Judge Says FBI Can Hack Computers Without A Warrant Because Computer Users Get Hacked All The Time
from the broken-blinds-policing dept
The FBI’s use of a Network Investigative Technique (NIT) to obtain info from the computers of visitors to a seized child porn site has run into all sorts of problems. The biggest problem in most of the cases is that the use of a single warrant issued in Virginia to perform searches of computers all over the nation violated the jurisdictional limits set down by Rule 41(b). Not coincidentally, the FBI is hoping the changes to Rule 41 the DOJ submitted last year will be codified by the end of 2016, in large part because it removes the stipulation that limits searches to the area overseen by the magistrate judge signing the warrant.
For defendant Edward Matish, the limits of Rule 41 don’t apply. He resides in the jurisdiction where the warrant was signed. He had challenged the veracity of the data obtained by the NIT, pushing the theory that the FBI’s unexamined NIT was insecure (data obtained from targets was sent back to the FBI in unencrypted form) and info could have been altered in transit.
It’s not much of a legal theory as any person performing these alterations would have had to know someone was performing long-distance acquisitions of identifying computer information and the IP addresses normally hidden by the use of Tor.
But that questionable legal theory is nothing compared to those handed down in Judge Henry Coke Morgan Jr.’s denial [pdf] of several motions by Matish. As the judge sees it, the FBI really didn’t even need a warrant. Morgan Jr. says there’s no expectation of privacy in an IP address, even if Tor is used to obscure it, which follows other judges’ conclusions on the same matter. However, Morgan Jr. goes much further.
Morgan Jr. hints at the Third Party Doctrine but refuses to consider the fact that this information was not obtained from third parties, but rather directly from the user’s computer via the FBI’s hacking tool.
The Court recognizes that the NIT used in this case poses questions unique from the conduct at issue in Farrell. In Farrell, the Government never accessed the suspect’s computer in order to discover his IP address, whereas here, the Government deployed a set of computer code to Defendant’s computer, which in turn instructed Defendant’s computer to reveal certain identifying information. The Court, however, disagrees with the magistrate judge in Arterburv. who focused on this distinction, see No. 15-cr-182, ECF No. 42. As the Court understands it, Defendant’s IP address was not located on his computer; indeed, it appears that computers can have various IP addresses depending on the networks to which they connect. Rather, Defendant’s IP address was revealed in transit when the NIT instructed his computer to send other information to the FBI. The fact that the Government needed to deploy the NIT to a computer does not change the fact that Defendant has no reasonable expectation of privacy in his IP address.
This reading of the Third Party Doctrine closely aligns with how the DOJ prefers it to be read. If someone knowingly or unknowingly turns over identifying info to a third party, it now belongs to the government — even if the government obtains it directly through a search/seizure, rather than approaching third parties.
But more disturbing than this is Judge Morgan Jr.’s declaration that no expectation of security is the same thing as no expectation of privacy — first highlighted by Joseph Cox of Motherboard.
“It seems unreasonable to think that a computer connected to the Web is immune from invasion,” Morgan, Jr. adds. “Indeed, the opposite holds true: in today’s digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked,” he writes, and then points to a series of media reports on high profile hacks. He posits that users of Tor cannot expect to be safe from hackers.
If hackers can break into computers and extract information, then law enforcement can do the same thing without fear of reprisal or suppression of evidence. Morgan Jr. equates it to “broken blinds” on a house window, where previous rulings have said it’s perfectly fine for passing police officers to peer into windows that don’t completely obscure the house’s interior.
[I]n Minnesota v. Carter, the Supreme Court considered whether a police officer who peered through a gap in a home’s closed blinds conducted a search in violation of the Fourth Amendment. 525 U.S. 83, 85 (1998). Although the Court did not reach this question, id at 91, Justice Breyer in concurrence determined that the officer’s observation did not violate the respondents’ Fourth Amendment rights. Id at 103 (Breyer, J., concurring). Justice Breyer noted that the “precautions that the apartment’s dwellers took to maintain their privacy would have failed in respect to an ordinary passerby standing” where the police officer stood.
But that flies directly in the face of his previous determination that there’s no expectation of privacy in IP addresses, even if a person takes steps to obscure that identifying info. Tor may be imperfect and can be compromised, but applying Morgan Jr.’s analogy to this situation means it’s OK for the FBI to not only peer into the interior of a house, but to break the blinds in order to look inside.
The world Judge Morgan Jr. prefers is clear: that law enforcement should not be bound by the constraints of legal activity and, in fact, should be allowed to deploy hacking tools simply because computers get hacked every day. It’s a judicial shrug that says the good guys should be able to do everything criminals do because the ends justify the means. Morgan Jr. explicitly states that “the balance weighs heavily in favor of surveillance” in cases like these (child pornography prosecutions) because of the criminal activity involved.
The ends will justify the means in cases like these, if Morgan Jr. is overseeing them. Even if you are sympathetic to the judge’s belief that certain crimes call for more drastic law enforcement responses, the fact is that if given this judicial pass, law enforcement will not confine its use of jurisdiction-less warrants and invasive tech tools to only the worst of the worst. We need look no further than the deployment of a Stingray device to track down someone who stole $57 worth of fast food to see how this will play out in real life. The decision — if it stands — opens citizens up to a host of invasive, warrantless searches, just because security breaches are common and the pursuit of criminal suspects is more important than protecting citizens from government overreach.
Filed Under: 4th amendment, fbi, hacking, nit, privacy, rights
Comments on “Judge Says FBI Can Hack Computers Without A Warrant Because Computer Users Get Hacked All The Time”
“Judge Says FBI Can Hack Computers Without A Warrant Because Computer Users Get Hacked All The Time”
Judge says that I can shoot anyone I want because people get shot all the time.
Re: Re:
Judge says ripping off the government is ok because the government gets ripped off all the time.
Re: Re:
Only if you’re a cop.
Re: Re:
No, judge says police can shoot anyone they want to because people get shot all the time…
sound about right!
Re: Re: Re:
If you’re walking down the street in the middle of the night in a dark alley you’re bound to get shot anyways. So if a cop randomly shoots you for no reason then it’s OK because you were just asking for it … after all it happens all the time!
Re: Re: Re: Re:
(you were just asking to get robbed. You should know better).
Re:
No, actually by this logic it would be “cops in Chicago can shoot people because people in Chicago shoot people all the time.”
Re: Re: Re:
I guess the point I was making is that ‘people do it all the time’ doesn’t excuse my behavior so why should it excuse the behavior of a cop or the FBI or other law enforcement. Why do they have a different set of laws than the rest of us?
Re: Re: Re: Re:
Imagine if I told a judge, ‘yes, I was speeding, but everyone speeds all the time, so it’s OK’ or ‘yes, I infringed on IP but everyone always infringes on IP so that makes it OK’ how far that would get me? It wouldn’t get me far at all. So why should that excuse allow law enforcement to get away with something?
It’s the double standard that I was pointing out and everyone seemed to miss the point.
Re: Re: Re: Re:
It’s obvious isn’t it, those tasked with enforcing and/or upholding the laws don’t actually have to follow the laws as that would get in the way of catching all those heinous criminals, those dastardly evil-doers who ignore and/or violate the laws for their own gain and/or personal benefit.
Put simpler and slightly more serious, it’s because we have a two-tier legal(not justice) system, and those in the higher tier don’t have to follow the laws that those of us peons in the lower tier do.
The NIT has modified his computer, by installing software, even if temporary, and therefore proves that he does not have control over what is found on his computer.
In other words:
“The Fourth Amendment is void.”
It would not be necessary to stipulate the Fourth Amendment if there weren’t tools and ways for invading privacy, and since there are tools and ways for invading privacy, there is no privacy and there is nothing for the Fourth Amendment to protect.
Now this kind of “the Constitution does not know what it is talking about” verdict will not likely survive competent review, but competent review in the U.S. is hard to come by and expensive.
Re: In other words:
Void.
is it any wonder there’s no trust in the judicial system or those who preside on cases? what the fuck is wrong with these judges? they are supposed to uphold the law, not help the Police and Prosecutors twist it to suit the cases!! if the guy is guilty, have the proper evidence that proves guilt, not do whatever possible to take away any and every chance he might have of proving innocence, just because it doesn’t sit into the statistics of the prosecutor!!
I wonder if the “broken blinds” theory works with police stations, government buildings, judge’s houses, district attorney’s offices..etc… If they leave the blinds broken, why can’t I look inside from the road just like everyone else??
Re: Re:
Uh, that’s not actually the judge’s argument. The argument is more like “because the blinds can be broken, it is ok if Police break them”. No requirement to actually have someone else break the blinds first. The possibility is enough.
So the police can break into a house without a warrant?
Houses are broken into all the time. Using this judge’s logic, it should be acceptable for the Police to break into a house without a warrant.
The judge is also wrong on the facts. It’s not inevitable that a computer will be hacked.
Re: Re:
So the FBI is free to break into any home without a warrant because hey, criminals do it too!
Re: Re: Re:
You don’t want the criminals to have the drop on the FBI, do you?
If crimes are outlawed, only criminals will be able to commit crimes.
Re: Re: Re:
The FBI is allowed and justified to do pretty much anything criminals do too in order to catch them. There are (were) certain checks and balances to this but they are slowly becoming irrelevant.
PSA: Hey are you sick of SWAT teams breaking your door unannounced at 4AM? Than this is for you! Call 511-NO-PRIVACY and we’ll install a Telescreen in your home free of charge.
This we’re sure you’re an upstanding and productive citizen without having to check up on you from time to time. Because we’ll do it ALL THE TIME.
Re: Re: Re: Re:
You have been watching too many Hollywood flicks. The FBI is not allowed to break the law. Some laws may have explicit exceptions for law enforcement written into them. And sometimes the FBI can get permission to act in violation of laws. Such permissions are granted by judges on request, and the name for such a request/permission is “warrant”.
In the case we are discussing, the FBI expected to be allowed to violate laws without permission, considering themselves not constrained by either law or judge, and use the results of such violation for the sake of making the job they are paid to do easier.
But this is not the Wild West and the FBI is not in the position to create their own laws for convenience and put them into effect.
Re: Re: Re:2 Re:
Well I did mention that “There are (were) certain checks and balances to this but they are slowly becoming irrelevant.” in the same paragraph.
This has nothing to do with Hollywood flicks. More and more FBI busts look like they’re toe tipping the line ever so slightly towards illegal and entrapment.
These guys they arrested are scum no doubt. But going over the law and not getting the warrants means criminals could (and some will) walk free because the evidence might be compromised.
This is even worse than “parallel reconstruction” where they could at least potentially get some useful evidence.
Sure this judge was sympathetic, but all the evidence could be thrown out because all of it was gotten through hacking.
Re: Re: Re:3 Re:
You still swallowed the Hollywood Koolaid. The problem with the FBI breaking the law is not that “the bad guys get away”. The problem is that we are not in Hollywood where good guys and bad guys are distinguished by sneering and kicking puppies, but where people get arrested and prosecuted not because of being bad persons but because of breaking the law.
Once the FBI goes around breaking the law without bothering to follow the procedures availing it of judicially controlled exceptions, the whole idea of a legal system falls apart.
Hey,
Henry Coke Morgan Jr.,
you are a complete moron.
sincerley,
concerned citizen
Re: Re:
He is a “Senior Judge,” which means he is retired and working part-time.
I looked him up and the guy is 81 years old. No wonder half of the justification reads “because that nice FBI Special Agent said so.”
it's okay for me, but not okay for you.
it’s perfectly fine for passing police officers to peer into windows that don’t completely obscure the house’s interior.
Ah no, that is called a Peeping Tom and I’m sure it is highly frowned upon.
I don’t expect this ruling to withstand a court challenge. It’s like saying the civil rights of black people aren’t violated because police officers are suspicious of them due to the fact that the majority of crimes are committed by black people.
This decision about FBI hacking you is a ridiculous ruling and I don’t believe the federal appellate courts will allow that decision to stand.
Re: Drive-by Racism
“due to the fact that the majority of crimes are committed by black people.”
That is not a “fact” unless you love Stormfront and Fox News. Many crimes committed by whites are not prosecuted so the crime is never a conviction.
A thinking person would realize that law enforcement targeted (poor white and non-white) and visually identifiable communities will produce more arrests & convictions (valid or not) with arrest quotas and as this article demonstrates, a convictions justify illegal means judicial system.
It's more than looking through a window
Cop comes to the door. Let’s say that it is the type of door with a window. The shades are open, so the cop looks through the window and sees nothing.
The cop the proceeds to break the window, unlock the door from the inside, walk into the house and do whatever he wants. He could destroy the house. Take the person’s personal information. And for some weird reason leaves pornography pinned to all the walls.
He is justified in doing this because anyone could of broken into the house just as easily.
So if the “bad guys” can do something, then so can the government without any oversight?
Nice logic there, judge. If the US would’ve used this sort of logic from its inception, it would probably look a lot more like North Korea today.
Re: Re:
We are getting there slowly. But this is a democracy, so instead of getting just one pompous dictator, you get to choose whether you would rather have a bit more pomposity or a bit more dictatorship. The color choice is a bit more subtle this time: rather than black and white, we get redder and whiter shades of pink. But then you get gender choice this time. Chirality is not overly diverse: either far right or fallen off the cliff.
David, that’s exactly the judge’s argument. It’s a preposterous decision that will not stand up in federal court.
No. Just ... No
Possession of child porn is a felony. By retaining and operating a server on which child porn was found was committing a felony.
Distribution of child porn is a felony. By operating a server from which child porn could be retrieved, the government was committing a felony.
Accessing and retrieving information from remote computer systems without authority is a felony. By accessing a remote computer; installing software on it; and using that software to retrieve information without authority to do so, the government was committing a felony.
Accessing a remote computer, whether with or without authority, under the guise of another person or party, is a felony. By using a non-government web site to deliver mal-ware, the government committed a felony.
Forcing a person to commit a crime, or produce evidence that he or she did so is entrapment. By unilaterally retrieving evidence that a person visited a particular (illegal) web site using surreptitious, illegal means, the government was committing entrapment.
The governments actions throughout this entire sorry debacle were utterly indefensible.
And now some judge wants to give the FBI a free pass by saying, ‘hey it happens all the time, no big deal’?
I don’t think so.
Re: No. Just ... No
Except when the answer is “Yes”.
18 U.S. Code § 2258C(e) is (one of the places) where you find the typical Law Enforcement Exclusion:
Law enforcement is pretty much always excluded from these types of laws.
Re: No. Just ... No
Except, if you read the actual laws around it (you don’t cite one, so I can’t point it out specifically), but lets look at – for example, the CFAA –
more officially known as “18 U.S. Code § 1030 – Fraud and related activity in connection with computers”
18 U.S. Code § 1030(f), reads:
So is this judge claiming that we’re no longer responsible for what’s on our systems since they get hacked all the time ? I would think a defense attorney would love to use that in court
Both ways
So, the possibility of an insecurity that the government can exploit means that a suspected individual has no defense, since they left themselves open – but an insecure chain of evidence doesn’t mean the government’s effort isn’t suspect since the expectation is that their insecurities wouldn’t have been exploited? There’s some cognitive dissonance in that.
Sure some crimes are so heinous that they require more aggressive investigation, but aggressive used to mean greater manpower and resources, not breaking the rules.
Re: Both ways
“Yeah but the computer wasn’t actually hacked, it just had the possibility. We know this because our hacking tool verified that the computer hadn’t been hacked after it hacked it.”
Hacked all the time...
Can we then assert that since computers are “hacked all the time” that a computer was already hacked at that time and being used covertly for such activities as this man was accused of? If it’s a blanket sweep of every violation then it stands to reason that if JUST ONE person was already hacked and being used this way they AT LEAST ONE person would be pegged unjustly for a crime they didn’t commit.
It's OK because it's a common crime?
So the judge is recognizing the FBI as being a bunch of common criminals and condoning it?
Quid Pro Quo?
If the FBI can hack our computers without a warrant, can we hack theirs without one?
Re: Quid Pro Quo?
Hey can you prove out that theory for the rest of us?
🙂
REALLY>>>
Computer users get HACKED?? ALL THE TIME??
The only way I and OTHERS would be HACKED..
Is IF”
Windows is Monitoring us..
Adobe inserted Data probing, to monitor any movie/music we play..
FLASH is monitoring us..
Windows MEDIA is monitoring us..
oh!! WOW,, they are..
And unless you TURN these feature off…THEY WILL..
UNLESS you change to ANOTHER OS…THEY WILL..
AND IM NOT TALKING ABOUT BOT/MALWARE/VIRUS/…
GO out and find the programs to TURN THIS OFF..
Interesting
So the judge really believes that there is no “expectation of privacy” in cases where your security isn’t perfect? Because that’s what he said.
Which means that there can be no “expectation of privacy” in anything, ever, at any time.
Clearly, “expectation of privacy” is now a completely bankrupt notion.
Re: Interesting
Which means that there can be no “expectation of privacy” in anything, ever, at any time.
Yeah, ain’t it beautiful?
Re: Interesting
The Fourth Amendment literally says that the people shall “be secure in their persons, houses, papers…,” which, in the context of computer intrusion is even more clear than concepts of expectations of privacy.
The standard of an “expectation of privacy” is also problematic in modern times in that depends of what judges think people should know about the operation of technology.
Re: Re: Interesting
The standard of an “expectation of privacy” is also problematic in modern times in that depends of what judges think people should know about the operation of technology.
Oh but it gets worse, because the using the ‘expectation of privacy’ as a justification means what can be ‘expected’ to be private is a category that will always shrink.
Before the general public knew that government agencies scooped up everything they could get their hands on the ‘expectation of privacy’ might have been higher(though trumped of course by National Security: Be Afraid), but once people learned about it now the ‘expectation of privacy’ is drastically lesser, because look, everyone knows that the government can and will scoop up everything they can get their hands on, therefore there’s no ‘expectation’ of any privacy to violate, it’s already gone.
“It was wrong but still justified before you learned they were doing X, and now that it’s general knowledge that they are doing X there’s no ‘reasonable’ expectation that they won’t be doing X, because everyone knows that they’re doing X, and hence no violation of the law.”
Re: Re: Interesting
It all depends upon what the word “secure” means. And there are no papers persons or houses in a computer – so golly goopers does it even mean anything at all?
I don't see what the problem with what the FBI did
From what I can see there is no problem with what the FBI did.
The people that connected to the server did so of their own free will. Their home computers connected to the servers with illegal information on them and requested a download of the images on the server. The fact that it also downloaded the NIT is irrelevant. They deliberately connected to a server that was being used to break the law and requested the server to send them information.
Now, if the FBI was randomly scanning IP addresses and hacking into everyone’s home computers then there would be a problem. But in this case, this people being arrested initiated the communication to the server.
The windows blind analogy is incorrect. A better analogy would be if a person called someone else on a telephone asking for illegal pictures and the FBI agent was standing right next to the receiver listening in. Even if the caller tried to disguise their voice the FBI is still allowed to track them down.
Again,the people arrested initiated the contact with the server. There is no illegal search. If they didn’t want the NIT downloaded to their computer they shouldn’t have been accessing illegal stuff.
Re: I don't see what the problem with what the FBI did
Hey Mr. Comey, how’s it going today?
Re: I don't see what the problem with what the FBI did
“A better analogy would be if a person called someone else on a telephone asking for illegal pictures and the FBI agent was standing right next to the receiver listening in.”
A more accurate analogy would be to say that because someone was using a telephone to break the law, that means the cops should be allowed to plant surveillance equipment inside the person’s home without a warrant.
Peering in through broken window blinds == breaking them???
The judge says that actively hacking someone’s computer is the same as passively observing someone’s house through broken window blinds? — No, this hacking is actively BREAKING in, cutting a big ass hole in the window blinds, covering up your tracks, and then going outside to peer in through your breakage at the things you already know are in there, because you just broke the fuck in! — Are you kidding me!?
The judge is right because judges are wrong all the time.
So, if a criminal...
Well, people get robbed, and can’t expect to never be robbed… does that make it okay for the police to break into someone’s home without a warrant and go poking around?
Change a word...
Morgan, Jr. adds. “Indeed, the opposite holds true: in today’s world, it appears to be a virtual certainty that women can—and eventually will—be raped,” he writes, and then points to a series of media reports on high profile rapes. He posits that women cannot expect to be safe from rape.
This is akin to the police going after dark and stopping at every residence and business with a structure and using everything at their disposal to inventory and catalog the contents.
That is not legal.
"If criminals without badges can do it so can the government."
“Indeed, the opposite holds true: in today’s digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked,” he writes, and then points to a series of media reports on high profile hacks. He posits that users of Tor cannot expect to be safe from hackers.
Houses get broken into all the time, as such police can break in whenever they want without a warrant.
People are robbed all the time, clearly government agents should be allowed to rob anyone they want with no restraints.
People are assaulted all the time, obviously police and/or government agents should be allowed to beat whoever they want without punishment.
It’s really hard to Poe an argument that stupid, because with the kind of ‘logic’ employed by this judge all of the above makes perfect sense.
So, I take it then that the judge sees absolutely nothing wrong with anyone else hacking a computer or digital device/service? I mean it happens all the time, and if that’s all the justification you need to be in the clear then the frequency means it ceases to be a crime, right?
Oh, those rules only apply to those (theoretically) enforcing the laws? Of course, silly me to expect logical and legal consistency from a judge.
So, the FBI can shoot civilians, cause the police shoot civilians all the time!
Its gonna be really funny when the Feds bust some skiddie for ‘hacking’ them, and he points to this ruling to gut the CFAA charges.
Re: Re:
Only to have the judge involved perform feats of contortion that would make a circus performer proud by claiming that the two things are totally different and just because members of the public are free game for government agencies to hack because computers are hacked all the time, it doesn’t follow that government computers are free game as well, as government systems still enjoy protection against hacking attempts.
Re: Re:
It’d be nice if the same laws applied to everyone.
Re: Re: Re:
Communist.
Legal "reasoning"
So by this “reasoning” in neighborhoods where break-ins are common, police don’t need a warrant to forcibly enter and search a home because homes there get broken into and riffled through all the time.
Re: Legal "reasoning"
Well, it puts the police on equal footing with other crime syndicates. I’m not sure whether this should trigger antitrust regulations since the police is not really self-sustaining even considering civil asset forfeiture and other rackets but is still partly financed using taxpayer money. Arguably, its market participation in common criminal enterprises should be subject to particular scrutiny.
Personally, I don’t consider it an unsurmountable burden for them to inform local judges of any planned heists in advance so that they may not get caught on the wrong foot when having to rubberstamp any seizures of persons and properties.
Re: Re: Legal "reasoning"
And this is what we as citizens want? Even as a joke?
For the police to be “on equal footing with other crime syndicates” in terms of law-breaking?
Like saying it’s OK for a priest to go get drunk and visit brothels to catch his flock in the act of sinning.
The purpose of “busts” is to nudge criminals to reveal themselves in the act. What if you happen to be inadvertently caught up in such a bust ? Will it make you feel better that a policeman shot at and shattered one of your bones rather than a thug?
Also, google “roadside cavity searches”. Cops have way too much power and too little responsibility. And they’re all afraid of Big Bad Black Men with Knives and UZIs.
Yet Another Kangaroo Court in the Banana Republic of America
Yes citizen your Rights are unalienable except of course when they are trampled beneath the specious expediency of Third
Part Doctrine as pronounced by Constitution shredding, black muumuu wearing court jesters who like to refer to themselves as judges.