Right to hack any computer anywhere for serious criminality with underlying court order
In a case that seemed to be quite sweeping, the US government has won an appeal to use evidence in a criminal proceeding derived from hacking into personal computers, regardless of where situated (a home, a corporation, a café, an airport) for the purposes of identifying and prosecuting serious criminal activities.
It seems, pursuant to the case, that there is no need for the computer (e.g., you) being hacked to be owned or controlled by a US national (person or corporation) except that the underlying warrant authorizing the activity may be tied to US persons (natural and corporate, or which have a tie to the US).
The case, US v. Matish, did not involve terrorism, like the FBI- Apple case; rather it involved child pornography and child exploitation websites. According to the case, the FBI has been collecting evidence from a large number of national and international people for the purposes of future prosecutions for serious criminality. But they have not acted on those prosecutions yet and the targets in the US and other countries have no idea that the US government has evidence of them on file for prosecution purposes yet.
The facts of the case are as follows:
- Edward Matish, a US citizen, was charged with accessing the Internet with an intent to view child pornography and receiving child pornography from a website called Playpen.
- Playpen was on the TOR network which allows anonymous viewing of websites by hiding the IP address of a person using the Internet, which can locate the person geographically.
- Playpen had 150,000 members.
- The FBI took over Playpen from its creator and was authorized by a court order to deploy an investigative technique that allowed it to find out the identity of any user of the site, and where they lived (so, they were traceable like any porn regular non-TOR site). The information the FBI could obtain from the tech it created included the IP address of a person and the media access control address of their computer, so that if you moved locations, you could still be located.
- In essence, the FBI gained access to a person’s computer through TOR and downloaded coding to obtain their computer address and then uploaded certain information back for the purposes of prosecution (e.g., who you are and where you are).
Matish sought to force the FBI to disclosure their investigation techniques and the tech (programming code) developed to access his home computer, and he sought to have the evidence inadmissible on numerous grounds including his 4th Amendment right against search and seizure, and his reasonable expectation of privacy when using his computer at home from FBI intrusion.
The government successfully resisted on the grounds, inter alia, of security because it would expose their techniques and make it useless to track Internet crime, and on the ground of law enforcement privilege because revealing their tech would diminish the future value of important techniques that protect the public.
No expectation of privacy with your computer
With respect to the expectation of privacy, the Court held that people cannot reasonably expect to be safe from hackers, including those using the TOR network.
The Court held that the FBI gaining access to one’s computer using TOR is identical to a police officer looking through broken blinds of a person’s home, and thus no 4th Amendment right was violated.
The Court noted that since no computer is hack proof, “people who traverse the Internet understand the risks associated with doing so.” The FBI’s action on TOR was akin to merely peeking through blinds when they downloaded code to a person’s computer and watched their activities in their home, and gathered information they needed to prosecute.
Government authorized to use most advanced tech for criminal investigation for terrorists and child porn
The Court further held that “the government should be able to use the most advanced tech to overcome criminal activity that is conducted in secret, and Defendant should not be rewarded for allegedly obtaining contraband through his virtual travel through interstate and foreign commerce on a TOR hidden service.”
“The government’s efforts to contain child pornographers, terrorists and the like cannot remain frozen in time; the government must be allowed to utilize its own advanced tech to keep pace with our world’s ever-advancing technology and novel criminal methods.”
The way it works is that the users of TOR sites that involve serious criminality that are hacked by the FBI (and there are thousands thus far), will be identified for criminal purposes and those that involve US citizens will be prosecuted and those that involve foreigners (Canadians) will be referred to the RCMP.
If I were to guess, based on that case, I would say that the FBI is creating a database of persons around the world with their IP address, media address, name, IP service provider, location and a site visit profile.
While that may seem freighting to some, it is much more palatable than companies in the private sector who attempt to do the same for commercial purposes in violation of privacy laws, who sell the personal data collected, or information related to personal data, to foreign countries.