In the wake of the Orlando tragedy, the government wants to grant the FBI more powers of hacking and surveillance by amending Rule 41.
Part of the Federal Rules of Criminal Procedure, Rule 41 includes the proper scope and definitions of Search and Seizure. But the proposed amendment (PDF) to Rule 41 would give law enforcement expanded powers of hacking and surveillance.
The Federal Rules of Criminal Procedure primarily serve as the basis for federal criminal prosecutions and cover things like correcting clerical errors and figuring out which holidays a court will be closed on. Right now, Rule 41 only lets judges authorize search and seizures of computers within their own district. But that may change in the future.
As explained by the Electronic Frontier Foundation (EFF),
“The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.”
The issue with the proposed amendment is the broad and sweeping powers that judges would then have. It means that any judge could issue a search warrant
“to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one’s location.”
See the problem? This means that the types of users that could have their private data affected include users of VPNs, TOR and TOR nodes, or even people who change the country settings on their Twitter profile in order circumvent their country’s censorship laws.
The second part, “damaged without authorization and are located in five or more districts” means that the judge could even issue a search warrant to hack, seize, or infiltrate computers that are part of a botnet. This is troubling because a botnet often uses victims’ computers without the person knowing about it. So the person would have their computer infiltrated twice: once by the botnet hacker and once by the government.
Of course, there is always the possibility that hackers could break into the government’s computers and steal the malware that state actors like the FBI use. Finally, the amendment to Rule 41 could also implicate people located anywhere outside of the United States as well.
No matter where in the world the person is located that is trying to hide their location using technology, the United States government could legally break into their computers.
Back in April 2016, the Supreme Court first passed the amendment to Rule 41 and sent it to Congress. Congress has until December 1, 2016, to modify, reject or defer the proposal. Right now only one Senator, Sen. Ron Wyden (D-Oregon) has spoken out about the amendment, saying:
“These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices…I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government.”