Starting today, the U.S. government agencies such as FBI and NSA are free to engage in mass hacking of computers, phones, and other devices because Congress failed to act to prevent the new authorizing rule from taking effect.
A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government's hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump.
Democratic Senator Ron Wyden attempted three times to delay the changes, which will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate's second-ranking Republican.
The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.
DoJ claims that the rule change is necessary to combat the increasingly widespread use of bot-nets by criminal hackers, a situation that has largely arisen as a result of adoption of the so-called Internet of Things - "smart" devices that allow users to remotely control home temperatures, lighting, "security" cameras, and more; nowadays you can even check the contents of your fridge while you're at the store. "Smart" televisions are becoming ubiquitous, and streaming video options are changing the way addicts get their TV fix.
The problem is that all of these devices are connected in various ways to the Internet, and virtually none of them do so securely. It may be a source of amusement to some to log into a website and pick up a feed from somebody's "baby-cam" (possible because the user didn't secure the playpen monitor's connection settings), but these things also afford criminal hackers additional tools that they can - and do - use to launch distributed denial of service attacks against the servers of a targeted site.
Obviously, Congress screwed up here, and it's particularly disturbing that Senator Cornyn shot down a fellow Republican who opposed allowing the rule change to take effect without further consideration of possible effects. Republicans claim to favor limited government, but establishment Republicans such as Cornyn put the lie to that claim. Wyden was hardly alone in opposition, and in this instance, the opposition was correct.
What is needed is not another expansion of governmental intrusion; rather, manufacturers and service providers could be - and should be - required to harden their offerings to minimize the likelihood of harnessing IoT devices by hackers.