Technologist - The FindLaw Legal Technology Blog

FBI Can Hack Your Computer, Court Rules

Imagine you drove your car into a bad part of town, parked on the side of the street, and walked away to go eat dinner. When you came back, you discovered that thieves broke your car's windows and stole your backpack and mobile device hidden in the trunk. How would you react if you found out later that it wasn't ordinary street criminals who broke into your car, but the Feds?

Last week's ruling by a Virginia federal district court brings this almost ridiculous sounding hypothetical closer to reality in today's increasingly Orwellian world. Below, we briefly look at potentially one of the most significant federal district court rulings in recent history, US v. Matish III.

The Background

Matish involves a child pornography trafficking site odiously named Playpen that had been accessible, among other means, through "The Onion Router" (Tor), a software project that is meant to hide the location and usage of any user from those conducting surveillance and traffic analysis. Tor had been used to traffic child porn.

But in a stunning victory for the FBI, the government took over a Tor server and planted itself there. Instead of shutting down the server, it decided to hack over 1,000 computers that accessed the Tor server and grabbed not only IP addresses, but also MAC addresses, which identify the hosts' names and the operating systems of the machines. Matish sought to suppress all of the information the FBI collected as fruit of the poisonous tree for lack of a valid search warrant.

Reasonable Expectation of Privacy

The MAC information is particularly troubling because it's arguably quite a bit less public than an IP address. In fact, such information can only be stored within a user's computer. But federal district Judge Henry Coke Morgan Jr. ruled essentially that this didn't matter, because of the "virtual certainty that computers accessing the Internet can--and eventually will--be hacked." Because of this, no warrant is needed to access the contents of one's computer when accessing a Tor server. Result? In came the FBI data collection.

In this opinion, Judge Morgan couched this rather funny reasoning in terms of no reasonable expectation of privacy, but the main holding sounded more like "if criminals are likely going to hack you despite a reasonable expectation of privacy, then anything we do to your computer is kosher because, sooner or later, criminals will hack you anyway."

Perhaps, then, it would be better if jurists, for the sake of public policy, were to construe the term "reasonable expectation of privacy" to carry the meaning of "presumed sanctuaries of privacy." With stronger language like that, entire areas within human life would enjoy beefed up opacity from government intrusion no matter how "likely" a criminal may break in. This "criminals are gonna do it anyway, so government should too" line of thinking smacks of something quite sinister.

Ends Justify the Means?

So, you can understand the analogy above. Tor is the bad part of town, and all manner of ne'erdowells are lurking the streets. The problem is that Morgan's opinion itself states that one can virtually bet on getting hacked simply by getting on the internet. In other words, criminals are everywhere in this world. Under Morgan's logic, this arguably gives license for government to access computers on all servers because all of the internet is the "bad part of town."

Catching child pornography traffickers is a noble goal, but if Judge Morgan Jr.'s reasoning is taken to its most logical extreme, we may as well kiss goodbye the notion that any corner of our lives won't be open to government intrusion eventually -- because this certainly won't stop at our computers.

Related Resources: