A court in Texas handed down a ruling that is likely to set a precedent for government access to hard drives.
When law enforcement hacks into a computer that is a search, ruled Senior U.S. District Judge David Alan Ezra of the San Antonio division of the Western District of Texas court. In other words, investigators should be armed with a warrant to hack into someone's computer, according to The Hill.
Ezra's ruling comes in a motion to suppress evidence filed by Jeffrey Jerry Torres, a San Antonio, Texas, resident accused of accessing the child porn site Playpen. In investigating the site, the FBI launched what it terms a network investigative technique (NIT), which involved the dissemination of malware on the site in order to entrap IP addresses of visitors. The IP address led to a cable operator and then to Torres's home computer.
The legality of FBI investigations using a NIT warrant has previously been questioned with courts in different jurisdictions issuing conflicting rulings. Citizens were swept up by the thousands as the FBI identified them with IP addresses from a single warrant. In a prior case, a judge ruled that since visitors accessed Playpen through the dark web browser Tor, they had to reveal their IP address to another computer to gain access to Tor. Therefore, they forfeited their reasonable expectation of privacy.
Torres had filed a motion objecting to the FBI's search of the computer at his residence. The FBI claimed it found a stash of child porn, but Torres argued to suppress the evidence claiming it was taken as part of an “unlawful” search of his computer.
In his 18-page ruling, Judge Ezra denied the motion to suppress evidence, as the evidence presented and FBI procedures were carried out in accordance with the law. However, he ruled that the FBI's hacking does constitute a search under the Fourth Amendment.
“[The contention that] Mr. Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a 'search' for Fourth Amendment purposes,” Ezra wrote.
"Absent rare emergencies, the government should obtain court approval whenever it places software on an individual's computer without that person's consent and when that software is used to disclose information from the computer," Tim Ryan, a partner in EY's Fraud Investigation and Dispute Services (FIDS) practice, told SCMagazine on Tuesday.
Ryan agreed that the FBI did obtain a warrant so there was no real issue as to whether a warrant was required. And, he added, the court opinion will not impede investigations or materially change how the FBI deploys its NIT. "The government was acting pursuant to court approval when it deployed the NIT."
