FBI can hack computers with no warrant, US court rules

US Senate

A court in Virginia has ruled the FBI can hack computers without a warrant.

The decision was made in relation to an ongoing case in which 137 people were arrested on suspicion of having accessed a site hosting images of child abuse, Playpen, on the dark web.

In 2014, the FBI managed to take control of the site, however, and track down users by hacking their computers and secretly collecting their IP addresses.

While the law enforcement agency did obtain a warrant for its actions, one of the suspects argued nevertheless that the evidence was collected illegally.

The court, however, disagreed.

In his ruling, senior united states district judge Henry Coke Morgan said: "The court finds ... that probable cause supported the warrant issuance [and] that the warrant was sufficiently specific ... and that the magistrate judge did not exceed her jurisdiction or authority in issuing the warrant. Furthermore, the court finds ... the government did not need a warrant in this case."

Mark Rumold, writing for privacy organisation the Electonic Frontier Foundation (EFF), called the decision "dangerously flawed".

"This decision is the latest in, and perhaps the culmination of, a series of troubling decisions in prosecutions stemming from the FBI's investigation of Playpen. The implications of the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all," Rumold said.

The decision comes just days after theUS Senate slapped down a motion from the FBI to amend the law to allow it to access a wide range of internet records without a warrant (see story dated 23/06/2016), and a month after the maker of the Firefox browser, Mozilla, was denied information on how the FBI was able to crack the Tor network to track the alleged criminals.

23/06/2016: US Senate defeats Snooper's Charter analogue

The US Senate has voted down an attempt by the FBI to gain unfettered access to citizens' internet data.

The motion to amend the Commerce, Justice, Science, and Related Agencies Appropriations Act would have allowed the US government to "obtain a specified set of electronic communication transactional records under that section, and to make permanent the authority for individual terrorists to be treated as agents of foreign powers under the Foreign Intelligence Surveillance Act of 1978".

This electronic communication would have included a subject's name, email address, phone number, login history, methods of payment made to online services, including card or bank information, IP address and session duration, such as how long a person was connected to the internet.

Under the amendment, all this would have been possible through self-certification on the part of the FBI, rather than having to go through a judge and get a warrant.

The application was voted down by the Senate more by a technical issue than by majority vote - it failed to meet the 60-vote limit in order to proceed.

The disruption was welcomed by groups such as the American Civil Liberties Union (ACLU), although the motion could be revived for another vote within the next 24-48 hours.

Nevertheless, campaign groups in the UK are hopeful that the defeat could help sway the opinion of the Lords with regards to the Snooper's Charter - more properly known as the Investigatory Powers Bill - which provides law enforcement here with powers similar to those the FBI hoped for.

Jim Killock, executive director of Open Rights Group, told IT Pro: "The Investigatory Powers Bill will give the police and even government departments access to British citizens' personal information, including their web-browsing history, app use, phone records and location data. Not only will they be able to get internal sign off to access this data, but a new 'request filter' will put all of this information into a population-wide police database, which can be analysed without a warrant."

"The Home Office insists these powers are necessary but this is not borne out by evidence. As we have seen, the US Senate has struck down similar proposals and many other European countries have ended data retention, without any apparent impact on criminal detection."

"We hope that members of the House of Lords will take note of the US Senate's ruling and amend the IP Bill to remove proposals for both recording our web browsing history and the request filter."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.