Changes to Rule 41 of the Federal Rules of Criminal Procedure broaden the government's hacking ability by removing restrictions on search warrants. The amended Rule 41 allows judges to issue search warrants that let the government hack into computers and devices outside the judge's jurisdiction, and it allows bulk hacking of multiple computers at once.
First, Brooke speaks with Rainey Reitman of the Electronic Frontier Foundation, who explains how the changes came about and what concerns her organization has about them -- as well as what EFF is bracing for under the incoming Trump administration.
Then, Brooke speaks with Senator Ron Wyden (D-Oregon), who tried and failed to get the Senate to hold a hearing on the Rule 41 changes. He explains why he thinks they go too far and why so many of his colleagues were unwilling to even consider debating them.
We Will Become Silhouettes - The Postal Service
Superstition - Sungha Jung
BROOKE GLADSTONE: On December 1st, the government vastly expanded its powers to hack into our computers and smart phones. You likely didn't hear about it because the amendments to Rule 41 of the Federal Rules of Criminal Procedure were deemed merely procedural, requiring neither a debate nor even a vote, despite the warnings of Senator Ron Wyden.
SENATOR RON WYDEN: At midnight tonight, this Senate will make one of the biggest mistakes in surveillance policy in years and years.
BROOKE GLADSTONE: The changes to Rule 41 allow judges to grant electronic search warrants for computers and other devices with unknown locations. It also allows bulk search warrants, which means one judge can permit the search of potentially millions of devices, all remotely. The Justice Department says the changes were prompted by a recent investigation in which the FBI used malware to break into computers and devices that visited a child porn website known as Playpen. Some judges threw out the evidence the FBI obtained because they found the warrant invalid.
Rainey Reitman is director of activism at the Electronic Frontier Foundation, which has criticized the Rule 41 changes.
RAINEY REITMAN: Historically, say you’re with the FBI, you’re supposed to go to the district where a computer is located in order to get your search warrant for that computer. But if you don’t know where the computer is located, that raises a series of questions. In the Playpen cases, the courts were really struggling to understand how to deal with a single magistrate judge authorizing hundreds of searches on hundreds of computers with a single search warrant. And the courts have been all over the place on this. Some courts are throwing it out, saying, well, this wasn't a valid search warrant and others saying, well, I'm not even sure you needed a search warrant. Maybe you don’t have a right to privacy on your home computer. This, to me, seems like a great opportunity for Congress to say, there’s confusion about the law on this issue, we’re going to hold hearings, we’re going to speak to experts and we’re going to create some reasonable rules of the road for when the FBI can hack into computers. And, unfortunately, that didn’t happen.
BROOKE GLADSTONE: But, instead. Congress simply allowed the Justice Department to implement these changes without discussion, and these changes removed those jurisdictional limitations, so you could go to just one judge and get a warrant to access countless computers, maybe even a million.
RAINEY REITMAN: Exactly. The government can really cherry pick any judge they want. And we’ve seen instances of the government choosing to take its investigations to the most prosecution- friendly judge that they could find. We saw a case in Riverside where the DEA found a judge who was willing to sign off on wiretap orders, and they took wiretap orders from all across the country to him, 600 wiretap orders coming from a single Riverside judge. And I think what will happen with the changes to Rule 41 is that the government will quickly be able to figure out is there perhaps a technically naïve or a prosecution-friendly judge somewhere in this country, and can we just put all of our search warrant applications in front of that judge?
BROOKE GLADSTONE: There's a related change in Rule 41 which allows the government to hack our devices in order to at least theoretically fix them.
RAINEY REITMAN: The government wants the ability to not only investigate botnets - you know, when your computer has been infected with malware and it's now part of the system that could send out viruses or spam or be used to create a zombie army of computers and you might not know. So, gosh, of course, that's a big deal, and the FBI is saying, well, we want to be able to do something about it. But in their efforts to clean up these botnets, I mean, they could, for example, deploy what they think is a fix that could actually do serious harm to your computer. Or in their process, they may access information that’s quite private. So that doesn’t mean that we don’t want the government ever involved in cleaning up botnets. It means we really want Congress to weigh in on this issue.
But instead of having this conversation and coming up with the right solution, we went with a default solution, which is let's just let more people issue these search warrants.
BROOKE GLADSTONE: Because it was about child porn. That's an area with a big red box around it. What's to discuss?
RAINEY REITMAN: We have to remember, these tools will not simply be used to go after child pornographers. They’ll be able to use it for all sorts of different types of investigations, not just the ones that people may find most heinous.
BROOKE GLADSTONE: Now, privacy advocates like your organization were already concerned about Rule 41 and other expansions of surveillance powers under the Obama administration, which doesn't, in your view, have a particularly good record on this. What specific expansions are you and EFF watching?
RAINEY REITMAN: A government-mandated backdoor into encryption technology. This is a fight that we've had on and off for years, and we saw a huge battle over it with an, an investigation of the San Bernardino iPhone.
BROOKE GLADSTONE: This was the iPhone of people who committed mass murder in San Bernardino.
RAINEY REITMAN: Right, the FBI wanted to have Apple defeat its own security protocols in order to gain access to information on the phone. And Apple, they didn't want to set a precedent where you would have tech companies actually spending resources building custom tools for the government to break security features.
BROOKE GLADSTONE: So mandated crypto backdoors, that's number one you're worried about.
RAINEY REITMAN: Correct.
BROOKE GLADSTONE: Anything else?
RAINEY REITMAN: What am I not worried about? So I'm also quite concerned at Section 702 of the Foreign Intelligence Surveillance Act. It's the section of law that the government argues gives them the right to collect data in bulk, who you’re emailing, what web pages you’re accessing, basically to tap into the backbone of the Internet and conduct searches. And that section was so controversial that it would automatically sunset every few years.
BROOKE GLADSTONE: And you're concerned that there may be a move in the next administration to get rid of the sunset provision so you can never revisit it.
RAINEY REITMAN: Well, my big concern, first, is that the powerful reforms that we had been expecting in the coming year - because this will be the first sunset since the Snowden revelations - that those are not only put into jeopardy but that even the sunset itself could be put into jeopardy.
BROOKE GLADSTONE: Mm-hmm.
RAINEY REITMAN: I hate to even say it because these are some of my nightmares, and I, I hope by saying it I'm not making it happen.
BROOKE GLADSTONE: But you do say there is one thing that President Obama could do. It’s something he's promised from the beginning, not often delivered on, and that is transparency.
RAINEY REITMAN: Right. And it’s something that can't be easily undone because once you have disclosed something and brought public light to it, the information is out there for the world. One of the things that is particularly challenging about the NSA is not only are many of their programs shrouded in secrecy but what they’ve told the court and what their justifications are will literally be held in secret. We have this really phenomenal process where we use the court systems to refine and examine laws passed by Congress and interpret them.
When the NSA or the FBI is able to engage in surveillance and no one ever knows about it and they never have to justify it, that's when they’re able to really run roughshod over civil liberties. But when they know that someone will ask them questions and that it could result in a front-page story in The New York Times or they could be called up in front of Congress to defend themselves, when they know that their activities are going to be made public, that potential of transparency could have a major chilling effect on surveillance abuses. It’s an incredibly powerful tool.
BROOKE GLADSTONE: Rainey, thank you very much.
RAINEY REITMAN: Thanks for having me, Brooke.
[MUSIC UP & UNDER]
BROOKE GLADSTONE: Rainey Reitman is the director of activism at the Electronic Frontier Foundation. The fight for a vote or at least a delay on implementing Rule 41 was led by Oregon Senator Ron Wyden. He failed. Senator Wyden, welcome back.
SENATOR RON WYDEN: Thanks for having me again.
BROOKE GLADSTONE: So last week, you said the Senate was about to, quote, “make one of the biggest mistakes in surveillance policy in years and years.”
SENATOR RON WYDEN: When the Justice Department claimed that this was just a modest kind of change, kind of housekeeping, that, in my view, was an absurd argument. Here you have an effort that authorizes mass government hacking without any congressional input whatsoever.
BROOKE GLADSTONE: The government says that, to a certain degree, it wants to come in to computers that have already been hacked, maybe linked up to botnets, which are vast networks of computers infected by malware. For that reason, the government wants the chance to come in and fix the computer that has been enlisted unbeknownst to its owner. The government is saying it's here to help.
SENATOR RON WYDEN: The fact is the potential for collateral damage is really extraordinary. Let's remember, the government won't just be hacking your cell phone or desktop. It might need to hack into traffic lights, security cameras. Based on everything we have learned from independent cyber experts, there's a real chance that the hacked devices will be damaged or broken.
BROOKE GLADSTONE: Now, for months, you and a handful of other senators tried to get even a hearing on this issue. Why do you think most of your colleagues refused to touch it?
SENATOR RON WYDEN: Given the last few months, there was an awful lot on the congressional plate, and one observer said the Justice Department was trying to go forward under the cover of dullness. And it is sort of Senate 101 that you don't just let the government wave their arms around in the air and give themselves new powers under the Fourth Amendment without a single hearing and without senators asking some questions. When there are problems with this, and there are going to be, Americans are gonna come to their legislators and say, what were you thinking about, were you really too busy to have even one hearing, when you're talking about one judge, one warrant authorizing the hacking of possibly millions of devices, cell phones and tablets?
BROOKE GLADSTONE: What do you anticipate these complaints from the public ultimately will be? Will it be, hey, the government broke my computer remotely or the government looked at my medical record and I didn't want them to, or –
SENATOR RON WYDEN: I think both of those. You touched on very real concerns that citizens are likely to have.
BROOKE GLADSTONE: But the argument for changing Rule 41 was that it was outdated, that the federal government's limits on hacking were preventing it from pursuing legitimate criminal investigations.
SENATOR RON WYDEN: We know technology is evolving. And, by the way, I wrote the section of the USA Freedom Act that says when the government has an emergency, the government can move immediately to protect the public and get the warrant and then come back and settle up later. So I've made it clear that I am very interested in both security and liberty. I just think the two are not mutually exclusive.
BROOKE GLADSTONE: Let’s consider the context of these changes. They come from the fact that an investigation into child pornography was hamstrung.
SENATOR RON WYDEN: I think it is possible to be very tough on practices that we consider god-awful without throwing the Fourth Amendment and the Constitution in the trashcan. And that is our job. There are two parts to this. Hidden location, we can fix. Botnets, you need to approach in a different way.
BROOKE GLADSTONE: So you would be okay with extending the jurisdiction of a single court to many thousands or even millions of computers in one circumstance but not to automatically go into any computer that happens to have been in a system that had been hacked.
SENATOR RON WYDEN: Yeah, I think this is a different day. We’re talking about computers. We’re not talking about kicking open a person's door. But there still needs to be important due process protections.
BROOKE GLADSTONE: You have been able to walk across the aisle to find Republican allies on privacy and surveillance issues before, if not this one. It's kind of a bipartisan issue. What do you think your prospects are for working with a Republican Senate and House in the Donald Trump administration?
SENATOR RON WYDEN: You characterized it right. We have bipartisan support. But here's my take on the new administration: The president-elect, when asked about hacking his political opponents –
BROOKE GLADSTONE: Mm –
SENATOR RON WYDEN: - said, I wish I had that power. You've got FBI Director Comey publicly talking about ongoing investigations, going against decades of precedent and FBI agents extensively leaking information about those investigations. There's a real possibility of the FBI hacking into a victim's computer after they've been attacked, not telling them about it until afterward, if at all. Under this new rule, they don't have to do that. They just have to make what they call “a reasonable effort.” So yes, Americans should be concerned about giving the government more authority to hack thousands of devices with one warrant.
BROOKE GLADSTONE: Okay. Well, thank you so much.
SENATOR RON WYDEN: To be continued.
BROOKE GLADSTONE: [LAUGHS] Yeah, absolutely.
[MUSIC UP & UNDER]
Senator Ron Wyden is a Democrat and member of the Senate Select Committee on Intelligence.
BOB GARFIELD: Coming up, if you can't beat ‘em, sue ‘em, potential legal woes for the media in a Trump presidency.
BROOKE GLADSTONE: This is On the Media.