alphaspirit - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Last ditch Senate efforts fail to stall Rule 41 changes

After a final push to delay changes to Rule 41 failed in the Senate, the U.S. government now has much wider authority to legally search computers whose location is unknown.

A last ditch effort in the Senate failed to prevent -- or at least delay -- changes to Rule 41 from taking effect on Dec. 1, 2016, which will significantly expand the federal government's authority to remotely access computers and mobile devices.

Sen. Ron Wyden (D-Ore.) sought to bring three proposed pieces of legislation to a vote by acclamation on the floor of the Senate after all previous legislative attempts to prevent or slow down the rule changes from taking effect were stymied by lack of support from the Senate Judiciary Committee.

Wyden, who called for further congressional oversight for the Rule 41 changes, spoke on the Senate floor before calling for votes on the measures and said it was fundamental -- "Senate 101" -- to have at least one hearing in each house of Congress and to engage in bipartisan review of the changes.

"This rule change would give the government unprecedented authority to hack into Americans' personal phones, their computers and their devices," Wyden said on the Senate floor.  He added that while he was concerned about the Rule 41 changes before the presidential election, the new administration "will be led by the individual who said he wanted the power to hack his political opponents the same way Russia does."

Wyden also called the changes to Rule 41 "one of the biggest mistakes in surveillance policy in years."

Under the new provisions of Rule 41, federal magistrate judges now have the authority to issue warrants for multiple computing devices located outside their own districts if the location or locations of those systems have been concealed through technical means. This solves the problem of getting legal search warrants for systems that are hidden behind the Tor anonymity network, which has hampered prosecutions identifying the appropriate jurisdiction for applying for a search warrant.

Warrants under the updated rule may also be issued by magistrate judges for searches related to computer crime investigations of systems that have been compromised or damaged and are located in five or more districts.

Republican leaders on the Senate Judiciary Committee blocked any of the proposed legislation that would have delayed the Rule 41 changes. Without that support, the only option opponents of the changes had to get the proposed legislation passed was by requesting a voice vote by unanimous consent from the Senate floor.

None of the acts succeeded in their votes, with majority whip Sen. John Cornyn (R-Texas) objecting to all three pieces of legislation when presented for votes. Cornyn said he thought the concerns of opponents of the Rule 41 changes were "misplaced."

"We always try to strike the right balance between individual privacy and safety and security and law enforcement," Cornyn said. "Sometimes we have differences of opinion as where exactly on that spectrum that ought to be struck. But the fundamental problem with the requests that have been made today is that federal rule of criminal procedure 41 has already been the subject of a lengthy three year process with a lot of thoughtful input, public hearings and deliberation."

Cornyn argued the courts have the right to write their own rules about judicial procedures, and the changes to Rule 41 have already undergone sufficient review by judges and attorneys, and have been endorsed by the Supreme Court. Other legislators, however, disagreed.

"[T]hese changes to Rule 41 will go into effect tomorrow without any hearing or markup to consider and evaluate the impact of the changes," said Chris Coons (D-Del.), while addressing the Senate. "While the proposed changes are not necessarily bad or good, they are serious, and they present significant privacy concerns that warrant careful consideration and debate."

Coons earlier this month introduced the Review the Rule Act, which would have delayed the changes to Rule 41 until July 1, 2017, to give Congress time for hearings and debate over the impact of the rule changed. Co-sponsors of that bill included Wyden, Steve Daines (R-Mont.), Mike Lee (R-Utah), Al Franken (D-Minn.) and Reps. John Conyers, Jr. (D-Mich.) and Ted Poe (R-Texas).

The changes to Rule 41 of the Federal Rules of Criminal Procedure, which govern search and seizure of evidence, were approved by the Supreme Court earlier this year. The court allowed Congress until Dec. 1 to take action to prevent the rules changes taking effect, and, immediately after the Supreme Court approval, Wyden announced the Stopping Mass Hacking (SMH) Act, which would have done just that.

However, when Republican members of the Senate Judiciary Committee prevented that bill from going to the floor of the Senate for debate and vote, Wyden, joined last month by a bipartisan group of 22 U.S. senators and representatives, called on Attorney General Loretta Lynch to give Congress more information about the proposed expansion of government hacking and surveillance powers.

Peter Kadzik, assistant attorney general, wrote a response to the legislators in which he noted that the changes to Rule 41 had already gone through a three-year deliberation process which included public testimony and approval by the federal judiciary's Advisory Committee on the Federal Rules of Criminal Procedure whose members include federal and state judges, law professors, lawyers in private practice and others.

Kadzik characterized the changes as authorizing the government to act in "two narrow circumstances": when the location of the target of a search has been hidden using technological means, and when computers targeted by a warrant are in five or more locations. Kadzik also noted that the rule changes do not change the requirement for the government to demonstrate probable cause, nor do they affect "traditional protections and procedures under the Fourth Amendment."

Next Steps

Find out more about bipartisan efforts to delay the changes to Rule 41

Learn about how the changes to Rule 41 may affect the EU-U.S. Privacy Shield framework

Read about why security and privacy experts have been wary about the changes to Rule 41

Dig Deeper on Information security laws, investigations and ethics