U.S. Magistrate Judge Stephen Smith (S.D. Tex.) recently denied a Federal Bureau of Investigation application for a search warrant, in one of the first public rejections of an FBI request to use spyware. Earlier this year, an individual was the victim of a hacker (or hackers) who gained access to his email account, which was in turn used to access the individual’s bank account. The government sought a warrant to surreptitiously install software into the hacker’s computer that would extract data and take control of the computer’s digital camera to take snapshots of the user. Judge Smith examined the requirements of Federal Rule of Criminal Procedure 41(b) as well as the requirements of the 4th Amendment, and found that the government’s application was insufficient.

As Judge Smith noted, Rule 41(b) provides magistrate judges with five alternate territorial requirements on their authority to issue a warrant. By his reasoning, none were satisfied here. Because the location of the computer in question was uncertain (the application noted that the most recent internet protocol address for the attack resolved to a country in Southeast Asia), even the broadest of Rule 41(b)’s jurisdictional thresholds could not be met. Before a warrant can be issued, Rule 41(b) requires the target of the search to be within the district of the issuing magistrate judge at the time of the search, (41(b)(1)), or at the time of the request for the warrant, (41(b)(2)), or to be within the territory of the United States under (41(b)(5)). Rule 41(b)(3) makes an exception for terrorism, and Rule 41(b)(4) covers tracking devices, with the same requirements as 41(b)(2). This ruling illustrates a significant hurdle that law enforcement must face when making a request to search a movable computer that may very well be located overseas.

Judge Smith also ruled that the government’s application failed to pass Constitutional muster on at least two 4th Amendment grounds: the particularity requirement and the video surveillance requirements. Judge Smith’s analysis of the particularity requirement illustrates one of the most challenging aspects for law enforcement with respect to cybercrime: How does law enforcement ensure that spyware or other software targets only the alleged hackers? Judge Smith noted:

What if the Target Computer is located in a public library, an Internet café, or a workplace accessible to others? What if the computer is used by family or friends uninvolved in the illegal scheme? What if the counterfeit email address is used for legitimate reasons by others unconnected to the criminal conspiracy? What if the email address is accessed by more than one computer, or by a cell phone and other digital devices?

Finding no satisfactory answers to these and other questions, the court held that “there may well be sufficient answers to these questions, but the Government’s application does not supply them.” Accordingly, Judge Smith held that the affidavit did not meet the particularity requirements of the 4th Amendment.

Finally, the court held that hacking a computer’s camera to take snapshot pictures was tantamount to video monitoring, and must therefore meet heightened Constitutional standards under 5th Circuit precedent. Specifically, the 5th Circuit in United States v. Cuevas-Sanchez held that an application for a warrant must include both a statement of the steps to be taken to assure that the surveillance will be minimized to achieve only the purpose of the order, and a factual statement describing why alternative methods would be insufficient. Noting that his order stops short of holding that “such a potent investigative technique could never be authorized under Rule 41,” he nonetheless found that in this particular case the application for a warrant failed to meet the requirements under Rule 41 as well as those of the 4th Amendment.

Judge Smith is no stranger to digital privacy concerns, having also denied a government request to compel production of cell site information without a warrant. This denial was upheld by the district court and is currently on appeal to the 5th Circuit. Defending that decision in a paper entitled Standing Up for Mr. Nesbitt, Judge Smith explains his position that the government must be kept in check, because “[i]f ‘Trust us, we’re U.S. Marshals’ had been good enough for the founders, the 4th Amendment would never have seen print.”

Judge Smith’s denial of the FBI warrant highlights two of the more interesting issues in privacy and criminal law. First, is digitally stored data legally unique in some way from paper documents because of the voluminous amount of information that can be stored on electronic devices? Judge Smith indicates that it might be, noting that “some scholars have challenged the aptness of the container metaphor, noting that the ever growing storage capacity of an ordinary hard drive more closely resembles a library than a filing cabinet.” Next, how should judges apply laws and rules written years ago to current technologies? Noting that “there may well be a good reason to update the territorial limits of [Rule 41] in light of advancing computer search technology,” Judge Smith nonetheless applied the standard as written and denied the FBI’s request.

The question of whether a warrant to search digital media deserves special consideration under the 4th Amendment is a difficult one, and courts have come to different and conflicting conclusions. Similarly, applying law that is arguably outdated to new technologies has proven challenging for courts as well, and has led to equally inconsistent results. It seems unlikely that these areas of legal ambiguity will be resolved without Congressional action, which itself is proving to be a complex and challenging proposition.