Judge: FBI didn’t need warrant to hack child porn suspect’s computer

A federal court ruled that the FBI did not need a warrant to hack a suspect’s computer during a massive child pornography sting, outraging privacy advocates and opposing rulings in similar cases across the country.

{mosads}U.S. District Judge Henry Morgan in Newport News, Va., rejected a motion to suppress evidence against one of more than a hundred defendants charged in the investigation.

In documents unsealed Thursday, Morgan ruled that the single warrant the FBI obtained in the case was legal. But further, according to Morgan, the agency didn’t actually need a search warrant to deploy the malware it used to identify thousands of users of Playpen, a site on the dark web.

Morgan compared the use of the malware — a “network investigative technique,” or NIT, in FBI parlance — to peering through a suspect’s broken blinds. The latter is permissible under the Fourth Amendment, according to the Supreme Court.

Because the vulnerability of online systems has been widely reported — for example, thanks to the San Bernardino case, it is now public knowledge that it is possible to hack an iPhone — even users of the anonymizing software Tor cannot expect to be safe from hackers, Morgan ruled.

Like an apartment with broken blinds, Morgan wrote, “a computer afforded Fourth Amendment protection in other circumstances is not protected from Government actors who take advantage of an easily broken system to peer into a user’s computer.”

Privacy advocates immediately fired back on the decision, calling it “dangerously flawed.”

“The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all,” the Electronic Frontier Foundation wrote in a blog post.

The case is part of a broader debate between technologists, privacy advocates and law enforcement agencies over the limits that should be placed on electronic searches.

At issue is whether judges should be able to issue a single warrant for digital searches in multiple jurisdictions.

The Justice Department argues that allowing such warrants is reflective of the technological reality of modern investigations, while tech companies and privacy advocates say they are a danger to privacy and security and are a violation of the Fourth Amendment.

Judges in other cases brought as part of the Playpen investigation have reached the opposite conclusion from Morgan.

U.S. District Judge William Young in April ruled to suppress evidence in the case of Alex Levin, a Massachusetts defendant, on the grounds that the warrant “was issued without jurisdiction and thus was void.”

“It follows that the resulting search was conducted as though there were no warrant at all,” he wrote. “Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded.”

The fight is now before Congress, where lawmakers have until the end of the year to weigh in on a proposed change to procedural rules that would allow the Justice Department to obtain a single warrant for electronic searches in multiple jurisdictions — even if investigators don’t know where the computer in question is located.

If Congress fails to pass affirmative legislation either upholding or rejecting the rule change, the amendment to what’s known as Rule 41 will go into effect on Dec. 1.