In a few hours, Senator Wyden will be going on the floor of the Senate to argue against updates to Rule 41 of the Federal Rules of Criminal Procedure.
You may have already heard of Rule 41: EFF and allied digital rights groups have been raising the alarm about this extra-legislative rule change. In short, the pending updates would make it easier for the government to get a warrant to hack1 into computers. It would be easy for law enforcement agents to forum shop, finding the most sympathetic judges in the country to approve these vague and dangerous warrants.
What do we mean by "hack into computers"? In this case, the term refers to a wide range of poorly-defined techniques such as deploying malware to search, copy, and transmit private files from private computers, breaking into secure systems and accounts, exploiting vulnerabilities in widely-used software to turn our devices into surveillance tools, and much more.
Those who care most about privacy will be most impacted by these rule changes. Under the proposal—which goes into effect automatically on December 1—almost any district judge in the country could authorize law enforcement to remotely search or hack into the computers of people using privacy protective technology like Tor or a VPN.
Senator Wyden is fighting back. His bill, the Stopping Mass Hacking Act, would stop these misguided rule changes from going into effect. This would give Congress time to carefully consider the issue of government hacking, ensure necessary safeguards for privacy and civil liberties, and hear from information security and tech policy experts before rushing to change our current process.
- 1. We are using the term “hacking" here because it’s been accepted in the common vernacular. However, we recognize that there are many legitimate forms of security research and experimentation that also fit a larger definition of hacking.