Rule 41: Dangerous Expansion of Government Hacking Powers

Rule 41 would further undermine the Fourth Amendment to the U.S. Constitution.

A group of senators are making a last-ditch effort to delay proposed changes to a federal rule that would greatly expand the government current hacking powers.

The Review the Rule Act would delay the proposed changes to Rule 41, officially known as the Federal Rule of Criminal Procedure 41, from going into effect until July 1, 2017. Earlier this year, the Supreme Court approved proposed changes to Rule 41, giving Congress until Dec. 1 to modify, reject, or postpone the changes established by the court before they become law.

Broadly speaking, Rule 41 deals with circumstances in which the government is allowed to tap into citizen’s computers.

“This rule change would give the government unprecedented power to hack into Americans’ personal devices,” Wyden said in a statement accompanying the bill’s release. “This was an alarming proposition before the election. Today, Congress needs to think long and hard about whether to hand this power to James Comey and the administration of someone who openly said he wants the power to hack his political opponents the same way Russia does.”

Under Rule 41 as it currently stands, warrants into computers and smartphones are approved by judges within the same jurisdictions as warrants for physical searches, with law enforcement officials forced to specify a computer in a specific location that they will be breaching.

The proposed change to Rule 41 has three parts. The first allows warrants to be issued to hack into computers, even if they are in undisclosed locations or hidden by “technological means” such as Tor browsers that mask a user’s identity. The second part grants permission for one warrant to be used on multiple computers, which privacy advocates say could affect tens of thousands of computers that are unknowingly infected, for instance, with botnets.

The third part, say privacy experts, is a subtle shift in language on how the government must notify individuals who are being hacked into. While current law states that the government must notify individuals who are involved in search and seizure, the new wording says the government must “make a reasonable effort.” Privacy advocates say this leaves the door open for the government to start hacking into people’s personal devices without their knowledge.

PayPal, Google, and the American Civil Liberties Union have joined privacy advocacy groups in speaking out against Rule 41, saying, in an open letter to lawmakers, that it would “give federal magistrate judges across the United States new authority to issue warrants for hacking and surveillance in cases where a computer’s location is unknown.” In the week since Trump won the presidency, privacy advocates have pushed harder on Congress to reconsider Rule 41.

Statement by the EFF:

If Congress doesn’t act soon, federal investigators will have access to new, sweeping hacking powers due to a rule change set to go into effect on Dec. 1.

That’s why Sens. Chris Coons, Ron Wyden, Mike Lee, and others introduced a bipartisan bill today, the Review the Rule Act, which would push that rule change back to July 1. That would give our elected officials more time to debate whether law enforcement should be able to, with one warrant from one judge, hack into an untold number of computers and devices wherever they’re located.

We’ve long expressed concerns that the proposed changes to Rule 41 of the Federal Rules of Criminal Procedure threatens privacy and security, and we hope Congress acts on this new bill to give this issue the time and consideration it deserves.

Speaking on the Senate floor this morning, Coons-who sits on the Senate Judiciary Committee, a committee of jurisdiction on the issue-and Wyden called for more time to let Congress weigh in. “Neither the Senate nor the House held a hearing or a markup on the relevant committees to evaluate these changes,” Coons said. “The body of government closest to the people has failed to weigh in at all on an issue that immediately and directly impacts our constituents’ rights.”

Wyden countered the defense of the rule change we often hear from law enforcement officials that letting investigators hack into computers around the world is only small, procedural tweak. Instead Wyden called it “an enormous policy shift.”

The pair of lawmakers also stressed the fact that the bipartisan push for further consideration of the rule change started before Donald Trump won the presidential election this month. Wyden, Coons, and 21 other members of Congress sent a letter in late October asking U.S. Attorney General Loretta Lynch for more information about how the government plans to operate once the rule change goes into effect.

“This was alarming before Nov. 8,” Wyden said. “Now we need to consider the prospects of an administration lead by someone who openly said he wants the power to hack his political opponents.”

We’re encouraged that the bill has bipartisan support in both the Senate and the House, where Reps. John Conyers and Ted Poe introduced a companion bill, and we hope Congress gives itself more time to hold hearings and fully debate whether to give law enforcement these sweeping computer hacking powers.