When the FBI searched Andrew Workman’s computer they say they found pornographic videos of girls as young as 3 years old. A federal judge in Colorado ruled this month that the computer hack that helped the bureau uncover the videos should never have been allowed.
Why? Because the search warrant permitting the hack was issued by a magistrate judge in Virginia — outside the judicial district in which Workman lived — and in an apparent violation of federal criminal rules.
But a shift in federal rules set to go into effect in December says that a judge in one district can approve a warrant to hack computers outside that district in cases where the computers’ location is shielded.
The change would aid the government in its sweeping national investigation into child porn on the “dark Web,” a universe of sites that are off Google’s radar, where pedophiles using special technology can operate in anonymity.
The government contends that the change — which was approved by the Supreme Court in April and will go forward unless Congress opposes it — is necessary to clear up a loophole created by technology. Because investigators cannot know in advance where a target computer is physically located if a suspect is using tools to mask his or her location, it is impossible to seek a search warrant in the district in which the target is located, officials say. They add that the change does not create any new authority, and would still require a showing of probable cause before a warrant is issued.
“It really just gives us the ability to go in front of a [single] judge and get a warrant to do a search,” Assistant Attorney General Leslie Caldwell said. “Otherwise we could find ourselves in a situation where we knew child-exploitation activity was happening in a lot of different places, but we wouldn’t know exactly where the computers were located and we wouldn’t have a judge to go to.”
But privacy advocates and some lawmakers contend that the amendment to Rule 41 of the Federal Rules of Criminal Procedure would legally sanction mass hacking, in which federal law enforcement, with one warrant, can hack thousands of computers whose locations are unknown. And they argue that the rule change would allow prosecutors to seek out judges they feel would be more sympathetic to their warrant application.
If the rule change goes through, and if the government can show probable cause, “the FBI gets the authority to hack anywhere in the world,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “We desperately need to have congressional hearings and investigations into the use of this technology before it becomes the tool of choice of law enforcement.”
Google, Paypal and several other technology companies have also lobbied against the change to the rule, calling it “dangerously broad.”
In the case that ensnared Workman, the FBI took over a child-porn site called PlayPen and surreptitiously installed software on it that enabled investigators to identify computers of users who went to the site. Since then, the government has obtained Internet protocol addresses of at least 1,300 computers in the United States, identified at least 38 children subject to sexual abuse, and brought about 200 cases.
Critics say that allowing the government to use such hacking software potentially endangers the computers of law-abiding citizens who have nothing to do with pedophiles.
“A bungled government hack could damage systems at hospitals, on the power grid, in transportation or other critical infrastructure,” said Sen. Ron Wyden (D-Ore.), who is part of a bipartisan, bicameral group of lawmakers seeking to block the Rule 41 change.
Caldwell dismissed such assertions, saying that investigators work closely with private-sector computer security experts.”We do a lot of testing to make sure that the software we’re using is not going to have harmful, unintended consequences,” she said.
She also noted that the proposed rule change is the result of three years of extensive review and public testimony involving two committees consisting of academics, judges and defense attorneys.
The change to Rule 41, the government says, will help settle what has become a confusing area for judges and prosecutors.
Since the warrant used to hack Workman’s computer was issued in February 2015, there have been 24 challenges to it. Nineteen judges who reviewed the warrant concluded it was not properly issued on venue grounds. Of those, four, including the judge in Colorado, threw out the evidence as a result. The other 15 ruled that the violation was not serious enough to suppress the evidence. And the remaining five found the warrant was properly issued.
Any change to Rule 41 would not automatically apply to the pending cases. But the Justice Department could request that each individual court apply the new rules.
Even if the change goes through, defense lawyers say they will continue to challenge the hacking warrants on other grounds. For instance, they have argued that the hacking constitutes a violation of the Fourth Amendment.
Judge R. Brooke Jackson, who decided to suppress the evidence in Workman’s case, said he was aware that his ruling might free a guilty man.
“This is particularly difficult to stomach where the crime at issue is something as reprehensible as the possession of child pornography,” he wrote in his decision. “On the other hand, this ruling might serve as a reminder to . . . be attentive to ‘something as basic as who can issue a warrant.’ ”