DOJ In Silk Road Case: The FBI Doesn't Need Warrants To Hack Foreign Servers

from the prosecuting-domestically-but-kicking-down-doors-all-over-the-world dept

The government has filed another document in response to discovery requests in the Ross Ulbricht/Silk Road case. Again, it argues that there’s no Fourth Amendment concerns here, so Ulbricht’s legal team isn’t entitled to receive any more information about how the FBI accessed the servers central to the government’s case.

Assistant US Attorney Serrin Turner, speaking for the DOJ, basically states that intelligence agencies can hack into foreign servers without obtaining a warrant. If Ulbricht can’t successfully argue that his rights were violated, then he can’t argue for the suppression of evidence, no matter how it was actually obtained.

The government’s arguments [pdf link] put Ulbricht in an uncomfortable position — explain why he has an interest in these servers or stop challenging the government’s submitted evidence.

[T]he burden is on Ulbricht to allege facts that, if proven, would establish a violation of his Fourth Amendment rights. The Horowitz Declaration manifestly fails to satisfy that burden. As a threshold matter, the declaration does not establish that Ulbricht had a reasonable expectation of privacy in the SR Server, as required for him to have standing to move for its suppression in the first place. Indeed, a declaration from a member of Ulbricht’s legal team such as Mr. Horowitz would be insufficient for this purpose anyway. To establish standing, a defendant must submit an “‘affidavit from someone with personal knowledge demonstrating sufficient facts to show that he had a legally cognizable privacy interest in the searched premises at the time of the search…’”

Ulbricht’s counsel would not have any personal knowledge of Ulbricht’s privacy interest in the SR Server; presumably, only Ulbricht would. Ulbricht’s assertion that he is not required to submit such an affidavit and that the issue of standing “must . . . be resolved through an evidentiary hearing,” (Reply Br. 18), is flatly wrong. Again, to merit a hearing, a defendant must first allege facts that, if proven at a hearing, would establish a violation of his personal Fourth Amendment rights – including facts sufficient to show the defendant had a protected privacy interest in the property searched. Without competently asserting such an interest, a defendant has no standing to bring a suppression motion at all, let alone demand a hearing on the motion.

Basically: admit the servers are yours and we can start discussing your Fourth Amendment rights. This is the DOJ asking Ulbricht to do its work for it. These servers are only allegedly Ulbricht’s at this point.

Then the DOJ’s lawyer moves on to say, “Actually, we don’t really care what you do or don’t assert. You have no Fourth Amendment rights to anything kept in that location.”

Even if Ulbricht were to demonstrate that he has standing, which he plainly has failed to do, the Horowitz Declaration still would not warrant a hearing because it fails to allege facts that, if proven, would establish a violation of Ulbricht’s Fourth Amendment rights. The Horowitz Declaration nowhere alleges that the SR Server was either located or searched in a manner that violated the Fourth Amendment. It merely critiques certain aspects of the Tarbell Declaration concerning how the SR Server was located. The Horowitz Declaration fails to allege any alternative explanation of how the SR Server was located that, if proven, would establish that Ulbricht’s Fourth Amendment rights were somehow violated.

Turner dismisses claims that the NSA was involved or that illegal wiretaps were used, simply stating that the government would have turned over the applicable evidence if these accusations were true. (Which is highly doubtful — especially in the NSA’s case — but theoretically true.) But then he goes on to say that even if hacking were involved, it simply doesn’t matter.

In any event, even if the FBI had somehow “hacked” into the SR Server in order to identify its IP address, such an investigative measure would not have run afoul of the Fourth Amendment. Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise.

There’s the message the DOJ is sending, at least in this case: if anything of yours resides in a foreign country, all protections are waived. All the government needs is to prove is that its search was “reasonable” and prompted by “legitimate governmental interests” — not exactly the high bar the DOJ presents it as. Nothing is off-limits anywhere outside of this country. If the NSA hasn’t already hoovered it up, the FBI’s coming through the back door — not exactly heartening news for citizens whose everyday lives heavily with extraterritorial entities like Internet services and cloud storage.

Filed Under: , , , , , , ,
Companies: silk road

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ In Silk Road Case: The FBI Doesn't Need Warrants To Hack Foreign Servers”

Subscribe: RSS Leave a comment
58 Comments
Ninja (profile) says:

The arrogance, sense of entitlement law enforcement is displaying is astonishing. Even if the guy has issues and everything about him is true he still has the right to know what he’s dealing with. How can he acknowledge the seized servers are his if he can’t see what was seized? I would never admit something is mine merely because somebody described. I have to see the thing, see what’s inside to know if it is mine. What if he admits the server is his but it’s from some random child porn ring instead of Silk Road (considering everything else about the case is right)? If he admits to being the owner he’ll have unjust child porn charges piled up against him.

Also it’s yet another powerful message to the rest of the world: we couldn’t care less about jurisdiction, you are all our back yard and we can do whatever we want.

Anonymous Coward says:

If the DOJ is alleging that they are not subject to US law because the servers are outside the US then they are also asserting that they are a foreign criminal gang to invading servers in a foreign and are subject to the laws of the country the servers are located in.

IF you fail to understand the above then you also fail to understand the American Deceleration of Independence from Great Britain.

If the citizens of the United States are not subject to British law while in the US then British subjects are not subject to US law in the UK. Anything else in colonialism and totalitarianism.

Broken Pencil says:

Re: Re:

We are catching up to what the world was telling us in the 1980s and 1990s when citizens of many countries demonstrated demanding “US go home!” We now are experiencing what they experienced at the hands of US services back then. Only difference is, they had option of demanding us to go home, but we do not know where to tell the agents of those agencies to go. They are already here.

Anonymous Coward says:

Re: Re:

What gets me is that they are blatantly admitting to violating Icelandic laws and probably violating international treaties. Anyone with common sense in Iceland right now should be outraged, and if I ran that hosting company I would be talking to the EFF and other legal teams about putting an end to their practices. Why is it so hard for LEC to forward off requests to international LECs and accomplish this legally is way beyond my comprehension. Wasn’t Interpol created for this purpose?

Anonymous Coward says:

Rights end at the border?

Last time I read the bill of rights it did not mentioned anything about the rights ending at the border.

I do understand and somewhat agree with the border crossing exception. Ensuring illegal things are not crossing the border makes the search there reasonable which is a valid exception.

But the rights are for the citizens of the USA, NOT the citizens only WITHIN the USA border.

My government is prohibited from unreasonably searching me or my private possessions, end of discussion. Does not matter if I am on the moon or within the border since the supreme law of the land never makes such distinction.

hydroxide (profile) says:

Re: Rights end at the border?

It is correct that your rights end at the border in principle, because the constitution which guarantees it fails to apply outside that border. There’s an exception to this, though – namely your government. As your government gets its power through the constitution, it is always bound by the limitations put on it by the constitution.

So you have no rights under the US Constitution when in Germany vis-a-vis, for example, German authorities. But you still have your rights vis-a-vis the US government.

Citizenship has nothing to do with it. Citizenship is only relevant for those rights being explicitly limited to citizens (voting, being elected etc.)

Anonymous Coward says:

the DoJ may think they dont need a warrant to hack other countries servers, but what about the actual other countries themselves? i dont think they are gonna be particularly keen on it. then add in what would happen if other countries hacked into USA servers. the shit would fly then! this attitude of the USA in general and security forces and government in particular that they can do whatever they want, wherever they want, but the rest of the world can only do what the USA says needs to stop and damn quick too!

David says:

Re: Re:

This is not about credibility but about due process.

Remember Ellsberg? The case against him was thrown out of court not because there was an inkling of a doubt he did what he was accused of but because the DOJ and State departments overstepped their line in building their case to a degree rendering a fair trial impossible.

In order to keep governmental and/or prosecutional abuse in check, the rule is clear: it is either a fair trial or none at all.

Ross’ lawyer is trying to show that it certainly isn’t a fair trial. And the DOJ’s answer basically is “fuck you, loser”.

That can backfire depending on how many illusions the judge entertains regarding the values the U.S. court system is supposed to be based on.

Anon says:

I Don't Understand...

So if I’m arrested and part of the evidence was obtained by an illegal search of my buddy Fred’s house, I would have no standing to challenge the validity of that search? Or if they illegally boarded and searched my buddy Manuelo’s yacht in international waters, well, piracy in furtherance of the US government is legal?

AJ says:

Re: Re:

“…and when the Chinese hack into the US infrastructure, it should really just be a non-issue.”

It doesn’t work like that. WE can hack into foreign servers, and WE will justify it however we like. WE will also intercept data and store data from users around the world, including foreign governments and their politicians.

If THEY hack into our servers, or otherwise intercept our governments data,it’s an act of war.

AJ says:

Re: Re: Re: Re:

Agreed. The sad part is when you try to spell it out, using obvious language that clearly represents what is actually happening before the fact, they will point and spit and do whatever they have to do to convince themselves that you are wrong…. until THEY are the ones that drift into the cross hairs of the very policy they’ve created, they will never see it. Even then, when THEY are on the receiving end of these policies, they will point and shout and blame everyone but themselves, and do so even as you point out it was they who did this…. the hypocrisy knows no limits.

Roger Strong (profile) says:

As always, turnabout is fair play.

By declaring its right to hack into foreign servers, the DOJ gives tacit approval to police in other countries to hack into US servers.

Just like – with more than 100 CIA “extraordinary renditions” from EU soil alone in the first couple years after 9/11 – the US has given tacit approval for its allies to kidnap and extract suspects from the US. Including US citizens. The extradition process is so last century.

Anonymous Coward says:

Here’s what I don’t understand:
Shouldn’t the defense be privy to the provenance of evidence for the sake of building a defense or calling said evidence into question at trial regardless of whether there is an actual 4th amendment question at all and regardless of whether said servers can be accessed without warrant or not?

If counsel can’t actually determine where the evidence came from, how it was obtained, and what investigatory chain led to its capture and chain of custody, how is it possible to actually mount a defense? Particularly if the prosecution claims don’t actually match what pieces of it have been made available?

Anonymous Coward says:

Even servers in the US,the FBI could break into without a warrant, and never be detected by server admins. The MySQL database backend of websites has a flaw. MySQL does not keep any logs. So the Feds could break into the MySQL backend of any website, and get the data they wanted, and the server admins would NEVER KNOW the Feds were there.

Since MySQL has to be exposed to network for web applications to use it, it is vulernable to being hacked, and since the MySQL software, itself, does not keep logs, anyone who breaks into the MySQL will never be detected for years, if at all.

Zonker says:

The Fourth Amendment, as made clear in the Preamble to the Bill of Rights, is an explicit restriction of the powers of the US government. Period. The US government only has those powers specifically granted to it by the Constitution itself subject to the explicit restrictions under the Bill of Rights.

Federal jurisdiction may end at the US border, but the powers and restrictions under our Constitution apply to the government itself no matter where it is located. Thus it does not matter if a search or seizure is conducted in a foreign land legally under that lands laws, the restrictions on the powers of the US government still apply. Iceland may search or seize servers however their laws permit, but the US government cannot use anything obtained as evidence that would violate the limitations imposed by the Fourth Amendment, e.g. obtained without a warrant or probable cause.

If the Bill of Rights does not apply to the government in this case, then neither do the powers granted to it under the Constitution.

Christenson (user link) says:

No Standing rule -- Catch 22 -- ruling against standing to challenge

Dear Judge Forrest:
Your ruling shocks the conscience and is manifestly unjust. It appears that the prosecutor has obtained evidence in a case illegally, and is using it to accuse Mr Ulbricht. Yet, he must claim an “ownership interest” in it to challenge the legality of the evidence?

Why doesn’t the very fact that the evidence is being used against him give him standing to challenge its provenance? This looks like bad law from the drug wars, and I hope John Oliver will make it look silly in front of the whole nation.

Harry Has a Hangnail (user link) says:

The Catch 22 about the Catch 22

What I don’t understand is this: if the feds illegally hacked the servers, but require Ross to CLAIM the server was his in order for his rights to be exercised, THEN if eventually Ross were to be found guilty, wouldn’t that then confirm that his rights were then violated? The very act of trying to prove that an American “owned” the account should force the discussion of constitutional rights.

I’m sure the legal team has thought of this, but I would think there would be a legal maneuver to file early on that would establish that he doesn’t need to claim ownership as long as the government is trying to prove the server WAS his, then they need to address his rights as owner since they are trying to establish him as the owner.

Ziga says:

DOJ never condoned hacking

I think everyone’s missing the point, read the DOJ’s statement again. The DOJ never said “the FBI rightfully hacked into a foreign server, and they should keep doing that”.

After evaluating different potential scenarios, he merely pointed out that even if they really had hacked, the Fourth Amendment would not apply in this case.

Obviously it would be breaking international law, the FBI itself was very careful not to admit hacking: https://www.nikcub.com/posts/analyzing-fbi-explanation-silk-road/

hydroxide (profile) says:

Re: DOJ never condoned hacking

“After evaluating different potential scenarios, he merely pointed out that even if they really had hacked, the Fourth Amendment would not apply in this case.”

That’s not how constitutional law works. The president cannot legally simply start a war with, say, Iran, using troops stationed outside US territory arguing that since they are outside US territory, the constitutional provisions that make it the prerogative of Congress to declare war do not apply.

A Constitution binds ALL government action.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »