The Supreme Court on Thursday approved a controversial rule change that would let U.S. judges issue search warrants to law enforcement to hack a computer or computers regardless of location, including abroad. Congress has until Dec. 1 to approve, reject, or amend a rule modification that critics say will threaten Americans’ privacy and make them more vulnerable to cyberattacks.
U.S. judges are typically restricted to issuing search warrants within their jurisdiction. But the proposed change would allow judges to dole out digital search warrants to law enforcement when the computer’s location is unknown; such as when its position is sealed through technological means, or for investigations into networks of hacked or infected computers, such as a botnet.
Tech giant Google opposes the rule change, saying it “substantively expands the government’s current authority,” and “raises a number of monumental and highly complex constitutional, legal and geopolitical concerns.” Meanwhile groups like New America’s Open Technology Institute are concerned that its passage would give the government leeway to secretly hack computers and use undisclosed methods, which may come with a slew of unknown risks.
“Whatever euphemism the FBI uses to describe it—whether they call it a ‘remote access search’ or a ‘network investigative technique’—what we’re talking about is government hacking, and this obscure rule change would authorize a whole lot more of it,” Kevin Bankston, director of New America’s Open Technology Institute, said in a statement. “Government hacking... raises a host of new and serious risks to privacy and security that wiretapping doesn’t, including the risk that the malware used by the government might spread to innocent people’s computers or cause unintended damage.”
It has also been widely reported that the government has an arsenal of zero-day exploits, or software vulnerabilities, that it does not disclose to manufacturers. Most recently, the FBI refused to disclose to Apple how it was able to hack the San Bernardino shooter’s iPhone. The government can use these exploits for intelligence gathering, but they also leave Americans using associated devices vulnerable to snooping and attacks from outside groups.
Some groups, such as Access Now, view the Justice Department’s method of introducing the rule change as sneaky.
“These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices,” Sen. Ron Wyden (D-Ore.) said in a statement.
But the Justice Department, which first introduced the proposed changes, does not view them as substantive. Instead, it describes the amendments as merely procedural and meant to adjust the criminal code for the digital age.
"This proposal would not authorize any searches or remote access not already authorized under current law," Peter Carr, public affairs specialist at the Justice Department, told Newsweek in February. "With the rise of techniques that make it easy for criminals without any technical skill to hide their true locations, lawfully authorized remote access has become increasingly important to protect people from predators and solve serious crimes.
He continues: “Our rule change will ensure that courts can be asked to review warrant applications for probable cause in situations where is it currently unclear what judge has authority to review a warrant application.”
The Justice Department first introduced the proposed rule change to a little-known judiciary committee called the Advisory Committee on Criminal Rules in 2014. The proposal gradually made its way through a succession of broader judiciary committees, which narrowed its language and scrapped some of its components, before it hit the Supreme Court last fall. The Court left the proposal, which now sits with Congress, largely intact.
Some groups, such as Access Now, view the Justice Department’s method of introducing the rule change as sneaky. “While Congress is distracted rehashing long-settled debates about the use of encryption, the Department of Justice is quietly trying to grant themselves substantive authority to hack into computers and masking it as a bureaucratic update,” said Amie Stepanovich, U.S. policy manager at Access Now. “This is a major shift. It should be up to Congress to decide the rules for government hacking after an informed public debate. However, Congress has never yet spoken on the issue.”
Both chambers of Congress have until Dec. 1 to pass, amend, or reject the proposal. Otherwise the rule will automatically go into effect.
Sen. Wyden has already indicated he will try to block the change. “I plan to introduce legislation to reverse these amendments shortly," he said, "and to request details on the opaque process for the authorization and use of hacking techniques by the government.”