Rule 41 changes prompt concerns over extent of US Government hacking

A small change to a little known US law has drawn the attention of privacy campaigners over fears that it could see an expansion in the US Governments online surveillance capabilities.

The law in question is Rule 41 of the Federal Rules of Criminal Procedure and the changes that have been introduced could have wide-ranging implications.

The new Rule 41

Under the new version of Rule 41, US Judges are now permitted to hand out warrants for the remote access, search, seizure, or copying of any data which they deem to have “been concealed through technological means.”

They can also issue warrants in cases where the data is held on devices which have been “damaged without authorization and are located in five or more districts.”

To the uninitiated, it might seem that these new powers are minor and technical amendments to the law, but what is concerning privacy advocates in the USA so much is the risk of the new powers being overextended.

Under the terms of the new law, it would be permissible for US Judges to hand out warrants permitting the hacking of devices located outside of their immediate jurisdiction. Indeed, the law is so open that it could be used as a pretext to hack devices located anywhere in the world.

Hacking VPN users

And what this means in reality, is that the new law could be used by the NSA and the FBI to hack anyone, anywhere, who is using a VPN or a similar security tool.

The Electronic Freedom Foundation (EFF) which we at support, is one of a number of different organization which has been campaigning against the new changes to Rule 41.

In a blog post written when the new changes were first proposed back in April, Rainey Reitman, Activism Director at the EFF, warned that the phrasing of the new law was so vague that it could even affect people doing less to protect themselves online than using a VPN.

According to Reitman, it could even be applied to “people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks” or even just those who change their country setting on social media services like Facebook and Twitter.

It could also be applied to those who are the victims of a cyber-attack themselves. If your computer has succumbed to malware and become part of a botnet, you too could be hacked by the US Government, even though you are likely to be completely unaware that your device is being used for such a purpose.

No Congressional Consideration

What makes the new changes even worse is that the US Congress refused to even consider possible changes to the new Rule 41 before it came into law. However, as Nathan White, the senior legislative manager at Access Now told the International Business Times, this failing does not mean the end of the matter.

He explained that the new changes were intended to make it easier for the US Government to undertake hacking operations, but “Congress has never explicitly authorized government hacking at all. In fact, in many cases, hacking is inconsistent with human rights and the United States’ international treaty obligations.”

He has called on Congress to begin to consider a new law which places limitations on the extent of Government hacking, although with the incoming Congress holding a Republican majority, the likelihood of any such action taking place seems remote.

So, for now at least, the new Rule 41 remains in place, and those US citizens who remain keen to protect their online privacy would be well advised to sign up with a good and secure VPN such as IPVanish or ExpressVPN for the time being at least.

Leave a Reply

Your email address will not be published. Required fields are marked *