[liberationtech] Magistrate Judge pwns FBI hacking request

Gregory Foster gfoster at entersection.org
Thu Apr 25 20:12:11 PDT 2013 

The WSJ's Jennifer Valentino-DeVries broke this story yesterday,  
unfortunately behind the WSJ's paywall:
https://twitter.com/jenvalentino/status/327172745332916225

For a solid summary, see @rj_gallagher's coverage at Slate:

Slate (Apr 25) - "Judge Rejects FBI Attempt to Use Spyware to Infiltrate  
Unknown Suspect's Computer" by Ryan Gallagher:
http://www.slate.com/blogs/future_tense/2013/04/25/texas_judge_denies_fbi_request_to_use_trojan_to_infiltrate_unknown_suspect.html

Or go straight to the Memorandum and Order, which is quite the read:
http://www.scribd.com/doc/137842124/Texas-Order-Denying-Warrant

Magistrate Judge Stephen Smith of the Southern District of Texas was  
presented with an FBI affidavit requesting a Rule 41 search and seizure  
warrant targeting an unknown computer at an unknown location used by an  
unknown suspect(s).  The lack of specificity was sufficient grounds for  
declining to issue the warrant, and Judge Smith goes through each of Rule 
41's five territorial limits which the government's application failed to 
satisfy.  Although it's interesting to see that the FBI hoped to satisfy 
the territorial limit by performing the search on the computer's data once 
it was brought into the Judge's territory, the interesting part concerns 
just how the FBI hoped to acquire and transport that data: by cracking or 
phishing into the unknown target computer, installing a sophisticated piece 
of malware, searching for and gathering information for 30 days, while 
exfiltrating significant quantities of data out of the system.

What kind of data?  Although the original affidavit and the revised  
affidavit were sealed (the FBI having been given at least one opportunity 
to clarify their intent), Magistrate Judge Smith was kind enough to cite 
the section of the affidavit which details exactly what information the FBI 
intended to acquire from the unknown computer:

> (1) records existing on the Target Computer at the time the software is 
> installed, including:
>
> records of Internet Protocol addresses used;
>
> records of Internet activity, including firewall logs, caches, browser  
> history and cookies, "bookmarked" or "favorite" Web pages, search terms 
> that the user entered into any Internet search engine, and records of 
> user-typed Web addresses;
>
> records evidencing the use of the Internet Protocol addresses to  
> communicate with the [victimbs bankbs] e-mail servers;
>
> evidence of who used, owned, or controlled the TARGET COMPUTER at the  
> time the things described in this warrant were created, edited, or  
> deleted, such as logs registry entries, configuration file, saved user  
> names and passwords, documents, browsing history, user profiles, e-mail 
> contents, e-mail contacts, "chat," messaging logs, photographs, and 
> correspondence;
>
> evidence of software that would allow others to control the TARGET  
> COMPUTER;
>
> evidence of times the TARGET COMPUTER was used; and
>
> records of applications run.
>
> (2) prospective data obtained during a 30-day monitoring period,  
> including:
>
> accounting entries reflecting the identification of new fraud victims;
>
> photographs (with no audio) taken using the TARGET COMPUTER's built-in  
> camera after the installation of the NEW SOFTWARE, sufficient to  
> identify the location of the TARGET COMPUTER and identify persons using 
> the TARGET COMPUTER;
>
> information about the TARGET COMPUTER's physical location, including  
> latitude and longitude calculations the NEW SOFTWARE causes the TARGET  
> COMPUTER to make;
>
> records of applications run.


Later in the Memorandum, Judge Smith takes the FBI to task for having the 
gall to state:

> Steps will be taken to assure that data gathered through the technique  
> will be minimized to effectuate only the purposes for which the warrant 
> is issued. The software is not designed to search for, capture, relay, 
> or distribute personal information or a broad scope of data. The 
> software is designed to capture limited amounts of data, the minimal 
> necessary information to identify the location of the TARGET COMPUTER 
> and the user of TARGET COMPUTER.


I applaud Magistrate Judge Stephen Smith for his principled action in this 
circumstance, which is one amongst many significant actions he has taken to 
resist court secrecy, the abuse of secret "gag" orders, and the  
application of the Constitution to electronic surveillance requests:
http://www.fclr.org/fclr/articles/html/2009/jmffedctslrev5.pdf
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2071399
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2143339

Please consider sharing this information with others.
gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list