Three last-ditch legislative efforts to block the changes to Rule 41 of the Federal Rules of Criminal Procedure have failed, and from tomorrow the Feds will find hacking your PC a lot less of a hassle.
The rule change was introduced by the Supreme Court in April. It will allow the FBI and police to apply for a warrant to a nearby US judge to hack any suspect who's using Tor, a VPN, or some other anonymizing software to hide their whereabouts, in order to find the target's true location.
Normally, if agents want to hack a suspect's PC, they have to ask a judge for a warrant in the jurisdiction where the machine is located. This is tricky if the location is obscured by technology. With the changes to Rule 41 in place, investigators can get a warrant from any handy judge to deploy malware to find out where the suspect is based – which could be anywhere in America or the world.
Also, when agents are investigating a crime that spans five or more different judicial districts in the US, the new Rule 41 will allow them to go to just one judge for a warrant, rather than all the courts in all the involved jurisdictions. And it allows the Feds, with a search warrant, to poke around in people's malware-infected computers to, in the words of the US Department of Justice, "liberate" devices.
This extension of law enforcement hacking powers has occurred with no Congressional debate or vote, simply by an administrative change. But some law makers have been fighting to stop the change – today was their Waterloo, and sadly they got Napoleon's role.
Shortly after the April decision, Senators Ron Wyden (D-OR) and Rand Paul (R-KY) introduced the Stopping Mass Hacking (SMH) Act, but it remained stalled in Congress. Wyden made a last plea for the Senate to act on Wednesday but it was rejected.
"By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance," Wyden said. "Law-abiding Americans are going to ask 'what were you guys thinking?' when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system, and puts lives at risk."
Next it was the turn of Senator Chris Coons (D-DE) to ask for unanimous consent to pass his Review the Rule Act, which would have extended the deadline for the rule change by six months. This was denied.
"These changes to Rule 41 will go into effect tomorrow without any hearing or markup to consider and evaluate the impact of the changes," he said. "While the proposed changes are not necessarily bad or good, they are serious, and they present significant privacy concerns that warrant careful consideration and debate."
Lastly Wyden tried again, asking Congress to sign off on his Stalling Mass Damaging Hacking Act, which would have extended the deadline by just three months. Republican leaders refused to support the bill and so as of tomorrow, the rules come into effect. ®