The FBI’s ability to hack any website abroad without a warrant has never been established in court, until now!
WIRED magazine has posted an interesting and very important article regarding our privacy and our governments holding itself above the law:
Judge Rejects Defense That FBI Illegally Hacked Silk Road—On a Technicality
Lawyers for Ross Ulbricht have spent the last two months shifting the focus from their client, charged with creating the billion-dollar drug market the Silk Road, and putting it onto the potential illegality of the FBI’s investigation. Now the judge in that case has spoken, and it’s clear she intends to put Ulbricht on trial, not the FBI.
In a 38-page ruling Friday, Judge Katherine Forrest dismissed the defense’s motion to suppress evidence that hinged on the argument that law enforcement had violated Ulbricht’s Fourth Amendment right to privacy from unreasonable searches. Just last week, Ulbricht’s lawyers went so far as to contend that the FBI had illegally hacked a Silk Road server in Iceland without a warrant to determine its location.
But the Judge’s rejection of that argument comes down to what may be seen as a fateful technicality: she argues that even if the FBI did hack the Silk Road server, Ulbricht hadn’t sufficiently demonstrated that the server belonged to him, and thus can’t claim that his privacy rights were violated by its search. “Defendant has…brought what he must certainly understand is a fatally deficient motion to suppress [evidence],” the judge writes. “He has failed to take the one step he needed to take to allow the Court to consider his substantive claims regarding the investigation: he has failed to submit anything establishing that he has a personal privacy interest in the Icelandic server or any of the other items imaged and/or searched and/or seized.”
That argument may seem like a Catch-22. If Ulbricht were to claim ownership of that server he might have incriminated himself. But Forrest writes that Ulbricht could have nonetheless claimed the server in a pre-trial statement that couldn’t be used against him as evidence. “Defendant could have established such a personal privacy interest by submitting a sworn statement that could not be offered against him at trial as evidence of his guilt (though it could be used to impeach him should he take the witness stand),” she writes. “Yet he has chosen not to do so.”
Ulbricht’s defense lawyers didn’t immediately respond to a request for comment.
Forrest’s decision follows a lengthy pre-trial debate that came to center around the mysterious events that led the FBI to Ulbricht’s alleged Icelandic server. In early August, Ulbricht’s defense lawyers filed amotion to suppress all the evidence in Ulbricht’s case that they argued had resulted from the potentially illegal search of the computer Ulbricht allegedly rented in a Reykjavik data center to host the Silk Road. If successful, the move would have likely made Ulbricht nearly impossible to convict on the central charges of narcotics and money-laundering conspiracy that he faces.
The prosecution, however, responded with an affidavit from the FBIthat described how it found the Silk Road server. According to the bureau, an agent simply entered “miscellaneous characters” into its login screen until a misconfiguration in the anonymity software Tor leaked the site’s IP address.
The security community and an expert witness for Ulbricht’s defense quickly began to find major inconsistencies in that story. They argued instead that the FBI’s account sounded like a thinly-veiled intrusion using common hacker techniques. The defense called for a hearing to cross examine the FBI.
But the prosecution’s final response to that argument barely addressed its hacking accusations. Instead, the Justice Department lawyers told the judge that it didn’t matter whether the Silk Road was hacked. Even if FBI agents had remotely broken into the Silk Road without a warrant, that would be perfectly legal, according to the government filing. They pointed to the foreign location of the server and its ownership by a third party web hosting.
Several of those arguments had serious weaknesses, Stanford Law professor Jennifer Granick told WIRED Monday. The FBI’s ability to hack any website abroad without a warrant has never been established in court. Because the Silk Road ran on the Tor anonymity software, the FBI couldn’t have even known who hosted the server or where before it performed its intrusive search.
In its final jab at the prosecution, the defense had argued that the Department of Justice was trying to excuse a kind of warrantless hacking that would be considered illegal in any other context. “The government posits two standards of behavior: one for private citizens, who must adhere to a strict standard of conduct construed by the government,” read a final filing Tuesday. “The other for the government, which, with its elastic ability to effect electronic intrusion, can deliberately, cavalierly, and unrepentantly transgress those same standards.”
But in Friday’s ruling, that entire discussion has been declared moot. Because Ulbricht hasn’t sufficiently claimed that the computer belonged to him, Judge Forrest writes that any arguments over the FBI’s pinpointing of that server—whether through hacking or more accepted search techniques—can’t be seen as a privacy violation. “In short, despite defendant’s assertions and the potential issues he and his counsel raise regarding the investigation that led to the Icelandic server,” she writes, “he has not provided the Court with the minimal legal basis necessary to pursue these assertions.”
Forrest’s ruling comes as a blow not only to Ulbricht, but also to others in the privacy community for whom the defense’s motions could have set important precedents. After all, the prosecution in the case had argued that the FBI can—more or less—legally hack any website in the world without a warrant.