4th Amendment vs Virtual Force by Feds, Trojan Horse Warrants for Remote Searches?

Can the government legally deploy malware for eavesdropping and remote searches, in order to investigate and control potential criminal activity? Here's a look at the future of the Fourth Amendment if the Feds lawfully use virtual force to remotely search computers and how such Trojan horse warrants would work. Part two of looking at Susan Brenner's paper, Fourth Amendment Future: Remote Computer Searches and the Use of Virtual Force.

If you missed part one, Fourth Amendment's Future if Gov't Uses Virtual Force and Trojan Horse Warrants, then please go catch up with the rest of us. This time we'll look at Remote Access Trojans (RAT) which are nothing new, yet assume that this government-injected malware/spyware was not detected by antivirus. Also in this case, we are not assuming the target is a SE (social engineering) victim who opens an email or clicks on a link that installs the backdoor into their digital life. This isn't about if I agree or if I think that sort of privacy invasion is right (if you are wondering, then you've never read this blog huh?); this is about an interesting paper that discussed if the government/law enforcement can legally get around your Fourth Amendment rights and secretly install software for remote searches.

Virtual Force

When the Feds used virtual force to "enter" computers infected with the Coreflood botnet and issue the 'stop' command, thereby disabling the malware, it was not considered a Fourth Amendment search. It did not "meaningfully interfere with a computer owner's possessory interests over an infected computer" and required no Trojan horse warrant. While it ended successfully, and we don't need botnets, that seems like a very slippery slope now that we are talking about surreptitiously installing software so law enforcement can sneak in through a backdoor for a remote search.

In America, the land of the free, you have a Fourth Amendment right to be free from unreasonable searches and seizures, but entry into your devices connected to the Internet do not have the exact same "reasonable expectation of privacy" protections as you would for your hard drive which is considered a "closed container." Since it's located in a home or office, it would require physical access to get hold of it. In Fourth Amendment Future: Remote Computer Searches and the Use of Virtual Force, University of Dayton School of Law professor Susan Brenner pointed out that courts have found there is no violation of the Fourth Amendment or reasonable expectation of privacy if peer-to-peer or file-sharing software is installed on a computer. Law enforcement has legally used P2P software for entry to "to locate and download files designated for sharing from someone's computer, even if that computer was in the suspect's home."

If no P2P software is installed on the machine, then Brenner said law enforcement would need a "search and seizure" warrant before installing a RAT. Keep in mind, however, the good old privacy-decimating Patriot Act allows for "sneak and peak" warrants. To install a keylogger or similar snooper, the Trojan horse warrant would need to specify for how long it would remain on the computer and for what it was searching. "Always on" for an unlimited time period of spying, and free to pillage everything does not strike me as "reasonable." It would not be a person but a program doing the searching, so "plain view" would not apply the same as if the cops busted into your house for one purpose but noticed drugs sitting out in plain view on the table; those drugs, or whatever was seen, can be seized and then you'd get busted for that too.

Brenner wrote in Fourth Amendment Future: Remote Computer Searches and the Use of Virtual Force:

Two authors have suggested that the Trojan Horse program might be configured so that it automatically avoids data that is not within the scope of the Trojan Horse warrant: If a police Trojan has accessed a suspect's computer and is searching the hard-drive for relevant data, it should 'understand' that certain types of . . . private data such as health records, is protected by the constitutional rights of the suspect, and is therefore 'inaccessible' by the police. This should trigger a corresponding 'disability' by the agent to collect information unless there is also a superseding 'power' that overrules the suspect's constitutional rights on this occasion, and allows the exceptional violation.

Since Trojan Horse programs "can work autonomously without the direct intervention of a human controller, their search is not limited to a specific time period. Hence, they are (potentially) ubiquitous and 'always on.'" Court rules and statutes could address this issue by requiring (i) that the Trojan Horse program be deleted from the target computer once the authorized search had been completed or (ii) that officers disable the program, thereby preventing it from continuing to conduct searches on the target computer.

Trojan horse warrants
So could the Feds get the warrant to jump over your Fourth Amendment rights? Yeppers, most probably. But if the RAT also captured and intercepted data going to and from a computer? That's wiretapping and don't even get me started on that one. But on Cyber3crim3, Brenner wrote, "the use of these programs could not be lawfully conducted with only a search warrant if they in any way intercepted communications coming into or being sent from the computer being searched. Intercepting communications constitutes a wiretap, and wiretaps require a special authorization."

Virtual force as Brenner's paper addressed it was in regard to the government launching a DDoS attack on a site such as some people suggested was behind the attack on WikiLeaks to knock the servers offline and stop Cablegate. Yet it might be given the label "offensive cyberwarfare" as the Feds have the means to "DDoS to knock it permanently offline" or use other "cyberforce" like "viruses or worms to destroy the site." There is no "searching" if a hack is meant to interfere with the functionality of a site, a server in the USA, so only the reasonable "seizure" portion of protection afforded via the Fourth Amendment would apply. Again, a warrant that defined the DDoS attack "time period" could likely get around that.

Do I think it's being done in the digital world now? If I told you to wake up and smell the cyber-coffee that might be rude, so let's look elsewhere even if this one is not in the USA. The Edge's Code is Law discussed the Anatomy of a Digital Pest [PDF] as was published in the German national newspaper Frankfurter Allgemeine Zeitung; it dissected the German spyware that has caused such an epic surveillance scandal. The paper was devoted "to an expose that included page after page of malware software code reverse-engineered by computer hackers from 'the Staatstrojaner surveillance program,' code that the German government has been illegally inserting into users' computer system. ...The findings are alarming. The Trojan can read our thoughts and remote control our computers."

Not so peachy if you value privacy and believe that right is a reasonable expectation under the Fourth Amendment and Constitution. Like it or not, I agree with Brenner that we will probably see more use of virtual force and Trojan horse warrants. But I've used the term "virtual force" differently than Brenner did as, the way I see it, there is no consent but instead force involved to get the backdoor for spying into the computer. It also sounds unreasonable, but hey, from a security perspective the digital realm is a dangerous place ripe with cybercrime; it is an undisputed fact that some corners of cyberspace are crammed with cyberthugs, terrorists and espionage-hungry cyberspies wreaking as much havoc and destruction as they can. On us, American businesses, citizens and our government. The government must be allowed ways to protect us, but more surveillance of regular citizens? Privacy always loses out when 'balanced' against security and that's the crux of the problem. The slick slope gets even more slippery if the government is tempted to "sneak and peek" just to make sure people aren't potentially terrorists, cyberspies, or cybercriminals. Trampling the Fourth Amendment in this way is a complex issue and you should read Brenner's paper. She is a "law professor who speaks, writes and consults on cybercrime and cyberconflict."

Should you worry about Trojan horse warrants, remote searches, or the future of the Fourth Amendment? Oh pahleeze, come on! It's not like we've ever seen the FBI or NSA abuse their power for illegal eavesdropping or warrantless surveillance. Oh wait....

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!