Time is short to stop expansion of FBI hacking, senator says

'Inaction is what Congress does best,' Wyden says

The U.S. Congress has a small window of time to stop proposed changes in federal court rules that will expand the FBI's authority to hack into computers during criminal investigations, a senator said Thursday.

The rule changes allowing expanded FBI searches of computers, approved by the Supreme Court in April, go into effect in December unless Congress votes against them, and getting Congress to move in a contentious election year will be difficult, said Senator Ron Wyden, an Oregon Democrat and a critic of the changes.

"Inaction is easy," said Wyden, sponsor of a bill to roll back the proposed changes. "Inaction is what Congress does best."

The proposed changes to Rule 41 of the Federal Rules of Criminal Procedure would allow the FBI and other federal law enforcement agencies to obtain warrants to hack into computers even when they don't know where those computers are located. The changes would, therefore, allow federal judges for the first time to issue search warrants outside their jurisdictions.

So when law enforcement doesn't know the location of a device, "whether it’s in this country or abroad, it will be allowed to hack into that device," Wyden said during a speech at the New American Foundation's Open Technology Institute.

In addition, the proposed changes, in an effort to better investigate and shut down botnets, would allow the FBI to get warrants to access computers the agency suspects have been compromised by hackers.

Those proposed changes could have major consequences, Wyden said. 

"This would be a massive expansion of government hacking, jeopardizing our liberty," he said. "There’s no telling what kind of impact secretive government malware could have on our devices or the networks that run our hospitals, electrical grids, and transportation systems."

Still, there are good reasons for the rule changes, said Orin Kerr, a professor at the George Washington University Law School and a member of the Advisory Committee on Rules of Criminal Procedure, the panel that recommended the changes to the Supreme Court.

Criminal suspects are embracing anonymizing technology like Tor and VPNs, meaning law enforcement investigators sometimes don't know the location of the computers used in online crimes. Without the rule changes, anonymized computers would be exempt from any law enforcement searches, Kerr said.

In a 2013 Texas case, a judge said he couldn't issue a warrant for a computer protected with an anonymizing service, Kerr said.

"The implication being no judge can issue a search warrant because no one knows where the search is going to occur," he added. "The rule shouldn't be that no [warrant] can be obtained."

Join the CSO newsletter!

Error: Please check your email address.

More about FBITechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place