Will New Criminal Procedure Rule Condone Government Hacking?

Businesses and individuals subject to white-collar investigations don’t just have to worry about the FBI knocking on their office door. The proposed amendment to the Federal Rules of Criminal Procedure 41 took effect December 1, 2016, and gives judges authority to grant the government a warrant to hack a computer located anywhere.

Proposed Amendments to Rule 41 

Under changes to Rule 41 of the Federal Rules of Criminal Procedure, a magistrate judge with authority in any district where activities related to a crime may have occurred is now authorized to “issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information” in two situations: 1) when “the district where the media or information is located has been concealed through technological means”; or 2) when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.”

Implications for Businesses

The amendments aim to make it easier for federal agencies to investigate and prosecute cybercrime. “For example, if agents are investigating criminals who are sexually exploiting children and uploading videos of that exploitation for others to see—but concealing their locations through anonymizing technology—agents will be able to apply for a search warrant to discover where they are located,” the Department of Justice recent wrote in an agency blog post regarding Rule 41.

Nonetheless, the proposed rule is generating criticism among government watchdog groups. The primary concern is that the new warrants are ripe for abuse, particularly considering the technological incompetence of many judges. If unchecked, the new authority could be used liberally to access individual and business computers without having to tell their owners. This is especially true considering that government investigations into botnets could potentially include millions of computers and unsuspecting users.

Critics specifically note that there are many legitimate reasons that electronic device users may want to protect their digital privacy. The Electronic Frontier Foundation cites journalists communicating with sources and victims of domestic violence seeking information on legal services, noting: “Millions of people who have nothing in particular to hide may also choose to use privacy tools just because they’re concerned about government surveillance of the Internet, or because they don’t like leaving a data trail around haphazardly.”

Opponents of the proposed amendments also maintain that the changes subject victims of malware attacks to further intrusion. In addition, allowing the government to hack or otherwise infiltrate computers that have been compromised by a botnet does not guarantee that it will make the situation better, particularly given the government’s own vulnerability to cyberattacks.

The U.S. Supreme Court recently signed off on the rule change, and since Congress failed to act, the amendments took effect on December 1, 2016.