Wyden Revs Up Against Government Hacking

Sen. Ron Wyden (D-Ore.) made a public spectacle Thursday by amping up his crusade against a Supreme Court-approved change to criminal procedure. But he was rebuffed by on the Senate floor by Majority Whip John Cornyn (R-Texas), who blocked Wyden’s request to quickly pass a bill blocking the forthcoming changes.

Wyden now must go to the Judiciary Committee to see action on his measure, which would stop a criminal procedure rule that he calls a “staggering expansion of government hacking and surveillance authority.” Advancing the legislation by that route will probably require hearings and a committee markup before another attempt at a floor vote.

The Oregon Democrat is running against the clock. The rule change goes into effect on Dec. 1 unless Congress passes a bill blocking or tweaking the federal procedures. The court-approved changes to Rule 41 of the Federal Criminal Procedure will allow investigators to conduct hacking campaigns on as many computers as they need, located anywhere in the country, potentially the world, with a single warrant. The Supreme Court approved the Justice Department-requested rule change in April.

The following month, Wyden introduced S. 2952, which would fully block the changes. The measure hasn’t received a hearing or markup, but Wyden said he believes that could be coming soon.

“I know there’s been bipartisan interest in the Judiciary Committee on this,” Wyden said. “Leaders in the Judiciary Committee have talked about it, and I hope that that hearing will take place shortly.”

Wyden’s measure is co-sponsored by Sens. Tammy Baldwin (D-Wis.), Jon Tester (D-Mont.), Rand Paul (R-Ky.) and Steve Daines (R-Mont.). Daines was present for Wyden’s floor efforts on Thursday in an otherwise empty chamber.

A companion bill in the House Judiciary Committee awaits consideration, and it has support from several privacy advocates on the panel, including House Judiciary Crime, Terrorism, Homeland Security and Investigations Subcommittee Chairman Jim Sensenbrenner (R-Wis.).

The American Civil Liberties Union and the Electronic Frontier Foundation also oppose the forthcoming rule, arguing that it will allow the government to run mass-hacking operations on devices nationwide. Wyden says that sort of policy could increase the government’s surveillance power.

“This major policy change is going to make it easier for the government to hack into the personal devices of Americans and collect information about them,” Wyden said on the Senate floor, adding it would make Americans “less safe, not more.”

Wyden also said he’s concerned that under the rule change investigators will be able to remotely access the devices of both the victims and perpetrators of cyberattacks. That amounts to “clobbering victims twice,” he said.

“The government could end up damaging not only our personal devices, but the power grid, hospitals and nearly any other system connected to the internet,” Wyden added.

Cornyn, whose objection stopped the measure from passing, said the changes are “common sense measures.” He pushed back on Wyden’s assertion that they infringe on Americans’ Fourth Amendment rights.

The rules “simply make clear that which federal district court the government can go to in order to apply to a judge for a search warrant in cases involving sophisticated cyber criminals and people like child pornographers and even terrorists,” Cornyn said on the Senate floor.

He added that the rules don’t impede on civil liberties because investigators still need to satisfy requirements to obtain a warrant under the Fourth Amendment. The new rules, he said, would only switch where those agents could go to seek judicial approval.

“If there were constitutional or other legal issues, and concerns about this, you would think that the highest court in the land would have flagged those and declined to endorse those, but they didn’t,” Cornyn said.

The Justice Department posed a similar defense in a June blog post, saying the rule changes would permit agents to seek warrants when criminals conceal their device’s location. They also said requiring separate warrants for troves of separate devices “may prevent investigators from taking needed action to liberate computers infected with malware.”

Privacy advocates on and off Capitol Hill are especially concerned because they say the changes should have been debated in Congress, with public input, rather than implemented through the judicial process.

Wyden today decried how the “major policy change” had received “no hearing, no oversight, no discussion, in spite of the fact that some of the most important companies in America are speaking out in opposition to this.”

The Computer and Communications Industry Association issued a statement after Wyden’s floor remarks, saying its members are “deeply concerned” the Senate has not yet acted to stop the changes to the rule made “absent a wider public debate.” The group represents Amazon.com Inc., Google Inc. and Facebook Inc.

“Empowering the government to use a single warrant to hack multiple computers in unknown locations, including computers overseas, has far-reaching consequences for us citizens, for citizens around the world and for any country that supports democracy and the rule of law,” said CCIA President Ed Black.

Daines, a co-sponsor of Wyden’s bill, said changes that allow the government to hack an “unlimited number” of Americans’ computers with a single warrant need congressional oversight.

Such changes must be made “through a process that is fully transparent to the American people,” Daines said in a Thursday floor speech. “We cannot give the federal government a blank check to infringe upon our civil liberties.”