The short answer is yes. The government has the capabilities to install software on your computer that will hijack all of your information, and under the right circumstances, a court might issue a warrant allowing the the government to do it.
But recently, a magistrate judge in Texas very publicly denied an FBI warrant request to install invasive software on an unidentified “target computer” used to access someone’s local bank account. Although the accessed bank account is local, the IP address of the target computer resolves to a foreign country.
The magistrate judge noted at least three problems with the warrant: (1) it was not authorized under Fed. R. Crim. P. 41 (Rule 41); (2) the Fourth Amendment particularity requirements were not met; and (3) the invasive nature of video surveillance required greater Fourth Amendment protections. For the full text of the opinion, click here.
Below, I discuss the court's Rule 41 analysis, but the entire case is worth a read. In particular, the judge identifies very real Fourth Amendment concerns, and, I think, ultimately reaches the correct conclusion.
In re Warrant to Search a Target Computer at Premises Unknown
The facts of this case are relatively straightforward. An unidentified person gained access to John Doe’s personal email account, and used the email to access Doe’s local bank account. Doe took steps to secure his email, but an unidentified person used a nearly identical account to attempt a large wire transfer from Doe’s bank to a foreign bank account.
The FBI investigated, and requested a search warrant, which is what brought the case before the Magistrate Judge Stephen WM. Smith. At the time the FBI requested the warrant, it did not know the location of the suspect or the location of the computer. Thus, the requested warrant authorized
two different searches: (1) a search for the target computer itself and (2) a search of the computer for evidence. The Government did not address how it would find the target computer, but the court assumed (probably correctly) that the FBI would contact the computer through the counterfeit email. In order to get evidence off the computer, the FBI would install data extraction software. The software could search the computer’s hard drive and storage, activate the computer’s built-in camera, generate coordinates for the computer’s location, and transmit all of the extracted data back to the FBI agents.
Rule 41provides certain territorial requirements to issuing warrants, and authorizes magistrate judges to issue warrants upon probable cause in five circumstances. The full text of the rule can be found here. The court analyzed all five circumstances and concluded that none of them authorized the warrant.
The first circumstance allows a magistrate judge “to issue a warrant to search for and seize a person or property located within the district.” Rule 41(b)(1). Although the Government admitted they did not know the location of the target computer, it argued that this subsection authorized the warrant because the FBI would examine any information obtained from the computer in the judicial district. In other words, the FBI could conduct its entire investigation from the comfort of the field office in the
The court rejected this argument. According to the court, the Government’s logic allowed “FBI agents to roam the world in search of a container of contraband, so long as the container is not opened until the agents haul it off to the issuing district.”
With tangible property, the court’s reasoning absolutely makes sense. But is data on a computer the same as tangible property? Even if the data is on the actual computer, is it right to compare that data to a container? Because let’s be honest, data on a computer is not like a physical container that holds documents. For starters, you cannot reach into my physical file folder at my house from your office on the other side of the world. But the court concludes the search takes place wherever the target computer is, "not in the airy nothing of cyberspace."
Before that digital information can be accessed by the Government's computers in this district, a search of the Target Computer must be made. That search takes place, not in the airy nothing of cyberspace, but in physical space with a local habitation and a name.
From a policy standpoint, this analogy works. There is something intrinsically uncomfortable about allowing a law enforcement agency to create a sort of Trojan Horse program and receive a warrant to install it on your property, no matter where that property is located.
Under subsection (b)(2), a magistrate judge may issue a warrant for a person or property outside of the district if (1) the person or property was within the district when the warrant was issued (2) but was moved outside of the district before the warrant was executed. The court specifically noted that it “does not authorize a warrant in the converse situation—that is, for property outside the district when the warrant is issued, but brought back inside the district before the warrant is executed.“
Subsection (b)(3) authorizes a search warrant in domestic or international terrorism investigations in “any district in which activities related to the terrorism may have occurred,” regardless of the location of the property. As this was not a terrorism case, the subsection did not apply.
But this is an important subsection. If the federal government can point to a link to terror, maybe even a suspected link, the court has the authority to issue the warrant.
Under subsection (b)(4), a magistrate judge may authorize a warrant to install a tracking device within the district, and the tracking device may monitor outside of the district. The court reasoned that
the Government had a plausible argument under this subsection, “because the software will activate the computer’s camera over a period of time and capture latitude/longitude coordinates of the computer’s physical location.” But the court focused on the location of the device that the software would be loaded onto. The court again noted that “the software would be installed on a computer
whose location could be anywhere on the planet."
But there is a reasonable argument that the FBI would install the tracking device within the district.
As noted, the software allows the FBI to stay in the comfort of their office during the entire investigation; the FBI does not have to leave the district to install the software. The idea that the data stored on a computer or that software is somehow a tangible object starts to break down. Should the warrant requirement focus on where the property is or should it focus on where the officers investigate from?
Finally, subsection (b)(5) authorizes a warrant “in any district where activities related to the crime may have occurred” to issue a warrant for property that may be outside the jurisdiction of any state or district, but within a U.S. territory. The court notes that the crime was committed within the district (despite the fact that the unidentified person likely never entered the district), but still denied any authority to grant the warrant because the location of the targets computer was unknown.
So, Can the Government Hijack Your Computer?
As I mentioned earlier, I think that the court identifies real Fourth Amendment concerns here and ultimately arrives at the right conclusion. But I am skeptical of the Rule 41 analysis. For starters, the crime was committed within the district by using property outside of the district. If the unidentified persons had wanted to commit this crime prior to technology, the unidentified person would have been forced to enter physically enter the district. So technology allows the unidentified person the freedom to commit a crime from wherever, but territorial limits prevent investigators from receiving a warrant to investigate the crime. I am not sure I think this distinction makes sense, even though I do agree with the court's refusal to grant the warrant.
In the end, I think that the Fourth Amendment concerns really underlie the court’s conclusion. The court even notes that Rule 41 may authorize “such a potent investigative technique” in some circumstances and comments that “there may well be a good reason to update the territorial limits of that rule in light of advancing computer search technology.” One such circumstance where officers will likely use this technique is a terrorism case, which is already built into the rule.
But the court was concerned with the broad nature of the warrant in this case. In particular, the court noted that (1) the Government might encounter innocent computers while attempting to locate the target computer; (2) the target computer could be a public computer; and (3) the warrant allowed for photographic surveillance. If the FBI’s warrant was less invasive and more particularized as to the location, I think that this case could have gone the other way—with the court deciding that Rule 41 did authorize the FBI to install the software. It almost certainly would go the other way if the IP address resolved in the district.
Do you agree with the court on the territorial limits of Rule 41? Should the focus be on where the agents act from or where the property may be located? Or do you think that the better argument is under the Fourth Amendment?
About this Blog
I was once a licensed attorney (in Washington), but my license is now inactive. I like to geek out about entertainment,
internet, and privacy law. This blog is a place for me to do that. All of the views expressed are my own and should not be considered legal advice.
My personal blog is located under the tab Pax's Page.
Rachel is a typer of words.