Data Foundry has taken action against proposed changes to part of the Federal Rules of Criminal Procedure known as rule 41, that would promote government hacking on a massive scale. We signed a coalition letter to the U.S. Congress along with 50 other Internet companies and public interest groups, including Google, PayPal and the American Civil Liberties Union.
What is Rule 41?
The Federal Rules of Criminal Procedure cover all processes for federal criminal prosecutions. Rule 41 in particular deals with procedures for investigating computer fraud and abuse such as cybercrime and spying. The proposed changes to rule 41 would allow judges to issue warrants granting law enforcement permission to remotely search, seize and copy data from computers and devices in the U.S. and around the world if they are victims of botnet attacks and/or if their locations have been concealed.
This change would especially affect users who have opted to protect their privacy and hide their location, such as anyone who uses a VPN, Tor browser or some other privacy tool that hides their location. If these proposed changes were to take effect, victims of cybercrime (whether they know they are victims or not) can have their computers searched as part of an investigation, and their data can be copied and retained for years, all without their knowledge.
What Dangers Are Posed by Changes to Rule 41?
If law enforcement were to conduct investigations following the proposed changes to rule 41, they would be creating and controlling botnets or “robot networks” that can include millions of computers in the U.S. and around the world. They would also have permission to search and copy data from computers that have unidentifiable locations. This has several dangerous implications including:
- One single warrant will grant law enforcement access to thousands of computers and devices.
- Investigation of botnets could cause further damage to victims’ computers and devices and render them more vulnerable than they were prior to an attack.
- The ambiguous language of the amended rule can be misconstrued to allow hacking of private networks that do not have malicious or illegal purposes.
- Law enforcement will legally be able to hack into computers belonging to journalists, whistle blowers and corporations when their locations are hidden.
- Hacking into networks, computers and devices in other countries will put a strain on international trade and relations.
Why Were These Changes Proposed in the First Place?
The changes to rule 41 were proposed to help law enforcement investigate cybercrime and abuse that involves multiple computers and devices across jurisdictions. Data Foundry and its partner organizations are willing to work with Congress to help find a solution to investigating widespread cybercrime and abuse. We agree with co-founder of Access Now, Brett Soloman, when he says, “the U.S. should be setting an example on how to deal with the issue of government hacking by initiating a debate in Congress, “not quietly slipping through major changes in procedural documents.” We understand the difficulty law enforcement faces in tracking crimes that don’t fall under any jurisdiction, but we feel there’s an alternative solution out there that doesn’t threaten privacy on a massive scale.
How Can You Help Stop Changes to Rule 41?
The rule changes have already been approved by the Supreme Court. The only way to stop them now is to have Congress vote against the changes before December 1. You can read the proposed changes to rule 41, read our coalition letter and submit comments to your representative in Congress through this webpage: noglobalwarrants.org. Senators Ron Wyden and Rand Paul have proposed a bill referred to as the Stopping Mass Hacking Act. You can also personally contact your state senator to show support of this bill that would stop the changes to rule 41.