Decision: Government needs no warrant to gather information from your home computer

Great Debates
1

So, some creeps were looking at kiddie porn on a tor site. The government seized the tor site and kept it running. The government then served malware to visitors computers that sent information back to the government. The government arrested the scumbags. The scumbags lawyers put in a motion to suppress the evidence the government collected via the malware.

The decisionstates on page 47 that

And, interestingly:

Which is rather funny in that Tor is designed for anonymity. “Hey, you used a program that is designed to be private, therefore you cannot expect it to be private!”

The judge also states that since computers can be hacked, expecting privacy on ones own computer is unreasonable.

I wonder why the judge hasn’t applied this principle in other cases: “Your house could be broken into at any time. That fact has changed the public’s reasonable expectations of privacy so, therefore, you shouldn’t expect privacy in your home.” Makes perfect sense*.

This is troubling, though the kiddie porn shmucks need a long term in prison. The government can install malware on your personal computer, take the data from your personal computer and use it against you without a warrant.

Slee

*Sometimes other folks logic baffles me.

2

You’ll note that page 6 explicitly states that a warrant was issued allowing the FBI to “obtain identifying information from activating computers”.

3

I haven’t had a chance to skim more than a few pages of it, but page 3 sets up the validity of the warrant and then adds: “Furthermore, the Court FINDS suppression unwarranted because the Government did not need a warrant in this case.”

That does seem a little disturbing…

4

Indeed. To quote the EFF commentary:

5

This is deeply disturbing.

I have no doubt that someone who deliberately accesses a kiddie porn site deserves whatever they get. The fact that they used TOR to attempt to hide their activity just proves they knew it was wrong to begin with.

Nonetheless, the logic that a computer inherently has no expectation of privacy is baffling. Why are warrants required for wiretaps but not for computers? And where does it end? Someone CAN tear open my mail and read it, but that doesn’t mean I have no expectation of privacy. This is insane.

6

Of course the government shouldn’t need a warrant to search computers. After all, there was no such thing when the founders wrote the Fourth Amendment. Clearly they could never have conceived of such devices carrying a high capacity of data and able to process it at such speeds.

7

Didn’t the Supreme Court say that our smartphones were protected and the authorities did need warrants to search them?

Damned odd if our stationary computers didn’t have the same protection as our hand-helds!

8

They don’t deserve to get the child pornography. If the government kept the website running, they better not have still been distributing child pornography.

9

Wouldn’t this be just like the government running a pawn shop to catch fencers?

10

Only if running a pawn shop is, in and of itself, illegal.

11

I’m pretty sure selling drugs is illegal, but I bet cops do that as part of a sting.

12

No. It’s more like the government running an identity theft business to catch the people who would want to use their services. When a thief steals your property, the harm done to you is primarily the loss of the property - a fence creates an incentive for the thieves to steal your stuff, and the pawn shop creates an incentive for the fence to buy the stolen goods, but the victims are not further victimised just because the fence had some money in his possession for a few days before he was arrested. If the government is distributing naked photographs of you without your consent - whether that’s child pornography, or something like the iCloud leak a few years ago - the distribution of the photos directly increases the harm caused by the initial breach of privacy.

13

Well, that’s a good point. Is that what happened? Is that something that should be regulated? I admit, I didn’t notice that when I was reading the court case but I wasn’t looking for that.

14

The defendant lacks a legitimate expectation of privacy in his own computer as to its IP address.

That’s all the decision holds.

15

Can you amplify a little, then? The police do need a warrant to look at my computer? (Which only makes sense; they’d need a warrant to come into my home to look at it!)

Is it that the data going to and from my computer, over the local network to my ISP can be looked at? But that would be the same as tapping my phone, and they need a warrant for that.

Is it that they can access the ISP’s records, to see where I’ve been browsing, without a warrant? Seems unlikely.

What’s really going on, and how did the OP come to phrase it so badly?

16

Perhaps here is a good analogy: the police capture your phone number when you call their fake ad offering child porn, but don’t record your conversation because they have no warrant.

17

Here’s what happened:

The FBI seized a server that ran a website called “Playpen,” which offered categorized sections of child porn. They continued to let it run, and captured IP addresses of connecting clients. However, because many connecting clients used Tor, a service that masks the true IP address being used by a client machine, the FBI sought and obtained a warrant. This warrant is in a class called “anticipatory warrants,” so named because they are based on an event happening before the statement of probable cause becomes true.

To briefly explain, imagine that FedEx calls the police and says, “We have just discovered a large box filled with cocaine that was given to us for delivery to Joe Q at 1515 Riverside Drive.” Now, the police cannot simply get a warrant that says, “We have probable cause to believe that there is cocaine at 1515 Riverside Drive,” because there isn’t. The cocaine is at the FedEx office. On the other hand, they can’t wait until the cocaine is delivered to start the warrant application, because by the time the warrant is granted, the cocaine may be gone again.

So the law permits an “anticipatory warrant,” which says, in effect, “After the FedEx delivery guy visits, we have probable cause to believe that cocaine will be found at 1515 Riverside Drive.”

Similarly, here, the warrant authorized the FBI to install a snoop program on the defendant’s computer only after the computer was used to log on to the site, navigate to the section containing 11 year old girls having sex with dogs, and download a movie. Along with the movie came the FBI’s program, which ran on the defendant’s computer, collected its IP address, and delivered that to the FBI. (The program would have found a local, non-routable address, but the very act of connecting to the FBI’s server revealed the public IP NATted to the private one).

Armed with that information, the FBI subpoenaed the actual physical address from the ISP and obtained a warrant to search the home occupied by the defendant, and seized and searched the computers therein. Pursuant to that search, the FBI recovered a computer which contained child pornography.

The accused sought to suppress the evidence against him. He argued that the government’s warrant was flawed for a number of reasons that are not relevant to this explanation.

The Court’s opinion says that the warrant was valid.

In addition, it says, even if the warrant was not valid, the accused cannot complain about the IP address being exposed because he has no cognizable privacy interest in the IP address itself under these circumstances… in other words, because he connected to a remote server, he voluntarily exposed his IP address and system to an environment which a reasonable person would know that it was being handed to third parties. In general, cases like Smith v. Maryland have long established the principle that information you voluntarily hand to third parties is not information in which you can claim a privacy interest.

18

I see a problem with that argument, though. The accused was using the TOR browser, which deliberately conceals his IP address, which is why the FBI had to use the malware program in the first place. So the accused was taking deliberate steps to conceal his IP address. You or I, getting onto the Straight Dope on Chrome or IE or something, should know that our IP address is easily acceptable, but wouldn’t a reasonable person who uses TOR, the entire purpose of which is to keep your information private? It’s like the difference between putting a piece of paper on your desk, and putting the piece of paper into your desk drawer, which you then lock.

19

The judge didn’t use this analogy, but putting mud on your license plate doesn’t mean you have an expectation of privacy for your license plate. The judge did go on for some time in various forms to find that it just isn’t reasonable to expect your IP to be regarded as confidential for various reasons.

And the typical EFF hysteria about “now ur computerz are all public!!!” is predictably overblown. The decision specifically notes that the contents of the computer were not searched until the computer was physically seized pursuant to a subsequent warrant.

Bricker, I don’t quite follow why the judge went on for so long about “even if the FBI didn’t have a warrant” when in fact they did. Why so much time on the counter factual?

20

The judge’s answer to that seems to be that because the Internet in general and Tor sites in particular are rife with hacking and malware, any claim that someone expects their IP to stay private is being unreasonable.