from one judge."
The uproar over Rule 41 centers around a proposed change to the Federal Rules of Criminal Procedure. It would allow any magistrate judge to issue warrants for government-sanctioned hacking of any number of computers or smartphones, in any part of the US. For now, warrants into computers and smartphones are approved by judges within the same jurisdictions as warrants for physical searches, law enforcement officials forced to specify a computer in a specific location that they will be breaching.
Earlier this year, the Supreme Court approved proposed changes to Rule 41. Congress now has until Dec. 1 to modify, reject, or postpone the changes established by the court before they become law.
Rule 41 has three parts: the first allows warrants to be issued to hack into computers, even if they are in undisclosed locations or hidden by “technological means” such as TOR browsers that mask a user’s identity. The second part grants permission for one warrant to be used on multiple computers, which privacy advocates say could affect tens of thousands computers that are unknowingly infected, for instance, with bot-nets.
The third part, say privacy experts, is a subtle shift in language on how the government must notify individuals who are being hacked into. While current law states that the government must notify individuals who are involved in search and seizure, the new wording says the government must "make a reasonable effort." Privacy advocates say this leaves the door open for the government to start hacking into people’s personal devices without their knowledge.
"Americans don’t believe that government hackers who break into our devices are going to make them work better," Wyden told BuzzFeed News. "The collateral damage to hospitals, small businesses and critical infrastructure from untested government malware could be enormous.”
Paypal, Google and the ACLU have joined privacy advocacy groups in speaking out against Rule 41, saying, in an open letter to lawmakers, that the it would “give federal magistrate judges across the United States new authority to issue warrants for hacking and surveillance in cases where a computer’s location is unknown.”
“This would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once — which it is hard to imagine would not be in direct violation of the Fourth Amendment,” the letter said.
In a statement, Kevin Bankston, head of New America’s Open Technology Institute, said that the rule goes beyond what is permitted by traditional wiretapping.
“Congress has never authorized government hacking nor established protective rules for the road to ensure it's not abused. Government hacking also raises a host of new and serious risks to privacy and security that wiretapping doesn’t, including the risk that the malware used by the government might spread to innocent people’s computers or cause unintended damage,” wrote Bankston.
The primary backer of the rule is the Department of Justice, which has pushed for the change under the argument that it would allow it to better thwart online criminal behavior. A spokesman for the Justice Department did not answer a request for comment from BuzzFeed News.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Contact Sheera Frenkel at firstname.lastname@example.org.
Got a confidential tip? Submit it here.