Judge Says FBI Can Hack Computers Without A Warrant Because Computer Users Get Hacked All The Time

from the broken blinds policing dept

The FBI’s use of a Network Investigative Technique (NIT) to obtain info from the computers of visitors to a seized child porn site has run into all sorts of problems. The biggest problem in most of the cases is that the use of a single warrant issued in Virginia to perform searches of computers all over the nation violated the jurisdictional limits set down by Rule 41(b). Not coincidentally, the FBI is hoping the changes to Rule 41 the DOJ submitted last year will be codified by the end of 2016, in large part because it removes the stipulation that limits searches to the area overseen by the magistrate judge signing the warrant.

For defendant Edward Matish, the limits of Rule 41 don’t apply. He resides in the jurisdiction where the warrant was signed. He had challenged the veracity of the data obtained by the NIT, pushing the theory that the FBI’s unexamined NIT was insecure (data obtained from targets was sent back to the FBI in unencrypted form) and info could have been altered in transit.

It’s not much of a legal theory as any person performing these alterations would have had to know someone was performing long-distance acquisitions of identifying computer information and the IP addresses normally hidden by the use of Tor.

But that questionable legal theory is nothing compared to those handed down in Judge Henry Coke Morgan Jr.’s denial [pdf] of several motions by Matish. As the judge sees it, the FBI really didn’t even need a warrant. Morgan Jr. says there’s no expectation of privacy in an IP address, even if Tor is used to obscure it, which follows other judges’ conclusions on the same matter. However, Morgan Jr. goes much further.

Morgan Jr. hints at the Third Party Doctrine but refuses to consider the fact that this information was not obtained from third parties, but rather directly from the user’s computer via the FBI’s hacking tool.

The Court recognizes that the NIT used in this case poses questions unique from the conduct at issue in Farrell. In Farrell, the Government never accessed the suspect’s computer in order to discover his IP address, whereas here, the Government deployed a set of computer code to Defendant’s computer, which in turn instructed Defendant’s computer to reveal certain identifying information. The Court, however, disagrees with the magistrate judge in Arterburv. who focused on this distinction, see No. 15-cr-182, ECF No. 42. As the Court understands it, Defendant’s IP address was not located on his computer; indeed, it appears that computers can have various IP addresses depending on the networks to which they connect. Rather, Defendant’s IP address was revealed in transit when the NIT instructed his computer to send other information to the FBI. The fact that the Government needed to deploy the NIT to a computer does not change the fact that Defendant has no reasonable expectation of privacy in his IP address.

This reading of the Third Party Doctrine closely aligns with how the DOJ prefers it to be read. If someone knowingly or unknowingly turns over identifying info to a third party, it now belongs to the government — even if the government obtains it directly through a search/seizure, rather than approaching third parties.

But more disturbing than this is Judge Morgan Jr.’s declaration that no expectation of security is the same thing as no expectation of privacy first highlighted by Joseph Cox of Motherboard.

“It seems unreasonable to think that a computer connected to the Web is immune from invasion,” Morgan, Jr. adds. “Indeed, the opposite holds true: in today’s digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked,” he writes, and then points to a series of media reports on high profile hacks. He posits that users of Tor cannot expect to be safe from hackers.

If hackers can break into computers and extract information, then law enforcement can do the same thing without fear of reprisal or suppression of evidence. Morgan Jr. equates it to “broken blinds” on a house window, where previous rulings have said it’s perfectly fine for passing police officers to peer into windows that don’t completely obscure the house’s interior.

[I]n Minnesota v. Carter, the Supreme Court considered whether a police officer who peered through a gap in a home’s closed blinds conducted a search in violation of the Fourth Amendment. 525 U.S. 83, 85 (1998). Although the Court did not reach this question, id at 91, Justice Breyer in concurrence determined that the officer’s observation did not violate the respondents’ Fourth Amendment rights. Id at 103 (Breyer, J., concurring). Justice Breyer noted that the “precautions that the apartment’s dwellers took to maintain their privacy would have failed in respect to an ordinary passerby standing” where the police officer stood.

But that flies directly in the face of his previous determination that there’s no expectation of privacy in IP addresses, even if a person takes steps to obscure that identifying info. Tor may be imperfect and can be compromised, but applying Morgan Jr.’s analogy to this situation means it’s OK for the FBI to not only peer into the interior of a house, but to break the blinds in order to look inside.

The world Judge Morgan Jr. prefers is clear: that law enforcement should not be bound by the constraints of legal activity and, in fact, should be allowed to deploy hacking tools simply because computers get hacked every day. It’s a judicial shrug that says the good guys should be able to do everything criminals do because the ends justify the means. Morgan Jr. explicitly states that “the balance weighs heavily in favor of surveillance” in cases like these (child pornography prosecutions) because of the criminal activity involved.

The ends will justify the means in cases like these, if Morgan Jr. is overseeing them. Even if you are sympathetic to the judge’s belief that certain crimes call for more drastic law enforcement responses, the fact is that if given this judicial pass, law enforcement will not confine its use of jurisdiction-less warrants and invasive tech tools to only the worst of the worst. We need look no further than the deployment of a Stingray device to track down someone who stole $57 worth of fast food to see how this will play out in real life. The decision — if it stands — opens citizens up to a host of invasive, warrantless searches, just because security breaches are common and the pursuit of criminal suspects is more important than protecting citizens from government overreach.



Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Judge Says FBI Can Hack Computers Without A Warrant Because Computer Users Get Hacked All The Time”

Subscribe: RSS Leave a comment
67 Comments
Anonymoussays:

Re: Re:

Imagine if I told a judge, ‘yes, I was speeding, but everyone speeds all the time, so it’s OK’ or ‘yes, I infringed on IP but everyone always infringes on IP so that makes it OK’ how far that would get me? It wouldn’t get me far at all. So why should that excuse allow law enforcement to get away with something?

It’s the double standard that I was pointing out and everyone seemed to miss the point.

That One Guysays:

Re: Re:

It’s obvious isn’t it, those tasked with enforcing and/or upholding the laws don’t actually have to follow the laws as that would get in the way of catching all those heinous criminals, those dastardly evil-doers who ignore and/or violate the laws for their own gain and/or personal benefit.

Put simpler and slightly more serious, it’s because we have a two-tier legal(not justice) system, and those in the higher tier don’t have to follow the laws that those of us peons in the lower tier do.

Davidsays:

In other words:

“The Fourth Amendment is void.”

It would not be necessary to stipulate the Fourth Amendment if there weren’t tools and ways for invading privacy, and since there are tools and ways for invading privacy, there is no privacy and there is nothing for the Fourth Amendment to protect.

Now this kind of “the Constitution does not know what it is talking about” verdict will not likely survive competent review, but competent review in the U.S. is hard to come by and expensive.

Anonymoussays:

is it any wonder there’s no trust in the judicial system or those who preside on cases? what the fuck is wrong with these judges? they are supposed to uphold the law, not help the Police and Prosecutors twist it to suit the cases!! if the guy is guilty, have the proper evidence that proves guilt, not do whatever possible to take away any and every chance he might have of proving innocence, just because it doesn’t sit into the statistics of the prosecutor!!

Anonymoussays:

?It seems unreasonable to think that a home on a street is immune from invasion,? Morgan, Jr. adds. ?Indeed, the opposite holds true: in today’s criminal world, it appears to be a virtual certainty that properties can?and eventually will?be burglarized,? he writes, and then points to a series of media reports on high profile burglaries. He posits that users of security systems cannot expect to be safe from thieves.

Anonymoussays:

Re: Re:

The FBI is allowed and justified to do pretty much anything criminals do too in order to catch them. There are (were) certain checks and balances to this but they are slowly becoming irrelevant.

PSA: Hey are you sick of SWAT teams breaking your door unannounced at 4AM? Than this is for you! Call 511-NO-PRIVACY and we’ll install a Telescreen in your home free of charge.
This we’re sure you’re an upstanding and productive citizen without having to check up on you from time to time. Because we’ll do it ALL THE TIME.

Davidsays:

Re: Re: Re:

The FBI is allowed and justified to do pretty much anything criminals do too in order to catch them.

You have been watching too many Hollywood flicks. The FBI is not allowed to break the law. Some laws may have explicit exceptions for law enforcement written into them. And sometimes the FBI can get permission to act in violation of laws. Such permissions are granted by judges on request, and the name for such a request/permission is “warrant”.

In the case we are discussing, the FBI expected to be allowed to violate laws without permission, considering themselves not constrained by either law or judge, and use the results of such violation for the sake of making the job they are paid to do easier.

But this is not the Wild West and the FBI is not in the position to create their own laws for convenience and put them into effect.

Anonymoussays:

Re: Re: Re: Re:

Well I did mention that “There are (were) certain checks and balances to this but they are slowly becoming irrelevant.” in the same paragraph.

This has nothing to do with Hollywood flicks. More and more FBI busts look like they’re toe tipping the line ever so slightly towards illegal and entrapment.

These guys they arrested are scum no doubt. But going over the law and not getting the warrants means criminals could (and some will) walk free because the evidence might be compromised.
This is even worse than “parallel reconstruction” where they could at least potentially get some useful evidence.
Sure this judge was sympathetic, but all the evidence could be thrown out because all of it was gotten through hacking.

Davidsays:

Re: Re: Re: Re: Re:

These guys they arrested are scum no doubt. But going over the law and not getting the warrants means criminals could (and some will) walk free because the evidence might be compromised.

You still swallowed the Hollywood Koolaid. The problem with the FBI breaking the law is not that “the bad guys get away”. The problem is that we are not in Hollywood where good guys and bad guys are distinguished by sneering and kicking puppies, but where people get arrested and prosecuted not because of being bad persons but because of breaking the law.

Once the FBI goes around breaking the law without bothering to follow the procedures availing it of judicially controlled exceptions, the whole idea of a legal system falls apart.

Anonymoussays:

I don’t expect this ruling to withstand a court challenge. It’s like saying the civil rights of black people aren’t violated because police officers are suspicious of them due to the fact that the majority of crimes are committed by black people.

This decision about FBI hacking you is a ridiculous ruling and I don’t believe the federal appellate courts will allow that decision to stand.

Notta Trollsays:

Re: Drive-by Racism

“due to the fact that the majority of crimes are committed by black people.”

That is not a “fact” unless you love Stormfront and Fox News. Many crimes committed by whites are not prosecuted so the crime is never a conviction.

A thinking person would realize that law enforcement targeted (poor white and non-white) and visually identifiable communities will produce more arrests & convictions (valid or not) with arrest quotas and as this article demonstrates, a convictions justify illegal means judicial system.

Jnitesays:

It's more than looking through a window

Cop comes to the door. Let’s say that it is the type of door with a window. The shades are open, so the cop looks through the window and sees nothing.

The cop the proceeds to break the window, unlock the door from the inside, walk into the house and do whatever he wants. He could destroy the house. Take the person’s personal information. And for some weird reason leaves pornography pinned to all the walls.

He is justified in doing this because anyone could of broken into the house just as easily.

Davidsays:

Re:

We are getting there slowly. But this is a democracy, so instead of getting just one pompous dictator, you get to choose whether you would rather have a bit more pomposity or a bit more dictatorship. The color choice is a bit more subtle this time: rather than black and white, we get redder and whiter shades of pink. But then you get gender choice this time. Chirality is not overly diverse: either far right or fallen off the cliff.

Quiet Lurckersays:

No. Just ... No

Possession of child porn is a felony. By retaining and operating a server on which child porn was found was committing a felony.

Distribution of child porn is a felony. By operating a server from which child porn could be retrieved, the government was committing a felony.

Accessing and retrieving information from remote computer systems without authority is a felony. By accessing a remote computer; installing software on it; and using that software to retrieve information without authority to do so, the government was committing a felony.

Accessing a remote computer, whether with or without authority, under the guise of another person or party, is a felony. By using a non-government web site to deliver mal-ware, the government committed a felony.

Forcing a person to commit a crime, or produce evidence that he or she did so is entrapment. By unilaterally retrieving evidence that a person visited a particular (illegal) web site using surreptitious, illegal means, the government was committing entrapment.

The governments actions throughout this entire sorry debacle were utterly indefensible.

And now some judge wants to give the FBI a free pass by saying, ‘hey it happens all the time, no big deal’?

I don’t think so.

Anonymoussays:

Re: No. Just ... No

Except when the answer is “Yes”.

18 U.S. Code ? 2258C(e) is (one of the places) where you find the typical Law Enforcement Exclusion:

“(e)Use by Law Enforcement.?
Any Federal, State, or local law enforcement agency that receives elements relating to any apparent child pornography image of an identified child from the National Center for Missing and Exploited Children under section? 1

(d) may use such elements only in the performance of the official duties of that agency to investigate child pornography crimes.”

Law enforcement is pretty much always excluded from these types of laws.

Anonymoussays:

Re: No. Just ... No

Accessing and retrieving information from remote computer systems without authority is a felony. By accessing a remote computer; installing software on it; and using that software to retrieve information without authority to do so, the government was committing a felony.

Except, if you read the actual laws around it (you don’t cite one, so I can’t point it out specifically), but lets look at – for example, the CFAA –
more officially known as “18 U.S. Code ? 1030 – Fraud and related activity in connection with computers”

18 U.S. Code ? 1030(f), reads:

“(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.”

Tom Minksays:

Both ways

So, the possibility of an insecurity that the government can exploit means that a suspected individual has no defense, since they left themselves open – but an insecure chain of evidence doesn’t mean the government’s effort isn’t suspect since the expectation is that their insecurities wouldn’t have been exploited? There’s some cognitive dissonance in that.

Sure some crimes are so heinous that they require more aggressive investigation, but aggressive used to mean greater manpower and resources, not breaking the rules.

Adamsays:

Hacked all the time...

Can we then assert that since computers are “hacked all the time” that a computer was already hacked at that time and being used covertly for such activities as this man was accused of? If it’s a blanket sweep of every violation then it stands to reason that if JUST ONE person was already hacked and being used this way they AT LEAST ONE person would be pegged unjustly for a crime they didn’t commit.

ECAsays:

REALLY>>>

Computer users get HACKED?? ALL THE TIME??
The only way I and OTHERS would be HACKED..

Is IF”
Windows is Monitoring us..
Adobe inserted Data probing, to monitor any movie/music we play..
FLASH is monitoring us..
Windows MEDIA is monitoring us..

oh!! WOW,, they are..
And unless you TURN these feature off…THEY WILL..
UNLESS you change to ANOTHER OS…THEY WILL..

AND IM NOT TALKING ABOUT BOT/MALWARE/VIRUS/…

GO out and find the programs to TURN THIS OFF..

John Fendersonsays:

Interesting

So the judge really believes that there is no “expectation of privacy” in cases where your security isn’t perfect? Because that’s what he said.

Which means that there can be no “expectation of privacy” in anything, ever, at any time.

Clearly, “expectation of privacy” is now a completely bankrupt notion.

HegemonicDistortionsays:

Re: Interesting

The Fourth Amendment literally says that the people shall “be secure in their persons, houses, papers…,” which, in the context of computer intrusion is even more clear than concepts of expectations of privacy.

The standard of an “expectation of privacy” is also problematic in modern times in that depends of what judges think people should know about the operation of technology.

That One Guysays:

Re: Re: Interesting

The standard of an “expectation of privacy” is also problematic in modern times in that depends of what judges think people should know about the operation of technology.

Oh but it gets worse, because the using the ‘expectation of privacy’ as a justification means what can be ‘expected’ to be private is a category that will always shrink.

Before the general public knew that government agencies scooped up everything they could get their hands on the ‘expectation of privacy’ might have been higher(though trumped of course by National Security: Be Afraid), but once people learned about it now the ‘expectation of privacy’ is drastically lesser, because look, everyone knows that the government can and will scoop up everything they can get their hands on, therefore there’s no ‘expectation’ of any privacy to violate, it’s already gone.

“It was wrong but still justified before you learned they were doing X, and now that it’s general knowledge that they are doing X there’s no ‘reasonable’ expectation that they won’t be doing X, because everyone knows that they’re doing X, and hence no violation of the law.”

Anonymous Cowardsays:

I don't see what the problem with what the FBI did

From what I can see there is no problem with what the FBI did.

The people that connected to the server did so of their own free will. Their home computers connected to the servers with illegal information on them and requested a download of the images on the server. The fact that it also downloaded the NIT is irrelevant. They deliberately connected to a server that was being used to break the law and requested the server to send them information.

Now, if the FBI was randomly scanning IP addresses and hacking into everyone’s home computers then there would be a problem. But in this case, this people being arrested initiated the communication to the server.

The windows blind analogy is incorrect. A better analogy would be if a person called someone else on a telephone asking for illegal pictures and the FBI agent was standing right next to the receiver listening in. Even if the caller tried to disguise their voice the FBI is still allowed to track them down.

Again,the people arrested initiated the contact with the server. There is no illegal search. If they didn’t want the NIT downloaded to their computer they shouldn’t have been accessing illegal stuff.

John Fendersonsays:

Re: I don't see what the problem with what the FBI did

“A better analogy would be if a person called someone else on a telephone asking for illegal pictures and the FBI agent was standing right next to the receiver listening in.”

A more accurate analogy would be to say that because someone was using a telephone to break the law, that means the cops should be allowed to plant surveillance equipment inside the person’s home without a warrant.

Peering in through broken window blinds == breaking them???

The judge says that actively hacking someone’s computer is the same as passively observing someone’s house through broken window blinds? — No, this hacking is actively BREAKING in, cutting a big ass hole in the window blinds, covering up your tracks, and then going outside to peer in through your breakage at the things you already know are in there, because you just broke the fuck in! — Are you kidding me!?

That One Guysays:

"If criminals without badges can do it so can the government."

?Indeed, the opposite holds true: in today’s digital world, it appears to be a virtual certainty that computers accessing the Internet can?and eventually will?be hacked,? he writes, and then points to a series of media reports on high profile hacks. He posits that users of Tor cannot expect to be safe from hackers.

Houses get broken into all the time, as such police can break in whenever they want without a warrant.

People are robbed all the time, clearly government agents should be allowed to rob anyone they want with no restraints.

People are assaulted all the time, obviously police and/or government agents should be allowed to beat whoever they want without punishment.

It’s really hard to Poe an argument that stupid, because with the kind of ‘logic’ employed by this judge all of the above makes perfect sense.

So, I take it then that the judge sees absolutely nothing wrong with anyone else hacking a computer or digital device/service? I mean it happens all the time, and if that’s all the justification you need to be in the clear then the frequency means it ceases to be a crime, right?

Oh, those rules only apply to those (theoretically) enforcing the laws? Of course, silly me to expect logical and legal consistency from a judge.

That One Guysays:

Re:

Only to have the judge involved perform feats of contortion that would make a circus performer proud by claiming that the two things are totally different and just because members of the public are free game for government agencies to hack because computers are hacked all the time, it doesn’t follow that government computers are free game as well, as government systems still enjoy protection against hacking attempts.

Davidsays:

Re: Legal "reasoning"

Well, it puts the police on equal footing with other crime syndicates. I’m not sure whether this should trigger antitrust regulations since the police is not really self-sustaining even considering civil asset forfeiture and other rackets but is still partly financed using taxpayer money. Arguably, its market participation in common criminal enterprises should be subject to particular scrutiny.

Personally, I don’t consider it an unsurmountable burden for them to inform local judges of any planned heists in advance so that they may not get caught on the wrong foot when having to rubberstamp any seizures of persons and properties.

Anonymoussays:

Re: Re: Legal "reasoning"

And this is what we as citizens want? Even as a joke?
For the police to be “on equal footing with other crime syndicates” in terms of law-breaking?

Like saying it’s OK for a priest to go get drunk and visit brothels to catch his flock in the act of sinning.

The purpose of “busts” is to nudge criminals to reveal themselves in the act. What if you happen to be inadvertently caught up in such a bust ? Will it make you feel better that a policeman shot at and shattered one of your bones rather than a thug?

Also, google “roadside cavity searches”. Cops have way too much power and too little responsibility. And they’re all afraid of Big Bad Black Men with Knives and UZIs.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it