Rule 41 went into effect in the United States on December 1, 2016. This legislation grants the United States FBI more hacking powers, giving them the ability to search multiple computers across the USA with only a single warrant. Previously, they could only search within the district where the warrant was issued. The rule also explicitly mentions those who use means to try to mask their location or identity (Tor, VPNs, etc.), and gives the government broader authority to look into these individuals during investigations by expanding the jurisdiction of warrants. The purpose of this rule is to fight hacking and botnets, but as with many similar pieces of legislation, it has created quite a stir due to privacy concerns and the sweeping authority it grants.
Rule 41 & VPN Use
As stated above, the expanded Rule 41 powers will allow the FBI more flexibility in obtaining warrants during investigations, as the warrants are no longer limited by the jurisdiction (area) of the user or the server. Tools like VPNs were specifically mentioned as part of the legislation, as they can be used to mask physical location. Two of the main concerns about the amendments to Rule 41 include:
- Because VPNs and other tools conceal information like data, it’s not possible for the FBI to determine the person’s true jurisdiction is if they are using a VPN. Without a VPN, they could more easily identify the jurisdiction of the server or user.
- Rule 41 could make it easier to get a warrant, as people can seek warrants from a much larger amount of locations, even with less information (for example, they may not know the users’ true location initially, but may still obtain the warrant as the jurisdiction for using it is expanded).
While Rule 41 grants the FBI greater hacking power, the actual requirement for the warrant and the way that Golden Frog responds to the warrant are not any different under the amendments to Rule 41.