The FBI's hacking arsenal has received a massive boost, thanks to changes in Rule 41, which goes into effect today (1 December). The Senate's eleventh-hour efforts to block and/or delay the rule failed on 30 November, despite widespread privacy concerns raised by activists, experts and politicians alike.
Changes to the rule effectively expands the US government's hacking powers, allowing even magistrate judges to grant investigative agencies with the authority to conduct mass hacking operations on computers potentially located in any part of the globe. Previously, Rule 41 laws restricted such authorisations, with magistrate judges only authorised to issue warrants within the jurisdiction of their court.
"By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance," Senator Ron Wyden said in a statement. "Law-abiding Americans are going to ask 'what were you guys thinking? when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk."
In his speech from the Senate floor, Wyden deemed the changes to Rule 41 as "one of the biggest mistakes in surveillance policy in years." He also warned about the potential consequences of the upcoming administration of President-elect Donald Trump handling such authority, reminiscing how Trump had previously "openly said he wants the power to hack his political opponents the same way Russia does," Reuters reported.
Wyden attempted to delay the changes to Rule 41, three times. However, his efforts were obstructed by Texas Senator John Carryn, the Senate's second-ranking Republican, despite Wyden having received support from Democratic Senator Chris Coons of Delaware and Republican Senator Steve Daines of Montana.
However, the US Department of Justice (DOJ) on 28 November, argued that the changes to Rule 41 were merely an update to the previous laws. The DOJ's response was also aided by a supportive blog by US Attorney General Leslie Caldwell, who argued that the potential benefits of Rule 41 changes would eclipse any harm.
"The possibility of such harm must be balanced against the very real and ongoing harms perpetrated by criminals — such as hackers, who continue to harm the security and invade the privacy of Americans through an ongoing botnet, or pedophiles who openly and brazenly discuss their plans to sexually assault children," Caldwell said.
The Electronic Frontier Foundation (EFF) warned, "Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer. This update expands the jurisdiction of judges to cover any computer user in the world who is using technology to protect their location privacy or is unwittingly part of a botnet."