Three last-ditch legislative efforts to block the changes to Rule 41 of the Federal Rules of Criminal Procedure have failed, and from tomorrow the Feds will find hacking your PC a lot less of a hassle.
The rule change was decided by the Supreme Court in April and removes the requirement for the police or FBI to get a warrant for hacking in the state where a computer crime has occurred if they are using Tor, a VPN, or other anonymizing software. Instead they can go to a judge anywhere and ask for a warrant.
The new Rule 41 also applies in investigations into malware spreads, potentially giving a single judge the right to authorize the hacking of millions of computers with a single warrant. It also applies if a computer has been used in a crime in more than five US judicial districts.
This dramatic extension of law enforcement hacking rights has occurred with no Congressional debate or vote, simply by an administrative change. But some law makers have been fighting to stop the change – today was their Waterloo, and sadly they got Napoleon’s role.
Shortly after the April decision, Senators Ron Wyden (D-OR) and Rand Paul (R-KY) introduced the Stopping Mass Hacking (SMH) Act, but it remained stalled in Congress. Wyden made a last plea for the Senate to act on Wednesday but it was rejected.
“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance,” Wyden said. “Law-abiding Americans are going to ask ‘what were you guys thinking?’ when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system, and puts lives at risk.”
Next it was the turn of Senator Chris Coons (D-DE) to ask for unanimous consent to pass his Review the Rule Act, which would have extended the deadline for the rule change by six months. This was denied.
“These changes to Rule 41 will go into effect tomorrow without any hearing or markup to consider and evaluate the impact of the changes,” he said. “While the proposed changes are not necessarily bad or good, they are serious, and they present significant privacy concerns that warrant careful consideration and debate.”
Lastly Wyden tried again, asking Congress to sign off on his Stalling Mass Damaging Hacking Act, which would have extended the deadline by just three months. Republican leaders refused to support the bill and so as of tomorrow, the rules come into effect. ®
The state of mobile security maturity
Source: SANS ISC SecNewsFeed @ November 30, 2016 at 04:33PM