The FBI quietly acquired sweeping surveillance powers, beginning Dec. 1, it had sought for years, and the change came without a single congressional hearing or vote.
Under a change to Rule 41 of the Federal Rules of Criminal Procedure, the FBI will now be able to obtain a single warrant from a magistrate that allows it to hack thousands — or perhaps millions — of computers across the country, or even outside it, in certain circumstances. It would apply when technology like Tor or virtual private networks is used to hide the location of users, or when a computer is swept up in a "botnet," a network of private computers infected by malware and controlled without the users' knowledge, such as by an email spammer.
"In these circumstances, law enforcement could remotely access, search, seize or copy data on computers, no matter where the computers were located and without providing notice to the users being searched," the Electronic Frontier Foundation cautioned.
Previously, magistrates could only issue warrants for searches within their districts. Thus, the rule change raises fears about "forum shopping," under which the FBI could seek warrants from magistrates known to hand out warrants with little scrutiny, even if no devices to be searched reside in their districts.
Sen. Ron Wyden, D-Ore., who led a bipartisan group of senators attempting to block the rule change the day before it went into effect but was rebuffed by Sen. John Cornyn, R-Texas, called it "one of the biggest mistakes in surveillance policy in years and years."
Wyden contended that government hacking attempts could inadvertently damage personal computers and cellphones, hospital systems or even the power grid. "Innocent Americans could be victimized twice — once by their hackers and a second time by their government," he said on the floor of the Senate. "This rule change will give the government unprecedented authority to hack into Americans' personal phones, computers and other devices."
Wyden was joined on the floor by Republican Sen. Steve Daines of Montana. "This proposed solution essentially gives the government a blank check to infringe upon our civil liberties," Daines asserted. "Our civil liberties and our Fourth Amendment can be chipped away little by little until we barely recognize them anymore. We simply can't give unlimited power for unlimited hacking which puts Americans' civil liberties at risk."
The rule change also illustrates an astonishing lack of oversight. It was made by the Rules Advisory Committee, which typically addresses modest changes to mundane procedural rules, and approved by the U.S. Supreme Court in a private vote. And it offers no privacy protections or transparency over how the FBI is implementing its hacking activities. "In effect, the policy is 'trust us,'" Wyden maintained.
"There is a lot more debate in this body over the tax treatment of race horses than massive expansion of surveillance authority," Wyden said. "We should at least have a hearing on a topic with enormous potential consequences for millions of Americans."
When lawmakers from all sides of the political spectrum in both the House and the Senate are raising alarms about a new questionable surveillance policy that could run afoul of the Fourth Amendment and infringe upon the privacy of millions of Americans, the very least congressional leaders can do is hold public hearings and try to incorporate some basic privacy protections. Their unwillingness to do so should enrage a liberty-loving populace and spur demands for their representatives to correct this wrong. Sadly, too many people seem to be either blissfully ignorant of the scope of the government's spying activities, or simply resigned to the loss of their civil liberties in the digital age.
REPRINTED FROM THE ORANGE COUNTY REGISTER