"Government seeks a warrant to hack" - US judge gives his decision

Filed Under: Featured, Law & order

Do you usually shy away from legal documents?

Well, here's one that's well worth reading.

It deals very interestingly with the zone in which busting cybercrooks and protecting privacy intersect.

The judge who wrote it also gives some refreshingly readable remarks about the way in which words like "cyberspace" and "cloud" have sidetracked us into behaving as though the internet had no real-world existence.

The case in point deals with an application by the US Federal Bureau of Investigation (FBI) for a warrant to conduct covert surveillance on one or more cybercriminals.

Loosely speaking, the cops wanted permission to sneak spyware onto a computer that they were pretty sure was being used to carry out bank fraud.

The computer wasn't just used for a $75 credit card fraud, but to "attempt a sizeable wire transfer from [the victim's] local bank to a foreign bank account."

I'm sure you can see this from both sides. (The court's and the cops' sides, not the cops and the crooks!)

Here's someone from who-knows-where, acting semi-anonymously on the internet, trying to steal money off one of your countrymen by sending it on an irreversible journey overseas.

The bank is in your jurisdiction, the money is in your jurisdiction, and so is the victim; it's reasonable to assume that this sort of crime is not a one-off, and that, if successful, the crooks are going to go after more money from more victims.

Your most realistic chance of finding out the who, where and how is to keep your eye on what happens on the computer that the crooks are using.

Whom are they emailing? What websites are they using? What chat forums are they part of? What are they typing in before it gets encrypted for transmission? Are there any other victims they're trying to defraud right now?

Heck, if you could commandeer that computer, and it turned out to have a webcam, you might even be able to grab a mugshot of the crooks in flagrante delicto.

Law enforcement in Georgia (the country in Europe, not the state in the USA) did something along those lines last year, for example.

But there are two obvious problems here:

  • The computer isn't physically in your jurisdiction.
  • The computer might not belong to the crooks.

As the judge in this matter points out, there are some other tricky issues, too:

  • How do you locate the computer accurately in the first place?
  • If you pin it down, how do you get the spyware onto it?
  • If you infect it, how do you ensure you don't collect too much data?
  • How do you make sure you don't infect others along the way?

There are even some legally punctilious matters buried in all of this, such as whether snapping still images from the video stream of a webcam counts as photo surveillance or as video surveillance, which in the US are subject to different statutory minutiae.

Tricky stuff!

To cut to the chase, the judge denied the application, and refused permission for the spyware, noting that:

[Nowhere] does the Government explain how it will ensure that only those "committing the illegal activity will be...subject to the [spyware] technology." What if the Target Computer is located in a public library, an Internet cafe, or a workplace accessible to others? What if the computer is used by family or friends uninvolved in the illegal scheme? What if the counterfeit email address is used for legitimate reasons by others unconnected to the criminal conspiracy? What if the email address is accessed by more than one computer, or by a cell phone and other digital devices? There may well be sufficient answers to these questions, but the Government's application does not supply them.

"What if," indeed.

Interestingly, the judge forgot to add, "What if the computer is already infected with spyware or other malware, and has no connection at all with the crooks, or even with their friends and family, but rather to some utterly innocent and unknowing third party?"

Fans of privacy and on-line freedom will no doubt cheer this judgement.

It shows, in my opinion, a great deal of common sense and fairness: general-purpose spyware installed on an unknown computer may very well expose a wide range of intimate secrets about any number of people, including innocent parties.

Yet it's not all doom-and-gloom for law enforcement, who will no doubt be disappointed to have lost a chance that would, almost certainly, have gleaned useful information about cybercriminal activity.

The judge was careful to conclude by saying:

The court finds that the Government's warrant request is not supported by the application presented. This is not to say that such a potent investigative technique could never be authorized. And there may well be a good reason to update the territorial limits of [the rules to do with US court warrants].

In other words, as far as FBI spyware goes, watch this space!

By the way, whether you agree with the judge (privacy trumps search-and-seizure), or with the cops (cut us a bit more latitude to take on international cybercrime), there is a lesson in here for all of us .

If the court considers your legalistic well-being to be at risk from spyware deployed and used by accredited law enforcement professionals, just think how huge the risk is from spyware used by cybercriminals.

Keep your security patches, your anti-virus software and your network devices like routers and firewalls up-to-date!

Do you run a network at home, perhaps for friends and family, or even just for fun? How well protected are you?

Why not try our free Sophos UTM Home Edition?

You get a web application firewall, web and email filtering, IPS, VPN and more for up to 50 IP addresses.

Turn that spare PC into a full-on network security appliance!

Image of Eyeball spy character courtesy of Shutterstock.

, , , , , ,

You might like

7 Responses to "Government seeks a warrant to hack" - US judge gives his decision

  1. Tony · 454 days ago

    I like this judge, he apparently has a grasp on both what a computer is and how the government can abuse the technology in what might very well turn into a witch hunt.

    Well, we couldn't prove he was committing bank fraud but we have him dead to rights that he downloaded a pirated copy of White River Water Horny Hooker Mom's and he communicates with a known marijuana seller.

    • Paul Ducklin · 454 days ago

      What I liked was not so much the "witch hunt" prevention, but the reminder that if you don't collect it, you can't later lose it or abuse it, so best approach is not to collect it.

  2. I read the report. I find it funny that the government asserts that because the data from the remote computer is viewed on the computer in Texas that the data exists and originates from the computer in Texas and therefore meets the Territorial Limit condition of the warrant.

    That's like saying "the internet is on my computer therefore I own it."

    • Paul Ducklin · 454 days ago

      I can see their point that the crime is being committed in the USA, against a victim in the USA, by someone whose criminal equipment is outside the USA...so you can argue the "territorialism" both ways.

      (A pure physical-wold analogue might be the famous case in London where a cop in the street was murdered by a shot fired from inside the Libyan embassy. So the perpetrator and the weapon were technically on foreign soil but the victim and the crime took place in the UK. What to do?)

      As I said above, I'm siding with the judge, but I am pleased that he has effectively left the door open (or, even better, has perhaps as good as said, "Go away and get your act together") for legally and technically safe ways of taking action against crooks who would otherwise be effectively untouchable.

      (In the UK/Libya case, IIRC, the UK made it clear that it reserved the right to reclaim territory "loaned" to foreign powers, thus giving it an unassailable territorial right to impose its laws, and its investigtive regimen, in otherwise-untouchable areas.)

  3. Freida Gray · 454 days ago

    This may be totally off-base,but it seems to me as if a Texas Ranger got hit by a Nigerian scam type e-mail & wants revenge.

    • zeitgueist · 449 days ago

      IF - it was a Nigerian - and trying to scam a Texas Ranger [think Chuck Norris - Special Ranger] then my heart and feelings are for that poor Nigerian scammer - cuz Chuckie boy will see him off - and with no need for any of the so called paper work from any Court.....

      The mind boggles at that thought....

  4. roy jones jr · 447 days ago

    I think in the future there will be some legal documents to get around that issue. To me, its very trivial when a major crime happens and then everyone is yelling at each other about boundaries. How about you lock up the people first and THEN you can argue jurisdiction later? Yes, you have to follow protocol. Make sure to fix the protocol though so it doesn't cripple you. Don't the police do joint effort missions? Just call it one of those but for the internet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog