Privacy Law

US increasingly uses malware in law enforcement, expert says; should a warrant be required?

  • Print


Image from Shutterstock.

The Fourth Amendment should be interpreted to impose a warrant requirement when the U.S. government uses malware to hack computer systems for law enforcement purposes, according to a cybersecurity fellow at Stanford University’s Center for International Security and Cooperation.

The author of the article, posted at SSRN, is Jonathan Mayer, a Stanford law graduate and Ph.D. candidate in computer science.

According to Mayer, public disclosures reveal that both the FBI and the Drug Enforcement Administration are increasingly resorting to computer intrusions as an investigative technique. Mayer’s article begins with an example plucked from a recent news report.

Local authorities were stumped when an anonymous person sent nine bomb threats via email to Timberline High School in Washington state. The perpetrator had masked his online identity. The FBI was able to hack the 15-year-old suspect’s computer by placing a fake news article about the threats on his MySpace page. When the perpetrator clicked on it, the FBI secretly installed malware on the teen’s computer that revealed identifying information.

The government applied for a warrant in the TImberline case yet refused to concede that government hacking to obtain identifying information required a warrant, Mayer says.

Despite an uptick in the frequency of government hacking, Mayer found only four judicial opinions addressing the practice.

FBI officials have theorized that the Fourth Amendment doesn’t apply when investigators “algorithmically constrain the information that they retrieve from a hacked device, ensuring they receive only data that is—in isolation—constitutionally unprotected,” Mayer writes.

The better view, Mayer says, is that the Fourth Amendment imposes a warrant requirement on almost all law enforcement malware. Installing malware almost always constitutes a search, and the continuing operation of the malware constitutes an ongoing search, Mayer argues.

Mayer endorses a two-step test.

“A court must ask, first, whether a proposed investigative technique impinges on the physical or virtual integrity of an electronic device,” Mayer writes. “ If it does, the practice constitutes a Fourth Amendment search, and will ordinarily require a warrant.

“Next, the court must assess whether the government’s technique involves accessing data that has been disclosed to third parties, but nevertheless remains constitutionally protected. Under prevailing lower court doctrine, if the government enters a suspect’s cloud service account, that will constitute a search and usually necessitate a warrant. And, following guidance from both the Supreme Court and Congress, if investigators intercept real-time communications content they must ordinarily obtain a Wiretap Act superwarrant.”

Give us feedback, share a story tip or update, or report an error.