- Devin Nunes is suing Twitter over parody accounts of his mom, cow Monday 8:15 PM
- The best new movies at SXSW 2019 Monday 7:55 PM
- #AbledsAreWeird demonstrates how not to treat people with disabilities Monday 7:33 PM
- YouTubers keep uploading racist meme anthem played by New Zealand shooter Monday 5:38 PM
- Myspace confirms that a decade-plus of user-uploaded music is gone Monday 5:03 PM
- ‘Love, Death & Robots’ suffers from blatant sexism Monday 4:38 PM
- Khloe Kardashian faces backlash for Instagram post saying to ‘love thy racist neighbor’ Monday 4:07 PM
- This Twitter user wants to expose white YouTubers for racist, transphobic content Monday 3:55 PM
- Trump retweeted a QAnon supporter during his Twitter bender Monday 1:24 PM
- Katrina Pierson supports Trump tweeting more about Fox than New Zealand shooting Monday 1:19 PM
- PewDiePie’s alt-right ties are impossible to ignore Monday 1:05 PM
- With this blade, I protect this meme Monday 12:48 PM
- Lead actress in ‘The Color Purple’ revival criticized for homophobic post Monday 12:39 PM
- ‘Arrested Development’ ends the same way it did the first time—unceremoniously Monday 12:10 PM
- Alleged gunman tried to rob YouTuber Adam22 during livestream Monday 11:32 AM
The FBI wanted to catch a fraudster by installing a keylogger and spying through a computer’s webcam.
A Texas judge has denied the FBI’s request for a search warrant allowing it to install spyware on an unknown computer in an unknown location, in hopes of catching an alleged hacker and identity thief attempting bank fraud.
Judge Stephen Smith, of Texas’s Southern District, rejected the FBI’s attempt to install the same type of intrusive malware which the FBI, in other contexts, warns Americans to protect themselves against.
Smith felt the agency’s request was too broad—even if the FBI did manage to catch the actual bad guy, there was no guarantee they wouldn’t compromise the privacy of countless innocent people as well.
In his 13-page ruling and analysis, Judge Smith laid out the following background story: Early this year, an unknown person hacked into the email of a Texas resident identified only as John Doe (the court agreed to keep some details of the warrant secret, to avoid compromising the ongoing FBI investigation). The hacker, whose IP address originated from somewhere outside the U.S., then used Doe’s email to break into his bank account.
After John Doe discovered the security breach and took steps to re-secure his email, another email account with an address only one letter removed from Doe’s attempted to make “a sizeable wire transfer” out of Doe’s account into a foreign bank. The FBI has no idea where the actual offending computer, let alone the hacker who used it, actually is.
There’s no denying the FBI has good grounds to suspect criminal wrongdoing. However, as Judge Smith noted, “The Government does not seek a garden-variety search warrant” in this case.
The agency sought to record all activity on that computer for 30 days. Among other things, it would install keylogging software, use the webcam to surreptitiously photograph computer users, and monitor chat logs, email, and all websites visited, all in hope of determining who tried breaking into John Doe’s bank account.
Smith’s analysis says the FBI’s claim raises three questions, involving the “territorial limits” required of a search warrant; the “particularity requirements” of the Fourth Amendment, and “whether the Fourth Amendment requirements for video camera surveillance are known.”
The FBI fell short of all three. It failed the “territorial limits” standard because, basically, it set no such limits at all; its actual search certainly would not take place in the district over which the FBI or the magistrate has any authority. Furthermore:
“Contrary to the current metaphor often used by Internet-based service providers, digital information is not actually stored in clouds; it resides on a computer or some other form of electronic media that has a physical location. Before that digital information can be accessed by the Government’s computers in this district, a search of the Target Computer must be made. That search takes place, not in the airy nothing of cyberspace, but in physical space with a local habitation and a name. Since the current location of the Target Computer is unknown, it necessarily follows that the current location of the information on the Target Computer is also unknown.”
In other words, the territorial limits require a search of a discrete physical location under U.S. jurisdiction, neither of which apply to the FBI’s request.
The “particularity requirements” were not met because the FBI was too vague regarding just how it would find the offending computer. As Smith pointed out, merely knowing the ISP is not enough.
“The Government’s application contains little or no explanation of how the Target Computer will be found. Presumably, the Government would contact the Target Computer via the counterfeit email address, on the assumption that only the actual culprits would have access to that email account. [….] It is not unusual for those engaged in illegal computer activity to “spoof” Internet Protocol addresses as a way of disguising their actual on-line presence; in such a case the Government’s search might be routed through one or more “innocent” computers on its way to the Target Computer. The Government’s application offers nothing but indirect and conclusory assurance that its search technique will avoid infecting innocent computers or devices.”
Smith raised a number of highly plausible hypotheticals in which the FBI, while looking for the hacker, could wind up spying on innocent people as well:
“What if the Target Computer is located in a public library, an Internet café, or a workplace accessible to others? What if the computer is used by family or friends uninvolved in the illegal scheme? What if the counterfeit email address is used for legitimate reasons by others unconnected to the criminal conspiracy? What if the email address is accessed by more than one computer, or by a cell phone and other digital devices? There may well be sufficient answers to these questions, but the Government’s application does not supply them.”
Smith also said the FBI had failed to show that “alternative investigative methods have been tried and failed or reasonably appear to be unlikely to succeed if tried or would be too dangerous” and “the surveillance will be minimized to effectuate only the purposes for which the order is issued” (i.e., spying on criminals rather than innocents).
H/T Gawker | Illustration by Fernando Alfonso III
Jennifer Abel was an early contributor to the Daily Dot's web culture coverage. Her work has appeared in Mashable, Salon, Playboy, the Guardian, and elsewhere.