Judge Rules Use of FBI Malware Is A ‘Search’

FBI blames North Korea for Sony hack

Civil liberties advocates say a Texas judge got it right when he ruled on a controversial child porn case regarding the FBI’s use of malware to search a computer.

Civil liberty advocates say a Texas judge got it right when he ruled on a controversial child porn case regarding the FBI’s use of malware to search a computer.

Senior U.S. District Judge David Alan Ezra of the San Antonio division of the Western District of Texas court ruled that sending malware to someone’s computer to covertly retrieve information from it is considered a search under the Fourth Amendment.

Judge Ezra maintained that the FBI needed a proper warrant when it hacked Jeffrey Torres’ computer and accused him of having child pornography on his computer. The Sept. 9 ruling is tied to the FBI’s massive Playpen child pornography investigation where the agency used a Network Investigative Technique, or NIT, to de-anonymize users visiting the site who were using the Tor browser.

“This judge definitely got it right,” said Mark Rumold senior staff attorney with the Electronic Frontier Foundation. “Regardless of the information the FBI got back – whether it was an IP address or piece of sensitive information – there is no question that this was a search.”

The Playpen case involves the use of malware to infect visitors to a child porn site that was taken over by the FBI. That malware downloaded by an undisclosed number of Playpen visitors then acted as a beacon to the FBI revealing the IP addresses of computers used to access the child porn website.

The use of the malware to search and detect a computer’s IP address is the central issue here. In past rulings relating to similar Playpen prosecutions, judges have ruled that the FBI did not need a search warrant to obtain an IP address. In those cases the EFF and the American Civil Liberties Union have called rulings “dangerously flawed decisions” that deprive criminal defendants from a “reasonable expectation of privacy” on their personal computer.

The EFF and other civil liberty advocates oppose the use of one search warrant to conduct massive searches against an undisclosed number of people who visited the Playpen website.

“It’s our view the single warrant the government obtained was unconstitutional,” Rumold said. “The Fourth Amendment was designed to authorize limited searches and seizures of particular places and particular people. What the government did here is they got a single warrant and used it to conduct searches on hundreds or thousands of people in different jurisdiction across the US and overseas. That is about as far from a particularly focused warrant as you can possibly get.”

Typically, a judge’s authority to authorize search warrants is limited by their jurisdiction. However in May, the Supreme Court moved to expand the FBI’s jurisdictional reach and hacking authority with a proposed change to Criminal Rule 41. Rule 41 stipulates the way that warrants for searches and seizures are issued by judges. The proposed change to Rule 41 would make it easier for the FBI to access computers remotely when their locations are unknown. Another aspect of Supreme Court’s proposed change to Rule 41 would allow judges to issue a single search warrant across state lines to penetrate computers outside their jurisdiction. Congress has until Dec. 1 to either block or pass the proposed changes.

Ultimately Judge Ezra denied the defendant’s motion to suppress evidence obtained by the NIT despite no specific warrant was issued to search Torres’ computer. The judge ruled it can’t be proven that the FBI “willfully” violated Rule 41.

The case involving Torres is the latest in dozens of rulings tied to the FBI’s Playpen investigation. Earlier this year a judge tossed evidence gathered via the FBI NIT technique based on a lack of transparency by the government over how NIT worked. In another case, a Virginia judge ruled that the FBI did not need a warrant (PDF) to hack into a suspects PC and that the target of the investigation had “no reasonable expectation of privacy in his computer.”

“What we are watching now is the courts struggling with what rules should apply to this case and how to describe this type of investigation and technology,” Rumold said. “I can’t think of a similar series of cases that have all the hit the federal courts at the same time. We are talking about hundreds of cases being prosecuted across the country all involving what for many judges must be pretty foreign technology.”

Suggested articles