Ride the Lightning

A Looming Disaster: The Failure of Congress to Vote on the “Stop Mass Hacking Act”

September 28, 2016

The clock is ticking but nothing's happening. Well that's Congress. And it is election season. But Congress should be worried about a few paragraphs of proposed revisions to Rule 41 of the Federal Rules of Criminal Procedure.

These revisions would let judges grant electronic search warrants for devices whose locations aren't known, and permit them to authorize remote searches of devices not in their jurisdiction.

The current Rule 41 already allows law enforcement to request electronic search warrants or the right to remotely hack into devices. The catch is that they must get the warrant from a judge in the jurisdiction where the search will occur -where the computer(s) are.

That's a problem for the government if somebody's using something like Tor to hide their location. It's also a problem for the government when the computers are everywhere – when they're investigating a ransomware-spreading botnet that's captured computers scattered through 94 different court districts, each needing a separate warrant.

In such circumstances, the revised rule would let the government ask for a single warrant that could be executed anywhere in the U.S.

Opponents have been arguing for several months that it's a step way too far contesting that:

• This would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once—[likely a] direct violation of the Fourth Amendment.
• It would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet.
• The government could now "shop" for a sympathetic judge known for lenient standards.

The U.S. government set out the case for the rule change, and why you shouldn't worry about it (I'm from the government, trust me), stating:

The amendments would not authorize the government to undertake any search or seizure or use any remote search technique, whether inside or outside the United States, that is not already permitted under current law. The use of remote searches is not new and warrants for remote searches are currently issued under Rule 41. In addition, most courts already permit the search of multiple computers pursuant to a single warrant so long as necessary legal requirements are met.

The amendments, they say, apply in two narrow circumstances:

• Where a suspect has used technology to hide a computer's location
• If the crime involves criminals hacking computers in five or more judicial districts

For example, Assistant Attorney General Leslie R. Caldwell points to a recent investigation of child sexual abuse in which some judges "ordered the suppression of evidence based solely on the lack of clear venue in the current version of the rule."

As Naked Security points out in its post, it reported on all this in late April when the U.S. Supreme Court first proposed the rule, which will automatically go into effect on December 1, 2016 unless halted by Congress.

Then, in May, Democrat Ron Wyden and libertarian Republican Rand Paul proposed The Stop Mass Hacking Act (S. 2952, H.R. 5321). It's basically one sentence: "To prevent the proposed amendments to rule 41 of the Federal Rules of Criminal Procedure from taking effect." Short and to the point. I like it.

The Wyden-Paul bill quickly gathered backing from over 50 organizations. Since then, congressional leadership has studiously avoided the issue. No hearings. No votes.

There is an ominous silence as Congress focuses on the elections. Keep your eye on Congress – and hold it accountable.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson