If you mean a pane of glass, you are correct. From the street, someone can look through your window. I don't feel this ruling is akin to looking through a window however. It is like walking though an unlocked door (or possibly wide open door). Any sane person would call that trespassing.
I think you would be giving the Court too much credit for putting that much thought into their decision. And I think even more important we know how good the FBI is at "cyber" that there would be no issues in attribution of traffic to an IP address. So this is really blanket permission for the FBI or any .gov to hack anything internet attached.
Oh, I don't think it's too much credit to consider the court thinking about those things. They might do it by analogy and get it all dreadfully wrong, but they often get down to the nitty gritty implementation details.
As far as I remember the CCC wrote an expertise in the ruling and mentioned computerized implants. That was the point were the judges understood that there should be an expectation of privacy on home computers.
Non-American here: glad to hear they can. Will they, in cases like this, do that by themselves? Or should someone (EFF) appeal this ruling? Or can only the suspect/criminal in this specific case appeal?
The defendant must appeal, but someone (the EFF) often supports the defendant through either friend-of-the-court briefs [1] or directly supplying free legal services.
I remember a case where police placed or retrieved something from a car in the driveway without a warrant. The reasoning was that your driveway is not private property.
It is very concerning indeed, but will hopefully not be a precedent. At least if common sense and a basic level of constitutional competence prevails.
Rule 41 is a huge concern---as mentioned in the EFF posts---and risks decisions like this becoming commonplace. As the EFF mentions, it also encourages forum shopping: finding a court lax on fourth amendment issues, in this case.
Sure, this is more and more the case families have one desktop PC to do important stuff, like bank transfers and backups on family photos and videos. Then we have personal computers: smartphones and tablets and some laptops.
If you can not expect privacy on your Home Computer, you can not expect privacy in your home. End of story.
That distinction has been around since the 8-bit era in the '70s and '80s.
A "Home Computer" was a computer intended for use in the home, while a "Personal Computer" was a computer intended for use by a single person.
Home Computers were also Personal Computers, but the reverse wasn't true: many Personal Computers were intended for business use. If everyone at a company had a computer in their cubicle, those computers were Personal Computers, but not Home Computers.
This distinction used to be important because Home Computers and business PCs were separate markets, and the machines were as different as you could imagine. They were made by different companies, used different CPU and bus architectures, and ran different operating systems. For example, in the 8-bit era, business PCs all used Zilog Z80 CPUs on the S-100 bus, were made by a legion of white-box manufacturers, and all ran the CP/M operating system, while Home Computers were made by names such as Commodore, Atari, Tandy, and Apple, typically had MOS 6502 processors (except Tandy, who used the Z80 but not on the S-100 bus), and ran barebones operating systems developed in house, which were little more than BASIC REPLs with some disk I/O features added.
Nowadays almost nobody bothers making the distinction. Yeah, sure, the big companies have separate "home" and "business" product lines, but they're all going to be x86 machines running Windows, and you can get both from the same company (see: Dell's Inspiron and OptiPlex lines), so people don't really make a distinction anymore, and seeing someone use a phrase like "Home Computer" in the 21st century feels like an anachronism.
Not too late into the 80's "PC" seemed to be bound to DOS/Windows and not just any personal computer. Apple seemed to embrace this by referring to competitors as "PCs".
Well, what I forgot to mention (but kinda hinted at) was that "Personal Computer" quickly became used to just mean business PCs and not Home Computers (even though it technically applies to both).
When the IBM PC came out, it and the legion of clones took over the business PC market and replaced the S-100 CP/M market almost overnight. So when "PC" is just used to refer to business PCs and the IBM-compatible DOS/x86 platform completely and thoroughly dominates the business PC market... than naturally the term "PC" will come to be synonymous with that platform.
Judicial elections are ... tricky, but reasonably common. Without public financing for the elections and stronger campaign finance laws, it's really hard to avoid the problem of buying the courts.
> Judicial elections are ... tricky, but reasonably common.
It's state judges (in some states) who are elected. This was a federal district judge; they're appointed for life by the president with the advice and consent of the Senate.
This was a federal district judge, who under the U.S. Constitution (Article III) has life tenure and can't be fired; he can be removed from office only if impeached by the House of Representatives and convicted by the Senate after a trial.
The chief judge of the district could cut this judge's case load to zero [0]. In this case, though, (A) that's very unlikely to happen, and (B) the judge would still stay on full salary.
[0] EDIT: This sort of happened, for example, to (now-former) federal district judge Sam Kent in Galveston after he was accused of "inappropriate touching" of female court employees. See http://www.chron.com/news/houston-texas/article/Criminal-cas... Kent later pled guilty to a felony charge of making false statements to investigators; he tried to retire from the bench so as to keep his pension, but that pissed off the House judiciary committee, which pushed through articles of impeachment, which caused Kent to resign. He served not quite three years in prison. See http://bigbendnow.com/2011/08/disgraced-former-judge-complet... and https://en.wikipedia.org/wiki/Samuel_B._Kent
>This was a federal district judge, who under the U.S. Constitution (Article III) has life tenure and can't be fired; he can be removed from office only if impeached by the House of Representatives and convicted by the Senate after a trial.
Ben Franklin had some thoughts on this as documented here:
So I can take photos in public because there's no expectation of privacy. Does this mean I can hack into whatever computer I want now for the same reason? Or does a lack of privacy not necessarily mean it's legal to do such things?
The ruling is about whether one has a 4th amendment right to privacy with regard to criminal investigations. You'd still be violating, at a minimum, the CFAA if you broke into someone else's private computer. There are exemptions in the CFAA for exactly this kind of investigatory activity.
But the ruling won't hold, because it is dumb and bad.
Also, does this not mean that cases like Andrew Auernheimer, where he simply used an API to access data that was not protected at all will be found not guilty in the future?
So when the government keeps zero-days to itself with plans to exploit them, instead of helping to strengthen security as they should, after this ruling they now have an additional conflict of interest: they have an incentive to keep this line of judicial interpretation viable by keeping security weak.
I'm much less skeptical than the median HN poster about government's use of new technology in its traditional roles of criminal justice and national security, but if this article is a fair summary of the case, I can't see how the ruling makes any Constitutional sense.
Because burglars regularly break into people's homes or cars doesn't make them subject to warrant-free search. If the FBI wants to run code on my CPU in my private home without my permission, they should have a warrant, just as they'd need one to manipulate other objects in my home without my consent.
>> ...but if this article is a fair summary of the case...
Thanks for that. A good reminder that we need to think that every time we read anything like this. Just asking a simple question, "Did they get this right?" and even taking a minute to read through to the actual primary source.
"For example, hacking is much more prevalent now than it was even nine years ago, and
the rise of computer hacking viathe Internet has changed the public's reasonable expectations of
privacy. Cf Lee Raine, How Americans balance privacy concerns with sharing personal
information: 5 key findings, PewResearchCenter (January 14, 2016),
http://www.pewresearch.org/fact-tank/2016/01/14/key-findings...
(reporting that members of a focus group "worried about hackers," though "some accept that
[privacy tradeoffs are] a part of modern life"). Now, it seems unreasonable to think that a
computer connected to the Web is immune from invasion. Indeed, the opposite holds true: in
today's digital world, it appears to be a virtual certainty that computers accessing the Internet can
- and eventually will - be hacked."
"Thus, hacking resembles the broken blinds in Carter. 525 U.S. at 85. Just as Justice
Breyer wrote in concurrence that a police officer who peers through broken blinds does not
violate anyone's Fourth Amendment rights, jd. at 103 (Breyer, J., concurring), FBI agents who
exploit a vulnerability in an online network do not violate the Fourth Amendment. Just as the
area into which the officer in Carter peered - an apartment - usually is afforded Fourth Amendment protection, a computer afforded Fourth Amendment protection in other
circumstances is not protected from Government actors who take advantage of an easily broken
system to peer into a user's computer. People who traverse the Internet ordinarily understand the
risk associated with doing so. Thus, the deployment of the NIT to capture identifying
information found on Defendant's computer does not represent a search under the Fourth
Amendment, and no warrant was needed."
The judge conveniently disregards the difference between passive observation and active intrusion. Breaking into someone's computer is no different than if the officer had broken the blinds themself, which clearly would not meet the test described by Justice Breyer.
Even as a programmer I would much rather have to get through "… houses with WALLS …" than through reasonably strong encryption, the task might require strength, but is quite straightforward.
I think you can be charged with public indecency if you stand in front of your window naked. So there is some sort of gray area when talking about the privacy of your home.
In California, police can peer into car windows without a warrant. That's one reason police always seem to be carrying a mag-light when they pull someone over. (The other being that mag-lights are heavy and useful as clubs.)
Oh yeah. Another piece of advice I've often heard is that, if police come to your door asking questions, it's prudent to step outside to speak with them, rather than speaking with them through an open door. If they see something suspicious through your opened door, they can reasonably claim probable cause and force entry.
This may be all BS. But it's advice I've heard more than once.
If police are doing a "knock and talk", they don't have a warrant. Barry Cooper had the best script for that:
If police are knocking, lock your door and say through a window: "I don't talk to police; have your dispatcher call me. If you have a warrant, here are my hands, go ahead and kick the door down". Then cover your ears, close your eyes, and wait.
The problem with those kind of scripts is that while they correctly account for not accidentally exposing yourself to the Police (without a lawyer present etc), they fail to account for the consequences of getting in the police's nerves and looking like a suspect in their eyes (which can get down to them downright making stuff up or planting stuff on you).
if police are targeting you, they're likely to make stuff up or plant evidence anyway.
If you feel you can't handle your affairs, make sure to lawyer up as soon as the police leave your house. You'll need to. let the lawyer know what you did, so he can take appropriate action.
Just remember that a lawyer, should (s)he put your needs above the needs of The People or The Court, (s)he would be disbarred. So don't expect magic to happen.
> Genuinely curious, do you need a warrant to look through a window.
Home windows? If it is visible from a place where a normal person going about their normal activities can see, then no warrant.
For example, if someone walks up your walk to your stoop and there are windows that can been seen through from there, then no warrant. If they have to step off your walkway, walk around the side of your house, scramble through your bushes and pull themselves up to peer through, then a warrant would be required.
Hmm. I don't agree with the ruling either. But I don't think this analogy does the original argument justice.
The point of mentioning "accessing the internet" is it's a lot easier for the hacker to scale up their wrongdoing with ease. It's much simpler to put a virus of some sort (say, a fake download button on a media sharing site) and reach a large audience, than it is to break into the homes of a similarly large group of people.
Where I primarily disagree with the judgment is that this notion makes it a "virtual certainty" that hacking occurs for any given person. Smart browsing habits, and general computer literacy, can make the odds decrease to near zero.
Not only that, most places(?) have fire codes that mandates that all houses are easy(ish) to break-in to. Maybe not easy to sneak into, but certainly easy to break-in to. Because the fire department and emergency services need a way in.
I suppose the analogy would be that just because Microsoft has the power to remotely upgrade your windows 10 install (and potentially install any back-door), that should not violate your expectation of privacy.
I feel bad for the judge. He's bending over backward to rationalize the end justifying the means... and he's dead wrong.
His argument is essentially that if your house is connected to a road, then there is no expectation of privacy.
I expect the ruling, or at least that absurd part of it, will be overturned or superseded. But the counter argument (for future cases) would be that running through a physical firewall is not a direct connection to the internet (silly as it is to make the argument).
Did you read the ruling? Do you have any specific critiques, and do you think the multiple precedents cited are applied incorrectly?
Edit: I've gone through most of the relevant sections. Most of the ruling is reasonable, the section this article and the EFF are complaining about is less supported by precedent.
The actual legal argument says that hacking is common enough that people don't have a reasonable expectation of privacy, then there's this paragraph:
>Although this Court recently noted in dicta that the possibility of hacking "is not enough to defeat an individual's reasonable expectation of privacy" because it is illegal, see United States v. Darby, No. 2:16-cr-36, ECF No. 31 at 10-11 (E.D. Va. June 3, 2016), this Court stresses that child pornography often resembles an international crime. Similarly, much hacking occurs by foreign nations where the governments condone or participate in hacking. Child pornography is not just a national issue; it is an international issue, and at least a portion of the pornography in this case arrived from foreign sources through the World Wide Web
This seems to be the weakest part. It's saying that hacking can't be the basis for a lack of expectation of privacy, but that since some countries allow hacking, it's legal there, and if you're accessing stuff from other countries you no longer have the expectation of privacy.
Any web page can include content from any country. Country TLDs don’t correspond in any way to where the content is hosted, and for most people even using DNS-resolved URLs is advanced. However, mostly thanks to IPv4 exhaustion, not even IP blocks correspond to geographical location anymore[1].
And all of this doesn’t matter anyway, because of how packet routing works. No one accessing the Internet can be reasonably expected to have any control over how their packets are routed on the network. You only control the next hop[2].
So I would agree to the extent that there can be no expectation of privacy for any unencrypted traffic. However, that’s just one type of hacking – snooping.
As for actual hacking – that is someone breaking into your system – this system has to be running on something, some sort of device. This device has to be physically located somewhere.
If an Elbonian comes to US and breaks into your house is it okay because in their country there are no lock on the doors, just a lot of mud, so breaking is not a crime? This is the logic here, as I see it.
What it ultimately comes down to is the US government wants to have it both ways. They want to be able to extradite people that hack into devices located in the US, but they want you to have no expectation of privacy when they are the ones doing the hacking.
>If an Elbonian comes to US and breaks to your house is it okay because in their country there are no lock on the doors, just a lot of mud, so breaking is not a crime? This is the logic here, as I see it.
If they came to the US they would be subject to US jurisdiction. Hackers from other countries aren't, at least not always.
Edit: I mean prosecution. Jurisdiction applies whenever there are effects in the US, see link below.
This is my point though. The US government claims they have jurisdiction when it suits them. Guccifer is still in the news and fresh on everyone’s mind.
Personally it never made sense to me how one can be subject to some random foreign country’s law by just using the Internet. But if that’s the doctrine it should at least be applied consistently.
I spoke incorrectly above. They always have jurisdiction if there was damage in the US. The point is that they can't get access to the person if they don't have an extradition treaty with the country they're in, but that's not jurisdiction, my mistake.
The heinousness of the crime does not justify giving up or overriding Constitutional freedoms. Never. Not ever.
And if anyone is in place to protect us from that level of overreach, it's a judge. I cannot believe he's pulling a "won't someone think of the children!" in justifying (and creating some janky circular logic) this ruling.
The scariest precedent here is the level of crime dictating the flexibility of constitutionality.
I think you're misreading it. He's not saying that the heinousness of the crime justifies it, he's saying that by accessing child porn from another country, the defendant opened himself to hacking risk and as such has no reasonable expectation of privacy.
An unlocked car (which is the closest legal analogy, I think) is a bad fit here. If we're really going to search for analogues let's pick one that really matches what's going on in digital communication: physical communication.
Whoever, without authority, opens, or destroys any mail
or package of newspapers not directed to him, shall be
fined under this title or imprisoned not more than one
year, or both. -- Title 18 § 1703(b)
What if the "computer" on the internet is my pacemaker, and it uploads a data stream to servers in, say, Dublin. Does that mean I should not have a reasonable expectation in the U.S. for privacy of that data? That kind of rationale is bad in principle and bad law.
If you're uploading information to a third party, you no longer have privacy rights under the third party doctrine. That's very well established precedent.
As I said in another comment here, the issue is when it goes beyond such information like IP addresses and goes to actually hacking, which involves running code on the victim's computer.
("No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.")
Not comedy. One reason for "quartering soldiers" was to obtain evidence and to intimidate within a private space. I've long held any form of broadly imposed in-privacy monitoring (including compulsory back door keys) is a 3rd Amendment violation, especially if the individual is practically paying for it.
Wikipedia and news articles should give you the details.
I'd say lack of access to law (as well as its unbearable complexity) is an issue of due process and the fundamental rule of law.
But you can't look to the Constitution to dictate everything - its drafters could not anticipate all future developments, and if the government is that citizen-hostile a piece of paper won't stop it. That which the Constitution does specify should be considered more as "behavioral tests", and currently the majority of our test report is failure.
The counter-point presumably being that law enforcement are not soldiers? Maybe the 3rd amendment has been interpreted as applicable to all government agents.
"But whether the Constitution really be one thing, or another, this much
is certain - that it has either authorized such a government as we have
had, or has been powerless to prevent it. In either case it is unfit to exist.”
-- Lysander Spooner, No Treason
Also flawed logic. Our options are not simply Constitution or No Constitution. There are a near-infinite number of unique constitutions we could have adopted, rather than the one we've got.
Spooner was criticizing the actual form of our current Constitution. GP was making an appeal to the Constitution and the judicial system's ignoring of it. I agree with Spooner that a Constitution such as ours is completely powerless to prevent individual judges from rewriting every time it fits their fancy.
We've basically had an ongoing Constitutional Convention in the federal courts since the founding -- without the consent of the people.
That's an unanswerable question, since we cannot compare a control Earth where the U.S. Constitution was adopted in 1783 and an experimental Earth where it was never ratified.
It is axiomatic that the present we now know inevitably followed from the history that preceded it. When you look at the U.S. federal government that now exists, it must have assumed its current form either by design of the Constitution, or contrary to that design. In case of the latter, the Constitution was entirely unable to prevent the government that it established from evolving into a form contrary to its design. Maybe the process was slowed somewhat. We cannot know for certain.
Therefore, if you dislike the current form of US federal government, it is nonsensical to idolize the Constitution, or any other causally-related fact of history. History gave us the present. If you do not like the present, and wish the future to be different, do not repeat the mistakes of the past. Whether history could have given us another present is irrelevant, because it did not.
In the end, whenever a living human fights with a document, the human will emerge victorious, and the document will become confetti. The Constitution is nothing without a living human to be its champion.
What about businesses? Should they expect all their computers to be public and if so, doesn't that have serious ramifications for data protection and the prosecution of hackers?
I was thinking the same thing. Also, using this ruling to target business documents would likely be the fastest way to get it overturned. Even if they somehow rule that businesses are different than homes, most executives take all their documents home regularly.
Also Federal courts have computer systems which means all legal documents are now available for access. Unless this Judge thinks it only applies to defendants.
So, I'm assuming as long as I'm only spying on his computer or his accountants or his attorneys and not editing his security settings that it's not illegal because it public information.
That makes no sense. Why aren't the FBI in violation of CFAA, then?
Expectation of privacy defines the bounds of a search. Police searches are not permitted to conduct otherwise illegal activity Just because they are searching.
>(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
So something can't be illegal for the police to do for the sole reason that it violates the CFAA. If it violates something else, I suppose CFAA charges can be added on, though.
It might work since one has no expectation of privacy in public and taking picture of him is perfectly legal, making a copy of the document (taking picture) on the machine with no expectation of privacy would be perfectly legally too.
Probably not though. The CFAA still says it's illegal to do anything on a computer that you're not authorized to use. It has nothing to do with expectation of privacy.
The division between state-sanctioned invasion of individual privacy (in this case) and draconian sanctions on trivial "penetration" actions (like changing the UUID in a URL) for corporate entities using the CFAA is really contradictory.
We need to turn it around: draconian punishments for "law enforcement" members who violate the constitution, and protections for individuals who tinker, probe, or explore without malicious actions/intent.
WTF? ok from the title of the article it looks to me that now i'm legitimate to spy/access other people's computers.... but reading the body of the article maybe the gudge only said that you cannot expect that your _location_ is keep secret.... which one is correct? what he actually ruled?
353 comments
[ 3.3 ms ] story [ 299 ms ] threadBasically the FBI puts cameras on utility poles to look into suspects yards. Because a human could also climb a pole, it doesn't need a warrant.
http://www.usatoday.com/story/news/2015/01/19/police-radar-s...
IPv4 LANs vs IPv6 LANs.
rough translation: "The right to confidentiality and integrity on IT systems"
google translate link: https://translate.google.com/translate?hl=de&sl=de&tl=en&u=h...
As far as I remember the CCC wrote an expertise in the ruling and mentioned computerized implants. That was the point were the judges understood that there should be an expectation of privacy on home computers.
[1] https://en.wikipedia.org/wiki/Amicus_curiae
http://arstechnica.com/tech-policy/2014/12/cops-illegally-na...
But as far as the GPS tracking, that was declared to be a 4th amendment violation as well.
https://en.wikipedia.org/wiki/United_States_v._Jones_(2012)
Reading the decisions actually shows Scalia's rare awesome side.
https://www.eff.org/deeplinks/2016/06/making-sense-troubling...
https://www.eff.org/deeplinks/2016/06/federal-court-fourth-a...
It is very concerning indeed, but will hopefully not be a precedent. At least if common sense and a basic level of constitutional competence prevails.
Rule 41 is a huge concern---as mentioned in the EFF posts---and risks decisions like this becoming commonplace. As the EFF mentions, it also encourages forum shopping: finding a court lax on fourth amendment issues, in this case.
If you can not expect privacy on your Home Computer, you can not expect privacy in your home. End of story.
A "Home Computer" was a computer intended for use in the home, while a "Personal Computer" was a computer intended for use by a single person.
Home Computers were also Personal Computers, but the reverse wasn't true: many Personal Computers were intended for business use. If everyone at a company had a computer in their cubicle, those computers were Personal Computers, but not Home Computers.
This distinction used to be important because Home Computers and business PCs were separate markets, and the machines were as different as you could imagine. They were made by different companies, used different CPU and bus architectures, and ran different operating systems. For example, in the 8-bit era, business PCs all used Zilog Z80 CPUs on the S-100 bus, were made by a legion of white-box manufacturers, and all ran the CP/M operating system, while Home Computers were made by names such as Commodore, Atari, Tandy, and Apple, typically had MOS 6502 processors (except Tandy, who used the Z80 but not on the S-100 bus), and ran barebones operating systems developed in house, which were little more than BASIC REPLs with some disk I/O features added.
Nowadays almost nobody bothers making the distinction. Yeah, sure, the big companies have separate "home" and "business" product lines, but they're all going to be x86 machines running Windows, and you can get both from the same company (see: Dell's Inspiron and OptiPlex lines), so people don't really make a distinction anymore, and seeing someone use a phrase like "Home Computer" in the 21st century feels like an anachronism.
When the IBM PC came out, it and the legion of clones took over the business PC market and replaced the S-100 CP/M market almost overnight. So when "PC" is just used to refer to business PCs and the IBM-compatible DOS/x86 platform completely and thoroughly dominates the business PC market... than naturally the term "PC" will come to be synonymous with that platform.
Obviously, this will be struck down..
But it does raise the question what do we do when a judge refuses to understand basic law concepts? Can we than fire the judge?
https://en.wikipedia.org/wiki/Retention_election#U.S._states...
It's state judges (in some states) who are elected. This was a federal district judge; they're appointed for life by the president with the advice and consent of the Senate.
This was a federal district judge, who under the U.S. Constitution (Article III) has life tenure and can't be fired; he can be removed from office only if impeached by the House of Representatives and convicted by the Senate after a trial.
The chief judge of the district could cut this judge's case load to zero [0]. In this case, though, (A) that's very unlikely to happen, and (B) the judge would still stay on full salary.
[0] EDIT: This sort of happened, for example, to (now-former) federal district judge Sam Kent in Galveston after he was accused of "inappropriate touching" of female court employees. See http://www.chron.com/news/houston-texas/article/Criminal-cas... Kent later pled guilty to a felony charge of making false statements to investigators; he tried to retire from the bench so as to keep his pension, but that pissed off the House judiciary committee, which pushed through articles of impeachment, which caused Kent to resign. He served not quite three years in prison. See http://bigbendnow.com/2011/08/disgraced-former-judge-complet... and https://en.wikipedia.org/wiki/Samuel_B._Kent
Instead of firing him, I think he should be teached. This judgement should be used as example of bad judgment.
Did you mean taught (something) or impeached?
http://www.investopedia.com/terms/p/pensionplan.asp
Ben Franklin had some thoughts on this as documented here:
http://scholarship.law.cornell.edu/facpub/164/
But the ruling won't hold, because it is dumb and bad.
Because burglars regularly break into people's homes or cars doesn't make them subject to warrant-free search. If the FBI wants to run code on my CPU in my private home without my permission, they should have a warrant, just as they'd need one to manipulate other objects in my home without my consent.
Thanks for that. A good reminder that we need to think that every time we read anything like this. Just asking a simple question, "Did they get this right?" and even taking a minute to read through to the actual primary source.
"Thus, hacking resembles the broken blinds in Carter. 525 U.S. at 85. Just as Justice Breyer wrote in concurrence that a police officer who peers through broken blinds does not violate anyone's Fourth Amendment rights, jd. at 103 (Breyer, J., concurring), FBI agents who exploit a vulnerability in an online network do not violate the Fourth Amendment. Just as the area into which the officer in Carter peered - an apartment - usually is afforded Fourth Amendment protection, a computer afforded Fourth Amendment protection in other circumstances is not protected from Government actors who take advantage of an easily broken system to peer into a user's computer. People who traverse the Internet ordinarily understand the risk associated with doing so. Thus, the deployment of the NIT to capture identifying information found on Defendant's computer does not represent a search under the Fourth Amendment, and no warrant was needed."
The section of interest starts on page 47 of the linked Opinion and Order. http://mobile.eweek.com/security/home-computers-connected-to...
"In today's digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked."
To apply to houses:
"In today's mechanized world, it appears to be a virtual certainty that houses connected to the earth can—and eventually will—be broken into."
Thus, warrants need not apply for search and seizure in houses. QED.
Or rather "... houses with doors can —and eventually will—be broken into."
And of course, do not speak at home (or do not expect any privacy).
I guess the answer is "sometimes, it's complicated"...
This may be all BS. But it's advice I've heard more than once.
If police are knocking, lock your door and say through a window: "I don't talk to police; have your dispatcher call me. If you have a warrant, here are my hands, go ahead and kick the door down". Then cover your ears, close your eyes, and wait.
If you feel you can't handle your affairs, make sure to lawyer up as soon as the police leave your house. You'll need to. let the lawyer know what you did, so he can take appropriate action.
Just remember that a lawyer, should (s)he put your needs above the needs of The People or The Court, (s)he would be disbarred. So don't expect magic to happen.
Home windows? If it is visible from a place where a normal person going about their normal activities can see, then no warrant.
For example, if someone walks up your walk to your stoop and there are windows that can been seen through from there, then no warrant. If they have to step off your walkway, walk around the side of your house, scramble through your bushes and pull themselves up to peer through, then a warrant would be required.
[1] http://what-if.xkcd.com/149/
http://hermicity.org
The point of mentioning "accessing the internet" is it's a lot easier for the hacker to scale up their wrongdoing with ease. It's much simpler to put a virus of some sort (say, a fake download button on a media sharing site) and reach a large audience, than it is to break into the homes of a similarly large group of people.
Where I primarily disagree with the judgment is that this notion makes it a "virtual certainty" that hacking occurs for any given person. Smart browsing habits, and general computer literacy, can make the odds decrease to near zero.
I suppose the analogy would be that just because Microsoft has the power to remotely upgrade your windows 10 install (and potentially install any back-door), that should not violate your expectation of privacy.
His argument is essentially that if your house is connected to a road, then there is no expectation of privacy.
I expect the ruling, or at least that absurd part of it, will be overturned or superseded. But the counter argument (for future cases) would be that running through a physical firewall is not a direct connection to the internet (silly as it is to make the argument).
Edit: I've gone through most of the relevant sections. Most of the ruling is reasonable, the section this article and the EFF are complaining about is less supported by precedent.
The actual legal argument says that hacking is common enough that people don't have a reasonable expectation of privacy, then there's this paragraph:
>Although this Court recently noted in dicta that the possibility of hacking "is not enough to defeat an individual's reasonable expectation of privacy" because it is illegal, see United States v. Darby, No. 2:16-cr-36, ECF No. 31 at 10-11 (E.D. Va. June 3, 2016), this Court stresses that child pornography often resembles an international crime. Similarly, much hacking occurs by foreign nations where the governments condone or participate in hacking. Child pornography is not just a national issue; it is an international issue, and at least a portion of the pornography in this case arrived from foreign sources through the World Wide Web
This seems to be the weakest part. It's saying that hacking can't be the basis for a lack of expectation of privacy, but that since some countries allow hacking, it's legal there, and if you're accessing stuff from other countries you no longer have the expectation of privacy.
And all of this doesn’t matter anyway, because of how packet routing works. No one accessing the Internet can be reasonably expected to have any control over how their packets are routed on the network. You only control the next hop[2].
See for example: http://allthingsd.com/20131120/how-somebody-forced-the-world...
So I would agree to the extent that there can be no expectation of privacy for any unencrypted traffic. However, that’s just one type of hacking – snooping.
As for actual hacking – that is someone breaking into your system – this system has to be running on something, some sort of device. This device has to be physically located somewhere.
If an Elbonian comes to US and breaks into your house is it okay because in their country there are no lock on the doors, just a lot of mud, so breaking is not a crime? This is the logic here, as I see it.
What it ultimately comes down to is the US government wants to have it both ways. They want to be able to extradite people that hack into devices located in the US, but they want you to have no expectation of privacy when they are the ones doing the hacking.
[1] https://en.wikipedia.org/wiki/Provider-independent_address_s...
[2] https://en.wikipedia.org/wiki/Hop_(networking)
If they came to the US they would be subject to US jurisdiction. Hackers from other countries aren't, at least not always.
Edit: I mean prosecution. Jurisdiction applies whenever there are effects in the US, see link below.
Personally it never made sense to me how one can be subject to some random foreign country’s law by just using the Internet. But if that’s the doctrine it should at least be applied consistently.
See http://www.kktg.net/Notes/hacking-jurisdiction/ which explains this.
The heinousness of the crime does not justify giving up or overriding Constitutional freedoms. Never. Not ever.
And if anyone is in place to protect us from that level of overreach, it's a judge. I cannot believe he's pulling a "won't someone think of the children!" in justifying (and creating some janky circular logic) this ruling.
The scariest precedent here is the level of crime dictating the flexibility of constitutionality.
As I said in another comment here, the issue is when it goes beyond such information like IP addresses and goes to actually hacking, which involves running code on the victim's computer.
("No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.")
Now every last amendment from the Bill of Rights has been discarded.
... Or is it? http://www.leagle.com/decision/In%20FDCO%2020150203D28/MITCH...
I'd say lack of access to law (as well as its unbearable complexity) is an issue of due process and the fundamental rule of law.
But you can't look to the Constitution to dictate everything - its drafters could not anticipate all future developments, and if the government is that citizen-hostile a piece of paper won't stop it. That which the Constitution does specify should be considered more as "behavioral tests", and currently the majority of our test report is failure.
Spooner was criticizing the actual form of our current Constitution. GP was making an appeal to the Constitution and the judicial system's ignoring of it. I agree with Spooner that a Constitution such as ours is completely powerless to prevent individual judges from rewriting every time it fits their fancy.
We've basically had an ongoing Constitutional Convention in the federal courts since the founding -- without the consent of the people.
It is axiomatic that the present we now know inevitably followed from the history that preceded it. When you look at the U.S. federal government that now exists, it must have assumed its current form either by design of the Constitution, or contrary to that design. In case of the latter, the Constitution was entirely unable to prevent the government that it established from evolving into a form contrary to its design. Maybe the process was slowed somewhat. We cannot know for certain.
Therefore, if you dislike the current form of US federal government, it is nonsensical to idolize the Constitution, or any other causally-related fact of history. History gave us the present. If you do not like the present, and wish the future to be different, do not repeat the mistakes of the past. Whether history could have given us another present is irrelevant, because it did not.
In the end, whenever a living human fights with a document, the human will emerge victorious, and the document will become confetti. The Constitution is nothing without a living human to be its champion.
God says... snarl overcompensated friendliness's conflict chambray's bibliographer's otter's biodiversity's triptych conversationally fauna's djinns prizefight's Mueller's icons sunder Croatian's Celeste schism extradited whined mistaking impairs Derick's limply Saxony polysyllables sculpted earache cupcake marmalade's lunches
The CFAA does not depend on any expectation of privacy, only authorized usage.
Expectation of privacy defines the bounds of a search. Police searches are not permitted to conduct otherwise illegal activity Just because they are searching.
https://www.law.cornell.edu/uscode/text/18/1030
>(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
So something can't be illegal for the police to do for the sole reason that it violates the CFAA. If it violates something else, I suppose CFAA charges can be added on, though.
We need to turn it around: draconian punishments for "law enforcement" members who violate the constitution, and protections for individuals who tinker, probe, or explore without malicious actions/intent.
If true, then why is entering any device connected to the Internet a crime?
If not, doesn't this only apply to home routers?