The change to Rule 41, as it's known, amends procedures so that investigators can ask for a warrant to search electronic data located outside a particular judges' jurisdiction, outside the state and even outside the country, and includes data for which a location is unknown.
The Judicial Conference Advisory Committee on Criminal Rules approved the change 11-1, despite concerns from a variety of organizations that this is a violation of Fourth amendment protections against unreasonable search and seizure, that it could lead to increased vulnerability to hacking, and that it could target potentially thousands of computers beyond an investigation's specific target.
— WarOnPrivacy (@WarOnPrivacy) January 27, 2015
Google was one of the only big tech firms to raise concerns about the rule change, and in their comment to the Committee they called it a "monumental" constitutional threat.
"[The proposed amendment] invariably expands the scope of enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants."
Google's comment also raised concerns about inadequate protections to ensure that searches will not violate the sovereignty of other nations, asserting that "the nature of today’s technology is such that warrants issued under the proposed amendment will in many cases end up authorizing the government to conduct searches outside the United States."
"The US has long recognized the sovereignty of nations,” Google wrote. “The jurisdiction of law enforcement agents does not extend beyond a nation’s borders."
"Frightening" Use of Software Vulnerabilities
The American Civil Liberties Union, in a November 4 blogpost about the proposed change, emphasized the possible repercussions of allowing the FBI to use what are called "zero-day" software exploits to hack in to targets' computers and networks. These are vulnerabilities that exist in software, as it is manufactured, which the government pays top dollar to experts to unearth.
— TN Digital Rights (@TNDigitalRights) November 2, 2014
"There are strong arguments that zero-day exploits are too intrusive, destructive, or dangerous to be reasonable under the Fourth Amendment, considering they endanger far more computers than those they target," wrote the ACLU.
Uncovering and exploiting such built-in vulnerabilities for their own ends also means that the government would have a vested interest in flawed, hacking-vulnerable software.
"That is, quite simply, frightening. Government officials often say that cyber-attacks are one of the biggest threats faced by this country. Given that assessment, shouldn't government be fixing, not exploiting, insecurities in widely used technologies?" the ACLU pointed out.
The FBI has insisted that no violations will result from the rule change, that it is simply a modernization of procedures to adapt to the digital realities of the 21st century.
Addressing concerns about searching computers overseas, the Justice Department responded, unusually, to Google's letter after the DOJ's arguments had already been submitted to the Committee, and asserted that the premise of Google's concerns was "incorrect."
"The proposed amendment has no effect on the FBI's authorities outside the United States. As the Department explained in its September letter to the Committee, the proposed amendment 'does not purport to authorize courts to issue warrants that authorize the search of electronic storage media that is located in a foreign country or countries,'" the DOJ wrote, citing language that Google had called a "weak assurance."
The rule change is now headed for the Standing Committee on Rules of Practice and Procedure, which will likely address it during its June meeting. After that it moves to the Judicial Conference, which will probably take it up in September.