Judge Invalidates FBI Mass Hacking Warrant Over Jurisdiction, Particularity Issues
A Minnesota judge invalidated a warrant that the FBI obtained in the Playpen child pornography case, pointing out that the warrant was invalid from the moment it was requested because of both jurisdictional and particularity issues.
FBI’s Malware-Based NIT
FBI’s Network Investigative Technique (NIT) is a more positive-sounding name for a type of malware the agency uses to infect multiple computers at once to identify their IP addresses. The malware is deployed, for instance, in cases where the FBI wants to deanonymize some Tor users.
The first large-scale attack of this type to become public did so when the FBI tried to shut down the Playpen child pornography website (after running it itself more efficiently for a couple of weeks in an effort to catch more people who visited the website).
The NIT malware targeted over 8,000 computers in 120 countries, which quickly prompted many defense lawyers to make the case that the FBI had no jurisdiction in the first place. Other judges in some of the Playpen cases agreed, but the whole warrant wasn't put into question until it reached Minnesota judge Franklin Noel.
“[T]he Government claims legal authority from this single warrant, issued in the Eastern District of Virginia, to hack thousands of computers in 120 countries and to install malicious software for the purpose of investigating and searching the private property of uncounted individuals whose identities and crimes were unknown to the Government before launching this massive worldwide search,” said judge Franklin Noel.
Unknowing Violation?
Agent Macfarlane, who requested the warrant, feigned ignorance, implying that he wasn’t aware that the FBI's NIT malware would go beyond its jurisdiction. Of course, that would mean he had no idea how Tor works in the first place.
However, the whole idea of the Tor network is that it routes people’s connections through multiple countries before reaching the final destination. This is what gives Tor users “anonymity.” It’s unlikely that a law enforcement agent who targets Tor users with techniques specifically designed to catch them wouldn’t know how the tool works.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
The judge also didn’t buy Macfarlane’s argument that he unknowingly violated proper procedure, enforced by Rule 41 jurisdictional limits that still existed at the time the warrant was requested.
"It was not objectively reasonable for Agent Macfarlane, a 'law enforcement . . . veteran' employed by the FBI 'for 19 years' to believe that the NIT warrant, which he knew could reasonably reach any computer in the world, was properly issued given the specific territorial limits under Rule 41(b) and the language of the warrant itself," said judge Noel."Put differently, it was not objectively reasonable for Agents to believe that a single warrant, which by its terms was explicitly limited to searches in the Eastern District of Virginia, could be used to electronically search Carlson's computer in Minnesota,” added judge Noel.
Rule 41 was changed last year to allow the FBI to go way beyond its jurisdiction with its NIT malware infections, so it’s likely that any new such warrants would not be found invalid due to this reason alone. However, warrants requested before Rule 41 was modified should still be affected by the old Rule 41 limits.
NIT Malware Violates Particularity Requirement For Warrants
The judge made another interesting argument, which may also affect future cases in which the NIT was used, even without the previous Rule 41 limits in place. He said that valid warrants require particularity, which means the warrant must name the person under investigation.
The FBI (or any other US law enforcement agency) can’t simply do a dragnet for the information of thousands of people and then look for crimes within that data. Yet that's exactly what the FBI did with its NIT malware, because it didn’t know who it was targeting. This argument could also be used against other mass surveillance techniques, as well by other defendants who learn that the government used NIT malware against them.
Zero-day Windows NTLM hash vulnerability gets patched by third-party — credentials can be hijacked by merely viewing a malicious file in File Explorer
US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks
-
Urzu1000 It kind of reminds me of the prisoner situation in Mass Effect: Andromeda. Trying to rescue a man accused of murder by finding evidence to prove he didn't do it. Instead, you find evidence that he really didn't do it, but he *meant to* and thought he did.Reply
Then you have to make a choice: Convict a man who didn't actually commit the crime but should be punished, or let him go so that the legal system cannot become twisted due to the precedent that would set.
I think the ethical issue here is very similar. The judge made the right call. Long-term preservation of justice at a cost.
Perhaps if it becomes clear that dragnet viruses for law enforcement are not legal, someone will get creative enough to figure out a better way to pursue these people that doesn't set a bad precedent for other areas of law enforcement. -
toffty Haven't played Mass Effect but the anecdote doesn't seem too difficult to solve. The man is innocent of murder. The man is guilty of attempted or at least planned murder which the first, hopefully the second too, would carry a punishment.Reply -
SteveRNG From what I read above, I support the Judge's decision. But at the same time... a ****load of child pornographers who are most likely guilty as **** are not going to be prosecuted now. It's the right choice, but the it leaves me feeling sick.Reply -
problematiq 19543699 said:From what I read above, I support the Judge's decision. But at the same time... a ****load of child pornographers who are most likely guilty as **** are not going to be prosecuted now. It's the right choice, but the it leaves me feeling sick.
I feel ya, It's great they will get these people, it blows that now the FBI can do a mass hack with a single warrant. -
JohnMD1022 Amendment IVReply
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
---------
That doesn't leave much room for doubt.