The US government is reaching new depths as news has emerged that no longer are they content with sucking up vast quantities of internet communications or liaising with their UK counterparts to skirt home laws, they now want to actively target those who use privacy services such as Tor and VPN services.
A proposed update to Rule 41 of the Federal Rules of Criminal Procedure would allow judges in the United States the power to authorise search warrants against users who specifically make use of Tor or a VPN.
The proposal that will receive no public debate will grant law enforcement in the US the ability to legally access devices of users who choose to protect their privacy. While there are sections of society who use privacy tools such as VPNs and Tor to carry out illegal activity the number of legitimate reasons for using such services far outweighs this.
VPN use is widely used to access geo-restricted services and with the popularity of Netflix and other streaming products, VPN use has steadily grown around the world. Alongside restricted content access, many users employ VPN services to protect their privacy while using public Wi-Fi or when travelling and have no intention of carrying out illegal activity.
The US proposal doesn’t take into account the many legitimate uses of VPN services or Tor and the Electronic Frontier Foundation (EFF) who campaign for digital rights claims that anyone using privacy tools or carrying out simple actions like rejecting location services could be the target of intrusion by the US security services. This could include remotely accessing or copying data from devices.
Malware infected users at risk
The EFF have warned against the proposal that goes even further than just accessing the devices of those that make use of privacy services. Users who find themselves infected with malware as part of a botnet could also be at risk of legal hacking from the security services who would be allowed access to individual systems infected by malware as part of their investigation.
Further concerns have been raised around such botnet infiltration as the EFF claim that US malware is not designed with security in mind which could give other nefarious hackers an opportunity to hijack the malware inserted by the US security services and cause further damage to the infected user.
Nefarious hackers could access Government malware.
The EFF raised further concerns as the new proposal would affect users worldwide. Rule 41 would extend the jurisdictional powers to cover any user worldwide who is using technology such as a VPN to protect their privacy or who has been infected with botnet malware without their knowledge.
The US government appears to be following suit of UK ministers by trying to introduce new wide-ranging powers without public or legislative scrutiny and shoehorning in the changes via a procedural amendment.
You can read a full statement from EFF and Access Now about Rule 41 in the recent testimony.