FBI doesn’t need a warrant to hack a suspect’s computer, US judge rules

A senior US district judge has decided that the warrant authorizing the search of a suspect’s home computer by the FBI was issued based of probable cause, but even if it wasn’t, it wouldn’t matter, “because the Government did not need a warrant to capture Defendant’s IP address,” and did not need it to extract additional information from his computer.

FBI doesn't need a warrant to hack a suspect's computer, US judge rules

The case in question is that of Edward Matish, III, who stands accused of access with intent to view child pornography and receipt of child pornography.

He is one of a number of suspects who’s IP address was identified with the help of a “network investigative technique” (NIT) used by the FBI after they seized control of Playpen, a dark net website dedicated to child porn distribution.

The NIT also instructed Matish’s and other suspects’ computers to send information about the OS running on it, its name, its MAC address, and its active operating system username to the server controlled by the FBI.

“The Court finds that Defendant possessed no reasonable expectation of privacy in his computer’s IP address, so the Government’s acquisition of the IP address did not represent a prohibited Fourth Amendment search,” Judge Henry Coke Morgan, Jr., ruled.

“Generally, one has no reasonable expectation of privacy in an IP address when using the Internet. (…) Even an Internet user who employs the Tor network in an attempt to mask his or her IP address lacks a reasonable expectation of privacy in his or her IP address.”

“The fact that the Government needed to deploy the NIT to a computer does not change the fact that Defendant has no reasonable expectation of privacy in his IP address,” he added.

“Thus, the Government’s use of a technique that causes a computer to regurgitate certain information, thereby revealing additional information that the suspect already exposed to a third party – here, the IP address – does not represent a search under these circumstances. Therefore, the Government did not need to obtain a warrant before deploying the NIT and obtaining Defendant’s IP address in this case, so any potential defects in the warrant or in the issuance of the warrant are immaterial.”

The judge also says that the defendant “has no reasonable expectation of privacy in his computer.”

“Hacking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public’s reasonable expectations of privacy,” he opined.

The EFF, which has filed an amicus brief in this case, has argued that the FBI’s investigation ran afoul of the Fourth Amendment, and it’s disappointed with this order.

“The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it’s also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal,” EFF’s senior staff attorney Mark Rumold has noted.

“But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone’s rights.”