Wyden, Coons Slam DOJ Reply on FBI Hacking Power Expansion

Sens. Ron Wyden, D-Ore., and Chris Coons, D-Del., slammed the Justice Department on Tuesday for ducking lawmakers’ questions about an upcoming expansion of FBI hacking powers.

Wyden and Coons were among 11 senators and 12 House members who queried DOJ about the hacking powers expansion last month. The department’s reply, which arrived today, should be “a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices,” Wyden wrote.

Wyden and Coons are also cosponsors of a bipartisan bill that would put a nine-month hold on the powers expansion, which will go into effect Dec. 1 unless Congress intervenes.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The expansion is an update to Rule 41 of the Federal Rules of Criminal Procedure.

Under the revised rule, a federal judge would be able to issue a warrant allowing police to hack into computers in multiple judicial districts rather than just the district in which that judge presides. Judges could also issue warrants to search a computer or device when the user has masked the device’s location.

The expansion is necessary to efficiently investigate covert web crimes such as child pornography rings and to investigate and disrupt botnets, the Justice Department has said. Botnets are armies of computers and other connected devices hackers have compromised unbeknownst to their owners and used to attack a separate target.

The Justice Department’s response letter doesn’t provide clear answers on how the department will prevent law enforcement from “forum shopping” for warrant-friendly judges, Wyden and Coons said.

The letter is also sparse on how the department will avoid invading the privacy of innocent bystanders whose computers are hijacked into participating in criminal activity, the senators said.

The letter does not recount any specific department policies or training that would prevent forum shopping. It does stress police will only be able to seek warrants in districts where activity related to a crime has occurred and that the revised rule uses the same language as existing out-of-district warrant authorities for terrorism cases.

The letter also states law enforcement will consider privacy concerns before investigating or disrupting a botnet and items “searched or seized from victim computers pursuant to a botnet warrant will be quite limited.”

“Simply put, the amendments do not authorize the government to undertake any search or seizure or use any remote search technique that is not already permitted under the Fourth Amendment,” the letter states.

Assistant Attorney General Leslie Caldwell has posted two blog posts praising the rule expansion in the past two days—one related to child pornography investigations, the other to botnet takedowns.

The Senate Judiciary Committee does not have plans to hold a hearing on the rule expansion prior to its Dec. 1 enactment, spokesman Taylor Foy told Nextgov.