Tag Archives: Fourth Amendment

FBI Doesn’t Need Warrant To Hack Your Computer, Court Says

Judge Henry Coke Morgan Jr of the District Court in the Eastern District of Virginia says that the FBI can hack your computer without a warrant.

Judge Morgan said that the defendant  “has no reasonable expectation of privacy in his computer”, in part because the FBI only collected limited information.

The defendant is involved in a child porn case, which does not make him a very likable defendant.

As part of the investigation, the FBI took over a site called Playpen. When they did that, they changed the site so that it downloaded malware onto the computers of any visitors so that they could get information from the user’s computer.

In this case, the FBI actually did get a warrant, but the judge said that they really didn’t need to, because users don’t have an expectation of privacy on the Internet.  According to the judge, the Fourth Amendment does not apply here.

The FBI doesn’t call it hacking, they call it a Network Investigation Technique or NIT and they could, according to this judge, do that you you or me, without a warrant, suspicion or probable cause and without any judicial oversight.

Of course, whether the malware the FBI placed on some computer did other things, such as break the computer or make it susceptible to hackers or capture more data than the FBI – apparently without a warrant – is entitled to, is less than clear.

Also remember that this malware that the FBI is deploying could be buggy.  How do you know if the data collected by the malware is even accurate or came from the computer that the FBI said that it did.  After all, the FBI is not disclosing this malware.  There is another motion in this case to disclose this malware, which the judge, apparently, has not ruled on yet.  But you would need more than the malware; you would need the entire chain of custody process from the user’s computer to the time it was used in court.  Otherwise, what we know is that some data was collected from some computer and stored and some data, possibly different, was presented in court.  Not very compelling.

It is likely that the judge had little understanding of what he was approving and after all, many people think that people who view child porn  should be locked up and the key thrown away, which is hard to argue with.  But the problem is that once the precedent is created, that logic can be used on any other case.  It is the proverbial slippery slope.

It is not clear whether this defendant has the money to appeal this decision is not clear.  Hopefully they will,

Information for this post came from Motherboard.

Court Rules Warrantless Border Search Unreasonable

Many of you are aware that the Customs and Border Patrol has ruled that there is a 200 mile zone inside the U.S. where they can search your belongings without a warrant and without probable cause.

The Constitution does give Customs a lot of latitude for searches at the border – much more power than say, the police or the FBI have normally, but at least one court is saying this power is not unlimited.

If you think about it, a large part of the U.S. population lives within 200 miles of the border – Most of California, except the eastern part of the state, southern Texas, New York City, Boston, Washington, DC and a lot of other cities.  Customs has interpreted their powers to say that they can come up to you and search you and any containers you have with you without cause.  For the most part, the courts have upheld that power.  The government has said that your laptop or phone is a container that they can search under this doctrine.

In this case, the government had been trying to build a case that Jae Shik Kim was conspiring to sell aircraft technology illegally to Iran. I don’t know if he was or was not.  So, when Jae showed up at LAX to fly home to South Korea, the government decided that this was reason enough to seize his laptop and other computer equipment and fly it to a lab 150 miles away to examine it.  CBP likens this to opening your suitcase and looking for drugs.

A U.S. District court judge has ruled that this is unreasonable (see ruling) and violated his privacy.  This is just a district court so the government may appeal, but at least some judges are beginning to say that Custom’s powers are not limitless.

This has happened to a number a people,  Recently, Chris Roberts was picked up by the FBI for a tweet he made while on a United flight.  Chris is a security researcher and the feds did not like his tweet, although those in the security community didn’t think it was threatening.  The FBI took all his electronic goodies to examine them.

Chris, founder of One World Labs, a security firm, had all of his stuff encrypted, so it is unlikely the feds were able to extract much from his equipment.

The article talks about another programmer, David House, who also had his equipment taken by Customs.  In that case, the government eventually agreed that he did nothing wrong and agreed to destroy their copy of his data,

In general, encryption is your best defense against this kind of action.  If the encryption is good, then it protects you not only against your laptop being lost or stolen, but also against unreasonable searches.   To me, it is unclear why anyone would not encrypt their personal data.

As more data becomes mobile (phone, pad, laptop, cloud), encryption should be an important part of your arsenal for protecting it, wherever it goes.