This article is more than 1 year old
America has one month to stop the FBI getting its global license to hack
Lawmakers call for action over Rule 41 changes
In one month, an obscure procedural rule tweak will come into effect allowing US cops and federal agents to potentially hack any computer in the world using a single warrant issued anywhere in America.
No one in Congress has voted on this legal update. It means a warrant granted somewhere within the US can be executed on the other side of the country – or the other side of the planet.
The change, approved by the Supreme Court, is in Rule 41 of the Federal Rules of Criminal Procedure. Right now, if law enforcement wants to hack a PC, they have to ask a judge for a warrant in the jurisdiction where it is located. With the rule change, they could do this to any computer anywhere in the US or the world.
As a bonus, the change would also allow law enforcement – without a warrant – free rein to hack into computers that have already been hacked. So, for example, if you have a virus infection then law enforcement can go through your files at will.
It's important to note that this rule change does not, in theory, grant the FBI any extra powers, it just makes it easier for agents to go after suspects operating across wide areas or hidden behind a VPN or an anonymizing network such as Tor. In cases where five or more US districts are involved, for example, it would allow investigators to apply for one warrant to one judge rather than get one for every district involved. It also allows the Feds to search computers that have been infected with malware.
"This change would not permit indiscriminate surveillance of thousands of victim computers—that is against the law now and it would continue to be prohibited if the amendment goes into effect," said Assistant Attorney General Leslie Caldwell of the US Department of Justice's Criminal Division.
Congress has not debated this change and the new rules will come into effect on December 1 unless our respected legislators get it together to pass a law banning it. Despite Senators Ron Wyden (D-OR) and Rand Paul (R-KY) introducing the Stopping Mass Hacking Act to do just this, progress has been glacial – and a pre-climate-change glacier at that.
Internet groups are already campaigning against the change, and now 23 lawmakers have asked Attorney General Loretta Lynch to make a statement on the matter. They want the AG to lay out exactly what the rule change will entail, so people know what's going on.
"We are concerned about the full scope of the new authority that would be provided to the Department of Justice," the lawmakers wrote.
"We believe that Congress – and the American public – must better understand the Department's need for the proposed amendments, how the Department intends to use its proposed new powers, and the potential consequences to our digital security before these rules go into effect."
Sadly, with the US reaching the climax of its quadrennial presidential soap opera, the chances of Congress getting it together to do this before the deadline is nil. There's still a chance that the lame-duck session after the election could pass a bill, but lawmakers will no doubt be jockeying for position with the new administration.
While legislators are involved in other things, the FBI and other law enforcement will be able to hack at will anywhere in the world based on a single judicial warrant. But there's nothing to worry about if you've done nothing wrong, right? ®