A few years ago, I did a post in which I speculated about
the possibility of U.S. law enforcement’s using a Trojan Horse or similar
program to surreptitiously search, and perhaps, monitor a suspect’s
computer. And a few years after that, I
included an expanded version of that analysis in a law review article, which
you can find here, if you’re interested.
This post examines a case which seems to involve federal law
enforcement’s seeking a warrant to authorize what appears, essentially, to be
the type of surreptitious search and monitoring I speculated about in the
earlier post and the law review article.
The case is In re
Warrant to Search A Target Computer at Premises Unknown, ___ F. Supp.2d ___,
2013 WL 1729765 (U.S. District Court for the Southern District of Texas 2013)
(“In re Warrant”). And this is how the federal district court judge who deal with law enforcement’s request for the warrant noted above
described the facts available to him and the nature of the government’s
request:
In early 2013, unidentified persons
gained unauthorized access to the personal email account of John Doe, an
individual residing within the Southern District of Texas, and used that email
address to access his local bank account. The Internet Protocol (IP) address of
the computer accessing Doe's account resolves to a foreign country.
After Doe
discovered the breach and took steps to secure his email account, another email
account nearly identical to Doe's -- the address differed by a single letter --
was used to attempt a sizeable wire transfer from Doe's local bank to a foreign
bank account. The FBI has commenced an investigation, leading to this search
warrant request. At this point in the investigation, the location of the
suspects and their computer is unknown.
The
Government does not seek a garden-variety search warrant. Its application
requests authorization to surreptitiously install data extraction software on
the Target Computer. Once installed, the software has the capacity to search
the computer's hard drive, random access memory, and other storage media; to
activate the computer's built-in camera; to generate latitude and longitude
coordinates for the computer's location; and to transmit the extracted data to
FBI agents within this district.
In re Warrant, supra.
The judge then explains that by
[u]sing this software, the government
seeks to obtain the following information:
(1) records existing on the Target
Computer at the time the software is installed, including:
• records of Internet Protocol
addresses used; records of Internet activity, including firewall logs, caches,
browser history and cookies, “bookmarked” or “favorite” Web pages, search terms
that the user entered into any Internet search engine, and records of user-typed
Web addresses;
• records evidencing the use of the
Internet Protocol addresses to communicate with the [victim's bank's] e-mail
servers;
• evidence of who used, owned, or
controlled the TARGET COMPUTER at the time the things described in this warrant
were created, edited, or deleted, such as logs registry entries, configuration
file, saved user names and passwords, documents, browsing history, user
profiles, e-mail contents, e-mail contacts, “chat,” messaging logs,
photographs, and correspondence;
• evidence of times the TARGET COMPUTER was used;
and
• records of applications run.
(2) prospective data obtained during a 30–day
monitoring period, including:
• accounting entries reflecting the
identification of new fraud victims;
• photographs (with no audio) taken using the
TARGET COMPUTER's built-in camera after the installation of the NEW SOFTWARE,
sufficient to identify the location of the TARGET COMPUTER and identify persons
using the TARGET COMPUTER;
• information about the TARGET COMPUTER's
physical location, including latitude and longitude calculations the NEW
SOFTWARE causes the TARGET COMPUTER to make;
• records of applications run.
In re Warrant, supra. (In a footnote, he explains that the warrant has
been sealed “to avoid jeopardizing an ongoing investigation”, but the opinion
is not because “it deals with a question of law at a level of generality which
could not impair the investigation.” In re Warrant, supra.)
The judge also explains that, in order to accomplish all
this, the
Government has applied for a Rule 41
search and seizure warrant targeting a computer allegedly used to violate
federal bank fraud, identity theft, and computer security laws. Unknown persons
are said to have committed these crimes using a particular email account via an
unknown computer at an unknown location.
In re Warrant, supra. Federal Rule of Criminal Procedure 41, which you
can find here, authorizes federal judges, and federal magistrates, to issue
warrants that authorize law enforcement officers to search for and seize
specified items, assuming, of course, that the application for the warrant is
supported by probable cause. And if you
would like to read more about the processes of applying for and executing a
warrant, check out the U.S. Department of Justice publication you can find
here.
As noted above, the agents and/or prosecutor applying for
the warrant argued that this request, while “novel”, falls within the scope of
Rule 41, i.e., that the rule allows the court to issue such a warrant. In re Warrant, supra. The judge found that this argument raised "a number of questions,
including: (1) whether the territorial limits of a Rule 41 search
warrant are satisfied; (2) whether the particularity requirements of the 4th
Amendment have been met; and (3) whether the 4th Amendment requirements for
video camera surveillance have been shown.”
In re Warrant, supra. In this opinion, he analyzes each of these
issues, in this order. In re Warrant, supra.
As to the first issue, the judge noted that Rule 41(b)(1) “allows a . .
. `judge with authority in the district . . . to issue a warrant to search for
and seize a person or property located within the district.’” In re
Warrant, supra. He also noted that
while the Government
readily admits that the current location of the
Target Computer is unknown, it asserts that this subsection authorizes the
warrant `because information obtained from the Target Computer will first be
examined in this judicial district.’ . . . Under the Government's theory,
because its agents need not leave the district to obtain and view the
information gathered from the Target Computer, the information effectively
becomes `property located within the district.’ This rationale does not
withstand scrutiny.
In re Warrant,
supra.
Later, he explains that under the “Government's logic, a Rule
41 warrant would permit FBI agents to roam the world in search of a
container of contraband, so long as the container is not opened until the
agents haul it off to the issuing district.” In re Warrant, supra. He
noted that the “search” for which the Government
seeks authorization is actually two-fold: (1) a
search for the Target Computer itself, and (2) a search for digital information
stored on (or generated by) that computer. Neither search will take place
within this district, so far as the Government's application shows. Contrary to
the current metaphor often used by Internet-based service providers, digital
information is not actually stored in clouds; it resides on a computer or some
other form of electronic media that has a physical location.
Before that digital information can be accessed by
the Government's computers in this district, a search of the Target Computer
must be made. That search takes place, not in the airy nothing of cyberspace,
but in physical space with a local habitation and a name.
Since the current location of the Target Computer
is unknown, it necessarily follows that the current location of the information
on the Target Computer is also unknown. This means that the Government's
application cannot satisfy the territorial limits of Rule 41(b)(1).
In re Warrant,
supra. He also found that the other
options codified in Rule 41(b) did not apply here because (i) this was not a
terrorism investigation (Rule 41(b)(3); (ii) the warrant did not seek to
install and use a tracking device within the Southern District of Texas (Rule
41(b)(4); and (iii) there was no evidence that the Target Computer “will be found on
U.S.-controlled territory or premises” (Rule 51(b)(5). In re Warrant, supra.
Next, he considered whether the warrant application satisfied the 4th
Amendment’s particularity requirement. In re Warrant, supra. As I have noted in prior posts, the 4th
Amendment requires that warrants “particularly” describe the place to be
searched and the things to be searched for.
In analyzing this issue, the judge noted, again, that “the warrant
sought here would authorize two different searches: a search for the
computer used as an instrumentality of crime, and a search of that
computer for evidence of criminal activity.” In re Warrant, supra. He
also explained that because “the latter search presumes the success of the
initial search for the Target Computer, it is appropriate to begin . . . with
that initial search.” In re Warrant, supra (emphasis in the
original).
The judge found the government had not satisfied the particularity requirement
as to this search because its application for the warrant
contains little or no explanation of
how the Target Computer will be found. Presumably, the Government would contact
the Target Computer via the counterfeit email address, on the assumption that
only the actual culprits would have access to that email account. Even if this
assumption proved correct, it would not necessarily mean the government has
made contact with the end-point Target Computer at which the culprits are
sitting.
It is not unusual for those engaged in illegal computer activity to
`spoof’ IP addresses as a way of disguising their actual on-line presence; in
such a case the Government's search might be routed through one or more
`innocent’ computers on its way to the Target Computer.
In re Warrant,
supra. And as to the second search,
i.e., the search of the computer targeted by the warrant, the judge found that
the government had not explained how “its search technique will avoid infecting
innocent computers” which could be implicated if, say, the computer was in a
workplace or was “used by family or friends uninvolved in the illegal scheme”
among other problems. In re Warrant,
supra.
Finally, the judge addressed the issue of “video surveillance,”
explaining that the
data extraction software will activate the Target
Computer's built-in-camera and snap photographs sufficient to identify the
persons using the computer. The Government couches its description of this
technique in terms of `photo monitoring,’ as opposed to video surveillance, but this is
a distinction without a difference. In between snapping photographs, the
Government will have real time access to the camera's video feed. That access
amounts to video surveillance.
In re Warrant,
supra.
He noted that, in U.S. v. Biasucci,
786 F.2d 504 (U.S. Court of Appeals for the Second Circuit 1986), the federal
appellate court held that video surveillance warrants have to satisfy the
requirements of Title III of the Omnibus Crime Control and Safe Streets Act of
1968, 18 U.S. Code §§ 2510–2520, which governs traditional wiretaps. In re
Warrant, supra. For a checklist of
those requirements, check out this site.
Basically, to obtain a wiretap warrant, an officer has to also provide
(1) a factual statement that alternative investigative
methods have been tried and failed or reasonably appear to be unlikely to
succeed if tried or would be too dangerous; (2) a particular description of the
type of communication sought to be intercepted, and a statement of the
particular offense to which it relates; (3) a statement of the duration of the
order, which shall not be longer than is necessary to achieve the objective of
the authorization nor, in any event, longer than 30 days, (though extensions
are possible); and (4) a statement of the steps to be taken to assure that the
surveillance will be minimized to effectuate only the purposes for which the
order is issued.
In re Warrant,
supra.
He found the Government’s application for this warrant failed to satisfy
requirements (1) and (4). In re Warrant, supra. As to (1), the application for the warrant did
not explain why other methods were unlikely to succeed and/or would be
dangerous. In re Warrant, supra. And
this, according to the opinion, is what the application said about (4) -- minimization:
`Steps will be taken to assure that data gathered
through the technique will be minimized to effectuate only the purposes for
which the warrant is issued. The software is not designed to search for,
capture, relay, or distribute personal information or a broad scope of data.
The software is designed to capture limited amounts of data, the minimal
necessary information to identify the location of the TARGET COMPUTER and the
user of TARGET COMPUTER.’
In re Warrant,
supra.
The judge found that “the breadth of data authorized for extraction in
the proposed warrant” (see above) “fatally undermined” the Government’s
assurances that it the software would “capture only limited amounts of data”
from the Target Computer. In re Warrant, supra. He also noted that “given the unsupported
assertion that the software will not be installed on `innocent’ computers or
devices, there remains a non-trivial possibility that the remote camera
surveillance may well transmit images of persons not involved in the illegal
activity under investigation.” In re Warrant, supra.
He therefore denied the Government’s application for the warrant . . .
which does not mean that it cannot (i) try again with this judge and/or (ii)
try again with another federal judge.
In re Warrant, supra.
No comments:
Post a Comment