New technologies enable cybercriminals to upload and download child pornography, deal drugs and exchange illegal goods using virtual currency (such as bitcoin) without disclosing their location (imagine an encrypted Amazon for illegal drugs). Law enforcement agencies’ attempts to gather evidence over the internet and protect the public from new crimes often collide with the public’s rights, namely privacy. The legal frameworks assigned to strike this balance, such as the 4th amendment, are outdated and the judges applying them are reluctant to learn new tricks. This short piece will try to answer three main questions: 1) Do we need a warrant to remotely search computers? 2) Where do these warrants apply? 3) What kind of restrictions should these warrants contain?
There is an inverse relationship between technology and privacy. The more information stored on servers around the world, the less likely it is to be safeguarded from the eyes of the ones who want to steal it. As a reaction to this trend and in an attempt to safeguard privacy and combat hacking, technology is also utilized to encrypt information. Judge Morgan in U.S. v. Matish interpreted the above de facto relationship, which is a result of illegal hacking and abuse of information, as diminishing the reasonable objective expectancy of the public to privacy, thus obsoleting the need for search warrants in obtaining inter alia an IP address (pp. 46-50). This conclusion was rebutted by the EFFA in their amicus brief in U.S. v. Owen, and is evidently beyond what the DOJ is suggesting in their memos to the Advisory Committee on the Criminal Rules (Advisory Committee) (which explicitly gave examples of obtaining IP addresses as obvious situations that necessitate warrants). Frequent trespassing and burglaries do not negate the right or the public’s expectation to privacy in their home, nor should they allow the authorities to forfeit this right on the public’s behalf by not defending it. By using an encrypted system (e.g. Tor) in order to additionally safeguard information, the public merely underscores the expectation to privacy, as shutting the curtains in a house does as well. Thus, there should be no doubt that there is both a subjective and objective expectation of privacy in such situations and that a warrant is necessary in order to legally search and obtain any information deriving from any electronic storage media.
A magistrate court judge can issue a warrant to remotely access electronic storage media or information as stipulated in Rule 41 of the Federal Rules of Criminal Procedure. Effective Dec. 1, 2016, Rule 41(b) was changed to include the authority to issue a warrant “…within or outside that district”. As the Advisory Committee notes, rule 41(b) stipulates the possible venues available to ask for such warrant, the 4th amendment, and case law address the substantive requirements for its issuance. While heavy objections were made by several companies and organizations (Google, Penn. Bar Ass., NACDL and more) to this amendment, the objections targeted law enforcement’s substantive search methods rather than procedural as to the authority to issue them, thus irrelevant to rule 41 per se. Google’s only argument re the authority, was that authorizing the issuance of warrants outside of a specific district could bypass the need for a mutual legal assistance request (MLAT) to a foreign country. This argument disregards the Charming Betsey Canon case, as to proper interpretation of U.S. regulations and laws; holding that domestic law, to the extent possible, should not be interpreted to violate international law. A proper interpretation of the law including a domestic search warrant, cannot be assumed to grant international law enforcement powers to U.S. officials, when there are bilateral treaties and domestic laws in place that require a specific procedure, namely the issuance of an MLAT, for that purpose exactly. In addition, international and domestic law stipulate that foreign law enforcement officials cannot use power in another country’s territory without the consent of said country (UN CHARTER Art. 2(7)). This customary norm amplifies the normative inability, as well as the expected diplomatic outcry of such intervention by any foreign country in another’s sovereign territory. Thus, any attempt to describe and interpret this warrant as a viable international warrant, not only violates the law but also defies common sense, and as such should be considered completely obsolete.
Last but not least are the substantive requirements of the 4th Amendment and the relevant case law for issuing a warrant. The courts show great disparity in the interpretation of the requirements of particularity and probable cause, and in the understanding of the subject matter technology. There must be a common understanding of technology among judges that deal with these issues, lack thereof results in computers taking “virtual trips” in the world, as Judge Morgan described it (p. 39). That being said, the most disturbing is the intrusiveness of the software used by the government to hack computers (e.g. NITs). Low privacy expectancy, as was suggested in Matish, in conjunction with a software that can swiftly hack, search and extract information from any computer in the world, create a privacy black hole. Safety measures should be applied to avoid intrusiveness to innocent people’s computers and information; such measures should be comprehensive and applicable in all cases as part of the requirement of particularity. The DOJ asked the committee to trust its judgment, inner regulations and protocols to avoid such blind intrusiveness, but post 9/11 and Snowden, such leeway is not earned by the government, and should not be endowed in their hands (Weinstein et. Al, Privacy v. Public Safety). Especially if in their eyes, the collection of information about citizens does not breach their privacy, only the use of such information does.
 A motion to suppress evidence seized from Matish’s computer by the FBI via network investigation techniques (NIT) i.e. Trojan horse virus used to make a computer reveal and send wanted information to a third party – here the FBI, without the knowledge of the computer’s owner. In Matish, the NIT was used to obtain identifying information (such as IP addresses) from users who entered a child pornography website. The judge denied the motion.