Tuesday, March 24, 2015

The Judicial Conference Advisory Committee on Criminal Rules has voted 11-1 to modify Rule 41 of the Federal Rules of Criminal Procedure to greatly expand the Federal Bureau of Investigation’s authority to obtain electronic information from a private computer.

Currently, judges can only approve search warrants for materials within their own judicial district. With this change, however, courts will ould be able to grant warrants for electronic information even outside their judicial district. The Judicial Conference, consisting of federal circuit chief judges and certain elected district judges, prepares administrative policy guidelines for the U.S. courts.

The proposed amendment allows the government to use “remote access” to search and seize or copy electronic data from any computer or network in the world. However, the wording of the proposed amendment does not specify how these searches will be conducted or what data may be searched. Therefore, as commenters have pointed out, the Department of Justice could be allowed to install software onto a target device to extract all information on any computer or network, no matter where that computer or network is located, and not on just the target device.

ACLU attorney Nathan Freed Wessler cautioned that “although presented as a minor procedural update, the proposal threatens to expand the government’s ability to use malware and so-called ‘zero-day exploits’ without imposing necessary protections…. The current proposal fails to strike the right balance between safeguarding privacy and Internet security and allowing the government to investigate crimes.”

This amended rule would also apply to smart phones. Law enforcement has had difficulty obtaining information from smart phones due to their current encryption technology and mobility, but this rule modification could allow the FBI to hack any cell phone, regardless of its location.

The proposal will now move on to the Standing Committee on Rules of Practice and Procedure and then to the Judicial Conference, which most likely will consider the change in September 2015. The U.S. Supreme Court would then have until May 1, 2016, to review and accept the amendment. After that, Congress would have seven months to defer, reject, or modify the amendment. If Congress fails to take any action, the rule would be adopted on December 1, 2016.

Companies should review security protocols for their employees’ computers and smart phones in light of this proposed modification. If an employee becomes a target of the FBI, the company’s entire computer network is at risk under the proposed new rule. Jackson Lewis attorneys are available to advise companies on the scope of the Fourth Amendment and their rights in maintaining their confidential information on all of their business-related electronic devices.