A Victory Lap to the End of the World

In April 2021, many experts championed an operation by the FBI to remove malicious web shells leftover from operations that targeted Microsoft Exchange Server software. The operation was seen as a victory for an update to Rule 41 of the Federal Rules of Criminal Procedure, which opened the door for judges to issue extra-jurisdictional warrants in certain cases related to botnets and when the location of the target had been obfuscated. The goal of the change was to ensure that government agents could conduct hacking operations without impediments found in legal procedure. However, the updates preceded any substantive debate as to if or how such operations should occur. Because of this, the United States still does not have a law specifically related to government hacking, and instead uses laws related to 19th century technology to authorize these 21st century techniques. I'll discuss the background of government hacking operations in the United States, the changes to Rule 41, and why the victory lap in this recent operation may be premature.