Here's some not-so-surprising news for you: federal prosecutors apparently think it's perfectly fine to hack into American citizens' computers without first obtaining a warrant. After all, that's how they caught Silk Road kingpin Ross Ulbricht.
Ulbricht's trial is only a month away, and the nitty-gritty of exactly how he got brought down are emerging. Both sides are clashing over one specific detail regarding how the FBI located the hidden Silk Road server. Put simply, they hacked the site's login page with a (potentially illegal) brute force attack. Or the NSA did it for them—that part's a little bit unclear. Neither of the government agencies had a warrant, of course.
The defense says that this sort of intrusion represents a clear violation of the Fourth Amendment. Just imagine if the FBI had broken into and searched Ulbricht's house instead of his server. Cops aren't allowed to do that! At least they shouldn't be if the same laws that apply to the physical world applied to cyber space. And this isn't the first time a judge has thrown the Constitution out the window over hacking.
Unfortunately for freedom, it doesn't necessarily work like that. As pretty much anything involving hacking and the law tends to be, there exists a certain gray area that law enforcement tends to use its advantage in cases like this. The prosecutors in Ulbricht's case say that the Fourth Amendment doesn't apply to this situation for a few reasons:
- The secret Silk Road server was located in Iceland, so it's not protected by the Constitution.
- Their method of gaining access to the server was more akin to exploring than illegal hacking.
- Ulbricht hasn't even claimed ownership over the server, probably because it would incriminate him further.
Fortunately for freedom, some very smart lawyers have weighed in on the case to remind the world of how the Constitution really works. "This is not an obvious or open-shut argument at all," Jennifer Granick, director of civil liberties at Stanford Law School's Center for Internet and Society, told Wired about the first part of the Feds' argument. "If the target is a US person and it's a US agent looking for information, the Fourth Amendment still applies."
As for the second part about the type of hacking, Ulbricht's attorneys argue that the FBI's methods for gaining access to the Silk Road server are no different than those used by Andrew "Weev" Auernheimer to collect over 100,000 iPad users emails from an AT&T server. And what he did was certainly illegal, since he was sentenced to three-and-a-half years in prison for it. (Weev's conviction was later thrown out due to a technicality related to court filings.) So if the court's willing to convict citizens for a crime, they certainly shouldn't allow law enforcement to do it, right?
Finally, there's the issue of ownership. It shouldn't matter, says Granick. "He doesn't have to own the server," she says. "Even if he's just communicating on that server, he already has a reasonable expectation of privacy." Any user does.
This case could be a big deal. Once Ulbricht's defense decides how to respond to the prosecutions latest filing—they have until tomorrow—it'll be up to Judge Katherine Forrest to decide how to proceed. Since the Fourth Amendment issue is potentially the lynchpin in the defense's case, you can probably count of them fighting the federal prosecutors over the matter. And since this is a constitutional issue, there's a chance the case could bubble up in the courts and set a precedent for future hacking-related crimes and investigations.
That's good news, potentially. As Aaron Swartz's case taught us all, hacking laws in the United States are painfully out-of-date. And if it takes would-be cyber drug lord standing up for his constitutional rights to set us on the path for progress, then so be it. [Wired]
Image by Michael Hession