Proposed changes to Rule 41 of the Federal Rules of Criminal Procedure would allow a judge to authorize a search and seizure outside of their jurisdiction. For example, a Massachusetts judge could authorize a search in Alaska or even in a foreign country. This would mainly apply to government electronic hacking efforts into computers and computer networks. The changes have been approved by the Supreme Court and will go into effect on December 1 unless challenged by Congress.
I believe this is a slippery slope that threatens the Fourth Amendment protections against unreasonable searches and seizures. What are the implications of this possible erosion of privacy on our own computers and networks?
The Fourth Amendment
The Fourth Amendment was added as part of the bill of rights in 1791 and deals with the search of homes and private property without a properly executed search warrant. It stems from the almost unlimited powers granted to British tax collectors to search homes and property for contraband that wasn’t being returned to King George in the form of taxes. Those who drafted the Fourth Amendment could not foresee 21st century technologies and interconnected systems. At issue now is whether a warrant can be issued remotely and whether one warrant can be issued for hundreds or even thousands of systems through surveillance and hacking.
No Expectation of Privacy
Senior U.S. District Judge Henry Coke Morgan Jr. recently ruled, “people should have no expectation of privacy on their home PCs because no connected computer ‘is immune from invasion.’” This is a ruling associated with a case of government takeover and surveillance of a site on the dark web for the purpose of collecting networking information of visitors. One warrant was issued for many searches, including those outside of the United States. The judge in this case argued that even that one warrant was not necessary because the defendants were engaged in illegal activity and took measures to hide those activities behind the anonymity of the dark web.
Advocates such as the Electronic Frontier Foundation are challenging this ruling and filed an amicus brief in this case, but to no avail. My main question is how much privacy should we expect on our personal systems and in our transactions on the web? This case maintains that because there are so many hacking attempts we should have no expectation of privacy, even from our government. This seems like a spurious argument at best. I have written before about the notion of geographical boundaries and how those boundaries are disappearing as we engage in more electronic transactions. This case and the proposed changes to Rule 41 only accelerate the dissolution of boundaries.
My aim is to make you aware of the activities and rulings that could affect your right to privacy, particularly digital privacy. Is there cause for concern? Let me know your thoughts.
Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.