• Tag Archives 4th Amendment

  • FBI Search Warrant That Fueled Massive Government Hacking Was Unconstitutional

    Posted on by Azrael Comment

    Appeals Court Should Find Warrant Violated Fourth Amendment Protections

    Boston—An FBI search warrant used to hack into thousands of computers around the world was unconstitutional, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case about a controversial criminal investigation that resulted in the largest known government hacking campaign in domestic law enforcement history.

    The Constitution requires law enforcement officers seeking a search warrant to show specific evidence of a possible crime, and tie that evidence to specific persons and places they want to search. These fundamental rules protect people from invasions of privacy and police fishing expeditions.

    But the government violated those rules while investigating “Playpen,” a child pornography website operating as a Tor hidden service. During the investigation, the FBI secretly seized servers running the website and, in a controversial decision, continued to operate it for two weeks rather than shut it down, allowing thousands of images to be downloaded. While running the site, the bureau began to hack its visitors, sending malware that it called a “Network Investigative Technique” (NIT) to visitors’ computers. The malware was then used to identify users of the site. Ultimately, the FBI hacked into 8,000 devices located in 120 countries around the world. All of this hacking was done on the basis of a single warrant. The FBI charged hundreds of suspects who visited the website, several of whom are challenging the validity of the warrant.

    In a filing today in one such case, U.S. v. Levin, EFF and the American Civil Liberties Union of Massachusetts urged the U.S. Court of Appeals for the First Circuit to rule that the warrant is invalid and the searches it authorized unconstitutional because the warrant lacked specifics about who was subject to search and what locations and specific devices should be searched. Because it was running the website, the government was already in possession of information about visitors and their computers. Rather than taking the necessary steps to obtain narrow search warrants using that specific information, the FBI instead sought a single, general warrant to authorize its massive hacking operation. The breadth of that warrant violated the Fourth Amendment.

    “No one questions the need for the FBI to investigate serious crimes like child pornography. But even serious crimes can’t justify throwing out our basic constitutional principles. Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world. If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied. We can’t let unfamiliar technology and unsavory crimes lead to an erosion of everyone’s Fourth Amendment rights,” said EFF Senior Staff Attorney Mark Rumold.

    EFF filed a brief in January in a similar case in the Eighth Circuit Court of Appeals, and will be filing briefs in Playpen cases in the Third and Tenth Circuits in March. Some trial courts have upheld the FBI’s actions in dangerous decisions that, if ultimately upheld, threaten to undermine individuals’ constitutional privacy protections over information on personal computers. 

    “These cases will be cited for the future expansion of law enforcement hacking in domestic criminal investigations, and the precedent is likely to impact the digital privacy rights of all Internet users for years to come,” said Andrew Crocker, EFF Staff Attorney. “Recent changes to federal rules for issuing warrants may allow the government to hack into thousands of devices at a time. These devices can belong not just to suspected criminals but also to victims of botnets and other hacking crimes. For that reason, courts need to send a very clear message that vague search warrants that lack the required specifics about who and what is to be searched won’t be upheld.”

    Source: FBI Search Warrant That Fueled Massive Government Hacking Was Unconstitutional, EFF Tells Court | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged

  • The StingRay Is Exactly Why the 4th Amendment Was Written

    Posted on by Azrael 1 Comment

    The StingRay Is Exactly Why the 4th Amendment Was Written

    Imagine you are in the middle of your typical day-to-day activities. Maybe you are driving, spending time with family, or working. If you are like most people, your phone is at your side on a daily basis. Little do you know that, at any time, police and law enforcement could be looking at information stored on your phone. You haven’t done anything wrong. You haven’t been asked for permission. You aren’t suspected of any crime.

    The StingRay

    Police have the power to collect your location along with the numbers of your incoming and outgoing calls and intercept the content of call and text communication. They can do all of this without you ever knowing about it.



    How? They use a shoebox-sized device called a StingRay. This device (also called an IMSI catcher) mimics cell phone towers, prompting all the phones in the area to connect to it even if the phones aren’t in use.

    The police use StingRays to track down and implicate perpetrators of mainly domestic crimes. The devices can be mounted in vehicles, drones, helicopters, and airplanes, allowing police to gain highly specific information on the location of any particular phone, down to a particular apartment complex or hotel room.

    Quietly, StingRay use is growing throughout local and federal law enforcement with little to no oversight. The ACLU has discovered that at least 68 agencies in 23 different states own StingRays, but says that this “dramatically underrepresents the actual use of StingRays by law enforcement agencies nationwide.”

    The Violation

    Information from potentially thousands of phones is being collected every time a StingRay is used. Signals are sent into the homes, bags, and pockets of innocent individuals. The Electronic Frontier Foundation likens this to the Pre-Revolutionary War practice of soldiers going door-to-door, searching without suspicion.

    Richard Tynan, a technologist with Privacy International notes that, “there really isn’t any place for innocent people to hide from a device such as this.”

    The Fourth Amendment of the Constitution states that, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

    The StingRay clearly violates these standards. The drafters of the Constitution recognized that restricting the government from violating privacy is essential for a free society. That’s why the Fourth Amendment exists. The StingRay is creating a dangerous precedent that tells the government that it’s okay for them to violate our rights. Because of this, freedom is quietly slipping out the window.

    Little Regulation

    Law Enforcement is using StingRays without a warrant in most cases. For example, the San Bernardino Police Department used their StingRay 300 times without a warrant in a little over a year.

    In 2010, the Tallahassee Police Department used a StingRay in a warrantless search to track down the suspect of a crime. A testimony from an unsealed hearing transcript talks about how police went about finding their target. The ACLU sums it up well:

    “Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood ‘at every door and every window in that complex’ until they figured out which apartment the phone was located in. In other words, police were lurking outside people’s windows and sending powerful electronic signals into their private homes in order to collect information from within.”

    A handful of states have passed laws requiring police and federal agents to get a warrant before using a StingRay. They must show probable cause for one of the thousands of phones that they are actually searching. This is far from enough.

    Additionally, there are many concerns that agents are withholding information from federal judges to monitor subjects without approval – bypassing the probable cause standard laid out in the Constitution. They even go as far as to let criminals go to avoid disclosing information about these devices to the courts.

    If the public doesn’t become aware of this issue, the police will continue to use StingRays to infringe on our rights in secret and with impunity.

    Olivia Donaldson


    Olivia Donaldson

    Olivia Donaldson is a recent high school graduate that is currently opting out of college and participating in an entrepreneurial program called Praxis.

    This article was originally published on FEE.org. Read the original article.


    📂This entry was posted in News and Politics 📎and tagged

  • Fear Materialized: Border Agents Demand Social Media Data from Americans

    Posted on by Azrael Comment

    The Council on American-Islamic Relations (CAIR) recently filed complaints against U.S Customs and Border Protection (CBP) for, in part, demanding social media information from Muslim American citizens returning home from traveling abroad. According to CAIR, CBP accessed public posts by demanding social media handles, and potentially accessed private posts by demanding cell phone passcodes and perusing social media apps. And border agents allegedly physically abused one man who refused to hand over his unlocked phone.

    CBP recently began asking foreign visitors to the U.S. from Visa Waiver Countries for their social media identifiers. Last fall we filed our own comments opposing the policy, and joined two sets of coalition comments, one by the Center for Democracy & Technology and the other by the Brennan Center for Justice. Notably, CBP explained that it was only seeking publicly available social media data, “consistent with the privacy settings the applicant has set on the platforms.”

    We raised concerns that the policy would be extended to cover Americans and private data. It appears our fears have come true far faster than we expected. Specifically, we wrote:

    It would be a series of small steps for CBP to require all those seeking to enter the U.S.—both foreign visitors and U.S. citizens and residents returning home—to disclose their social media handles to investigate whether they might have become a threat to homeland security while abroad. Or CBP could subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data; CBP could then access both public and private online data—not just social media content and contacts that may or may not be public (e.g., by perusing a smartphone’s Facebook app), but also other private communications and sensitive information such as health or financial status.

    We believe that the CBP practices against U.S. citizens alleged by CAIR violate the Constitution. Searching through Americans’ social media data and personal devices intrudes upon both First and Fourth Amendment rights.

    CBP’s 2009 policy on border searches of electronic devices is woefully out of date. It does not contemplate how accessing social media posts and other communications—whether public or private—creates chilling effects on freedom of speech, including the First Amendment right to speak anonymously, and the freedom of association.

    Nor does the policy recognize the significant privacy invasions of accessing private social media data and other cloud content that is not publicly viewable. In claiming that its program of screening the social media accounts of Visa Waiver Program visitors does not bypass privacy settings, CBP is paying more heed to the rights of foreigners than American citizens.

    Finally, the CBP policy does not address recent court decisions that limit the border search exception, which permits border agents to conduct “routine” searches without a warrant or individualized suspicion (contrary to the general Fourth Amendment rule requiring a warrant based on probable cause for government searches and seizures). These new legal rulings place greater Fourth Amendment restrictions on border searches of digital devices that contain highly personal information.

    As we recently explained:

    The U.S. Court of Appeals for the Ninth Circuit in U.S. v. Cotterman (2013) held that border agents needed to have reasonable suspicion—somewhere between no suspicion and probable cause—before they could conduct a “forensic” search, aided by sophisticated software, of the defendant’s laptop….

    The Supreme Court held in Riley v. California (2014) that the police may not invoke another exception to the warrant requirement, the search-incident-to-arrest exception, to search a cell phone possessed by an arrestee—instead, the government needs a probable cause warrant. The Court stated, “Our holding, of course, is not that the information on a cell phone is immune from search; it is instead that a warrant is generally required before such a search, even when a cell phone is seized incident to arrest.”

    Although Riley was not a border search case, the Riley rule should apply at the border, too. Thus, CBP agents should be required to obtain a probable cause warrant before searching a cell phone or similar digital device.

    Both Riley and Cotterman recognized that the weighty privacy interests in digital devices are even weightier when law enforcement officials use these devices to search cloud content. A digital device is not an ordinary “effect” akin to a piece of luggage or wallet, but rather is a portal into an individual’s entire life, much of which is online.

    The Ninth Circuit wrote:

    With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic. In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border.

    And the Supreme Court wrote:

    To further complicate the scope of the privacy interests at stake, the data a user views on many modern cell phones may not in fact be stored on the device itself. Treating a cell phone as a container whose contents may be searched incident to an arrest is a bit strained as an initial matter…. But the analogy crumbles entirely when a cell phone is used to access data located elsewhere, at the tap of a screen. That is what cell phones, with increasing frequency, are designed to do by taking advantage of “cloud computing.” Cloud computing is the capacity of Internet-connected devices to display data stored on remote servers rather than on the device itself. Cell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference.

    The Riley Court went on to state:

    The United States concedes that the search incident to arrest exception may not be stretched to cover a search of files accessed remotely—that is, a search of files stored in the cloud…. Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforcement to unlock and search a house.

    Thus, the border search exception also should not be “stretched to cover” social media or other cloud data, particularly that which is protected by privacy settings and thus not publicly viewable. In other words, a border search of a traveler’s cloud content is not “routine” and thus should not be allowed in the absence of individualized suspicion. Indeed, border agents should heed the final words of the unanimous Riley decision: “get a warrant.”

    We hope CBP will fully and fairly investigate CAIR’s grave allegations and provide a public explanation. We also urge the agency to change its outdated policy on border searches of electronic devices to comport with recent developments in case law. Americans should not fear having their entire digital lives unreasonably exposed to the scrutiny of the federal government simply because they travel abroad.

    Source: Fear Materialized: Border Agents Demand Social Media Data from Americans | Electronic Frontier Foundation

    📂This entry was posted in News and Politics 📎and tagged