U.S. SENATE —U.S. Senators Steve Daines and Jon Tester today stood up for Montanans’ right to privacy and pressed Attorney General Loretta Lynch to provide Congress with more information about a proposed expansion of government hacking and surveillance powers.
In the letter to AG Lynch, Daines and Tester ask for more information about how the government would use the new hacking authority, formally known as amendments to Rule 41 of the Federal Rules of Criminal Procedure. Unless Congress acts, these new amendments are scheduled to go into effect on December 1.
“We are concerned about the full scope of the new authority that would be provided to the Department of Justice,” Daines and Tester wrote. “We believe that Congress — and the American public — must better understand the Department’s need for the proposed amendments, how the Department intends to use its proposed new powers, and the potential consequences to our digital security before these rules go into effect.”
The lawmakers ask the Department of Justice (DOJ) a number of questions about how Rule 41 will be used, including:
- How the government intends to prevent forum shopping by prosecutors seeking court approval to hack into Americans’ devices;
- How the government will prevent collateral damage to innocent Americans’ devices and electronic data when it remotely search devices such as smartphones or medical devices;
- Whether the government intends to use this new authority to search and “clean” Americans’ computers;
- How the government will maintain a chain of custody when searching or removing evidence from a device;
- How the government will notify Americans who are the subjects of remote government searches.
Daines and Tester introduced the Stop Mass Hacking Act on May 19, 2016 that would prevent changes to Rule 41 from going into effect.
The letter was signed by: Sen. Ron Wyden, D-Ore., Sen. Mike Lee, R-Utah, Patrick Leahy, D-Vt., Sen. Tammy Baldwin, D-Wisc., Sen. Chris Coons, D-Del., Sen. Elizabeth Warren, D-Mass., Sen. Martin Heinrich, D-N.M., Sen. Al Franken, D-Minn., Sen. Mazie Hirono, D-Hawaii, and Rep. John Conyers, Jr., D-Mich., Rep. Ted Poe, R-Texas Rep. Justin Amash, R-Mich., Jason Chaffetz, R-Utah., Rep. Judy Chu, D-Calif., Rep. Steve Cohen, D-Tenn., Rep. Suan DelBene, D-Wash., Rep. Louie Gohmert, R-Texas, Rep. Hank Johnson, D-Ga., Rep. Ted Lieu, D-Calif., Rep. Zoe Lofgren, D-Calif., and Rep. Jerrold Nadler, D-N.Y.
The full letter is available to download HERE and below:
Dear Attorney General Lynch:
We write to request information regarding the Department of Justice’s proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure. These amendments were approved by the Supreme Court and transmitted to Congress pursuant to the Rules Enabling Act on April 30, 2016. Absent congressional action the amendments will take effect on December 1, 2016.
The proposed amendments to Rule 41 have the potential to significantly expand the Department’s ability to obtain a warrant to engage in “remote access,” or hacking of computers and other electronic devices. We are concerned about the full scope of the new authority that would be provided to the Department of Justice. We believe that Congress — and the American public — must better understand the Department’s need for the proposed amendments, how the Department intends to use its proposed new powers, and the potential consequences to our digital security before these rules go into effect. In light of the limited time for congressional consideration of the proposed amendments, we request that you provide us with the following information two weeks after your receipt of this letter.
- How would the government prevent “forum shopping” under the proposed amendments? The proposed amendments would allow prosecutors to seek a warrant in any district “where activities related to a crime may have occurred.” Will the Department issue guidance to prosecutors on how this should be interpreted?
- We are concerned that the deployment of software to search for and possibly disable a botnet may have unintended consequences on internet-connected devices, from smartphones to medical devices. Please describe the testing that is conducted on the viability of ‘network investigative techniques’ (“NITs”) to safely search devices such as phones, tablets, hospital information systems, and internet-connected video monitoring systems.
- Will law enforcement use authority under the proposed amendments to disable or otherwise render inoperable software that is damaging or has damaged a protected device? In other words, will network investigative techniques be used to “clean” infected devices, including devices that belong to innocent Americans? Has the Department ever attempted to “clean” infected computers in the past? If so, under what legal authority?
- What methods will the Department use to notify users and owners of devices that have been searched, particularly in potential cases where tens of thousands of devices are searched?
- How will the Department maintain proper chain of custody when analyzing or removing evidence from a suspect’s device? Please describe how the Department intends to address technical issues such as fluctuations of internet speed and limitations on the ability to securely transfer data.
- Please describe any differences in legal requirements between obtaining a warrant for a physical search versus obtaining a warrant for a remote electronic search. In particular, and if applicable, please describe how the principle of probable cause may be used to justify the remote search of tens of thousands of devices. Is it sufficient probable cause for a search that a device merely be “damaged” and connected to a crime?
- If the Department were to search devices belonging to innocent Americans to combat a complicated computer crime, please describe what procedures the Department would use to protect the private information of victims and prevent further damage to accessed devices.