Senators put forward new bill to halt expansion of Government hacking powers

UNITED STATES – OCTOBER 9: From left, Rep. Jim Sensenbrenner, R-Wisc., Rep. Jason Chaffetz, R-Utah, and Rep. Matt Salmon, R-Ariz., arrive for the House Republican Conference meeting in the basement of the U.S. Capitol on Friday Oct. 9, 2015.

Senators put forward new bill to halt expansion of Government hacking powers

Sen. Ron Wyden (D-Ore.) and other like-minded senators have come out forcefully against the pending change to federal judicial rules that would expand judges’ ability to authorize remote access hacking of criminal suspects’ devices.

On Thursday, Wyden submitted a bill that aims to stop the proposed amendments to Rule 41 dead in its tracks. The entire bill is one sentence long: “The proposed amendments to rule 41 of the Federal Rules of Criminal Procedure, which are set forth in the order entered by the Supreme Court of the United States on April 28, 2016, shall not take effect.”

For now, the bill is co-sponsored by two other Democrats, Sen. Rand Paul (R-Ky.), and Sen. Steve Daines (R-Mont.). A companion bill is expected in the House of Representatives.

The Department of Justice has pushed to change Rule 41 in the name of being able to thwart online criminal behavior enabled by tools like Tor for nearly two years now.

Last month, the Supreme Court passed the proposed change to Rule 41 and sent it to Congress on Thursday, which will have until December 1 to modify, reject, or defer the proposal. If the House of Representatives and Senate do not pass a resolution in favor by simple majority, the revisions will become law that same day.

For now, Rule 41 allows these junior judges to authorize electronic searches only within their own judicial district. In April 2016, two federal judges in Massachusetts and Oklahoma suppressed evidence in two related child pornography cases because a magistrate in Virginia authorized the FBI to seize and operate Playpen, a Tor-hidden site, for 13 days. In doing so, investigators also deployed malware that disrupted Tor’s privacy protections and revealed over 1,000 true IP addresses. The investigation led to 137 prosecutions, including the two men in these two states. Given the success in those states, it seems plausible that other similar cases could also be jeopardized.

In a post on Medium, Wyden argued that it should be Congress—rather than Justice Department itself, which is controlled by the Executive Branch—that should authorize the expansion of such powers.

He wrote:

For law enforcement to conduct a remote electronic search, they generally need to plant malware in — i.e. hack — a device. These rule changes will allow the government to search millions of computers with the warrant of a single judge. To me, that’s clearly a policy change that’s outside the scope of an “administrative change,” and it is something that Congress should consider. An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers.