Appeals Court Clarifies: Government Spyware Not Protected in Ruling
Appeals Court Clarifies: Government Spyware Not Protected in Ruling:
Orin Kerr at the Volokh Conspiracy has been looking at whether the FBI can legally install its CIPAV spyware on your computer without a search warrant or wiretap order under a recent U.S. 9th Circuit Court of Appeals decision. Today the 9th Circuit clarified: no, it can't.
The original July 6th opinion in U.S. v. Forrester upheld the DEA's limited monitoring of a suspect's internet use under the low 'pen register' standard, which requires only that a law enforcement agency certify that the surveillance will be 'relevant' to an investigation -- no probable cause or judicial fact finding needed.
Key to the ruling was that the DEA recorded only the IP addresses of the websites the surveillance target visited, and the e-mail addresses he corresponded with, and not the content of the communication.
But the ruling didn't say how the agency performed that monitoring. Kerr wondered whether the DEA used the FBI's CIPAV tool, or something similar, and whether the 9th Circuit thus made government spyware' legal under the low standard.
Apparently not. The court (which either reads Wired, or reads Volokh) just amended (.pdf) its decision to clarify that the DEA surveillance was conducted the old fashioned way -- with the help of the target's ISP, and not with spyware.
Kerr says that's good to know:
I tend to think a warrant is probably needed to install spyware without the ISP's involvement even if non-content information was disclosed (note that a warrant was obtained in the case covered by Wired). It's not an open and shut case, but I think a warrant is probably needed.
Of course, Kerr and the 9th Circuit notwithstanding, it's still unanswered whether the FBI believes it is legal to use the CIPAV under the low pen register standard. From the FBI's affidavit, the CIPAV has two distinct functions:
- It performs a one-time search of the target computer's memory and harddrive and transmits certain information (process list, registry info, etc.) to the FBI
- It goes into 'pen register' mode for 60 days, tracking the IP addresses the computer connects with and transmitting that to FBI
In the high school bomb hoax' case, the CIPAV was configured to do both, and the FBI properly obtained a search warrant. The question is: has the FBI in other cases been using the CIPAV as a pure internet pen register with the first capability turned off, under the theory that it then doesn't need a search warrant?
The FBI hasn't answered questions about the legal framework supporting the CIPAV. But given that one federal appeals court just went out of its way to cut spyware out of a protective ruling, sooner or later it may have to.
(Read Original Article - Via Threat Level.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- In Bid to Sway Sales, Cameras Track Shoppers
- Unprecedented 25-Year Sentence Sought for TJX Hacker
- EFF Appeals Dismissal of Warrantless Wiretapping Case
- Viacom Makes Its Case Against Yesterday's YouTube
- Obama supports Senators draft plan to rework U.S. immigration policy - Includes National Biometric ID card for all.
- Domain Names Can't Defend Themselves
- Hacker Disables More Than 100 Cars Remotely
- Judges Approves $9.5 Million Facebook ‘Beacon’ Accord
- Hooking Up The Big Brother Machine... And Fighting It
- Court: State Can Dump Non-Sex Offenders Into Registry
