Posted on 11/15/2002 11:08:24 AM PST by TexRef
A federal judge has ruled that law enforcement officials went too far when they tried to use evidence gathered by a known hacker to convict someone of possessing child pornography.
The decision, handed down earlier this month, is believed to be the first to say that hacking into an Internet-connected home PC without a warrant violates the Fourth Amendment, which prohibits unreasonable searches and seizures.
"This makes it clear that law enforcement needs a search warrant to do this," said Orin Kerr, an associate professor at George Washington University Law School. Kerr said the ruling was the first of its kind.
The Virginia judge suppressed evidence of child porn possession after the defendant's lawyers argued the evidence had been illegally obtained by a hacker whose methods had received approval from law enforcement officials.
The decision came out of a case in which a hacker uploaded a file to a child porn newsgroup that made it possible to track who downloaded files from the service. The uploaded file contained the SubSeven virus, which the hacker used to remotely search people's computers for porn.
The hacker then played the role of a cybervigilante, sending anonymous tips to law enforcement officials alerting them to child porn files the hacker had found on people's PCs.
In one case, the hacker tipped off officials in Alabama about a doctor in that state who had downloaded files from the newsgroup. The doctor was eventually sentenced to 17 years in prison. The hacker later contacted the same officials about a Virginia man who the hacker suspected was involved with child porn.
The Alabama officials told the FBI of the hacker's suspicions. The bureau, through the Alabama officials, encouraged the hacker to send more information. Based on that further data, U.S. attorneys and state prosecutors filed numerous charges against the Virginia man, William Adderson Jarrett, related to creating and receiving child porn.
Jarrett pleaded guilty. However, his attorneys also argued that the FBI had violated Jarrett's Fourth Amendment rights when they retrieved the information, via the hacker, without a warrant.
The judge agreed with that assertion, ruling that the evidence could not be used in court because the FBI had approved of hacking as a means of obtaining it, a move that violates protections against unreasonable search and seizure.
"By requesting that (the hacker) send the information," the judge's ruling said, "the FBI indicated its approval of whatever methods (the hacker) had used to obtain the information."
The decision put Jarrett's guilty plea on hold.
Although U.S. prosecutors are likely to appeal the ruling, the case could be a cautionary tale for agencies that try to use hackers as an arm of law enforcement without first obtaining a warrant.
The ruling also could open the door for other defendants to use similar arguments in their cases.
As well, it is an offense under various Federal laws to hack into someone's computer.
The judge was right to throw out the evidence.
Problem was, I think, the hacker was living in Turkey!
Trespasser sends an eMail with child porn included. Person opens up eMail, presto chango, child porn pictures exist on the receiver's computer.
Trespasser sends an eMail that claims discount coupons are a click away. Computer owner clicks to pick up the coupons and accesses a page with large child porn photos. Presto chango, child porn pictures exist on the receiver's computer.
Trespasser is under the gun from law enforcement. Either give up someone or you go to prison. It is established that the trespasser can find graphics on computers via the internet using background methods. What isn't mentioned is that the trespasser can also pass data to the host computer.
The trespasser or a friend could do these or any of a number of other acts to put photos on someone's computer.
I don't like the idea of a child porn user getting away with it, but I do want to be damn sure he's not just a convenient foil for someone under the gun either.
One other thing bugs me about this story. Once again the term hacker is bastardized into something it's not.
Hacking is when a non-professional or untrained person fiddles around with his own computer to learn how it works. He's a hack computer user. Just like an amature golfer is a hack golfer. Thus he's a hacker. A hacker is not a trespasser, an invader, a poacher or anything else remotely considered to be abusive to anther person's computer.
Once again the term hacker is bastardized into something it's not. Hacking is when a non-professional or untrained person fiddles around with his own computer to learn how it works. He's a hack computer user. Just like an amature golfer is a hack golfer. Thus he's a hacker. A hacker is not a trespasser, an invader, a poacher or anything else remotely considered to be abusive to anther person's computer.
The term "hacker" came from the early days (even pre-Internet) of someone trying to "hack" (that is, agreesively break through) operating system protections. The term precedes the internet and applied to mainframes. I was using the term in 1976 when I was an applications developer. I know of what I speak.
So they say.
That's a problem I tried to point out when this was originally posted. If this were allowed, then law enforcement could just have people on their pay roll that there is no record of doing this type of stuff. They could always just pull the old "He doesn't work for us - just did this on his own". It would be too easy for cops to just hack computers themselevs, and claim the hacker was just some good samaritan civilian.
It came to mean an OS cracker somewhat later. Purists still prefer "cracker" as more descriptive. Me, I like "@#$$%$@!#%$!#%%!!!" It's more evocative.
It's not that big a deal. Thanks for your view on it and I'm not claiming mine is the only valid view. Take it easy.
I have checked around, and most people I know with msn or aol get these emails.
Most of them seem to be coming from overseas.
I agree with your sentiments here, D1, but for the life of me I cannot find a provision for warrantless searches of financial records in either H.R. 5710, the Homeland Security Bill, or a companion bill on computer security. It wouldn't surprise me if such was in there somewhere, but I haven't seen it. Likewise, Safire claims that the Homeland Security Bill provides for all credit card data, medical records and other person data to be hoovered into a massive central database. I haven't seen that either, and me and the poster M1911 have been poring over that bill for two days now. So put me into the somewhat confused column at this point, until either I find the verbiage, someone else posts it or we determine that it simply isn't there.
The decision put Jarrett's guilty plea on hold.
Oooooooooh - punchcards. Remember dropping a stack of those?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.