The Government’s Hacking Powers Are About to Grow Exponentially

Federal agents may soon be able to remotely hack into hundreds or even millions of computers across the country — with a single warrant. And Congress has to act by December 1 to stop this incredible power grab.

Today, Sens. Ron Wyden (D-Ore.), Rand Paul (R-Ky.), Tammy Baldwin (D-Wis.), Steve Daines (R-Mont.), and Jon Tester (D-Mont.) introduced the Stopping Mass Hacking Act to halt proposed changes to a judicial rule, which would allow the government to remotely hack our electronics more easily, quickly, and with less oversight from judges. (The ACLU opposes the proposed changes.) Congress should adopt this law expeditiously to ensure the government doesn’t start hacking into devices far and wide without regard to the significant privacy and cybersecurity implications.

The bill was introduced in order to roll back the Justice Department’s proposed changes to Federal Rule of Criminal Procedure 41, which dictates in what circumstances judges can grant search warrants in federal criminal cases. While the DOJ has framed the changes as merely procedure tinkering, in reality they circumvent the legislative process to make substantive changes to the government’s hacking authority. Absent congressional action, the changes will automatically go into effect on Dec. 1. 

The rule change would allow the government to obtain a search warrant to remotely hack a computer in cases involving certain internet crimes, or when the location of the computer is being masked electronically (for example, when a person uses a virtual private network  or a privacy-protective service like Tor). Judges would be permitted to authorize these searches within and outside their district — as an exception to the general rule that judges may only issues warrants within their jurisdiction. This could allow the government to hack into millions of computers across the country, without proper judicial oversight.

Before the government is allowed to hack, we should have a robust public debate around the risks involved. For example: Should the FBI be allowed to hack the computers of innocent cybercrime victims in order to search for evidence? What standards and protections should apply when third parties that have nothing to do with a given investigation are likely to be affected? Will hacking harm our cybersecurity by incentivizing the government to stockpile vulnerabilities instead of disclosing them to software makers for patching? 

But DOJ has been developing its hacking capabilities without this important debate. Last year, documents revealed that in 2007, the FBI masqueraded as a fake Associated Press reporter to deliver malware to the computer of a suspect. More recently, the FBI appears to have the developed the capability to remotely enable microphones or cameras on smart devices. Indeed, many have suggested that as the use of encryption spreads, so too may the government’s reliance on hacking to gain access to private information from afar.

Congress has never authorized such conduct. In other words, the DOJ has put the proverbial hacking cart before the horse. If, after this debate, the public and elected officials decide that hacking should be allowed, then Congress should pass a law laying out what standards and protections apply.

The proposed changes to Rule 41 bypass this important process and are dangerous for many reasons. First of all, the rule would permit the government to use one warrant to hack hundreds or even millions of computers across the country, raising significant policy and constitutional concerns. Also, by expanding the districts in which law enforcement may apply for a warrant, the rule encourages law enforcement to “forum shop” — bypassing districts that have developed stricter rules.

The rule also fails to require the government to include key information in warrant applications (such as the effect on victims), which is necessary for appropriate judicial oversight. Finally, the proposed changes would unconstitutionally relax requirements to notify the targets of government searches, by permitting law enforcement to choose between giving notice to either the property owner or the target of the search, when those are different people. 

Congress should not stand idle by allowing important issues in this arena to be decided through a bare-bones procedural rule change. Instead, they should pass the Stopping Mass Hacking Act and ensure that this important issue receives the debate and consideration it deserves.  

Add a comment (7)
Read the Terms of Use

Anonymous

In America's "constitutional democratic republic" model of government, Congress and state legislatures have a duty to represent the interests of American voters.

Today voters have to watch Congress and their state legislature like a hawk so they won't steal the kitchen sink and all the silverware.

Americans are really tired of these games by their taxpayer funded legislators. They are supposed to be representing us!

Anonymous

That's right Congress should step in and do their job .Will this Congress with lowest approval ever, have the incentive to do that .

Anonymous

The greatest threat to innocent Americans that the ACLU should try to understand is "punitive and non-confrontation blacklisting".

When we think of CoinTelPro type blacklisting we focus on illegal domestic spying at the federal level. This type of illegal blacklisting actually originated at the local and state level, not the federal level.

For example: an innocent citizen could have been blacklisted by local police in the 1980's, defamed and punished for several decades by local authorities, then added to terrorist watchlists after 9/11. Since local prosecutors were likely involved in the decades long illegal blacklisting - local prosecutors won't prosecute federal officials violating the constitutional rights of innocent citizens. Since 9/11 the federal government has "deputized" state and local officials using billions of dollars in "preemption & prevention" grants. So there is no constitutional check & balance because everyone is profiting from this gravy train. Judges and SC justices have also largely abdicated their constitutional duty of providing judicial review over the political branches.

Many, if not most, of the blacklisting victims aren't even aware they have been blacklisted so they don't have legal standing in court. Example: Martin Luther King, Jr. wasn't aware female FBI agents were masquerading as mistresses and calling Coretta Scott King to destroy his marriage.

There were some great movies that came out during the Bush Administration trying to illustrate this danger to voters: "The Lives of Others" and "Good Night & Good Luck". Others include "Minority Report" and "Enemy of the State".

Since most ACLU cases deal with "confrontational" abuses of civil liberties (arrest, overt forms of detention and punishment, etc), the far greater danger to Americans is "non-confrontational" blacklisting. Example: Virginia's Fusion Center blacklisting 100% of African-American college students at all-black colleges and the lifelong consequences of this unconstitutional system.

Anonymous

I do not have $500.00 to pay on a OneVanilla VISA card to pay the FBI for spying on me on certain sites. I am a decent tax-paying law-abiding citizen who is not perfect enough to avoid even the government. I MAY die in prison AFTER being embarrassingly arrested in front of my mother.

Anonymous

This fascist government control that should not be allowed. This is more to cover up exposure of government corruption than anything else. Everyone should pile on to stop this violation of the constitution.

Anonymous

This challenge is allow judges to issue on the spot warrants if they feel anything wrong about unnecessary activity. And this is the right decision to allow FBI and provide them more authorities relate access. I think this is the most dangerous cyber war which is never stop. Some hackers hacked government official sites because of anti-regional concepts.
https://assignmentbox.co.uk

Anonymous

Internet hackers and software companies from around the world are staging mock cyber wars at a major web security event in Europe.

Some 1,000 participants are taking part in the two-day Hacktivity 2010 conference in the Hungarian capital Budapest that started on Saturday. The conference comes at a time of mounting concern over software piracy and other cyber crimes. Hacking is fast becoming the 21st century tool for espionage.

Sign Up for Breaking News