News Stay informed about the latest enterprise technology news and product updates.

House Reps tackle Rule 41 to limit government hacking

US Reps. Poe and Conyers join Sen. Wyden's fight against changes to Rule 41 that would remove limits on government hacking, introduce companion bill to quash changes.

The bipartisan campaign against changes to Rule 41, which would expand government hacking powers, is now bicameral...

as well.

Reps. Ted Poe (R-Texas) and John Conyers (D-Mich.) introduced H.R. 5321 the Stop Mass Hacking Act, a companion bill to the legislation introduced earlier this month by Senators Ron Wyden (D-Ore.) and Rand Paul (R-Ky.).

The changes to Rule 41 of the Federal Rules of Criminal Procedure recently approved by the U.S. Supreme Court give government and law enforcement agencies the legal authorization to hack any number of computers, located in any jurisdiction, with a single warrant from a federal magistrate. If Congress does not act before December 1, 2016, the changes to Rule 41 will go into effect.

"[The] government does not have the authority to unilaterally legalize widespread government hacking," Poe said. "Americans have rights. It is Congress' responsibility to safeguard the constitutional rights of the people they represent from a power hungry executive branch. As such, we are moving to stop this change that condones hacking the property of the very people we are entrusted to protect."

Other co-sponsors of the House bill include Blake Farenthold (R-Texas) and Zoe Lofgren (D-Calif.).

In other news:

  • Google could eliminate passwords within the year, at least for Android devices, according to Dan Kaufman, director of Google ATAP. Kaufman told Google I/O 2016 attendees that "trust scores," calculated from user-specific data including location, biometrics and typing peculiarities, could soon replace passwords. Kaufman said tests are slated to begin running this June at "several very large financial institutions." If all goes well, the new Trust API should be available to Android developers by the end of the year.
  • The OWASP Top 10 Project put out a call for submissions to update the Top 10 list of "the most critical Web application security flaws." Last updated in 2013, the update to the OWASP Top 10 is scheduled for release no later than 2017. The Open Web Application Security Project wrote that they "are making an open data call so anyone with application vulnerability statistics can contribute their data to the project." Data for the update must be submitted by July 20, 2016, and all contributed data will be published, "so that anyone can review it to understand what input was considered to produce this update, and for other uses as well." While the project is not interested in OS or network-level flaws, it is seeking Web application vulnerability statistics relating to flaws "in the code itself, the libraries the applications use, or in the configuration of the environment the applications run in."
  • The Tor Project has developed a novel way to generate random numbers that it claims are actually random. "A 'distributed random number generator' is a system where multiple computers collaborate and generate a single random number in a way that nobody could have predicted in advance (not even themselves)," the Tor Project reported in a blog post. "Such a system will be used by next generation onion services to inject unpredictability into the system and enhance their security." The Tor developers tested the new system at their recent Montreal hidden service hackfest. "As far as we know, a distributed random generation system like this has never been deployed before on the Internet."

Next Steps

Find out how the changes to Rule 41 could affect the EU-U.S. Privacy Shield agreement for transatlantic data flows.

Learn more about whether Tor usage is an enterprise security risk.

Read about how encryption legislation could affect enterprises.

Dig Deeper on Information security laws, investigations and ethics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How would you rate the actions of U.S. lawmakers on cybersecurity? Where could they improve, what are they doing well?
Cancel
Once - before fulling realizing that we're at war - I was totally pro-encryption without exceptions. Since then I've done a full 180. IMHO these erstwhile politicians should be busying pursuing terrorists, not trying to prevent the US Government from learning about them. We need to get ourselves on war footing; our enemies already have.
Cancel
“I’ve got a bad feeling about this…”
Cancel
So if I have this right, a bipartisan team of politicians is fighting to prevent the government - OUR government - from accessing potentially deadly information that could be used to kills US citizens.... Which we make extra ugly by calling it government hacking" instead of, say, "security empowerment". While we're (mostly) silent about the daily theft of data and funds, we're hunkering down to fight the exposure of communications from terrorists. Odd, odd, odd....
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close