• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Laws and regulations
  • Rule 41 – Google against the expansion of FBI hacking powers

Rule 41 – Google against the expansion of FBI hacking powers

Pierluigi Paganini February 22, 2015

The Us Justice Department’s proposal to grant FBI Rule 41 specific hacking rights is under high scrutiny. While the amendment is being reviewed, the Advisory Committee on Criminal Rules will consider public objections, including a letter from Google.

The amendment to the Federal Rule of Criminal Procedure 41 (Rule 41) would expand jurisdiction for judges to issue warrants to investigate technologically concealed locations. It was first proposed to the Advisory Committee on Criminal Rules (ACCR) in September 2014. Since then, there has been a public consultation which resulted in Google strongly urging the ACCR to consider the residual effects this may have globally.

Google stressed that the amendment to Rule 41 is an extensive increase in government power and should be handled by Congress on a larger scale.

Google explained that currently under Rule 41, “federal prosecutors must generally seek a warrant in the judicial district to search for and seize a person or property located within the district. This territorial limitation is subject to limited exceptions”.

Whereas, the  requested amendment generalizes broad situations in which warrants could be issued to locations outside their district given that it was purposely concealed, or where technology has been damaged and also located in more than five districts in violation of the Computer Fraud and Abuse Act (CFAA).

“Remote searches of media or information that have been ‘concealed through technological means’ may take place anywhere in the world. This concern is not theoretical”.

According to Google, the US has been fairly successful at maintaining proper arrangements with other countries when conducting investigations, pointing out Mutual Legal Assistance Treaties (MLATs).

“Google and many other service providers, have long encouraged and supported the efforts of the Administration and Congress to improve these processes, but the proposed amendment undermines those efforts”.

Another point made by Google was the violation of the Rules Enabling Act, as well as alteration of US constitutional rights. The Rules Enabling Act allowed for adaptation of practical, procedural an evidentiary rules, as long as the updates did not interfere with any substantive right.

Rule 41 google fbi

Contrary to government claims, Google suggested, “it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment‘s particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants”.

The  specifications of what may be searched and how it may be obtained are not clear in the amendment. Remote access is mentioned in the means of searching, seizing or copying digitally stored data, however, this term can be interpreted in many ways. Google declared that remote access could be used to expose a target device’s IP address through the installation of software used to report pertinent information back to law enforcement. Another example of a remote access investigation technique is redirecting user information that is entered into specific websites of interest so that law enforcement can collect data from a target. Google mentioned the large potential for innocent parties’ information to be taken through an investigative technique such as this, as well as the increased exposure to possible malware. The proposed amendment also puts those who use Virtual Private Networks (VPNs) at higher risk to be searched because it would seem that their intentional use of encryption meant they were concealing their location.

The broad statement of damage to a computer in violation of the CFAA would encompass millions of American computers alone. Google reported that in order for the government to search more than five districts at a time, the use of botnets would be needed. These botnet searches, by default, would infiltrate the computers of law abiding Americans by the definition of their damaged computer. Google explained that around thirty percent of American computers contain malware and would be considered damaged. The searches seem to have no restrictions with the broad language that was used.

What is Google’s overall warning about Rule 41?

This amendment is bigger than the ACCR and could potentially become bigger than Congress. Google is the only major tech company that has spoke out against the private data search expansion. The proposed amendment should be rejected by the ACCR with the understanding that “the proposed amendment substantively expands the government’s current authority under Rule 41 and raises a number of monumental and highly complex constitutional, legal, and geopolitical concerns that should be left to Congress to decide”.

About the Author Kerri Heitner: 

Kerri Heitner is a recent graduate of Utica College in New York where she completed her Master of Science (M.S.) in Cybersecurity this past December. To learn more about Kerri and her research in cybersecurity, please visit www.linkedin.com/in/kerrianneheitner.

Edited Pierluigi Paganini

(Security Affairs –  Rule 41, FBI)


facebook linkedin twitter

Cybercrime Cybersecurity DoJ FBI Google Hacking Rule 41

you might also like

Pierluigi Paganini July 29, 2025
Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data
Read more
Pierluigi Paganini July 28, 2025
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT