The WSJ's Jennifer Valentino-DeVries broke this story yesterday,
unfortunately behind the WSJ's paywall:
https://twitter.com/jenvalentino/status/327172745332916225
For a solid summary, see @rj_gallagher's coverage at Slate:
Slate (Apr 25) - "Judge Rejects FBI Attempt to Use Spyware to Infiltrate
Unknown Suspect's Computer" by Ryan Gallagher:
http://www.slate.com/blogs/future_tense/2013/04/25/texas_judge_denies_fbi_request_to_use_trojan_to_infiltrate_unknown_suspect.html
Or go straight to the Memorandum and Order, which is quite the read:
http://www.scribd.com/doc/137842124/Texas-Order-Denying-Warrant
Magistrate Judge Stephen Smith of the Southern District of Texas was
presented with an FBI affidavit requesting a Rule 41 search and seizure
warrant targeting an unknown computer at an unknown location used by an
unknown suspect(s). The lack of specificity was sufficient grounds for
declining to issue the warrant, and Judge Smith goes through each of
Rule 41's five territorial limits which the government's application
failed to satisfy. Although it's interesting to see that the FBI hoped
to satisfy the territorial limit by performing the search on the
computer's data once it was brought into the Judge's territory, the
interesting part concerns just how the FBI hoped to acquire and
transport that data: by cracking or phishing into the unknown target
computer, installing a sophisticated piece of malware, searching for and
gathering information for 30 days, while exfiltrating significant
quantities of data out of the system.
What kind of data? Although the original affidavit and the revised
affidavit were sealed (the FBI having been given at least one
opportunity to clarify their intent), Magistrate Judge Smith was kind
enough to cite the section of the affidavit which details exactly what
information the FBI intended to acquire from the unknown computer:
(1) records existing on the Target Computer at the time the software
is installed, including:
records of Internet Protocol addresses used;
records of Internet activity, including firewall logs, caches, browser
history and cookies, "bookmarked" or "favorite" Web pages, search
terms that the user entered into any Internet search engine, and
records of user-typed Web addresses;
records evidencing the use of the Internet Protocol addresses to
communicate with the [victim’s bank’s] e-mail servers;
evidence of who used, owned, or controlled the TARGET COMPUTER at the
time the things described in this warrant were created, edited, or
deleted, such as logs registry entries, configuration file, saved user
names and passwords, documents, browsing history, user profiles,
e-mail contents, e-mail contacts, "chat," messaging logs, photographs,
and correspondence;
evidence of software that would allow others to control the TARGET
COMPUTER;
evidence of times the TARGET COMPUTER was used; and
records of applications run.
(2) prospective data obtained during a 30-day monitoring period,
including:
accounting entries reflecting the identification of new fraud victims;
photographs (with no audio) taken using the TARGET COMPUTER's built-in
camera after the installation of the NEW SOFTWARE, sufficient to
identify the location of the TARGET COMPUTER and identify persons
using the TARGET COMPUTER;
information about the TARGET COMPUTER's physical location, including
latitude and longitude calculations the NEW SOFTWARE causes the TARGET
COMPUTER to make;
records of applications run.
Later in the Memorandum, Judge Smith takes the FBI to task for having
the gall to state:
Steps will be taken to assure that data gathered through the technique
will be minimized to effectuate only the purposes for which the
warrant is issued. The software is not designed to search for,
capture, relay, or distribute personal information or a broad scope of
data. The software is designed to capture limited amounts of data, the
minimal necessary information to identify the location of the TARGET
COMPUTER and the user of TARGET COMPUTER.
I applaud Magistrate Judge Stephen Smith for his principled action in
this circumstance, which is one amongst many significant actions he has
taken to resist court secrecy, the abuse of secret "gag" orders, and the
application of the Constitution to electronic surveillance requests:
http://www.fclr.org/fclr/articles/html/2009/jmffedctslrev5.pdf
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2071399
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2143339
Please consider sharing this information with others.
gf
--
Gregory Foster || gfos...@entersection.org
@gregoryfoster <> http://entersection.com/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
