A federal judge in Texas has ruled that the FBI has to obtain a warrant before it can infect a suspect’s computer with malware in order to look for evidence.
The decision came as part of the ongoing case of Jeffrey Torres, who is currently facing child pornography charges.
Torres was arrested after the FBI managed to seize dark web servers responsible for hosting child porn site Playpen, and used them to infect visitors with malware.
This so-called ‘Network Investigative Technique (NIT)’ was able to uncover the IP address and identity of those visiting playpen.
However, Torres had requested some evidence be suppressed because it had been obtained through an unlawful ‘search’ of his computer via the NIT.
Senior US District judge David Ezra has now ruled that, constitutionally, Torres was correct in claiming the malware infection counts as a search, but he refused to declare it unlawful, claiming there was no evidence to suggest that the FBI or judge at the time acted in bad faith.
He had the following:
“The NIT placed code on Mr Torres' computer without his permission, causing it to transmit his IP address and other identifying data to the government…That Mr Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a 'search' for Fourth Amendment purposes.”
The ruling is at odds with an earlier one in Virginia which claimed that a warrant isn’t required for any hacking activity conducted by the authorities in such circumstances.
As a result, judge Ezra is now calling on Congress to clarify the situation.
In his ruling, he wrote that the NIT warrant “has brought to light the need for Congressional clarification regarding a magistrate’s authority to issue a warrant in the internet age, where the location of criminal activity is obscured through the use of sophisticated systems of servers designed to mask a user’s identity.”