The FBI did not need a warrant to hack a US citizen's computer, according to a ruling handed down on Tuesday by Senior US District Court Judge Henry Coke Morgan, Jr. If the decision is upheld, it may have ripple effects that essentially allow government agencies to remotely search and seize information from any computer in the US without a warrant, probable cause or suspicion, the EFF argues.
The ruling relates to a worldwide FBI sting dubbed Operation Pacifier that targeted child pornography sites on anonymity networks such as Tor. The FBI deployed hacking tools across computers in the US, Chile, Denmark and Greece, and caught 1,500 pedophiles on the Dark Web. As part of Operation Pacifier, authorities briefly seized and continued running a server that hosted the child pornography site Playpen, meanwhile deploying a hacking tool known internally as a network investigative technique. The NIT collected roughly 1,500 IP addresses of visitors to the site.
Judge Morgan, Jr. wrote on Tuesday that the FBI's actions did not violate the Fourth Amendment, which protects US citizens from unreasonable search and seizure. "The Court finds that no Fourth Amendment violation occurred here because the government did not need a warrant to capture Defendant's IP address" and other information from the suspect's computer, he wrote.
"Generally, one has no reasonable expectation of privacy in an IP address when using the internet," Morgan, Jr. said. "Even an internet user who employs the Tor network in an attempt to mask his or her IP address lacks a reasonable expectation of privacy in his or her IP address."
Basically, the judge argued, computers are hacked every day and no one should expect privacy while operating online.
"The rise of computer hacking via the internet has changed the public's reasonable expectations of privacy," he wrote. "Now, it seems unreasonable to think that a computer connected to the web is immune from invasion. Indeed, the opposite holds true: In today's digital world, it appears to be a virtual certainty that computers accessing the internet can -- and eventually will -- be hacked."
A Massachusetts court previously threw out evidence gathered by the FBI in one Playpen case, ruling that the operation relied on an invalid warrant. The bureau has moved to keep its NIT software classified, citing national security concerns if it were made public.
In April, the Supreme Court upheld the FBI's proposed changes to Rule 41, allowing judges to approve remote access to suspects' computers that fall outside their jurisdiction. Under the new rules, a judge in New York can authorize hacking a computer in Alaska, for example. A bipartisan Senate bill called the Stop Mass Hacking Act aims to block these expanded powers. There's a similar bill making its way through the House of Representatives, as well, according to Reuters. Congress has until December 1st to reject or amend the Supreme Court's ruling -- if it doesn't, the changes to Rule 41 will take effect as planned.