The Fight Over Government Hacking Continues
The federal government just got new hacking powers with virtually no debate, including in Congress. But the fight isn’t over.
It’s not too late to debate—or even reverse—the update to federal rules governing search warrants, which now lets investigators use one warrant to search an untold number of computers across the world.
We’ve long called for Congress to get involved in the Justice Department’s push to change Rule 41 of the Federal Rules of Criminal Procedure, and we're not alone. Tens of thousands of people joined EFF in speaking out against the rule change. Members of the tech industry—including Google, Brave, the i2coalition, PayPal, SpiderOak and Reform Government Surveillance—and civil liberties groups like the ACLU, the Tor Project, Access Now and the New America Foundation's Open Technology Institute joined us in asking Congress to take the time to consider the rule change. And some lawmakers on the Hill, including Sens. Ron Wyden, Chris Coons, Mike Lee, and Steve Daines as well as Rep. Ted Poe, pushed for a delay through legislation.
We were hopeful Congress would step up to the plate last week and pass one of three bills to delay the rule change and give Congress time to debate. But Sen. John Cornyn kept all three measures from passing, assuring that, on Dec. 1, investigators gained the power to remotely search computers and other devices.
The Justice Department has tried to defend the sweeping change as a “procedural” tweak, but we think lawmakers have a duty to consider its privacy and security implications.
For instance, we don’t know how investigators will protect the privacy of innocent individuals whose phones are hacked because they unknowingly contain malware. We don’t know how government hackers will make sure the networks and devices they infiltrate aren’t left open to more malicious attacks. We don’t know how the government will notify people whose computers are hacked. We don’t even know if the government has guidelines or policies in place to prevent its malware from causing damage to innocent people’s computers.
The rule change has gone into effect, but Congress should still hold hearings and try to get answers to these kinds of questions.