At midnight, the U.S. government quietly gained expansive new surveillance abilities after a last-ditch effort to stop changes to the federal code of criminal procedure died on the Senate floor.
Senator Ron Wyden tried three times on Wednesday to stall the rule changes, which let judges give federal agents the authority to hack multiple computers in any jurisdiction at once, including those belonging to innocent malware victims.
“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance,” said Wyden on Wednesday. “Law-abiding Americans are going to ask ‘what were you guys thinking?’ when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk.”
Under the old version of “Rule 41,” agencies like the FBI needed to apply for a warrant in the right jurisdiction to hack a computer, presenting difficulties when investigating crimes involving suspects who had anonymized their locations or machines in multiple places. Under the new version, a federal judge can approve a single search warrant covering multiple computers even if their owners are innocent or their locations are unknown.
The Justice Department has wanted the changes for years, arguing that outdated statutes have hampered crimefighting efforts, but the solution becomes far more troubling when considered in conjunction with the FBI’s mysterious hacking tools.
The FBI has refused to reveal the most basic information about its hacking efforts or what safeguards it has in place. Speaking to Gizmodo earlier this year, Neema Singh Guliani of the ACLU Legislative Counsel said, “You can pretty much name the question and we probably don’t have an answer.”
Just about the only thing that is known about that the agency’s Orwellian-sounding “Network Investigative Tool” is that the FBI doesn’t consider it malware, because malware is bad and the NIT is good. In May, Wyden told Gizmodo he wasn’t convinced about the safety of the hacks.