Modern field guide to security and privacy

Opinion: Americans should unite around Stopping Mass Hacking Act

The Supreme Court has changed federal criminal procedure to vastly expand the FBI's ability to break into Americans' computers. Without congressional action, this would dangerously expand US search and seizure powers.


Carlos Barria/Reuters
A pedestrian stop sign in front of the US Supreme Court.

Sens. Ron Wyden (D) of Oregon and Rand Paul (R) Kentucky have introduced a critical piece of legislation to stop the largest expansion in US history of government search and seizure power.

Their bill, known as the Stopping Mass Hacking Act, would undo the Supreme Court's decision to rubber stamp a Justice Department request to significantly alter Federal Criminal Rule of Procedure 41. The change would give federal law enforcement agencies the conditional power to remotely hack, search, and seize millions of computers belonging to innocent users anywhere in the world.

If the bill Senators Wyden and Paul proposed isn't passed by December, blocking the court's decision, the government would start down a troubling path, raising significant Digital Age constitutional questions under the Fourth Amendment and the Constitution’s venue clauses.

Our constitutional framers simply didn't contemplate a world in which the government could simultaneously peer into the private lives of millions of people simply with the push of a button.

Under common law, a person's home is their castle, and therefore deserving of the highest form of protection against intrusive search and seizure by the government. In the Digital Age, computers have become our castles because searchers of these devices would reveal far more intimate knowledge about a person than a mere physical search of a house. 

Currently, Rule 41 requires that the government make a request based on probable cause for a search warrant to a federal magistrate judge, or in lieu of that, a state court judge. These requests are generally limited to the geographical district where the federal court is located. There are some exceptions, such as in terrorism investigations.

The Department of Justice, somewhat under the radar, successfully lobbied the Supreme Court to change Rule 41, adding a new subsection so judges in any district "where activities related to a crime may have occurred" can issue warrants that allow federal police agencies to remotely access and search, seize, or copy "electronically stored information" if:

  • The district where the media is has been concealed "through technological means;" or
  • "[I]n an investigation of a violation of the Computer Fraud and Abuse Act 18 U.S.C. 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts."

That second point is equally as eyebrow raising as the first. My law firm regularly litigates federal criminal cases involving the Computer Fraud and Abuse Act (CFAA) such as the case involving Matthew Keys, who was sentenced to two years after convicted of aiding the hacktivist group Anonymous. We are now representing him on appeal to the Ninth Circuit Court of Appeals.

Based on my lengthy experience with these types of cases, the CFAA defines "damage" so broadly that using it as a springboard for such a dramatic expansion of the government’s search and seizure power is deeply problematic.

Under the CFAA, "damage" means "any impairment to the integrity or availability of data, a program, a system, or information." A judge can interpret that as even a mere slowdown in access to data on that computer. So, if there are more than five computers in the US, or the world for that matter, that have malware they are all subject to search, seizure, and copying by federal police agencies if they can somehow fuzzily be related to a crime in their jurisdiction. 

This is true even where the computer owner is innocent of any wrongdoing and is not under investigation. Indeed, in the case of malicious software or botnets, computer owners may not even be aware of their device's participation. And given that some 30 percent of computers contain malware or are part of a botnet, suddenly the FBI has the ability to scan millions of computers.

A central argument made by the Justice Department during hearings about whether to approve the Rule 41 changes was that the judiciary would serve as a gatekeeper, and deny overbroad, unconstitutional, and abusive warrants.

We can't blindly trust the government to play this role, and history provides plenty of examples why – from its past treatment of Martin Luther King to the Drug Enforcement Agency's recent abuse of wiretap requests. 

Our founders didn't subscribe to the "trust us" philosophy; that’s why we have the Bill of Rights. Law enforcement agencies can't be trusted with the sort of power that comes with changing Rule 41. That's why anyone who cares about limiting the government's power, and protecting their rights in the Digital Age, should vigorously support Wyden and Paul's effort to block this dangerous development.

Tor Ekeland is an attorney in New York City who represents defendants charged with federal computer crimes. Follow him on Twitter at TorEkelandPC.


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Opinion: Americans should unite around Stopping Mass Hacking Act
Read this article in
QR Code to Subscription page
Start your subscription today