Despite a strong opposition, changes to Federal Rule of Criminal Procedure 41 occur today which dramatically expand federal magistrates' (and thus the FBI's) ability to issue warrants for electronic devices even if the devices are located outside of the magistrate's jurisdiction or the location of the device is unknown.
Magistrate judges can currently only order searches within the jurisdiction of their court, which is typically limited to a few counties.
In a speech from the Senate floor, Wyden said that the changes to Rule 41 of the federal rules of criminal procedure amounted to "one of the biggest mistakes in surveillance policy in years."
The government will have "unprecedented authority to hack into Americans' personal phones, computers and other devices," Wyden said.
The change to the little-known Rule 41 of the Federal Rules of Criminal Procedure — which will take effect on Dec. 1 unless Congress blocks it — would let judges grant electronic search warrants for devices whose locations aren't known, and permit them to authorize remote searches of devices not in their jurisdiction.
Here's a fuller explanation by the Electronic Frontier Foundation (EFF):
With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government
The government hacking into phones and seizing computers remotely? It’s not the plot of a dystopian blockbuster summer movie. It’s a proposal from an obscure committee that proposes changes to court procedures—and if we do nothing, it will go into effect in December.
The proposal comes from the advisory committee on criminal rules for the Judicial Conference of the United States. The amendment [PDF] would update Rule 41 of the Federal Rules of Criminal Procedure, creating a sweeping expansion of law enforcement’s ability to engage in hacking and surveillance. The Supreme Court just passed the proposal to Congress, which has until December 1 to disavow the change or it becomes the rule governing every federal court across the country. This is part of a statutory process through which federal courts may create new procedural rules, after giving public notice and allowing time for comment, under a “rules enabling act.”1
The Federal Rules of Criminal Procedure set the ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on—all the day-to-day procedural details that come with running a judicial system.
The key word here is “procedural.” By law, the rules and proposals are supposed to be procedural and must not change substantive rights.
But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.
The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.
To understand all the implications of this rule change, let’s break this into two segments.
The first part of this change would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one's location. Many different commonly used tools might fall into this category. For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated. It might also extend to people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored Tweets.
There are countless reasons people may want to use technology to shield their privacy. From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security. Millions of people who have nothing in particular to hide may also choose to use privacy tools just because they’re concerned about government surveillance of the Internet, or because they don’t like leaving a data trail around haphazardly.
If this rule change is not stopped, anyone who is using any technological means to safeguard their location privacy could find themselves suddenly in the jurisdiction of a prosecutor-friendly or technically-naïve judge, anywhere in the country.
The second part of the proposal is just as concerning. It would grant authorization to a judge to issue a search warrant for hacking, seizing, or otherwise infiltrating computers that may be part of a botnet. This means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation. Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer. Malicious actors may even be able to hijack the malware the government uses to infiltrate botnets, because the government often doesn't design its malware securely. Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.
This sounds like the kind of thing that might affect us directly. It definitely reduces the effectiveness of Tor and VPNs. I wonder whether having a VPN based out-of-country makes any difference.
But, take heart. There is no end to human ingenuity, and I know privacy advocates will hurry to pull back ahead of this affront to the Fourth Amendment. What is the next level?
Edited by Sidestreet, 01 December 2016 - 07:03 AM.