Judges Have More Power In Granting Warrants To Hack Digital Devices

Enlarge this image toggle caption Cliff Owen/AP Cliff Owen/AP

Congress had a full seven months to block a rule change for federal courts that lets judges authorize the hacking of digital devices well beyond their districts.

But after a September attempt in the Senate to vote on the measure failed, opponents on Capitol Hill waited until the day before the rule change was to take effect to introduce three motions aimed at shooting it down or at least delaying its implementation.

They weren't successful. So as of midnight Dec. 1, the change to Rule 41 of the Federal Rules of Criminal Procedure — the statute that covers Fourth Amendment search and seizure warrants — is the law of the land. And that, says Montana Republican Sen. Steve Daines, "should send a shiver down the spine of all Americans."

The Department of Justice, which sought the rules change, disagrees. On its website, Assistant Attorney General Leslie Caldwell of the Criminal Division argues that the changes "would merely ensure that at least one court is available to consider whether a particular warrant application comports with the Fourth Amendment." Caldwell notes that federal authorities were already able to obtain warrants for "remote searches" — the term the DOJ uses — even before the rule change.

So why the change? For federal investigators, the rule for obtaining search warrants failed to address digital age realities. Typically, those warrants had to be tied to geographical jurisdictions — specific addresses in specific places for specific people. That meant criminal activity being carried out online under the cloak of anonymity was difficult, if not impossible, to link to any particular judge's area of jurisdiction.

And hunting down malware purveyors could well mean having to hack into the botnets created by their malware — botnets made up of computers potentially located all over the map. In both the case of anonymity and that of the botnets, federal judges lacked clear rules to authorize hacking beyond their districts. Under the newly revised Rule 41, a single judge will be able to issue a search warrant that could be used to hack into digital devices not necessarily located in that judge's district. Also, a warrant can now be issued authorizing federal investigators to hack into computers of malware victims, wherever those devices happen to be.

"What this means," Daines said on the Senate floor hours before the rule change took effect, "is that the victims of hacks could be hacked again by their very own government." He and a bipartisan group of fellow senators say the rule change is so substantial that it should require the vigorous public debate in Congress it never got.

Off Capitol Hill, there has been considerable discussion of the rules change among members of the legal profession, as well as public testimony and written comments. Once those views were considered by the Advisory Committee on the Federal Rules of Criminal Procedure — a group made up of judges, lawyers and law professors that advises the federal judiciary — the panel, according to DOJ's Caldwell, "rejected criticisms of the proposal as misinformed and approved the amendments." They have since won the Supreme Court's blessing as well.

Sen. Ron Wyden, D-Ore., warned that Congress was making "one of the biggest mistakes in surveillance policy in years" by not holding hearings on the proposed change and its impact on privacy rights. "The government won't tell the Congress or the American people how it would protect those rights, or how it would prevent collateral damage, or even how it would carry out these hacks," Wyden said of the rules change. "In effect, the policy is, 'trust us'."

The Senate's number-two Republican, John Cornyn of Texas, played the unusual role of defender of the Obama administration's revision of surveillance rules. "You still have to go before a judge," he said as he objected to motions to block the rule, "and the defendant can still challenge the lawfulness of the search."

But not everyone whose digital devices can be searched under the rule change will be charged with a crime. They may, in fact, never know they've been hacked by feds wielding a warrant for a "remote search."