Upcoming changes to the rules around search and seizures will mean US magistrate judges—federal judges who review search warrants in criminal cases—could approve warrants for hacking outside of their own district.
The changes would also mean magistrates could authorize hacking an unlimited number of victims of cybercrimes with a single warrant.
In response, Democratic Senator Ron Wyden and Republican Senator Rand Paul introduced a bill on Thursday that would reverse those changes, called the Stopping Mass Hacking Act, Reuters reports.
"This is a dramatic expansion of the government's hacking and surveillance authority. Such a substantive change with an enormous impact on Americans' constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process," said Sen. Wyden in a statement sent to Motherboard.
"Congress must act to prevent this threat to the privacy of law abiding Americans and ensure a rule change of this magnitude has the proper oversight."
Congress has until December 1 to oppose the changes. Senators Tammy Baldwin, Steve Daines and Jon Tester are original co-sponsors of the new bill.
The Department of Justice has pushed for the changes largely in response to crime on the so-called dark web, where law enforcement have little idea where a criminal might be located because of anonymizing Tor network. This is a problem for magistrate judges, who can only sign warrants for searches in their own turf, unless it applies to a terrorism case, or some other exemptions. But how can you give the all-clear for a search if you don't know where it will take place?
So to combat that, the changes to Rule 41 of the Federal Rules of Criminal Procedure will let magistrate judges authorise hacks beyond their current jurisdiction. Another change would allow judges to greenlight searches of an unlimited number of victims' computers located in multiple districts, as might be needed if there is a botnet involved.
In a recent case, the FBI used one warrant to hack thousands of computers in the US, Europe and elsewhere. Several judges who have reviewed that warrant have found it invalid because it was signed by a magistrate judge. If the Stopping Mass Hacking Bill successfully reversed the Rule 41 changes, similar warrants signed in the future would likely also be invalid.
"Congress must act to prevent this threat to the privacy of law abiding Americans and ensure a rule change of this magnitude has the proper oversight," said Sen. Baldwin in a statement.
Update 5/19/2016: Peter Carr, a spokesperson for the Department of Justice, told Motherboard in a statement, "The amendment would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law, and the amendment does not change any of the traditional protections and procedures, such as the requirement that the government establish probable cause. Rather, the amendment would merely ensure that some court is available to consider whether a particular warrant application comports with the Fourth Amendment."