A rule has been presented in the U.S. Senate, which is focused on stopping cyber-crime, called “Stopping Mass Hacking Act” was proposed for voting recently. The proposal was not vast and had only several paragraphs but it’s primary focus was related to the warrants related to the usage of government monitoring corresponding to an investigation that is being conducted.
Many researchers and theorists are concerned that this rule will give power to judges to issue warrants on much less evidence than before.
At present times, according to EFF (Electronic Frontier Foundation) reports, Rule 41 gives the power to issue warrants that authorize a search of a given area of interest.
However, the new Rule 41 will have a completely different purpose, because it will be focused on giving the judges the power to issue warrants that give the authority for police to search a given suspect’s computer not only on specific areas but all over the world. This means that if the government decides, they will have the power to tap into a computer, no matter where it is located in the world. This also gives them the power to copy the data from such computers and seize it as well.
And here is not where it all ends. Another “feature” of this warrant is that it provides the government to search in multiple devices, meaning that they could tap into thousands and even million or more computers and this may happen simultaneously as well.
The changes brought up in Rule 41 should come into power as of the 1st of December if nobody votes it off.
Why These Changes Are a Two-Bladed Knife
The American Civil Liberties Union otherwise known as ACLU and several other foundations and non-governmental organizations, consisting of:
- The people behind the Tor Project;
- A lot of security researchers;
- Several US Senators;
- Privacy International;
- Electronic Frontier Foundation;
- A lot of other people;
have stood against those changes, because of many concerns.
One of the primary concerns regarding Rule 41 is the amount of power that will be laid to the government if this law is passed. Imagine this – the government can hack any given computer with any type of viruses. This may result in negative consequences for questionable “hackee” – from the crashing of his or her device to it’s complete disabling. Now imagine that this computer is central to an organization system in a fire department in a city and the whole department becomes disconnected from all the signals received.
Another strong argument malware researchers like Matt Blaze and Susan Landau brought up against Rule 41 was that the victim in question is not notified at all about those hacks and their risks, like creating an opportunity for other attackers to swoop into the system.
Not only this, but reports about the Rule 41 also indicate that the very same tools the government uses to hunt hackers, could be detected and restructured to allow them to be used by cyber-criminals as well. And the tools themselves had multiple bugs as well.
The biggest issue with this law is the fact that it breaks fundamental privacy issues, mainly connected with searches that may be conducted to an unsuspecting citizen for no reasons and no notice.
Senator Wyden has informed that this “authorizing” law may much power to the government to tap onto our devices, and this law should be voted publicly instead of being passed under the noses of people. Many believe that it completely throws user privacy in the “Recycle Bin”, not that it is something new.