The following podcast contains advertising.

To access an ad-free version of the Lawfair Podcast,

become a material supporter of Lawfair at Patreon.com slash Lawfair. That's Patreon.com

slash Lawfair. Also check out Lawfair's other podcast offerings, rational security, chatter, lawfare no bull, and the aftermath.

Congress should revisit this because if we continue to expand Rule 41 in this way

and authorize more and more nationwide hacking warrants we may end up in a place that we don't like

because we'll be giving the government broad power to search any digital device

anywhere in the country if it says that the code is illegal.

I'm Matt Gluck, research fellow at Law Fair, and this is the Law Fair Podcast, March 19th, 2024.

Last May, Microsoft announced

that a Chinese state-sponsored hacking group,

Volt Typhoon, appeared to be targeting US critical infrastructure

and entities abroad, in part through establishing a presence in a malware infected network or Botnet consisting of old devices located in the United States.

At the end of January, the Justice Department announced it had removed the botnet from hundreds of American devices.

Cybersecurity experts, Timothy Edgar, and Paul Rosenzweig both wrote articles for lawfare discussing the Volt Typhoon

Intrusion and the US response but the authors take away very different lessons

from the intrusion. Edgar argued that although the removal of the botnet was a success in terms of cyber security,

the legal theory the government relied on for conducting this operation has dangerous privacy implications.

Rose and Swig, on the other hand,

contended that the Volt Typhoon breach

illuminates flawed assumptions at the core

of the US cybersecurity strategy,

...