So Little Time to Stop Government Hacking Rule

Privacy advocates in Congress are pressing for legislation this month that would stop a criminal procedure change from allowing government-run hacks on multiple computers with a single warrant.

Without congressional intervention, the Justice Department-requested change will go into effect Dec. 1. That leaves little time for legislative action, considering that lawmakers have four weeks to fund the government beyond Sept. 30. Other big topics such as funding Zika vaccines could complicate privacy advocates’ campaign to stop what they see as government overreach.

Still, Sen. Ron Wyden (D-Ore.) is pushing S. 2952, a bill that would fully block the changes from being implemented. Nothing has happened beyond his introduction of the measure, however. Wyden says he’ll “be pushing hard with bipartisan allies for a hearing on this dangerous rule change” this month.

He also wants a vote before December. That, in all likelihood, would have to happen in September. Lawmakers are scheduled to be out in October through the election, and likely won’t reconvene until after Thanksgiving, meaning Nov. 28 at the earliest.

Wyden says the issue is important enough that it should garner lawmakers’ attention. “This proposal to expand mass government hacking would make it far easier for the government to spy on Americans’ phones, TVs, and other personal devices with minimal court oversight,” Wyden said Tuesday in a statement to Morning Consult.

As people learn about what he calls a “vast expansion of dangerous government hacking and surveillance,” Wyden predicted that they will be “clamoring for Congress to slam the door on it.”

Congressional aides were less optimistic. While a Senate Democratic aide said it’s likely that the Judiciary Committee will convene a hearing on the topic in September, a House Democratic aide said action in the lower chamber is unlikely due to a truncated fall schedule.

Wyden’s measure is bipartisan, however. It has the support of fellow Democrats Sens. Tammy Baldwin (Wis.) and Jon Tester (Mont.), as well as Republican Sens. Rand Paul (Ky.) and Steve Daines (Mont.).

In the House, Rep. Ted Poe, a staunch privacy defender who is also on the House Judiciary Committee, sponsors the companion measure. The Texas Republican has already launched an effort to see action on his legislation this month.

A spokeswoman for Poe said his staff is “actively pushing for a markup.” It helps that House Judiciary Crime, Terrorism, Homeland Security and Investigations Subcommittee Chairman Jim Sensenbrenner (R-Wis.) recently signed on as a cosponsor, which makes committee action more likely. Sensenbrenner’s subcommittee has jurisdiction over the legislation.

The Supreme Court approved the requested changes to Rule 41 of the Federal Criminal Procedure in April, and the change received backlash from the tech and privacy industries. In June, tech companies including Google Inc. and PayPal Holdings Inc. wrote a letter, with more than 40 other groups, to congressional leaders opposing the court-approved changes.

Advocacy groups such as the American Civil Liberties Union and the Electronic Frontier Foundation are among those vehemently opposed to the changes. EFF argues that the rule change “creates new avenues for government hacking that were never approved by Congress.”

Those groups will be active on Capitol Hill this month calling for action. “There will be significant pressure from the public, tech sector, and members of Congress to pass legislation to stop [the rule change] from going into effect and demand more transparency when it comes to the government’s hacking practices,” said ACLU legislative counsel Neema Singh Guliani.

Privacy groups say that the rule would allow the government to request warrants to hack into computers when they don’t know a computer’s location, which could result in investigators receiving authorization to hack thousands of computers at once. The groups argued in the June letter to Congress that the rule’s changes would likely violate the Fourth Amendment.

The Justice Department says the change won’t permit the government to take on “any search or seizure or use any remote search technique, whether inside or outside the United States, that is not already permitted under current law.”

The DOJ said in a June blog post that the new rules would allow investigators to apply for a warrant when criminals conceal their device’s location. They would allow agents to hack computers located in five or more judicial districts by asking one judge to grant a warrant, rather than submitting separate applications in each district.