An update to the innocuous-sounding Rule 41 of the Federal Rules of Criminal Procedure could soon grant powers to judges across the US to issue search warrants for law enforcement to remotely access devices that are using privacy tools.
The Federal Rules of Criminal Procedure sets the rules for criminal prosecutions and this change would see a sweeping expansion of law enforcement’s ability to engage in remote surveillance to gather evidence, with zero public debate on the new powers.
The Electronic Frontiers Foundation (EFF) says that Tor and VPN users, as well as people who reject location tracking by apps on their smartphone, could all be targeted for remote access, seizure or copying of data.
The new rule, which has just left the Supreme Court and is headed to Congress, could also end up targeting people who have been a victim of malware as it seeks to find the source of potentially harmful botnets.
Malicious actors may even be able to hijack the malware the government uses to infiltrate botnets, because the government often doesn’t design its malware securely. Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.
Congress has until December 1 to strike down the amendment to the Federal Rules of Criminal Procedure, otherwise it’ll come into force across the federal court system.
The key word here is “procedural.” By law, the rules and proposals are supposed to be procedural and must not change substantive rights. But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.
EFF says that this change could also affect people outside the US so they should be “equally concerned.”
Making such a huge change via a ‘small’ procedural amendment sidesteps both legislative and public scrutiny.