National Pulse

Changes in criminal procedure rule could expand the government’s investigative net

  • Print.

leslie caldwell

Leslie Caldwell, former head of the Criminal Division. AP Images.

While investigating an online child pornography ring, the FBI asked a Virginia judge to sign a warrant that would permit the agency to search an unlimited number of computers anywhere in the world. The warrant, issued in 2015, was used in Operation Pacifier, during which the FBI commandeered a popular child pornography website called Playpen and infected visitors’ computers with malware to track them remotely.

As a result, the Department of Justice charged 214 people. The warrant allowed access to 8,700 IP addresses in some 120 countries, according to documents filed in the U.S. District Court for the Western District of Washington. Because of its broad nature, however, some courts have suppressed evidence collected through the warrant.

Nonetheless, the authority to erase jurisdictional boundaries for warrants in hacking cases has become a part of Rule 41 of the Federal Rules of Criminal Procedure, the rule governing warrants.

With this change, instituted in December, a bipartisan group of politicians, criminal defense lawyers and advocacy organizations is concerned that the amended rule is a threat to the Fourth Amendment and gives the Justice Department unchecked and overly expansive authority. Law enforcement, however, says the amendment is needed to keep up with the increasing sophistication of online crime and does not impinge on individual rights.

In the Playpen cases, federal judges in Massachusetts, Oklahoma and Washington found the warrant to be a violation of the old Rule 41. In Massachusetts and Oklahoma, judges went as far as suppressing the evidence collected through the warrant. Other jurisdictions have not found fault with the warrant.

Colin Fieman, a federal public defender in Seattle with multiple clients being prosecuted with evidence from Operation Pacifier, sees the actions taken by the FBI as “unprecedented and deeply troubling.”


In the United States, warrants have two major components: particularity and territoriality. The founders wanted the government to specify what they were looking for after dealing with malicious general warrants—a vague writ used by the British to search their subjects at will.

Particularity requires that a warrant is specific about who or what is to be searched, where and what is being sought. Territoriality generally means that the search warrant is issued in the jurisdiction it will be executed in, with a few exceptions. The amended Rule 41 effectively does away with these standards in hacking cases.

The Justice Department claimed in a series of blog posts that Rule 41, which was originally codified in 1917 with intermittent updates, was out of date because of technology advances. These include anonymizing technology such as Tor, a private way to search the internet, and botnets, a network of private computers infected with malicious software that gives control to a third party.

Leslie Caldwell, then the head of the DOJ’s Criminal Division, argued on the blog last November that these technologies make it nearly impossible to know where a computer is located for the sake of a warrant application, which “makes it unclear which court—if any—an investigator is supposed to go to with a search warrant application when investigating anonymized crime.”

However, some think that the expanded breadth of Rule 41 ensnares innocent people. Wayne Brough is the chief economist at FreedomWorks, an advocacy organization in Washington, D.C. He explains that the challenge of investigating botnets, which send spam and run denial of service attacks—last October they temporarily shuttered Twitter and the PlayStation Network—is part of the problem.

“You’re having millions of people not involved in criminal activity suddenly having their emails and … computers exposed to federal investigators,” Brough says. This is because the amended rule allows for the search of any computer involved with a botnet—whether a victim, called a “zombie,” or the criminal controlling the botnet, called a “bot master.”

When asked if this rule change could ever be constitutional, Brough said he did not think so, because the amended rule has “such a blanket and sweeping reach.”


Legally, the path to this rule change started with In re Warrant to Search a Target Computer at Premises Unknown from April 2013. In this warrant application, the government, investigating an online fraud case in the Southern District of Texas, wanted to install malicious software on a target computer that would extract information and give a location. The warrant did not state for whom, what or where the warrant was intended.

Magistrate Judge Stephen Smith denied the warrant application on multiple grounds. Chiefly, he found that since the location of the target computer is unknown, it is likely the warrant would be executed in another jurisdiction, which would not meet the territoriality standard. With these limits, Smith concluded that “there may well be a good reason to update the territorial limits of [Rule 41] in light of advancing computer search technology.”

Six months later, the DOJ recommended amending Rule 41 to the Advisory Committee on Rules of Criminal Procedure. These changes, which became law on Dec. 1, allow investigators to apply for a warrant “in any district where activities related to a crime may have occurred” if the location of a computer has been concealed through techno-logical means or if a violation of the Computer Fraud and Abuse Act has damaged computers in five or more jurisdictions. There are 94 district court jurisdictions in the United States.

According to the American Civil Liberties Union, the impact of this rule change raises the issue of forum shopping, the process of looking for a court favorable to these types of searches. The ACLU, in its 2014 comment to the advisory committee, stated that the rule change opens the door for investigators to apply for a warrant in dozens of districts until a favorable jurisdiction is found.

While Fieman and Brough agree that law enforcement has a unique challenge when investigating online crimes, Fieman says it is the conduct of investigators that is troubling.

“The rule change itself is not necessarily a good thing or a bad thing,” Fieman states. “My real concern with all this is that we have a track record of the FBI abusing the hacking powers that they haven’t been granted in the past.”

A DOJ representative says the amended rule did not change the fact that warrants must comport with the Fourth Amendment and indicates that there was no further guidance on the rule’s application. The FBI declined to comment.


Last year, a bipartisan group of senators failed to stop the amended Rule 41 from going into effect. Democratic Sen. Ron Wyden of Oregon and Republican Sen. Rand Paul of Kentucky, both strong online privacy advocates, proposed the Stop Mass Hacking Act, which would have prevented the rule changes.

This act never received a vote, and a similar bill had not been introduced in the new Congress at press time.

With new leadership in Washington, it is hard to know what direction this issue will take. FreedomWorks economist Brough says there is room to improve upon last year’s rule change. Specifically, the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act offers an opportunity for these issues to be reconsidered.

“It may be a heavier lift if the administration gets a little more pro-law-enforcement,” Brough says.

On the campaign trail, President Donald Trump promised to restore “law and order,” and his appointment of Kansas Rep. Mike Pompeo to lead the CIA is an indicator. “Legal and bureaucratic impediments to surveillance should be removed,” Pompeo wrote last year in a Wall Street Journal opinion piece.

With all this change, Brough is not willing to forecast. He did say that whatever the direction this debate takes, “2017 is going to be interesting with how things play out.”

This article originally appeared in the June 2017 issue of the ABA Journal with the headline "Warranted Searches: Changes in Rule 41 could expand the government’s investigative net."

Give us feedback, share a story tip or update, or report an error.