FBI didn't need warrant to use malware to find visitors to child-porn website, judge rules
Hacking is so prevalent that a man charged with child pornography had no expectation of privacy for his home computer’s identifying information, a federal judge in Virginia ruled late last month.
The June 23 decision (PDF) by U.S. District Judge Henry Coke Morgan Jr. of Norfolk held that the FBI didn’t need a warrant to install malware on the Playpen child-pornography site to collect internet protocol addresses and identifying information for computers accessing the site, so there was no need to suppress evidence in the case against Edward Joseph Matish III.
“People who traverse the internet ordinarily understand the risk associated with doing so,” Morgan said.
After using the malware to find Matish, the FBI got a new warrant and seized computers, hard drives and other electronic devices from Matish’s home. He is charged with accessing and receiving child pornography.
The decision is “garnering interest in legal circles nationally,” the Daily Press of Newport News reports in a story summarized by the Associated Press. The opinion is one of several “troubling decisions” in prosecutions related to the Playpen investigation, according to the Electronic Frontier Foundation’s Deep Links blog.
Matish had claimed the broad warrant authorizing installation of the malware lacked specificity, making the search of his computer unconstitutional. Morgan said the warrant was sufficiently specific and supported by probable cause, but it wasn’t needed in any event.
Matish had installed Tor software for anonymity, but any subjective expectation of privacy he may have had was not reasonable, Morgan said. Tor itself warns users that it has vulnerability and users might not remain anonymous.
In addition, the rise of computer hacking has changed the public’s reasonable expectations of privacy regarding computer intrusions, Morgan said. “Now, it seems unreasonable to think that a computer connected to the web is immune from invasion. Indeed, the opposite holds true: In today’s digital world, it appears to be a virtual certainty that computers accessing the internet can—and eventually will—be hacked.”
The Electronic Frontier Foundation called the decision “dangerously flawed” in its Deep Links post. “The implications for the decision, if upheld, are staggering: Law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy.”
