A federal judge in Virginia has ruled that the government doesn’t need a warrant in order to hack into your computer.
“FBI agents who exploit a vulnerability in an online network do not violate the Fourth Amendment,” Judge Henry Morgan, Jr. wrote, in his opinion and order for the Eastern District of Virginia.
The ruling on June 23 was one of many involving the FBI’s takeover of the dark web “Playpen” website, which served as a forum for anonymous Tor users to browse and share child pornography. Though the website has few public supporters, the case has been controversial in security and privacy circles.
That’s because the FBI did not immediately shut it down.
Instead, it seized the site and kept it online for a couple of weeks, hacking more than 1,000 computers in the process with what it called a “network investigative technique.” NIT is a government term for what basically amounts to malicious software that will uncover a user’s identity and report back to the host.
The deployment of the NIT — which amounts to government hacking — had been argued as a violation of the Fourth Amendment, which protects against unreasonable search and seizure. The FBI in this case did get a warrant first, but the judge ruled that they didn’t even need that, because, he wrote that users on the internet should have no “objectively reasonable expectation of privacy.”
“The government did not need to obtain a warrant before deploying the NIT and obtaining the Defendant’s IP address in this case,” the judge wrote. “So any potential defects in the warrant or in the issuance of a warrant are immaterial.”
He added that the use of the NIT to capture the defendant’s IP address did not actually count as a search.
That’s a ruling that the Electronic Frontier Foundation called “dangerously flawed,” though it noted that the opinion is not controlling precedent throughout the country.
“The implications for the decision, if upheld, are staggering,” the EFF’s Mark Rumold wrote. “Law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all.”
Tech Insider discussed the case with Bradley Moss, a national security lawyer, who said the judge threaded the needle narrowly so it would later hold up to scrutiny.
“The judge caveated that conclusion, however,” Moss told TI. “By noting that the NIT only obtained the identifying information (the IP address) and did not cross the line between collecting addressing information and gathering the contents of any suspect’s computer.”
Moss believes the case would hold up if appealed “by the skin of its teeth,” though he brought up a semi-related decision that was decided last year by the Supreme Court. In a ruling in March 2015, the court ruled that a government placing a GPS tracker on you, your car, or your stuff counts as a search that requires a warrant.
Which, it could be argued, is very similar to computer code being placed on your computer in order to track you as well.
“I think the ruling will hold up,” said Moss, but “it’s a practice that should remain subject to vigorous oversight.”