The rule changes allowing expanded FBI searches of computers, approved by the Supreme Court in April, go into effect in December unless Congress votes against them, and getting Congress to move in a contentious election year will be difficult, said Senator Ron Wyden, an Oregon Democrat and a critic of the changes.
"Inaction is easy," said Wyden, sponsor of a bill to roll back the proposed changes. "Inaction is what Congress does best."
The proposed changes to Rule 41 of the Federal Rules of Criminal Procedure would allow the FBI and other federal law enforcement agencies to obtain warrants to hack into computers even when they don't know where those computers are located. The changes would, therefore, allow federal judges for the first time to issue search warrants outside their jurisdictions.
So when law enforcement doesn't know the location of a device, "whether it’s in this country or abroad, it will be allowed to hack into that device," Wyden said during a speech at the New American Foundation's Open Technology Institute.
In addition, the proposed changes, in an effort to better investigate and shut down botnets, would allow the FBI to get warrants to access computers the agency suspects have been compromised by hackers.
Those proposed changes could have major consequences, Wyden said.
"This would be a massive expansion of government hacking, jeopardizing our liberty," he said. "There’s no telling what kind of impact secretive government malware could have on our devices or the networks that run our hospitals, electrical grids, and transportation systems."
Still, there are good reasons for the rule changes, said Orin Kerr, a professor at the George Washington University Law School and a member of the Advisory Committee on Rules of Criminal Procedure, the panel that recommended the changes to the Supreme Court.
Criminal suspects are embracing anonymizing technology like Tor and VPNs, meaning law enforcement investigators sometimes don't know the location of the computers used in online crimes. Without the rule changes, anonymized computers would be exempt from any law enforcement searches, Kerr said.
In a 2013 Texas case, a judge said he couldn't issue a warrant for a computer protected with an anonymizing service, Kerr said.
"The implication being no judge can issue a search warrant because no one knows where the search is going to occur," he added. "The rule shouldn't be that no [warrant] can be obtained."