Sealed FBI Request to Hack Computer Denied
HOUSTON (CN) - A federal magistrate refused to approve a sealed search warrant application that would let the government "hack a computer suspected of criminal use."
The FBI has said it needs the information to pursue federal bank fraud, identity theft and computer security charges.
"Unknown persons are said to have committed these crimes using a particular email account via an unknown computer at an unknown location," U.S. Magistrate Judge Stephen Smith wrote. "The search would be accomplished by surreptitiously installing software designed not only to extract certain stored electronic records but also to generate user photographs and location information over a 30 day period."
Smith fully laid out the alleged crimes in denying the "novel request" Monday.
"In early 2013, unidentified persons gained unauthorized access to the personal email account of John Doe, an individual residing within the Southern District of Texas, and used that email address to access his local bank account," the 13-page order states. "The Internet protocol (IP) address of the computer accessing Doe's account resolves to a foreign country. After Doe discovered the breach and took steps to secure his email account, another email account nearly identical to Doe's - the address differed by a single letter - was used to attempt a sizeable wire transfer from Doe's local bank to a foreign bank account."
While the warrant application remains sealed, Smith said it would not harm the investigation to file the opinion publicly.
The government applied for the warrant under Rule 41, but it failed to satisfy any of the five alternative territorial limits of the rule, Smith found.
Assessing the first of those territorial limits, Smith said "many courts have analogized computers to large containers filled with information," for the purposes of search-and-seizure law.
"By the government's logic, a Rule 41 warrant would permit FBI agents to roam the world in search of a container of contraband, so long as the container is not opened until the agents haul it off to the issuing district," the opinion states. "The court has found no case willing to stretch the territorial limits of Rule 41(b)(1) so far.
"The 'search' for which the government seeks authorization is actually two-fold: (1) a search for the target computer itself, and (2) a search for digital information stored on (or generated by) that computer," Smith added. "Neither search will take place within this district, so far as the government's application shows. Contrary to the current metaphor often used by Internet-based service providers, digital information is not actually stored in clouds; it resides on a computer or some other form of electronic media that has a physical location. Before that digital information can be accessed by the government's computers in this district, a search of the target computer must be made. That search takes place, not in the airy nothing of cyberspace, but in physical space with a local habitation and a name. Since the current location of the target computer is unknown, it necessarily follows that the current location of the information on the target computer is also unknown."
Smith shot down each of the government's arguments under the subsections of Rule 41 before adding that the warrant would also violate the particularity required by the Fourth Amendment.
The judge expressed concern that the software might affect individuals who are not involved in the crime.
"What if the target computer is located in a public library, an Internet café, or a workplace accessible to others?" Smith asked. "What if the computer is used by family or friends uninvolved in the illegal scheme? What if the counterfeit email address is used for legitimate reasons by others unconnected to the criminal conspiracy? What if the email address is accessed by more than one computer, or by a cell phone and other digital devices? There may well be sufficient answers to these questions, but the government's application does not supply them."
The government's request does not meet the constitutional standards required of video surveillance - which includes the type of photographic monitoring provided by the software, according to the ruling.
"The court finds that the government's warrant request is not supported by the application presented," Smith wrote. "This is not to say that such a potent investigative technique could never be authorized under Rule 41. And there may well be a good reason to update the territorial limits of that rule in light of advancing computer search technology. But the extremely intrusive nature of such a search requires careful adherence to the strictures of Rule 41 as currently written, not to mention the binding Fourth Amendment precedent for video surveillance in this circuit. For these reasons, the requested search and seizure warrant is denied."