There’s a change coming that could arguably make it a lot easier for feds to snoop through your digital stuff, even if you’ve done nothing but been the victim of some malware. If Congress doesn’t act to stop it, that change to Rule 41 becomes effective basically at midnight tonight. So a handful of Senators who want to block it are all but begging their colleagues to act now.
So what is Rule 41? Here’s the TL;DR version: it’s a section of the Federal Rules of Criminal Procedure that details how legal searches and seizures can be conducted.
The dispute is over some amendments to the rule written by the Judicial Conference of the United States, the policy-making body for the federal court system. In April, the Supreme Court approved those changes, which would allow federal magistrate judges to issue warrants that let law enforcement remotely search through computers outside of the court’s physical jurisdiction, and to seize data on those computers if the device’s location is “concealed through technological means,” or if the computer was part of a botnet used in a cyber attack.
The Electronic Frontier Foundation ran a deep-dive explanation of the implications of this change back in April, but in short, critics argue that the changes to Rule 41 drastically expand procedural power (the things law enforcement can legally, regularly do) to access more people’s stuff with less reason.
In May, several senators introduced the SMH Act (yes, really) seeking to limit the Rule 41 changes from going into effect.
“An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers,” Sen. Ron Wyden (OR) said at the time. “The American public should understand that these changes won’t just affect criminal … the amendments would also dramatically expand the government’s ability to hack the electronic devices of law-abiding Americans if their devices were affected by a computer attack.”
When the bill was put forward, the Justice Department immediately fired back, saying the lawmakers’ concerns were unfounded.
The bill hasn’t moved yet, but meanwhile, in October, 23 members of Congress followed up with a letter to the DOJ, asking just what it plans to do with the expanded authority Rule 41 will grant it.
The DOJ responded to that letter last week, and some of the Senators who signed on to the original found its response to be lackluster at best.
And that brings us to today. The rule changes go into effect on Dec. 1, which comes in just a handful of hours. The deadline is here, and if anyone in Congress is going to act, it’s now or never.
So some of the Senators that have been raising this issue for months are pushing for now. Wyden, joined by Sens. Chris Coons (DE) and Steve Daines (MT) are asking the Senate immediately to pass or vote on measures that would either block or delay the implementation of the Rule 41 changes.
“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance,” Wyden said in a statement. “Law-abiding Americans are going to ask ‘what were you guys thinking? when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk.”
“If we fail to act today, these changes to Rule 41 will go into effect tomorrow without any hearing or markup to consider and evaluate the impact of the changes,” Coons added. “While the proposed changes are not necessarily bad or good, they are serious, and they present significant privacy concerns that warrant careful consideration and debate.”
Daines was more concise, saying about it only: “We can’t give unlimited power for unlimited hacking – putting Americans’ civil liberties at risk.”
If Congress does not act before the clock chimes midnight, then the amended Rule 41 will be in effect.