By Amanda Grannis

untitled

A recently accepted amendment to Federal Rule of Criminal Procedure 41 will undoubtedly enlarge the authority of law enforcement agencies to remotely hack into and extract data from computers over the course of their investigations.  Legal scholars, civil rights activists, and journalists alike now fear that any citizen that uses a technological means of maintaining their location privacy may find herself to be the subject of a search—regardless of whether or not she resides in the same jurisdiction as the magistrate judge that issued the warrant.

 

The privacy implications of the Rule 41 amendment are twofold. Firstly, it will allow judges to issue search warrants to law enforcement that will enable the remote search, seizure, and copying of data in circumstances in which the “district where the media or information is located” is concealed via “technological means.” Judges will be able to authorize searches beyond their districts, so long as the warrant is related to activities connected to the immediate crime within their jurisdictions. As explained by the EFF, this expansion of investigatory power may expose many unsuspecting individuals to government searches, including those that deny access to their location on smartphone apps or those that simply change their country settings on social media.

 

Secondly, the amendment will enable magistrate judges to grant search warrants to law enforcement to use remote access when the media is found on protected computers that have been “damaged without authorization and are located in five or more districts.” This language will enable judges to grant search warrants to law enforcement for the purposes of hacking or seizing computers that are connected to a botnet. An unlawful botnet refers to a network of computers, that when infected by malware, may be used to, among other things, generate spam or spread viruses.

 

When authorized to infiltrate computers that are part of botnets, law enforcement will be able to remotely access computers of users in outside jurisdictions who are unaware of the malware on their systems in the first place. Beyond this, as much as 30% of all computers in the United States may already be infected with malware. This language will thus vastly expand law enforcement’s hacking and seizure authority. From a procedural standpoint, this is particularly disturbing, considering the United States Judicial Conference drafted the proposed amendment and not Congress. It is now likely that the civil liberties and privacy of millions of citizens will sadly be curtailed without any prior public discourse.

 

Prior to its acceptance, the amendment was met with some opposition. In an October 27, 2016 letter to Attorney General Lynch, members of Congress requested concrete answers from the Department of Justice about the amendment’s long-term implications. In the letter, they asked how the Department would deter forum shopping for warrants, and if owning a device infected with malware would be enough to establish probable cause for a remote search once the amendment was effective. The Department of Justice replied to the letter, but failed to directly address the Congressmen’s concerns. Rather, it maintained that the proposed changes would not take away core protections such as establishing probable cause, and would not enable the government to undertake remote search techniques that were already constitutionally permissible.

 

Senator Ron Wyden also criticized the Department of Justice’s response, stating that “[t]he Justice Department’s failure to answer these questions should be a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices.” Wyden also helped introduce a bill to postpone the effective date of the amendment to July 1, 2017, in hopes that it would give Congress more time to investigate the amendment’s long-term impact.

 

Unfortunately, efforts to prevent the amendment’s acceptance were unsuccessful, and it became effective on December 1, 2016. It passed relatively quietly, barely making national news. Inevitably though, the amendment will dramatically widen law enforcement’s search authority across jurisdictional lines. The amendment’s repercussions are bound to one day be on the radar of the media and the public, but by this point, it may be too late to do anything about it.

 

Amanda Grannis is a law clerk at Tor Ekeland P.C., and her admission to the New York Bar is pending. She is a 2016 graduate of Fordham Law School, where she studied securities law and federal litigation.