This rule, law enforcement officials have argued, hampers cybercrime investigations.
FBI Director James Comey told reporters last month that rules of criminal procedure — specifically Rule 41 — are “problematic for some of our most important investigations.”
That rule requires law enforcement agents to seek warrants from a “magistrate judge with authority in the district” where a device is located.
In some cases, Comey said, “We’re unable to go to a magistrate judge (because) we can’t say for sure where the computer is.”
Now the federal government’s effort to change Rule 41 has become a flash point in the clash between federal law enforcement and Silicon Valley.
An update to the rule has been approved by the Supreme Court, but can still be blocked by Congress. Privacy advocates are concerned that it could unleash a new wave of government hacking, and now companies are joining the fray.
Last week, PayPal and Google joined the American Civil Liberties Union and Electronic Frontier Foundation, among other organizations, in formally opposing the measure, arguing it will greatly increase the potential for abuse.
The changes, the group said in a letter to lawmakers, “give federal magistrate judges across the United States new authority to issue warrants for hacking and surveillance in cases where a computer’s location is unknown.”
“This would invite law enforcement to seek warrants authorizing them to hack thousands of computers at once — which it is hard to imagine would not be in direct violation of the Fourth Amendment,” the letter said.
Innocent people whose computers have been taken over by hackers as part of an automated botnet, used to coordinate digital crimes, might also become ensnared in investigations.
Rule 41 currently limits the power of federal magistrate judges, allowing them to issue court orders only for evidence within their jurisdictions.
That means a magistrate judge in the Northern District of California can issue a warrant that will allow the FBI to break into a device only in the region the court oversees. This is different from the National Security Agency’s snooping revealed by Edward Snowden.
One reason the rule change is causing concern is that it might encourage more widespread use of hacking tools by the FBI.
In 2014, the FBI took over and operated a child pornography website called Playpen for roughly two weeks after being granted a warrant in Virginia.
Federal agents used software that bypassed Playpen users’ anonymity and enabled them to be tracked down through digital means. More than 135 people subsequently faced charges.
Some defendants have won motions to suppress the evidence in those cases on the grounds that the warrant didn’t give the government authority to reach into computers outside the district where it was granted.
“Playpen is the example of why this quest to change the rule” is necessary, said Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley. “It’s necessary because you have criminals that are hiding through technological means. Why should the rule be that to identify somebody I already have to know where he is?”
Tech companies and privacy advocates aren’t the only ones trying to block the rule change.
Last month, Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., introduced the Stop Mass Hacking Act. The legislation is an attempt to halt the rule change, according to the senators.
“Make no mistake about it,” said Mark Rumold, a senior staff attorney at the Electronic Frontier Foundation. “If federal magistrates are authorized to issue search warrants to search computers no matter where they’re located, that will dramatically increase the ... government hacking that goes on in this country.”
Barring congressional intervention, the rule change will go into effect on Dec. 1.
©2016 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.
