[Congressional Record Volume 162, Number 80 (Thursday, May 19, 2016)]
[Senate]
[Pages S3032-S3033]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. WYDEN (for himself, Mr. Paul, Ms. Baldwin, Mr. Daines, and 
        Mr. Tester):
  S. 2952. A bill to prevent the proposed amendments to rule 41 of the 
Federal Rules of Criminal Procedure from taking effect; to the 
Committee on the Judiciary.
  Mr. WYDEN. Mr. President, today I, along with my colleague Senator 
Paul from Kentucky, Senator Baldwin from Wisconsin, and Senators Daines 
and Tester from Montana, am introducing the Stopping Mass Hacking Act, 
S. 2952, a bill to protect millions of law-abiding Americans from 
Government hacking.
  On April 28, 2016, at the request of the Department of Justice, the 
U.S. Federal Courts recommended administrative changes to Rule 41 of 
the Federal Rules of Criminal Procedure, the rule

[[Page S3033]]

that governs search and seizure procedure. The changes have been 
approved by the Supreme Court, and pursuant to the Rules Enabling Act 
the amendments take effect on December 1, 2016, absent Congressional 
action. Despite the seriousness of the changes, Congress has not spoken 
on the subject. It should. Making changes like this simply by 
administrative fiat is not good enough. So, today, Senator Paul and I 
introduce this bill.
  The administrative changes will provide a magistrate judge with the 
authority to issue a warrant for remote electronic searches of devices 
located anywhere in the world when law enforcement does not know the 
location of the device. While it may be appropriate to address the 
issue of allowing a remote electronic search for a device at an unknown 
location, Congress needs to consider what protections must be in place 
to protect Americans' digital security and privacy. This is a new and 
uncertain area of law, so there needs to be full and careful debate.
  The second part of the change to Rule 41 gives a magistrate judge the 
authority to issue a single warrant that would authorize the search of 
a large number--potentially thousands or millions--of devices that can 
cover any number of searches in any jurisdiction. These changes would 
dramatically expand the government's hacking and surveillance 
authority. The American public should understand that these changes 
will not just affect criminals: computer security experts and civil 
liberties advocates say the amendments would also dramatically expand 
the government's ability to hack the electronic devices of law-abiding 
Americans if their devices were affected by a computer attack.
  Finally, these changes to Rule 41 would also give some types of 
electronic searches different, weaker notification requirements than 
physical searches. This raises the possibility of the FBI hacking into 
a person's computer after they are the victim of a cyber attack and not 
telling them about it until afterward, if at all. Under this new rule, 
they are only required to make ``reasonable efforts'' to notify people 
that their computers were searched. You can see how that might be 
problematic. It could lead to circumstances in which law-abiding 
Americans are not told that the government has secretly hacked into 
their computer.
  These changes are a major policy shift that will impact Americans' 
digital security, the government's surveillance powers and the Fourth 
Amendment. Part of the problem is the simple fact that both the 
American public and security experts know so little about how the 
government goes about hacking a computer to search it. If a victim's 
Fourth Amendment rights are violated, it might not be readily apparent 
because of the highly technical nature of the methods used to execute 
the warrant.
  As a body of elected representatives, it is Congress's job to make 
sure we do not let the Executive Branch run roughshod over our 
constituents' rights. That is why action is so important: this is a 
policy question that should be debated by Congress. Although the 
Department of Justice has tried to describe this rule change as simply 
a matter of judicial venue, sometimes a difference in scale really is a 
difference in kind. By allowing so many searches with the order of just 
a single judge, Congress's failure to act on this issue would be a 
disaster for law-abiding Americans. When the public realizes what is at 
stake, I think there is going to be a massive outcry: Americans will 
look at Congress and say, ``What were you thinking?''
  I am here today, introducing this legislation, to sound an alarm. 
This rule change would could have a massive impact on Americans' 
digital security and privacy, and I plan on spending the next seven 
months making sure my colleagues fully understand the huge 
ramifications of inaction.
  I thank my colleague Senator Paul for his efforts on this bill, and I 
hope the Judiciary Committee will consider our proposal quickly.

                          ____________________