Sen. Ron Wyden, who has been a constant critic of the expansion of government surveillance and systematic weakening of encryption, has co-sponsored a bill that would prevent recently proposed changes to federal judicial rules that would give the federal government’s ability to hack the computers of Americans.
The bill is called the Stopping Mass Hacking Act and, if passed in the Senate, it would prevent the approval of changes to Rule 41 of the Federal Rules of Criminal Procedure, a judicial regulation. The rule discusses, among other things, the limits of search and seizure actions, and specifically the authorities under which a judge can issue a warrant. A change proposed earlier this year would make it easier for judges to issue warrants for remote searches of electronic devices. The change would allow one judge to issue a warrant for a remote search of any number of devices located in the United States.
“I fear this rule change will make it easier for the government to search innocent Americans’ computers.”
Wyden said he is concerned that the change would allow the government to not only search suspected criminals’ machines, but also the computers of victims of hacking.
“The American public should understand that these changes won’t just affect criminals: computer security experts and civil liberties advocates say the amendments would also dramatically expand the government’s ability to hack the electronic devices of law-abiding Americans if their devices were affected by a computer attack. Devices will be subject to search if their owners were victims of a botnet attack — so the government will be treating victims of hacking the same way they treat the perpetrators,” Wyden said in a post on Medium.
The Senate bill is co-sponsered by Sen. Rand Paul (R-Ky.) and Paul said he worries about the effect the change to Rule 41 could have on the requirements to have reasonable suspicion before searches.
“The Fourth Amendment wisely rejected general warrants and requires individualized suspicion before the government can forcibly search private information. I fear this rule change will make it easier for the government to search innocent Americans’ computers and undermine the requirement for individual suspicion,” said Paul.
Security experts have raised doubts about the proposed changes to Rule 41, as well.
“One very crucial issue is the location of the target computer and hence jurisdiction. Apart from the legal issue of determining from which judicial district a valid warrant may be issued, finding the location of an arbitrary computer is not an easy task, even if its IP address is known. This is a serious concern,” a paper by Steven Bellovin of Columbia University, Matt Blaze of the University of Pennsylvania, and Susan Landau of Worcester Polytechnic Institute, says.
The proposed change to Rule 41 would go into effect on Dec. 1 unless Congress passes legislation to prevent it.