The U.S. Supreme Court approved a rule change that would significantly expand the FBI’s powers to hack targets from any U.S. jurisdiction, and perhaps anywhere in the world. The rule has been criticized by civil liberties groups as well as some companies.
“Modernizing” The Criminal Code
The U.S. Department of Justice has asked for this rule change since 2013 and has promoted it as a way to “modernize” the criminal code for the digital age. However, civil liberties organizations such as the ACLU and Access Now, as well as major tech companies like Google, have argued that this would allow the FBI to hack not just individual targets, but computer networks, too--as a way to get to a target.
They also said this new rule could violate the Fourth Amendment, which protects against unreasonable searches and seizures. However, if the majority of the Supreme Court approved this rule, it’s likely it would also reject any case that challenges its constitutionality in the future, at least until the Supreme Court’s makeup changes significantly.
Congress has the power to reject such rule changes, and it could do so by December 1 this year. Otherwise, after that date, the rule will go into effect.
Hacking Millions To Get A Single Target
Senator Ron Wyden, who has taken the privacy side on multiple issues in the past few years, thinks this change would lead to “treating victims like attackers.” He also believes that this is an issue that should be settled by Congress, not the courts:
"Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime," Senator Ron Wyden said in an official statement. "These are complex issues involving privacy, digital security and our Fourth Amendment rights, which require thoughtful debate and public vetting. Substantive policy changes like these are clearly a job for Congress, the American people and their elected representatives, not an obscure bureaucratic process," he added.
Senator Wyden vowed to introduce legislation to reverse this rule change.
Unintended Consequences Of Extraterritorial Hacking
The Department of Justice denied that this expands the FBI’s authority to hacking targets from other countries, but at the same time it said that targets could also be hacked when the location is unknown. The DoJ also presented the new rule change as a tool against targets who use anonymization software, which should also imply that the target’s location may very well be in another country, as that’s how anonymization tools usually work.
The FBI used to collaborate with other countries when trying to apprehend someone that murdered or took hostage a U.S. person. Such investigations by the FBI were almost never unilateral.
Ahmed Ghappour, a professor at the University of California Hastings Law School, believes that this type of extraterritorial hacking could also lead to “accidental” cyber wars, because it could violate another country’s sovereignty. The attacks could also invite lawsuits against the FBI in international courts, and the more often such attacks happen unilaterally, the more they could strain relationships with other countries.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.