With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government

hack us govtBy Rainey Reitman

The government hacking into phones and seizing computers remotely? It’s not the plot of a dystopian blockbuster summer movie. It’s a proposal from an obscure committee that proposes changes to court procedures—and if we do nothing, it will go into effect in December.

The proposal comes from the advisory committee on criminal rules for the Judicial Conference of the United States. The amendment [PDF] would update Rule 41 of the Federal Rules of Criminal Procedure, creating a sweeping expansion of law enforcement’s ability to engage in hacking and surveillance. The Supreme Court just passed the proposal to Congress, which has until December 1 to disavow the change or it becomes the rule governing every federal court across the country.  This is part of a statutory process through which federal courts may create new procedural rules, after giving public notice and allowing time for comment, under a “rules enabling act.”1

The Federal Rules of Criminal Procedure set the ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on—all the day-to-day procedural details that come with running a judicial system.

The key word here is “procedural.”  By law, the rules and proposals are supposed to be procedural and must not change substantive rights.

But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.

The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.

To understand all the implications of this rule change, let’s break this into two segments.

The first part of this change would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one’s location. Many different commonly used tools might fall into this category. For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated. It might also extend to people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored Tweets.

There are countless reasons people may want to use technology to shield their privacy. From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security. Millions of people who have nothing in particular to hide may also choose to use privacy tools just because they’re concerned about government surveillance of the Internet, or because they don’t like leaving a data trail around haphazardly.

This little device delivers turnkey Internet privacy and security (Ad)

If this rule change is not stopped, anyone who is using any technological means to safeguard their location privacy could find themselves suddenly in the jurisdiction of a prosecutor-friendly or technically-naïve judge, anywhere in the country.

The second part of the proposal is just as concerning. It would grant authorization to a judge to issue a search warrant for hacking, seizing, or otherwise infiltrating computers that may be part of a botnet. This means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation. Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer. Malicious actors may even be able to hijack the malware the government uses to infiltrate botnets, because the government often doesn’t design its malware securely. Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.

Make no mistake: the Rule 41 proposal implicates people well beyond U.S. borders. This update expands the jurisdiction of judges to cover any computer user in the world who is using technology to protect their location privacy or is unwittingly part of a botnet. People both inside and outside of the United States should be equally concerned about this proposal.

The change to Rule 41 isn’t merely a procedural update.  It significantly expands the hacking capabilities of the United States government without any discussion or public debate by elected officials. If members of the intelligence community believe these tools are necessary to advancing their investigations, then this is not the path forward. Only elected members of Congress should be writing laws, and they should be doing so in a matter that considers the privacy, security, and civil liberties of people impacted.

Rule 41 seeks to sidestep the legislative process while making sweeping sacrifices in our security. Congress should reject the proposal completely.

Read EFF and Access Now’s joint testimony on Rule 41.

Rainey Reitman is the Activism Director for EFF.org, where this article first appeared.


Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

7 Comments on "With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government"

  1. More violations of the US Constitution. Read the 4th Amendment! It specifically disallows this type of snooping.

  2. Why are they doing this? To provide themselves legal cover for something that they have been doing a long time and is about to come out in a big way. This way no one goes to jail for their crimes- except the whistle blowers, of course.

  3. Not only are they capable of downloading all of your data, from any device, they are quite capable of putting whatever kind of data they wish onto you device(if you are targeted) to make their case that you are scum.
    NSA the worst hackers of the constitution.

  4. All of us”puppets” need to be able to vote nationaly on issues of this sort. They just do want they want, whenever they want. Wouldn’t that be nice if all of could vote ourselves a raise, slip around the constitution, etc,etc.

  5. The trick is to get an old computer and infect it with a highly destructive “super virus” and leave it connected to your broadband 24/7. Set it to infect anything that connects to the computer. That way, when (not if) the government or local sheriff hacks into your system, it will infect theirs and spread like wildfire on their network. It would be a simple matter to destroy their systems and there’s nothing they can do about it because you were never served with a warrant. You can find virii like this available free on most black hat sites. I would love to put NSA out of business for a month or two.

  6. Is there a form letter that can be printed and signed with intent to deliver to my congressman to detail my opposition to this? I remember there was with online poker…

  7. I really don’t know much about this scam thing and at the same time , no one wants to be on the losing side . But i just came across a good hacker who helped me hack my boyfriends text messages, whatsap, Facebook , Instagram messages remotely..You don’t have to touch his phone while you have access to his conversations through the software he bought and install remotely on my phone , i dont know how he did this but i think he’s perfect at it…..contact him at [email protected]…Tell him Allinson referred you, then you can thank me later. God Bless.

Leave a comment