Sens. Wyden, Paul, Daines, and Baldwin are now joined by members in the House of Representatives in their opposition to proposed changes to Rule 41 of the Federal Criminal Procedures. This afternoon, Rep. Ted Poe and House Judiciary ranking member John Conyers, along with Reps. Zoe Lofgren and Blake Farenthold, released the House version of the Stop Massive Hacking Act.
The proposed changes in question would permit a “a magistrate judge with authority in any district where activities related to a crime may have occurred” to issue a warrant that allows law enforcement to engage in “remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district.” That single warrant would be permitted under two situations: (1) “if the district where the media or information is located has been concealed through technological means,” or (2) if the media in question “are protected computers that have been damaged without authorization and are located in five or more districts.” (see: Advisory Committee on Rules of Criminal Procedure — April 2016, pgs. 67–68.)
If enacted, these seemingly innocuous rule changes would functionally permit the government to engage in mass hacking operations with a single warrant. Such operations would likely affect anywhere from tens of thousands to millions of computers, most of which would simply be the unwitting “zombies” of a botnet. Those systems, innocent though they may be, would then be subjected to surreptitious hacking (and possibly surveillance) by law enforcement agencies. Though pursued with the best of intentions, these changes cannot be permitted to go into effect without careful consideration, public debate, and more robust protections for innocent computer users.
While the nature of the digital age may very well require a legal hacking, or “lawful systems access,” authority, such powers should be enacted by Congressional legislation, not the Judicial Conference’s Advisory Committee.
The wide range of opposition to the proposed changes to Rule 41 should be a clear signal to Congress. When privacy advocates in the Senate, former federal prosecutors, and technology advocates come together to issue a warning, we ought to take heed and seriously consider the implications of allowing such a change to the criminal procedure. In addition to those members of the House and Senate cautioning against enacting this rule change, the ACLU and Google previously filed comments opposing the change.
For discussions of the issues at play in this debate, take a look at our previous blog posts on Rule 41:
“A General Warrant for the Digital Age?”
“No ‘Lawful Systems Access’ via Rule 41”
And feel free to examine the posts from our friends at Access Now, OTI, and CDT.