Modern field guide to security and privacy

Google, privacy groups urge Congress not to expand federal hacking power

A change to federal criminal procedure would allow judges to approve searches on computers outside their jurisdiction, a move that could have vast 'unintended consequences' for innocent people, civil liberties groups say.

|
Jonathan Ernst/Reuters
Sen. Ron Wyden (D) of Oregon speak to reporters at the Capitol building. Wyden is one of the sponsors of the Stopping Mass Hacking Act, which he proposed to halt rule changes that would expand federal search warrants.

Technology companies and privacy groups are asking lawmakers to reject a proposed rule change to federal criminal procedure that would make it possible for judges to issue warrants to search computers located outside their jurisdiction.

A coalition including Google, PayPal, the American Civil Liberties Union, and a range of tech advocacy groups sent a letter to leaders in the Senate and House of Representatives asking them to stop changes to Rule 41 of the Federal Rules of Criminal Procedure. In April the US Supreme Court approved changes to Rule 41 authorizing judges to allow “remote access” to criminal suspects computers. Opponents have cited the change as the “largest expansion” of search and seizure power in the nation’s history.

“This would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once – which is hard to imagine would not be in direct violation of the Fourth Amendment,” the letter stated, adding that such a change will have “unintended consequences” for innocent users.

The rules will be enacted on December 1 unless blocked by Congress. A small group of bipartisan senators introduced a bill last month that would prevent the decision from going into effect. 

Signatories to Tuesday’s letter say the changes will affect two circumstances law enforcement encounters when investigating cybercrimes.

First, the changes will enable investigators to obtain a warrant to hack into suspects’ devices when their location is hidden by the anonymizing web browser Tor or shielded by virtual private networks.

Previously, some federal courts have suppressed this kind of evidence obtained under Rule 41 because those warrants couldn't be tied to a specific location, US Assistant Attorney General Leslie Caldwell wrote in a blog post Monday. The change would avoid similar outcomes in future cases.

Law enforcement could also be allowed to obtain a single warrant in cases where criminals take over unsuspecting users’ computers and use them to form a botnet to launch cyberattacks that span many districts. Under current rules, Ms. Caldwell said, investigators must acquire a warrant in each judicial district with an infected computer. The change will make that process less burdensome, she said.

“This change would not permit indiscriminate surveillance of thousands of victim computers — that is against the law now and it would continue to be prohibited if the amendment goes into effect,” Caldwell wrote.

The FBI and the Department of Justice declined to comment on the coalition’s letter, and the Administrative Office of the US Courts did not return a request for comment.

Instead of adopting the changes, tech and privacy groups are calling on Congress to support a bill proposed in May by Sens. Ron Wyden (D) of Oregon and Rand Paul (R) of Kentucky. Their Stopping Mass Hacking Act would undo the Supreme Court’s approval of Rule 41.

“While it may be appropriate to address the issue of allowing a remote electronic search for a device at an unknown location, Congress needs to consider what protections must be in place to protect Americans' digital security and privacy,” Senator Wyden said when he introduced the legislation. “This is a new and uncertain area of law, so there needs to be full and careful debate.”

In a report last week, Susan Landau, a professor of cybersecurity policy at Worcester Polytechnic Institute, argued for more and better “lawful hacking” options. That, she said, is a better alternative than legislation seeking to give law enforcement special access to encrypted communication. But in another report from March 2016, Ms. Landau and two coauthors criticized the Rule 41 proposal, arguing the changes could violate innocent computer users’ privacy and damage criminal investigations.

The Rule 41 proposal could also damage tech companies based in the US, according to Alan Fairless, chief executive officer of the cloud storage company SpiderOak.

“There’s obviously the growing perception … that hosting data in the US is a little dangerous,” Mr. Fairless told Passcode in an interview, a reference to international concerns about government surveillance programs following the Edward Snowden revelations. “It’s an ongoing issue, and I don’t think this helps at all.”

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Google, privacy groups urge Congress not to expand federal hacking power
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0622/Google-privacy-groups-urge-Congress-not-to-expand-federal-hacking-power
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe