As of midnight last night changes to Rule 41 of the Federal Rules of Criminal Procedure took effect. Opponents of the rule change failed in a last ditch effort in the Senate to block the change.
Latest in Rule 41
I believe that lawful hacking is a legitimate and necessary way for law enforcement to handle certain investigations in the Digital Age. But as Steve Bellovin, Matt Blaze, Sandy Clark, and I said in our paper, the default on using a vulnerability should be to report it.
Senator Ron Wyden published an article in Wired this week, co-authored by Matt Blaze and Lawfare’s own Susan Landau, alarmingly entitled, ”The Feds Will Soon Be Able to Legally Hack Almost Anything.” There is a lot to say about the substantive problems with the arguments advanced in the piece, as well as the serious problems with Wyden’s Stop Mass Hacking Act legislation aimed at preventing the Rule 41 change schedule to take effect December 1.
Our guest, Patrick Gray, is the host of the excellent Risky Business security podcast. He introduces us to the cybersecurity equivalent of decapitation by paper cut and offers a technologist’s take on multiple policy and legal issues. In the news roundup, Michael explains the many plaintiff-friendly rulings obtained by the banks suing Home Depot over its data breach. We wonder whether the rulings are so plaintiff-friendly that the banks will eventually regret their successes.
Yesterday, a three-judge panel of the United States Court of Appeals for the Second Circuit heard oral argument in a high-profile dispute between the United States and Microsoft.