“We can’t give unlimited power for unlimited hacking – putting Americans’ civil liberties at risk.” So said Sen. Steve Daines, R-Mont, in response to a new Department of Justice plan – a plan that would dramatically expand the government’s hacking and surveillance capabilities. That is apparently what is going to happen when this new rule, that will allow federal agents armed with a single search warrant, to hack millions of Americans’ computers or smartphones, goes into effect next week.
The prospect has privacy advocates and a band of bi-partisan senators up in arms. Daines is joined in his opposition by Sens. Ron Wyden, D-Ore, Chris Coons, D-Del. Wyden, in particular, has a long résumé as a champion of privacy rights and civil liberties.
Together, this “Holy Trinity” of civil liberties lawmakers stormed the Senate floor seeking to stop or, at least delay, the bill, known formally as amendments to Rule 41 of the Federal Rules of Criminal Procedure. Lining up with the senators against the new rule are Google and other big tech companies. The Department of Justice, with this legislation, seeks to arm the FBI with a weapon to combat the rash of criminal hacking caused by “botnets.” These are essentially clusters of computers infected by malware, which can be controlled remotely and used by hackers to steal financial data. Its effect could be greater than one would imagine.
It is feared that in its zeal to pursue criminal hacking of the scope caused by botnets, and to hack into those devices, agencies such as the FBI would also irreparably damage perhaps millions of computers of unwary, innocent citizens. Even more disconcerting is that some of the people hacked by the government might already have been victims of the criminal hack, and thus would be hacked a second time.
This will now be easier for the FBI to do because it will only need a single warrant to leapfrog multiple magistrates around the country, as it seeks to stem malware mayhem. Currently, the agency needs a warrant from a judge in every instance in each jurisdiction.
At first glance, it seems to make sense that the FBI be unshackled from such constraints, so it can be more effective. But there is bound to be collateral damage of the FBI’s hacking efforts on the guiltless. What’s more, public and oversight groups (including the judiciary, which will be granting the warrants), have too little information about the FBI’s hacking tools, and how it plans to use them.
Inadequate attention is also given to vital components of society, such as protections for the security of hospitals and other life-saving computer systems, along with the casual citizen. If a hospital’s computer system or, say, a utility’s grid, went dark in the process, accidents would abound and people could die.
Further compounding the problem is the likely lack of vigorous oversight. There is even greater consternation over the fact that this initiative wasn’t written by a publicly-elected law-making body. Remarkably, Congress had no role in writing or approving these changes. They came about via an obscure procedural process in the US court system. Such a rule is so sweeping in its scope, and so potentially harmful in its impact, that it should be a policy decision for Congress – not a confusing court process. But Congress has not even held any hearings on the new rule, and absent any congressional action, is automatically in effect as of 1 December.
History is rife with examples of just how difficult it is to get hacking tools right. Combine this with the dreadful possibility of civilian computer casualties and absent rigorous and periodic evaluation of hacking software by independent experts, and you have a recipe for disaster. Personally, with the recently concluded exercise of democracy in the US, it is my firm belief that with something this critical and contentious, citizens deserve a thorough airing about the best ways to update our laws and to address online threats. It is an issue that should be taken up by people who were elected to speak for them, and are thus better able to convey their concerns.