Deputy AG Claims There's No Market For Better Security While Complaining About Encryption At A Cybercrime Conference

from the an-actual-thing-that-happened dept

The FBI still hasn't updated its bogus "uncrackable phones" total yet, but that isn't stopping the DOJ from continuing its push for holes in encryption. Deputy AG Rod Rosenstein visited Georgetown University to give a keynote speech at its Cybercrime 2020 Conference. In it, Rosenstein again expressed his belief that tech companies are to blame for the exaggerated woes of law enforcement.

Pedophiles teach each other how to evade detection on darknet message boards. Gangs plan murders using social media apps. And extortionists deliver their demands via email. So, it is important for those of us in law enforcement to raise the alarm and put the public on notice about technological barriers to obtaining electronic evidence.

One example of such a barrier is “warrant-proof” encryption, where tech companies design their products or services in such a way that they claim it is impossible for them to assist in the execution of a court-authorized warrant. These barriers are having a dramatic impact on our cases, to the significant detriment of public safety. Technology makers share a duty to comply with the law and to support public safety, not just user privacy.

Rosenstein says this has resulted in a "significant detriment [to] public safety," but can't point to any data or evidence to back that claim up. The FBI's count of devices it can't access is off by at least a few thousand devices, by most people's estimates. In terms of this number alone, the "public safety" problem is, at best, only half as bad as the DOJ has led us to believe.

Going beyond that, crime rates remain at historic lows in most places in the country, strongly suggesting no crime wave has been touched off by the advent of default encryption. Law enforcement agencies aren't complaining about cases they haven't cleared -- if you exclude encryption alarmist/Manhattan DA Cyrus Vance. (Anyone hoping to have an honest conversation about encryption certainly should.)

Somehow, Rosenstein believes the public would experience a net safety gain by making their devices and personal info more easily accessed by criminals. Holes in encryption can be marked "law enforcement only," much like private property owners can hang "no trespassing" signs. But neither is actually a deterrent to determined criminals.

Rosenstein goes on to tout "responsible encryption" -- a fairy tale he created that revolves around the premise tech companies can break/unbreak encryption at the drop of a warrant. But broken encryption can't be unbroken, not even with some form of key escrow. The attack vector may change, but it still exists.

That Rosenstein is advocating inferior encryption during a cybercrime conference speaks volumes about what the DOJ actually considers to be worth protecting. It's not businesses and their customers. It's law enforcement's access. He spends half the run time talking about security breaches involving tech companies and follows it up by suggesting they take less care securing all this info they collect.

He even goes so far as to claim better security is something customers don't want and is bad for tech companies' bottom lines.

Building secure devices requires additional testing and validation—which slows production times — and costs more money. Moreover, enhanced security can sometimes result in less user-friendly products. It is inconvenient to type your zip code when you use a credit card at the gas station, or type a password into your smartphone.

Creating more secure devices risks building a product that will be later to market, costlier, and harder to use. That is a fundamental misalignment of economic incentives and security.

The implicit statement Rosenstein's making is that ramped-up security -- including default encryption -- is nothing more than companies screwing shareholders just so they can stick it to The Man. Following this bizarre line of thought is to buy into Rosenstein's conspiracy theory: one that views tech companies as a powerful cabal capable of rendering US law enforcement impotent.

And as much as Rosenstein hammers tech companies for security breaches that have exposed the wealth of personal data they collect, he ignores the question his encryption backdoor/side door advocacy raises. This question was posed in an excellent post by Cathy Gellis at the beginning of this year:

"What is a company to do if it suffers a data breach and the only thing compromised is the encryption key it was holding onto?"

We're headed into 2019 and no one in the DOJ or FBI is willing to honestly discuss the side effects of their proposals. Rosenstein clings to his "responsible encryption" myth and the director of the FBI wants to do nothing more than make it the problem of "smart people" at tech companies he's seeking to bend to his will. No one in the government wants to take responsibility for the adverse outcomes of weakened encryption, but they're more than willing to blame everyone else any time their access to evidence seems threatened.

Rosenstein's unwavering stance on the issue makes this statement, made at the closing of his remarks, ring super-hollow.

We should not let ideology or dogma stand in the way of constructive academic engagement.

Fair enough, Rod. You go first.

Filed Under: backdoors, blame, doj, encryption, fbi, going dark, responsible encryption, rod rosenstein

EFF, ACLU Petition Court To Unseal Documents From DOJ's Latest Anti-Encryption Efforts

from the talk-to-us,-DOJ dept

Back in August, the DOJ headed to court, hoping to obtain some of that sweet sweet anti-encryption precedent. Waving around papers declaring an MS-13 gang conspiracy, the DOJ demanded Facebook break encryption on private Messenger messages and phone calls so the government could eavesdrop. Facebook responded by saying it couldn't do that without altering -- i.e., breaking -- Messenger's underlying structure.

Not that breaking a communications platform would give the FBI any sleepless nights. Worthless encryption is better than good encryption when it comes to demanding the content of communications or, as in this case, operating as the unseen man-in-middle when suspected gang members chatted with each other.

Unfortunately (for the FBI), this ended in a demurral by the federal court. The details of the court's decision are, just as unfortunately, unknown. Reuters was able to obtain comments from "insiders familiar with the case," but the public at large is still in the dark as to how all of this turned out.

The EFF and ACLU are hoping to change that.

In our petition filed today in the United States District Court for the Eastern District of California, EFF, the ACLU, and Riana Pfefferkorn of Stanford Law School’s Center for Internet and Society seek to shed light on this important issue. We’re asking the court to release all court orders and related materials in the sealed Messenger case.

Given the importance of encryption in widely used consumer products, it is a matter of public interest any time law enforcement tries to compel a company to circumvent its own security features.

The petition [PDF] points out the First Amendment guarantees access to courtroom proceedings and the courts are supposed to adhere to this by operating with a presumption of openness. Only in rare, rare cases should they side with the government and allow the public to be cut out of the loop by sealing documents.

This is doubly true in cases of significant public interest. Any time the DOJ is in court agitating for broken encryption, it's safe the say the public will be affected by the case's outcome. At this point, we don't know anything more than the DOJ didn't get what it wanted. What we don't know is why, or what impact the ruling here will have on similar cases in the future. And we should know these details because, if nothing else, the FBI has proven it cannot be trusted to deal with device encryption honestly.

Filed Under: breaking encryption, compelled access, doj, encryption, facebook messenger, fbi, going dark, ms-13, public records, sealed court documents, transparency
Companies: facebook

FBI Faked Up A FedEx Website To Track Down A Scam Artist

from the phishing-for-fraudsters dept

Trust no one. The DEA impersonates medical board investigators. Police pretend to be people's friends. FBI agents pretend to be journalists. And, in this case, federal investigators pretended they could help an alleged scammer trace a FedExed payment. Joseph Cox of Motherboard has more details, taken from recently unsealed FBI warrant applications.

The two 2017 search warrant applications discovered by Motherboard both deal with a scam where cybercriminals trick a victim company into sending a large amount of funds to the scammers, who are pretending to be someone the company can trust. The search warrants show that, in an attempt to catch these cybercriminals, the FBI set up a fake FedEx website in one case and also created rigged Word documents, both of which were designed reveal the IP address of the fraudsters. The cases were unsealed in October.

The warrant application [PDF] in one case seeks permission to use an NIT (Network Investigative Technique) to expose identifying information about a targeted device/computer. This warrant request -- relying on recent changes to jurisdictional limitations -- says the NIT deployment was necessary because the FedEx impersonation failed to obtain usable IP address info thanks to the target's use of a VPN to access the impersonated site.

On July 25, 2017, FBI Buffalo, Rochester Resident Agency purchased the domain www.fedextrackingportal.com and developed the website www.fedextrackingportal.com/apps/us-en/tracking.php?action=track&trackingnumber=731246AF7684. The website was created with the message "Access Denied, This website does not allow proxy connections" error message when accessed. The website was created to capture the basic server communication information, as IP Address date and time stamp, and user string when the website was accessed. No malware or computer exploit was deployed in the development of the website; the only information captured in the webserver logs was unencrypted basic network traffic data identified above.

The IP addresses trapped with this ruse traced back to ExpressVPN, necessitating the technique described in this warrant application: a malicious email attachment.

The deployment of the NIT will occur through email communications with the TARGET USER, with consent from the victim company, Gorbel, and the Accounts Payable manager Belt. The FBI will provide an email attachment to the victim which will be used to pose as a screen shot of the FedEx tracking portal for the sent payment. The FBI anticipates the target user, and only the target user, will receive the email and attachment after logging in and checking emails. The subject will download the attachment which will deploy a technique designed to identify basic information of the TARGET location. [...] For the email attachment approach, the FBI will use a document with an embedded image requiring the computer to navigate outside the proxy service in order to access the embedded item.

A second warrant application dug up by Motherboard details pretty much the same process: an NIT deployed via email attachment to force the target to relinquish identifying info like IP addresses and device information. The twist in the second application is that the malicious embed (an image contained in a Word document) would require the recipient to turn off "Protected Mode" to open the attachment. Simply harvesting info from an end user is one thing. Having them perform an action on their end to give the government access to their computer is another. "In an abundance of caution," the FBI requested a warrant, even though the application makes it clear the FBI believes it shouldn't need a warrant to force targeted devices to give up potentially-identifying info.

The impersonation of FedEx may be novel, but the FBI's use of NITs began well before its extrajurisdictional searches were codified by Rule 41 changes. NITs have been in the FBI's toolkit for most of this decade. Here's a 2012 application and returned warrant showing the FBI using an NIT to obtain IP addresses and device info to locate a wanted felon using an email address the agency believed belonged to the target.

The FBI's impersonation of people, places, and things is likely just as widespread, even if the rules (very loosely) governing this investigative technique suggest it shouldn't be. FedEx may have questions about the FBI's use of its name to obtain IP addresses from criminal suspects, but so far, it hasn't commented on the news. What's seen in these applications suggests some care is being taken to avoid sweeping up innocent internet users, but there's only so much that can be implied from this very small sampling of federal investigative activity.

Filed Under: doj, fake website, fbi, impersonation, nit, phishing, warrant
Companies: fedex

To Prosecute A Single Bombing Suspect, FBI Demands Identifying Info On Thousands Of YouTube Viewers

from the general-warrants-are-back,-baby! dept

We waved goodbye to general warrants with the Fourth Amendment back in 1791. Now, thanks to tech companies collecting tons of info on site visitors and the FBI's apparent inability to craft a narrow warrant, it's the late 1700s all over again!

With a wealth of information a subpoena or warrant away, law enforcement is asking for everything and promising to sort it all out properly. This hasn't worked as well in practice as it has in theory. Investigators looking for evidence of one crime have found others to charge defendants with simply by sifting through the digital haystacks they're able to acquire with a single piece of paper.

In other cases, investigators have decided everyone is a suspect and that the massive amount of data obtained with this dubious legal theory will somehow point them to the real criminals. That's the theory behind law enforcement's "reverse" searches: ones where they demand all cell site location info from everyone connecting to certain cell towers before paring down the list of suspects from "everyone" to "everyone in certain locations at certain times."

A warrant requested by the FBI related to a bombing in New York last year is operating under this same premise. The search warrant ostensibly seeks to obtain information about defendant Victor Kingsley's YouTube viewing habits. Kingsley is facing federal charges for killing a New York City landlord with a handmade bomb. Kingsley was allegedly targeting a police officer who he thought lived at that address as revenge for his arrest by that officer three years earlier.

According to the affidavit [PDF], searches of Kingsley's computers revealed a slew of searches for bomb making materials and instructions. Many of these searches took him to YouTube videos. With this information, you'd think the feds would have plenty of evidentiary ammo to bring to court that would infer Kingsley intended to make a bomb. The FBI also recovered evidence on online purchases of items used in making explosives.

With this already in hand, it's hard to understand why the FBI is looking for more info. But what's harder to understand is why it's seeking more info in this particular manner.

The affidavit correctly points out Google collects a ton of info on YouTube viewers, whether or not they create a YouTube account. It also points out most viewers have accounts because without one, their actions (upvoting, downvoting, playlists, etc.) are severely restricted. It then details a long list of information the FBI believes Google can produce when served with a warrant (which also includes physical addresses, billing info, phone numbers, etc.).

As part of its business model, Google also collects a variety of data on YouTube videos. This includes information for each time a video was watched; the comments and shares of a video; the demographics of viewers; and the sources of traffic to the videos (i.e., the source webpages and links that a viewer used to land on the video).

Further, Google typically retains certain transactional information about the creation and use of each account on their systems. This information can include the date on which the account was created, the length of service, records of log-in session) times and durations, the types of service utilized, the status of the account (including whether the account is inactive or closed), the methods used to connect to the account (such as logging into the account via Google's website), and other log files that reflect usage of the account. In addition, Google often has records of the Internet Protocol address ("IP address") used to register the account and the IP addresses associated with particular log-ins to the account. Because every device that connects to the Internet must use an IP address, address information can help to identify which computers or other devices were used to access the account.

In addition, Google collects device-specific information (such as a user's hardware model, operating system version, unique device identifiers, and mobile network information including phone number), which it may associate with a user's Google account. Google states that it may also collect and process information about a user?s location, based on information including IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and cell towers.

Now, the FBI has device identifying info, IP addresses, and other information gleaned from the devices and accounts already searched/subpoenaed that could tie certain YouTube/Google activity to Victor Kingsley. But it inserts none of that here to limit the search. Instead, it asks for all of this info for every visit to a list of YouTube URLs.

This is only the first page of its YouTube URL demands. [Click thru for a bigger version.]

The obvious problem is these videos could have been viewed by thousands of viewers completely unrelated to the case. (Not to mention the fact that the first URL will never resolve...) And yet, the FBI agent thinks it's OK to demand a long list of identifying info, along with location/cell tower data on each of these viewers from Google. Supposedly, this is being done to sort the righteous from the wicked… or whatever.

As explained herein, information stored in connection with a YouTube video and Google account may provide crucial evidence of the "who, what, why, when, where, and how" of the criminal conduct under investigation, thus enabling the United States to establish and prove each element or alternatively, to exclude the innocent from further suspicion.

That's not how warrants work. This is like demanding Amazon turn over account info, location data, etc. on everyone who's ever viewed a page for items that can be used to create bombs. And this request is being made despite the fact the government already has plenty of identifying info it could use to narrow the request.

If Google chooses to hand this over, it's not a question of if the government will get tons of data on innocent YouTube visitors. It's only a question of how much. It appears every URL targeted by this warrant has already been neutralized by Google. Typing in these URLs will either bring you to a deleted video or a dead page that feeds you absolutely zero information. (This is likely meant to keep users from adding to the data pile the FBI wants Google to produce.)

Here's just one of the URLs targeted, as it appears at the Internet Archive:

It's a Science Channel video titled "Building a Starship." As of its archive date (August 6, 2016), it had 222,000 views.

Here's how that URL looks now:

So, for just a single URL, there are at least 222,000 "suspects" the FBI wants Google to hand over info on. Then it will apparently work its exculpatory magic, travelling backwards by process of elimination to data linked to accounts owned by Victor Kingsley, matching YouTube visits with identifying info the FBI already has on hand.

This isn't a fishing expedition. This is dynamite tossed into a stock pond with the FBI promising to kick any surviving fish back into the water following the explosion. Somehow, this warrant was approved by Magistrate Judge Lisa Bloom and handed over to FBI Agent Lawrence Schmutz to forward to Google.

Hopefully, Google's fighting this request. The affidavit goes long on the evidence the FBI has already obtained to be used against Kingsley before throwing it all out to demand Google hand over as much as it can on as many YouTube viewers as possible. This is shoddy work. And it definitely appears to be unconstitutional. A warrant is the Fourth Amendment-approved gateway for unreasonable searches. But there's a limit to how unreasonable a search can be, even with a warrant.

If this is challenged by Google, it seems unlikely to withstand further scrutiny. It's a general warrant seeking to rummage through numerous people's belongings that happened to be housed at Google. Warrants aren't supposed to be used to separate the innocent from the guilty. That's not probable cause for a search. Probable cause may lead to the discovery of exculpatory evidence but that isn't its purpose. It's there to find evidence to use against a suspect using a search predicated on information the government swears in front a judge supports its need to perform an invasive search. The government has no probable cause to seek the info of YouTube viewers not directly accused of this crime. And it has no excuse to perform a search this way when it has plenty of information on hand that could have narrowed this request significantly before presenting it to Google.

Filed Under: 4th amendment, doj, fbi, general warrants, search, victor kingsley, youtube
Companies: google, youtube

House To Investigate Whether DOJ's AT&T Antitrust Lawsuit Was Political

from the do-not-pass-go,-do-not-collect-$200 dept

When the Trump DOJ sued to stop AT&T's $89 billion merger with Time Warner last year, more than a few eyebrows were raised. After all, the DOJ's antitrust suit, allegedly a bid to protect consumers, came as other arms of the Trump administration were busy utterly dismantling a wide variety of popular consumer protections (like net neutrality) at the direct request of industry. It raised the question: why suddenly care about consumer protection and antitrust power when you've shown absolutely no general concern for those concepts previously?

As a result, there's always been a lingering question as to whether Trump's obvious disdain for Time Warner owned CNN was driving a petty bid for vengeance. Others wondered if the DOJ's lawsuit was a personal favor to Trump ally Rupert Murdoch, who had tried unsuccessfully to buy CNN from AT&T at least twice, and had spent much of 2017 lobbying Trump to scuttle the deal as a competitive favor to his Fox empire.

With a shakeup in the House, those questions could soon again be making headlines. Incoming House intelligence committee chairman Adam Schiff told Axios last weekend that one of the numerous things the new House leadership will investigate is whether the DOJ's antitrust lawsuit against AT&T was political:

"Schiff said Congress also needs to examine whether Trump attempted to block AT&T’s merger with Time Warner as payback to CNN.

"We don't know, for example, whether the effort to hold up the merger of the parent of CNN was a concern over antitrust or whether this was an effort merely to punish CNN," Schiff said.

To be clear, AT&T's monopoly power is clearly a problem and, regardless of the motivation, it's a good thing the DOJ tried to stop it.

AT&T's domination of both fixed broadband, wireless broadband, and its monopoly over the backhaul connections feeding everything from cellular towers to ATMs was already causing headaches. The company's expanded ownership of "must have" media properties only made things worse by causing new anti-competitive problems for competitors like Dish. Combine these with the death of net neutrality, AT&T's past behaviors, and the FCC's fresh inability to hold AT&T accountable for any of it -- and the over-arching market issues should be pretty clear.

Ultimately the DOJ lost its case for several reasons. Antitrust laws weakened after decades of lobbying left the DOJ arguing obvious outcomes (like AT&T raising rates on competitors and consumers) within narrow confines of economic theory. And because the DOJ didn't want to highlight the fact the Trump admin was harming these same consumers with its other hand (net neutrality), it simply avoided mentioning the idea at all. That's an obvious issue since AT&T's domination of both the media and its broadband monopoly will work synergistically to harm competitors and consumers alike.

Regardless, the Trump DOJ suddenly and exclusively caring about AT&T's monopoly power was always curious. And while many will be sure to suggest that any investigation of the motivation is itself political, it's a question that would be nice to have answered all the same -- since using "instruments of state power" like the DOJ to settle petty grievances with media outlets you don't like is kind of a fucking problem.

Filed Under: adam schiff, antitrust, congress, doj, mergers, politics
Companies: at&t, time warner

Gov't Says Accused CIA Hacking Tools Leaker Leaking Even More Classified Info From Behind Bars

from the I-guess-he's-just-on-a-roll... dept

The DOJ is still waiting for accused Vault 7 leaker Joshua Shulte's trial to begin, but that's not stopping it from adding to the long list of charges he already faces. The former NSA/CIA operative's house was raided last year by the feds who were looking for evidence of Shulte's leak of CIA hacking tools to Wikileaks. It found some of that, but also found 10,000 child porn images in the 5+ terabytes of data seized.

The child porn alone will likely see Shulte put away for a long time if the prosecution can secure a conviction. Leaking top secret tools isn't likely to be greeted with a wrist slap -- not with the forever War on Leakers still in progress. For some reason, the government felt compelled to add copyright infringement to the list of charges after discovering a few pieces of pirated content on Shulte's personal server.

Shulte -- who is locked up in a New York detention facility until he goes to trial -- must figure he has nothing to lose. That's one conclusion that can be drawn from the latest set of charges being brought by the DOJ. (via Slashdot)

According to new court documents filed late Wednesday, October 31, US prosecutors plan to file three new charges against Joshua Schulte for allegedly leaking more classified data while in detention at the New York Metropolitan Correctional Center (MCC).

The filing [PDF] is quite the read. According to the allegations, Shulte had access to multiple smuggled cellphones and was using them to disseminate classified info to "third parties" outside the prison walls. It appears the info Shulte smuggled out of the prison came from classified documents released to him as part of his pre-trial discovery. The DOJ has now stripped him of access to classified documents, restricting him to unclassified info released by the FBI.

A flurry of paperwork and a search of Shulte's housing unit turned up a number of things, including a new form of encryption.

In or about early October 2018, the Government learned that Schulte was using one or more smuggled contraband cellphones to communicate clandestinely with third parties outside of the MCC. The Government and the FBI immediately commenced an investigation into Schulte’s conduct at the MCC. That investigation involved, among other things, the execution of six search warrants and the issuance of dozens of grand jury subpoenas and pen register orders. Pursuant to this legal process, in the weeks following the Government’s discovery of Schulte’s conduct at the MCC, the FBI has searched, among other things, the housing unit at the MCC in which Schulte was detained; multiple contraband cellphones (including at least one cellphone used by Schulte that is protected with significant encryption); approximately 13 email and social media accounts (including encrypted email accounts); and other electronic devices.

Given the FBI's recent history, it probably should be more careful when it discusses encryption. A few years of "going dark" narrative was upended by the agency itself, which revealed it could not competently count physical devices in its possession. The ever-inflating number of impenetrable devices was suddenly, and embarrassingly, converted to an asterisk on multiple FBI/DOJ webpages with footnotes stating an updated number would be provided at the agency's convenience.

Now, there's this: a DOJ prosecutor relaying the FBI's message about "significant" encryption -- whatever the hell that is -- to the federal judge presiding over the case. What makes this particular encryption "significant" isn't explained, but it does seem to make this encryption appear far more nefarious than the regular, insignificant encryption used by citizens not currently under federal indictment.

Three more charges are headed Shulte's way, all of them related to unlawful disclosure of classified documents. This isn't charge stacking -- not if the government's allegations are true -- but it could definitely nudge Shulte towards a plea deal that will save the DOJ a lot of time, energy, and arguments over presenting sensitive information in open court.

Then again, Shulte appears to be anything but cooperative. Leaking classified documents directly under the fed's nose while in supervised detention is a bold move that bears a lot of resemblance to a middle finger extended in the direction of the government. This may end up being a very fun trial to watch.

Filed Under: cia, doj, encryption, hacking tools, joshua schulte, leaks, vault 7
Companies: wikileaks

Feds Also Using 'Reverse Warrants' To Gather Location/Identifying Info On Thousands Of Non-Suspects

from the just-google-it dept

Because nearly everyone carries a tracking device on their person these days, it's become a whole lot easier for the government to find out where everybody's been. It's TinEye but for people, and it appears to be a new go-to tool for law enforcement. What used to be officers canvassing the area where a crime took place is now a warrant sent to Google to obtain location data and identifying info for all people and devices in the area.

These so-called "reverse warrants" first started coming to light earlier this year. The Raleigh Police Department (NC) was serving warrants to Google in hopes of figuring out who to suspect of committing crimes, rather than having a suspect in mind and working forward from there. The warrants were of the "general" variety, guaranteed to give the RPD location/identifying info of hundreds of non-suspects who just happened to be in the area. There's some evidence Google has pushed back against these warrants, but it hasn't been enough to deter law enforcement from continuing to use Google as one-stop shopping to bulk location/identifying info.

This practice isn't limited to the local boys. Thomas Brewster of Forbes has obtained a warrant [PDF] showing the FBI is doing the same thing.

The most recent order on Google, unearthed by Forbes earlier this week, came from the FBI in Henrico, Virginia. They went to Google after four separate robberies in which unidentified, armed individuals entered and stole from the same Dollar Tree store between March and September this year. The manager of the Dollar Tree was also robbed at gunpoint while dropping off money at a Wells Fargo night-deposit box located just down the road from the store.

The warrant asks for location histories held by Google for anyone within three separate areas—including regions around the Dollar Tree store and the Wells Fargo address—during the times and days the five robberies took place. The FBI also wanted identifying information of Google account holders in those areas, two of which had a 375-meter radius. The other had a 300-meter radius.

Since Dollar Tree stores are never found thousands of feet away from other businesses and residences, the information demanded of Google would include hundreds or thousands of innocent people who live or work near the targeted store.

This isn't the way warrants work. Or, at least, this isn't how they're supposed to work. Unfortunately, the FBI's stated probable cause for demanding this info isn't attached to the document Forbes obtained, so it's unclear how the FBI talked a judge into signing off on this. What the returned warrant does show is no records were returned, suggesting Google is pushing back against broad requests for data that appear to be unsupported by probable cause.

While this may be the digital equivalent of canvassing nearby businesses and residences to search for suspects, these orders make compliance compulsory by eliminating the citizenry. It appears the government believes the combination of warrants and third-party data makes gathering info on hundreds or thousands of non-suspects constitutional. The FBI's warrant also came with an indefinite gag order, so no one included in the search radius had any idea federal law enforcement wanted to know who they were or where they'd been.

This search tactic will continue to be deployed until a court puts an end to it. Without more data, it's hard to say how often magistrates approve or reject these reverse warrants. All we know is some warrants have been approved. And in some cases, Google has refused to provide the data. I'm sure law enforcement knows these demands for data aren't completely constitutional, which may be why we haven't seen any agency bring Google to court for refusing to comply. Additional judicial scrutiny isn't going to do these warrants any favors.

Filed Under: 4th amendment, doj, fbi, location info, reverse warrants, warrants
Companies: google

Seventh Circuit Appeals Court Hands Fifth 'Good Faith' Win To FBI's Invalid Playpen Warrant

from the fixing-it-in-post dept

It doesn't appear the Supreme Court will have to resolve a circuit split on the FBI's malware warrant used in its Playpen child porn investigation. The same day the Ninth Circuit Appeals Court found in favor of the FBI, the Seventh Circuit reached the same conclusion [PDF], bringing the FBI's "good faith" total to five appellate wins versus zero losses.

The Seventh's reasoning echoes that of the other circuits: the warrant may have been invalid (seeing as its jurisdiction limits were immediately violated by the FBI's malware deployment), but the FBI was correct to rely on the magistrate's screwup.

Federal Rule of Criminal Procedure 41(b)(1) authorizes a magistrate judge “to issue a warrant to search for and seize a person or property located within the [magistrate judge’s] district.” This warrant, they say, extended to people and property located outside the magistrate’s district. Defendants contend that a void warrant is tantamount to no warrant at all, nullifying the good-faith exception.

We disagree. Even if the warrant were void ab initio, we would treat this like any other constitutional violation. We see no reason to make the good-faith exception unavailable in such cases.

I'm sure the Seventh didn't mean to make it sound like it would excuse "any other constitutional violation," but that's kind of how it reads. What the court is saying is that it won't suppress the evidence obtained with an invalid warrant. It doesn't go as far as other courts have and find that there's no deterrent effect in suppressing evidence because the illegal actions engaged in by the FBI were made legal after the fact. But it does say suppression is unreasonable because it punishes the FBI for the magistrate judge's error.

The deterrence rationale for the exclusionary rule aims at the conduct of the police, not the conduct of the magistrate judge. See Davis, 564 U.S. at 238 (focusing the cost-benefit analysis in exclusion cases on the “flagrancy of the police misconduct” at issue). Thus, whether the magistrate judge lacked authority has no impact on the rule. As Leon explains, “[p]enalizing the officer for the magistrate’s error, rather than his own, cannot logically contribute to the deterrence of Fourth Amendment violations.”

What's more troubling is that its discussion of the FBI's "good faith" grants credence to one of the FBI's more disingenuous arguments: that the malware it sent was a "tracking device" rather than a search, making its deployment from a seized server in Virginia constitutional because the FBI obviously can't control where tracking devices end up after they're deployed. This legal theory has been criticized in other courts even while finding the FBI, overall, acted in good faith. Here's a quote from the Third Circuit's decision, which calls out the FBI for its appellate-level goalpost moving.

We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit.

The Seventh Circuit gives the government credit where none is due.

Perhaps the warrant impermissibly allowed the search of computers outside the magistrate judge’s district, as the defendants suggest. But the government suggests another theory. It notes that under Rule 41(b)(4), a magistrate judge can issue a warrant for the installation of a “tracking device” within the district that can track movement outside the district. Fed. R. Crim. P. 41(b)(4). The government characterizes the NIT as such a device, maintaining that its installation occurred in-district because the defendants were accessing servers located in that district. Choosing between these frameworks has split district courts across the country, which underscores the difficulty of the question.

Having done that, the court declares it won't discuss the "tracking device" any further because it has already said suppression would punish the FBI for the magistrate's error. The evidence remains in play and the convictions of all three defendants are affirmed.

The problem with these decisions is they tacitly encourage law enforcement to ask judicial permission for illegal searches because if it's granted, it's the magistrate's fault, not the officers', and evidence obtained illegally won't be suppressed. When the FBI asked for permission to engage in extraterritorial searches, the DOJ was pushing for removal of Rule 41 jurisdiction limits. It's impossible the agent swearing out the warrant was unaware of this fact. It was a bad faith request converted to "good faith" by the magistrate's approval, whitewashing the FBI's actions and making the evidence unassailable in court.

Filed Under: 4th amendment, 7th circuit, doj, fbi, good faith, playpen, rule 41

Ninth Circuit Aligns With Other Circuits: The FBI's Playpen Warrant Was Bad, But The FBI's Faith Was Good

from the winning-by-losing dept

The Ninth Circuit Court of Appeals is the latest appeals court to find the FBI's warrant for malware deployment during a child porn investigation to be invalid, but still close enough for government work. The FBI's NIT (Network Investigative Technique) was sent to visitors of a dark web child porn site called Playpen. The hitchhiking software then traveled out of the district the server was housed in (Virginia) to send back identifying info from computers and devices all over the world.

At the time the warrant was sought, warrants were only valid in the district they were issued. Multiple courts found the FBI's malware was a search under the Fourth Amendment. A smaller subset found the extrajurisdictional search unsupported by current law and the underlying warrant invalid from the moment it was issued. Challenges to the extrajurisdictional searches have all run into dead ends at the appellate level.

The First, Eighth, and Tenth Circuits have all refused to suppress evidence, even if the courts found the search warrant invalid. The reasoning? There was no deterrent effect served by suppressing the evidence because the law changed after the warrant was issued and the malware deployed to allow the FBI to engage in extrajurisdictional searches. In essence, this is retroactive application of a law that changed after the warrant was sought, giving it the sort of blessing courts won't extend to victims of law enforcement misconduct that happened to occur before precedential decisions explicitly declared that particular form of misconduct unconstitutional.

In addition to the retroactive application of Rule 41 jurisdictional changes, these appeals courts have also granted the government "good faith." Somehow, it's believed an FBI agent seeking a warrant for a search that he knew would violate Rule 41 limits when executed wasn't the FBI rolling the dice on favorable rulings and a potential future mooting by changes to the law.

There's more of the same in the Ninth Circuit decision [PDF]. The court says the warrant was bad but the faith was good, so no harm, no foul, no suppression. (h/t Brad Heath)

We agree with Henderson that Rule 41(b) is not merely a technical venue rule, but rather is essential to the magistrate judge’s authority to act in this case.

[...]

The Federal Magistrates Act, 28 U.S.C. § 636, defines the scope of a magistrate judge’s authority, imposing jurisdictional limitations on the power of magistrate judges that cannot be augmented by the courts.

[...]

Relevant here, § 636 authorizes magistrate judges to exercise “all powers and duties conferred or imposed” by the Federal Rules of Criminal Procedure. 28 U.S.C. § 636(a)(1). In turn, Rule 41(b) has been asserted as the sole source of the magistrate judge’s purported authority to issue the NIT warrant in this case. But, as we have explained, in issuing such warrant, the magistrate judge in fact exceeded the bounds of the authority conferred on magistrate judges under Rule 41(b). Thus, such rule plainly does not in fact confer on the magistrate judge the authority to issue a warrant like the NIT warrant. Without any other source of law that purports to authorize the action of the magistrate judge here, the magistrate judge therefore exceeded the scope of her authority and her jurisdiction as defined under § 636.

Thus endeth the bad news for the government -- bad news severely tempered by the fact the government still gets to keep its evidence. Even though the court recognizes the warrant was invalid the moment it was signed, it still gives the government points for effort. The Ninth says it's ok for law enforcement to rely on invalid warrants, so long as they've been signed by a magistrate. And good faith or not, the court says there's no reason to suppress the evidence because the house always wins there's no future misconduct to deter.

[T]here is no evidence that the officers executing the NIT warrant acted in bad faith. “To the extent that a mistake was made in issuing the warrant, it was made by the magistrate judge, not by the executing officers.”

[...]

Further, suppression of the evidence against Henderson is unlikely to deter future violations of this specific kind, because the conduct at issue is now authorized by Rule 41(b)(6), after the December 2016 amendment. The exclusionary “rule’s sole purpose, we have repeatedly held, is to deter future Fourth Amendment violations,” Davis v. United States, 564 U.S. 229, 236–237 (2011), and we see no reason to deter officers from reasonably relying on a type of warrant that could have been valid at the time it was executed—and now would be.

With four circuits weighing in and reaching the same conclusions, it seems unlikely any further appellate challenges will upset the FBI's malware apple cart. And if the same conclusions continue to be reached, there will no compelling reason for the Supreme Court to weigh in. Add to that the post-facto codification of the tactics used by the FBI in this investigation and you've got dozens of unconstitutional searches being laundered into Fourth Amendment compliance by courts unwilling to penalize the FBI for overstepping its bounds.

Filed Under: 4th amendment, 9th circuit, doj, fbi, good faith, jurisdiction, nit, playpen, rule 41, warrants

CEO Gets Nine Months In Prison For Forging Court Documents Ordering Google To Delist Negative Reviews

from the nowaythisplancouldfail.pdf dept

Fake court orders have landed a businessman real jail time. Michael Arnstein, CEO of Natural Sapphire Company, pled guilty last year to forging court orders he sent to Google to delist negative reviews. This was apparently the lesson Arnstein learned from his single, successful defamation suit: it's cheaper and easier to forge documents than jump through judicial hoops for several months to achieve the same ends.

In fact, he said as much to others seeking solutions to negative review problems -- all preserved as evidence used against him by the DOJ:

"No bullshit: if I could do it all over again I would have found another court order injunction for removal of links (probably something that can be found online pretty easily) made changes in photoshop to show the links that I wanted removed and then sent to 'removals@google.com' as a pdf — showing the court order docket number, the judges [sic] signature — but with the new links put in," Arnstein wrote in a July 2014 email, according to his criminal complaint. "Google isn't checking this stuff; that's the bottom line b/c I spent $30,000 fuckin thousand dollars and nearly 2 fuckin years to do what legit could have been done for about 6 hours of searching and photoshop by a guy for $200., all in ONE DAY".

Well, Google must have been "checking this stuff," because the DOJ's press release about Arnstein's nine-month prison sentence specifically thanks the company for its "helpful assistance in this investigation." To add irony to self-inflicted injury, Arnstein's sentencing was delivered in the same court he impersonated. Arnstein gets nine months for forging court orders, and three years of supervised release following his prison term.

There may be more indictments and sentences on the horizon. The DOJ press release doesn't name names, but makes it clear it wasn't just Arnstein participating in this fraud.

In furtherance of this scheme, ARNSTEIN and others forged the signature of a United States District Judge for the Southern District of New York on more than 10 counterfeit court orders.   

Those would presumably be the unnamed employees referenced in the criminal complaint who helped Arnstein edit PDFs he would later forward to Google for URL delisting. Now that Arnstein is a convicted criminal, I wonder if his position on lawyers has changed. From another Arnstein email contained in the criminal complaint:

I think you should take legal advice with a grain of salt. I spent 100k on lawyers to get a court order injunction to have things removed from Google and Youtube, only to photoshop the documents for future use when new things 'popped up' and google legal never double checked my docs for validity… I could have just saved 100k and 2 years of waiting/damage if I just used photoshop and a few hours of creative editing… Lawyers are often worse than the criminals.

Sure, but in this case, the criminal might have wanted to run his reputation management plan past a competent lawyer first and saved himself the trouble. Arnstein wanted to clean up his company's reputation but only managed to destroy his. Whatever nasty things online reviewers said about Natural Sapphire Company, they're always going to pale in comparison to its CEO's federal prison sentence.

Filed Under: delisting order, doj, fake court orders, forgeries, michael arnstein, reputation management, reviews
Companies: google, natural sapphire