Wyden: Rule 41 changes represent another compromise of security and liberty
Government proposals to weaken encryption and expand hacking authorities are cut from the same cloth of uninformed or ill-considered policymaking in response to security threats, according to Sen. Ron Wyden (D-Ore.).
Government proposals to weaken encryption and expand hacking authorities are cut from the same cloth of uninformed or ill-considered policymaking in response to security threats, according to Sen. Ron Wyden (D-Ore.).
A proposed expansion of the U.S. government's hacking authorities is the latest in a series of misguided technology policies that would make American lives less safe and less private, Sen. Ron Wyden (D-Ore.) said June 30.
"There's no telling what kind of impact secret government malware could have on our devices, or the networks that run our hospitals, our electric grids and our transportation systems," Wyden said in a speech at the New America think tank in Washington.
Wyden was railing against obscure but controversial amendments the Supreme Court approved in April to Rule 41 of the Federal Rules of Criminal Procedure. The revised Rule 41 would allow U.S. judges to issue search warrants for computers outside their jurisdictions, a move Wyden and some big technology firms say poses a clear threat to citizens' digital rights.
The proposed changes to Rule 41 are built on the same faulty logic as U.S. government efforts to convince technology firms to build backdoors into their encryption products, according to Wyden.
The Justice Department has long sought the rule changes, arguing that the "remote searches" the amendments authorize are often the only way to find criminals who mask their online footprints. DOJ officials say that the Rule 41 amendments would not allow any government hacking that isn't already authorized by law, and have also emphasized that the Supreme Court ruling was the culmination of a three-year process that included public comments and testimony.
But a coalition of tech firms and organizations that includes Google and PayPal isn't buying that explanation. The group sent a letter to the House and Senate leadership on June 21 saying it is "hard to imagine" the rule changes "would not be in direct violation of the Fourth Amendment."
That coalition and others worry that the proposed rule changes would encourage the government to pursue cases in jurisdictions with judges who would be amenable to ruling in its favor. That "forum shopping" argument is one of several on Rule 41 outlined in a new Congressional Research Service report.
Asked by FCW to respond to DOJ's contention that the Rule 41 amendment process has been deliberative and transparent, Wyden said, "I don't know of any big grassroots push for mass hacking until recently."
He also balked at DOJ's argument that the rule changes aren't an expansion of its hacking authorities.
"One warrant to access millions of Americans' computers?" Wyden told reporters. "I'll let them argue to the American people that's not a big deal. I don't think most people think that argument passes the smell test."
'A dangerous thing'
Congress has until Dec. 1 to reverse the proposed changes to Rule 41. In May, Wyden and Sen. Rand Paul (R-Ky.) introduced legislation that would do just that, and there is companion legislation in the House.
Wyden told reporters he would consider all procedural options to getting the bill passed before the December deadline, and that his immediate priority would be getting hearings for the legislation to spur debate. During his speech, Wyden said Congress' appetite for inaction would be a hurdle to reversing the Rule 41 changes, and that it is unlikely lawmakers would have proactively enacted those changes.
An ensuing panel discussion at New America generally cast the Rule 41 changes as unchartered territory and a threat to the Fourth Amendment.
Steven Bellovin, a computer science professor at Columbia University, said he was not opposed to government hacking on principle, but warned of unintended consequences of engaging in it. "It's a dangerous thing," he said. "When you hack a system, you don't actually know what's going to happen."
NEXT STORY: Johnson: Biometric exit moving ahead