OTI to Congress: Block New Government Hacking Proposal

New America’s Open Technology Institute (OTI) today called on Congress to block new proposed changes to the federal rules around search warrants, changes that for the first time would explicitly authorize law enforcement to secretly and remotely hack into targeted computers of both suspects and victims alike.

The Justice Department first proposed these changes to Rule 41 of the Federal Rules of Civil Procedure to the advisory committee established by the federal court system to recommend changes to federal court rules, a move that was opposed not only by OTI--which testified against the changes--but also Google and a wide range of privacy and civil liberties groups. Once the committee approved the proposal, it then went to the Supreme Court for its approval. Today, the Supreme Court transmitted those rules to Congress for its consideration. If Congress does not act before December 1st of this year, the changes will automatically go into effect.

The proposed rules, which the Justice Department claims are purely procedural but in OTI’s opinion constitute a significant and substantive change to the law and raise serious constitutional questions, would do two things. First, they would allow the government to get search warrants to remotely hack computers even when it doesn’t know their location. Current rules only let judges issue warrants for property that’s within their own districts, which has led to at least one court rejecting an application for a hacking warrant, and in past weeks has led to two courts suppressing evidence that was obtained in such a search. Second, they would allow the government to take the unprecedented step of hacking into innocent people’s computers based on the fact that they have already been hacked into by computer criminals, such as computers that--unknown to their victims--have been turned into part of a “botnet” to conduct hacking attacks on other computer systems.

The following statement can be attributed to Kevin Bankston, Director of New America’s Open Technology Institute:

“Whatever euphemism the FBI uses to describe it--whether they call it a ‘remote access search’ or a ‘network investigative technique’--what we’re talking about is government hacking, and this obscure rule change would authorize a whole lot more of it. Like wiretapping, hacking is uniquely invasive compared to regular searches and raises serious issues under our Fourth Amendment, which protects us from unreasonable searches. Unlike wiretapping, however, Congress has never authorized government hacking nor established protective rules for the road to ensure it's not abused. Government hacking also raises a host of new and serious risks to privacy and security that wiretapping doesn’t, including the risk that the malware used by the government might spread to innocent people’s computers or cause unintended damage.”

“Instead of directly asking Congress for authorization to break into computers, the Justice Department is now trying to quietly circumvent the legislative process by pushing for a change in court rules, pretending that its government hacking proposal is a mere procedural formality rather than the massive change to the law that it really is. Congress shouldn't let the Justice Department and an obscure judicial rules committee write substantive law, especially on a novel and complex issue with serious privacy, security, and civil liberties implications. If government hacking is to be allowed at all, it should only be done with authorization from Congress, with strong protective rules in place, and after deep investigation and robust debate. We've never had any public debate about this important issue even though the feds have quietly been doing remote hacks on computers since the turn of the century. Now is the time for that debate. Congress should stop this power-grab in its tracks and instead demand answers from the FBI, which so far has been ducking Congress’ questions on this issue and fighting in court to keep its hacking tactics secret.”