1000words - Fotolia
In this Risk & Repeat podcast, SearchSecurity editors discuss the controversial Rule 41 changes and what they mean for law federal enforcement and cybersecurity practices.
Controversial Rule 41 changes, which will expand federal law enforcement capabilities for hacking into devices and seizing data, are set to become official in about one week, but a last-ditch effort looks to stop the changes before the deadline.
Rule 41 of the Federal Rules of Criminal Procedure, which governs search and seizure of evidence, was amended recently to give federal law enforcement the authority, via a warrant, to remotely access computers, servers and mobile devices if their locations are obscured through "technological means" such as a VPN or the Tor network. Law enforcement agencies will also be able to remotely access devices that have been "damaged without authorization," such as a malware infection. The Rule 41 changes also grant judges the authority to issue warrants for devices outside of their jurisdiction.
The proposed changes have come under criticism from privacy advocates, security experts and organizations such as the American Civil Liberties Union and Electronic Frontier Foundation. Several lawmakers have also opposed the Rule 41 changes, including Sen. Ron Wyden (D-Ore.), who co-authored a new bill last week, dubbed "Review the Rule Act," which would postpone Rule 41 changes until July to give Congress time to consider the changes. The changes were not drafted by lawmakers but instead composed by a committee of law enforcement officials, judges and legal experts; the Rule 41 proposal was approved by the U.S. Supreme Court last spring.
What will Rule 41 changes mean for government surveillance and hacking practices? How will the changes affect cybersecurity practices such as VPNs and anonymity tools? And will Rule 41 create problems for Privacy Shield, European General Data Protection Regulation and other laws and regulations?
In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of Rule 41. They also examine new IoT security guidance from the NIST and the Department of Homeland Security, the latest on the DDoS attack on Dyn and more.
Risk & Repeat: New Yahoo data breach details emerge
Risk & Repeat: The debate over a Windows zero-day disclosure
Risk & Repeat: IoT malware threats loom large for enterprises