Two US senators this week introduced a bipartisan bill meant to protect Americans from government hacking.
Continue Reading Below
The Stopping Mass Hacking (SMH) Act from Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) would prevent the implementation of a federal court procedure known as Rule 41. Approved in May, Rule 41 makes it easier for the Justice Department to obtain warrants for remote electronic searches. It also allows judges to issue a single warrant authorizing government hacking of numerous devices around the world.
"This is a dramatic expansion of the government's hacking and surveillance authority," Wyden said in a statement. "Such a substantive change with an enormous impact on Americans' constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process."
The Fourth Amendment provides the right to be "secure in their persons, houses, papers, and effects against unreasonable searches and seizures." The clause, Paul said, "wisely rejected general warrants and requires individualized suspicion before the government can forcibly search private information."
But, the former 2016 presidential hopeful fears the rule change "will make it easier for the government to search innocent Americans' computers and undermine the requirement for individual suspicion."
Bill co-sponsors Sens. Tammy Baldwin (D-Wis.), Steve Daines (R-Mont.), and Jon Tester (D-Mont.) agree, suggesting Congress should ensure a rule change of this magnitude "has the proper oversight," Baldwin said.
Continue Reading Below
"Our right to privacy doesn't end when we turn on a computer, send an email, or search the Internet," Tester added. "We must ensure that law enforcement agencies have the tools they need to keep us safe while also protecting our civil liberties."
Rule 41, recommended by the Justice Department, comes from a government advisory committee and updates the Federal Rules of Criminal Procedure. It was adopted by the US Supreme Court and submitted to Congress, which can approve or reject it. If Congress does nothing, it goes into effect on Dec. 1.
As the Electronic Frontier Foundation (EFF) notes, updates to the Federal Rules of Criminal Procedure are usually procedural and rather dull—"everything from correcting clerical errors in a judgment to which holidays a court will be closed on." Rarely do they wade into such hot-button items as government surveillance, EFF says.
"The amendment to Rule 41 isn't procedural at all. It creates new avenues for government hacking that were never approved by Congress," the EFF argues.
The risks with Rule 41 are two-fold, the EFF says. "The first part of this change would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one's location," the organization argues, which could affect those using Tor, a VPN service, or even those who declined to share their location with a smartphone app.
The second part would allow the feds access to a PC compromised by a botnet. "This means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation," the EFF says.
As Reuters reports, however, the Justice Department argues that the move updates federal rules for the digital age. Right now, magistrate judges can only grant requests that cover their jurisdictions, which can hamper efforts to go after bad actors online, who are not limited to one jurisdiction.