海角大神

Skip to footer
Passcode
Modern field guide to security and privacy

Google, privacy groups urge Congress not to expand federal hacking power

A change to federal criminal procedure would allow judges to approve searches on computers outside their jurisdiction, a move that could have vast 'unintended consequences' for innocent people, civil liberties groups say.

|
Jonathan Ernst/Reuters
Sen. Ron Wyden (D) of Oregon speak to reporters at the Capitol building. Wyden is one of the sponsors of the Stopping Mass Hacking Act, which he proposed to halt rule changes that would expand federal search warrants.
  • By Joshua Eaton Correspondent

Technology companies and privacy groups are asking lawmakers to reject a proposed rule change to federal criminal procedure that would make it possible for judges to issue warrants to search computers located outside their jurisdiction.

A coalition including Google, PayPal, the American Civil Liberties Union, and a range of tech advocacy听groups sent a letter to leaders in the Senate and House of Representatives asking them to stop changes to Rule 41 of the Federal Rules of Criminal Procedure. In April the US Supreme Court to Rule 41 authorizing judges to allow 鈥渞emote access鈥 to criminal suspects computers. Opponents have cited the change as the 鈥渓argest expansion鈥 of search and seizure power in the nation鈥檚 history.

鈥淭his would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once 鈥 which is hard to imagine would not be in direct violation of the Fourth Amendment,鈥 the , adding that such a change will have 鈥渦nintended consequences鈥 for innocent users.

The rules will be enacted on December 1 unless blocked by Congress. A small group of bipartisan senators last month that would prevent the decision from going into effect.

Signatories to Tuesday鈥檚 letter say the changes will affect two circumstances law enforcement encounters when investigating cybercrimes.

First, the changes will enable investigators to obtain a warrant to hack into suspects鈥 devices when their location is hidden by the anonymizing web browser Tor or听shielded by virtual private networks.

Previously, some federal courts have suppressed this kind of evidence obtained under Rule 41 because those warrants couldn't be tied to a specific location, US Assistant Attorney General Leslie Caldwell wrote in a Monday. The change would avoid similar outcomes in future cases.

Law enforcement could also be allowed to obtain a single warrant in cases where criminals take over unsuspecting users鈥 computers and use them to form a botnet to launch cyberattacks that span many districts. Under current rules, Ms. Caldwell said, investigators must acquire a warrant in each judicial district with an infected computer. The change will make that process less burdensome, she said.

鈥淭his change would not permit indiscriminate surveillance of thousands of victim computers 鈥 that is against the law now and it would continue to be prohibited if the amendment goes into effect,鈥 Caldwell wrote.

The FBI and the Department of Justice declined to comment on the coalition鈥檚 letter, and the Administrative Office of the US Courts did not return a request for comment.

Instead of adopting the changes, tech and privacy groups are calling on Congress to support a bill proposed in May by Sens. Ron Wyden (D) of Oregon and Rand Paul (R) of Kentucky. Their Stopping Mass Hacking Act would undo the Supreme Court鈥檚 approval of Rule 41.

鈥淲hile it may be appropriate to address the issue of allowing a remote electronic search for a device at an unknown location, Congress needs to consider what protections must be in place to protect Americans' digital security and privacy,鈥 Senator Wyden said when he . 鈥淭his is a new and uncertain area of law, so there needs to be full and careful debate.鈥

In a report last week, Susan Landau, a professor of cybersecurity policy at Worcester Polytechnic Institute, argued for more and better 鈥渓awful hacking鈥 options. That, she said, is a better alternative than legislation seeking to give law enforcement special access to encrypted communication. But in another from March 2016, Ms. Landau and two coauthors criticized the Rule 41 proposal, arguing the changes could violate innocent computer users鈥 privacy and damage criminal investigations.

The Rule 41 proposal could also damage tech companies based in the US, according to Alan Fairless, chief executive officer of the cloud storage company SpiderOak.

鈥淭here鈥檚 obviously the growing perception 鈥 that hosting data in the US is a little dangerous,鈥 Mr. Fairless told Passcode in an interview, a reference to about government surveillance programs following the Edward Snowden revelations. 鈥淚t鈥檚 an ongoing issue, and I don鈥檛 think this helps at all.鈥

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
海角大神 was founded in 1908 to lift the standard of journalism and uplift humanity. We aim to 鈥渟peak the truth in love.鈥 Our goal is not to tell you what to think, but to give you the essential knowledge and understanding to come to your own intelligent conclusions. Join us in this mission by subscribing.
QR Code to Google, privacy groups urge Congress not to expand federal hacking power
Read this article in
/World/Passcode/2016/0622/Google-privacy-groups-urge-Congress-not-to-expand-federal-hacking-power
QR Code to Subscription page
Start your subscription today
/subscribe