skip to main content

H.R. 5321 (114th): Stopping Mass Hacking Act

National security analyst Ahmad Ghappour has called it “possibly the broadest expansion of extraterritorial surveillance power since the FBI’s expansion.” It’s an obscure change approved earlier this year which would essentially allow the government to hack an unlimited number of computers, anywhere in the world, with a single warrant. An edit to Rule 41 of the Federal Rules of Criminal Procedure, it’s more commonly referred to just as “Rule 41.”

Amazingly, Congress never approved this change — instead, the Justice Department requested and received judicial approval from the Supreme Court in April. Now the rule will go into effect on December 1, unless a new congressional bill succeeds in stopping it.

What the bill does

Sen. Ron Wyden (D-OR) and Rep. Ted Poe (R-TX2) have introduced the Stopping Mass Hacking Act, S. 2952 and H.R. 5321. The bill is a single sentence long: “The proposed amendments to rule 41 of the Federal Rules of Criminal Procedure, which are set forth in the order entered by the Supreme Court of the United States on April 28, 2016, shall not take effect.”

If the bill went into effect, the FBI and other security-related federal agencies could still obtain search or surveillance warrants under the Patriot Act, as is the status quo. But the warrants would have to be much more targeted and limited, as they currently have to be. For example, as ThinkProgress noted, under Rule 41 the FBI could hack computers and other devices located abroad (where about 95 percent of the world’s population lives), compared to the status quo where a warrant can only be authorized if the computer or device is known to be within U.S. jurisdiction.

What supporters say

Supporters of the bill argue that the bill is a necessary bulwark to stop what would otherwise be perhaps the greatest broadening of governmental surveillance abilities in U.S. history.

“This is a dramatic expansion of the government’s hacking and surveillance authority. Such a substantive change with an enormous impact on Americans’ constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process,” lead Senate sponsor Wyden said in a press release. “Unless Congress acts before December 1, Americans’ security and privacy will be thrown out the window and hacking victims will find themselves hacked again — this time by their own government.”

“Government does not have the authority to unilaterally legalize widespread government hacking,” lead House sponsor Ted Poe said in his own press release. “Americans have rights. It is Congress’ responsibility to safeguard the constitutional rights of the people they represent from a power hungry Executive Branch. As such, we are moving to stop this change that condones hacking the property of the very people we are entrusted to protect.”

What opponents say

Opponents of the bill argue that in an increasingly dangerous world, with constant threats from the Islamic State to lone wolf mass shooters, Congress should not deprive the government of potential tools to gather evidence and potentially stop attacks. FBI Director James Comey has characterized the proposed Rule 41 change as a relatively minor change, one for which digital and privacy advocates are making much ado about nothing.

“We still need to get a search warrant. Make a showing of probable cause. Explain to the court what we’re doing and how. It’s just the question is, what judge can issue a search warrant. In complex computer crime cases, given the nature of the dark web for example and given the nature of huge bot nets, it is problematic for some of our most important investigations,” Comey told reporters.

“If we have to go to dozens of different magistrate judges in a bot net case, or if we’re unable to go to a magistrate judge [because] we can’t say for sure where the computer is. Even if we have probable cause to believe that computer is involved in serious criminal activity. It’s to solve that problem where the digital age has made physical location, a less of a determinant than it is in the pre-digital age.”

Odds of passage

The Senate bill has attracted four cosponsors, two Republicans and two Democrats, including Sen. Rand Paul (R-KY). It has not yet received a vote on the Senate Judiciary Committee. The House bill has attracted 11 cosponsors, six Republicans five Democrats. It has not yet received a vote from the House Judiciary Committee.

The bill would need to be signed into law by December 1 to prevent the Rule 41 changes from going into effect.

Last updated Sep 30, 2016. View all GovTrack summaries.

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress, and was published on May 25, 2016.

Stopping Mass Hacking Act

This bill rejects an amendment to rule 41 (Search and Seizure) of the Federal Rules of Criminal Procedure adopted by the U.S. Supreme Court and transmitted to Congress for review on April 28, 2016. (The amendment allows a federal magistrate judge to issue a warrant to use remote access to search computers and seize electronically stored information located inside or outside that judge's district in specific circumstances.)