Senators Push To Stop Expanding The FBI’s Right To Hack

"Rule 41" is scheduled to take effect Dec. 1, but a group of privacy-minded senators are pushing to stop it

Photo Illustration: R. A. Di Ieso
May 19, 2016 at 12:28 PM ET

A coalition of privacy-minded senators wants to overturn a looming new set of rules that would give the FBI far more authority to hack people’s computers when searching for criminals.

The Stopping Mass Hacking Act, introduced Thursday by Senators Ron Wyden (D-Ore.), Rand Paul (R-Ky.), and three others, seeks to stop an upcoming procedural change, recently created by a Supreme Court ruling, that would vastly embolden the FBI. The change is commonly known as “Rule 41,” after the part of the Federal Rules of Criminal Procedure that’s it’s set to expand. Starting in December, unless Congress intervenes, it will allow the FBI get remote warrants to electronically search computers it can’t find in real life.

“These types of remote electronic searches (hacks) are rarely disclosed. In addition, there is little case law on how they should be approved by judges,” according to a fact sheet prepared by Wyden’s office.

“This is a dramatic expansion of the government’s hacking and surveillance authority,” Wyden said in a statement provided to Vocativ. “Such a substantive change with an enormous impact on Americans’ constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process.”

The changes are also geared to help the FBI fight against botnets—so called “zombie computers” compromised by hackers to, for example, use the legions of computers under their control to engage in DDoS attacks—by allowing the agency to get mass warrants to search through thousands of innocent victims’ computers at once. “This means victims of malware could find themselves doubly infiltrated,” the Electronic Frontier Foundation has warned. “Their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation.”

The proposed change has been met with resounding concern from privacy advocates. “Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation,” the EFF’s statement continues.

The bill itself is remarkably short. Besides a section naming itself, it contains only a single sentence: “The proposed amendments to rule 41 of the Federal Rules of Criminal Procedure, which are set forth in the order entered by the Supreme Court of the United States on April 28, 2016, shall not take effect.”

“The changes to Rule 41 would enable the FBI to assume broad hacking powers—without ANY discussion in Congress,” Nathan White, Senior Legislative Manager at Access Now, said in a statement provided to Vocativ.

The FBI already has a complicated history of hacking to catch suspected criminals. In 2015, for instance, it went on a mass hacking campaign of over 1,000 computers in an attempt to bring down child pornography sites.

“Government hacking is a secretive and complicated issue. While the FBI has finally confirmed that they hack, there’s virtually no information available about how or when,” White said.