U.S. Congress must act on government hacking, reject Rule 41

Washington D.C. — Access Now today calls upon the U.S. Congress to reject a new rule that will expand the Federal Bureau of Investigation’s (FBI) hacking operations. The call comes as the Supreme Court of the United States reported a change in the Federal Rules of Criminal Procedure, specifically Rule 41, to Congress. The change enables the FBI to hack into computers regardless of where they are located, and to hack into the computers belonging to the victims of botnet operations. Access Now strongly opposes the update to Rule 41.

“While Congress is distracted rehashing long-settled debates about the use of encryption, the Department of Justice is quietly trying to grant themselves substantive authority to hack into computers and masking it as a bureaucratic update,” said Amie Stepanovich, U.S. Policy Manager at Access Now. “This is a major shift. It should be up to Congress to decide the rules for government hacking after an informed public debate. However, Congress has never yet spoken on the issue.”

The Federal Rules of Criminal Procedure, as the name suggests, are procedural rules that govern the implementation of the law. Rules are not supposed to have substantive impact or either grant or restrict user rights. However, the change to Rule 41 would empower judges to sign warrants that authorize activities far beyond their jurisdictional limits. Additionally, the rule grants magistrate judges the authority to issue warrants within an investigation under the Computer Fraud and Abuse Act to secretly search the computers of totally innocent individuals who have, without their knowledge or consent, been potentially infected by a botnet.

The Supreme Court has approved the rule change and today submitted the new Federal Rules of Criminal Procedure to Congress. The rules will take effect in seven months unless Congress takes action to block or amend them.

“Rather than leading public policy Congress is stuck in a Groundhog Day loop: debating the same issues over encryption for decades as technology, and the FBI’s use of it, marches on. The FBI is spending millions to hack into our private digital devices. This should be a wake up call. We need a public conversation about what law enforcement is doing. We need safeguards and rules based on public input,” said Nathan White, Senior Legislative Manager at Access Now.

Amie Stepanovich provided testimony to the Judicial Conference Advisory Committee on Criminal Rules on the human rights risks associated with the change when it was first introduced in 2014.