The FBI is now allowed to hack into computers anywhere in the world using only a single warrant, according to a new rule that was quietly implemented on Thursday.
Prior to the new policy taking effect, federal computer investigators could only hack into a computer within the same district where they obtained a warrant from a judge. “Rule 41,” as it is known, changes those procedures, allowing feds to search potentially any computer, regardless of where the warrant was issued.
Devices that investigators believe are part of a botnet or that are masking their location would be vulnerable to the new single-warrant intrusions.
Authorities say the change is necessary for them to effectively investigate cyber-crimes, particularly ones involving botnets — devices that leverage multiple computers to carry out an attack. A side-effect of the rule, however, could lead to the hacking of innocent individuals whose computers were infected by malware making them unknowingly a part the attack.
Rule 41 came about following a multi-year review of criminal justice procedures by the Department of Justice. The change were approved in April by the Supreme Court, setting the clock ticking for Congress to reject the reform by the end of November, or else it would take effect.
Civil liberties groups like the Electronic Frontier Foundation (EFF) argue that the rule is more than a simple tweak, and represents a significant broadening of surveillance authorities.
“These are crucial questions about the basic privacy and security concerns of Americans and the members of Congress who represent them,” the group said in a blog post this week.
The enactment of Rule 41 suggests that the congressional fervor for oversight of executive spying, which peaked following the Edward Snowden disclosures in 2013, has waned.
Sens. Ron Wyden (D-Ore.), Chris Coons (D-Del.), and Steven Daines (R-Mont.) took to the Senate floor Wednesday and attempted to thwart Rule 41 from going into effect. Their legislation, the Stop Mass Hacking Act, would have blocked implementation of the new intrusion powers. The Senators’ motions were rejected by Republican Senate leadership.
“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance,” Sen. Wyden said.
“Law-abiding Americans are going to ask ‘what were you guys thinking? when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk,” he added.
EFF noted that Congress can still pass legislation nullifying Rule 41 after it has taken effect.
There has, however, been very little interest to date from lawmakers in even investigating the issue. Despite requests throughout the year by the trio of dissenting Senators, congressional leadership hasn’t convened a single hearing to probe Rule 41.
“We still don’t know enough about how the government plans to use these new hacking powers,” EFF stated.