Privacy advocates and a U.S. senator are seeking to block a judicial rule change they worry will vastly expand the government’s surveillance and hacking powers.
Sen. Ron Wyden, an Oregon Democrat, plans to introduce legislation this week to halt implementation of a rule easing the government’s ability to remotely access and search far-flung computers. He said the change is too broad and was approved without public debate.
“This is a major policy change,” said Wyden, one of Congress’ most outspoken privacy hawks. “This has been buried from the public and from their elected officials. And they should know about it. This is not just a modest administrative change.”
The rule change was adopted last month by the Supreme Court after a lengthy judicial process that began at the request of the Justice Department. Congress has until Dec. 1 to halt its implementation.
Wyden’s legislation will be cosponsored by Sen. Rand Paul, a Kentucky Republican who has been a longtime skeptic of government surveillance powers. The bill is likely to again focus discussion on the scope of the government’s spying powers.
Last year, after months of intense debate sparked by the 2013 disclosures of government spying by former NSA contractor Edward Snowden, Congress passed legislation rolling back the government’s ability to collect, store and search vast troves of Americans’ telephone data.
The pending amendment to the judicial rules of criminal procedure will allow federal judges to issue warrants for law enforcement agents to remotely “access to search electronic storage media and to seize or copy electronically stored information” on computers not located in their own judicial districts. Such searches have generally been limited to the district in which a judge serves. It would also permit a single judge to issue warrants to federal authorities to remotely access scores of computers that have been hijacked and turned into a collective hacking tool known as a “botnet.”
Wyden and privacy advocates say the measure raises questions about whether the Justice Department may now engage more freely in seeking friendly judges to obtain warrants, more easily use malware as an investigative tool and potentially gather data from innocent people’s computers.
They said they were also leery about trusting the Justice Department’s assertions that the law is merely a procedural fix to address problems raised by combating crime in the Internet age.
“The department has been less than forthcoming about the extent of its hacking, which raises concerns about the proposal ,” said Neema Guliani, a lawyer for the ACLU. “They are saying they have a problem in cases where they don’t know where the computer is, or think someone is trying to hide it. But the rule change is a lot broader than that. If they wanted to just address that issue, they could have narrowed the rule by saying they could conduct the search only to locate the computer.”
In a recent blog post, Rainey Reitman of the Electronic Frontier Foundation said federal agents might do more harm than good when injecting malware into “botnets,” which are used by hackers to commit crimes ranging from identity theft to denial of service attacks.
“Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer,” wrote Reitman, a director of the nonprofit advocacy group.
Justice Department officials deny that the rule change will result in any expansion of their cyber sleuthing and hacking capabilities. They say they sought the change as merely a technical solution to better battle cyber-related crime, particularly in instances where criminals are using software that masks their location.
“Criminals now have ready access to sophisticated anonymizing technologies to conceal their identity while they engage in crime over the Internet,” said Peter Carr, a Justice Department spokesman. “This amendment ensures the courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority.”
Carr and other federal law enforcement officials noted the rule was amended with little dissent from judicial committees that weighed the proposal and sent it to the Supreme Court for final approval. They said the change does not affect legal standards governing the proof needed to remotely access computers.
“We still need to get a search warrant, make a showing of probable cause and explain to the court what we are doing and how,” FBI Director James B. Comey said last week, adding that the rule change would ease logistical headaches involved in taking down “botnets.”
It is not clear how much support Wyden will have in seeking to block the rule from being implemented.
Sen. Charles Grassley (R-Iowa), chairman of the Senate Judiciary Committee, said in a statement that his committee will examine the work that went into crafting the rule.
The House Judiciary Committee also expects to examine the rule, said Jessica Collins, a spokesman for the panel’s chairman, Rep. Robert W. Goodlatte (R-Va.).