Articles Posted in Computer Hacking

Published on:

photo_55295_20151127-300x236Your phone constantly tracks and records its location and transmits the information to your wireless carrier. Most phone companies keep that data — known as “cell site location information” — for up to five years. And until last week, it was pretty much available to the government for the asking.

Think for a moment what that means. If you went to a psychiatrist, a divorce lawyer, an AA meeting, a yoga class, or a 1980s dance party in the last five years, any policeman in the country could find out about it just by asking the phone company where your phone was at a given moment in time. It is as though the government placed permanent tracking devices on all of us. True, under federal law, the police had to ask for a court order under the Stored Communications Act based on a showing that the cell site data was “relevant and material to an ongoing investigation.” But that is a ridiculously low standard: pretty much anything an investigator wants to see can be tied to an investigation one way or another. Orders under 18 U.S.C. Section 2703(d) were, in practice, routinely granted by both state and federal courts.

All that changed last Friday when a fractured Supreme Court ruled in Carpenter v. U.S. that grabbing cell site data constitutes a search under the Fourth Amendment. That means that use of cell site data must be reasonable. For police investigations, a search is only reasonable if it is based on a search warrant supported by probable cause. Probable cause, the Court explained, is something more than the low standard in Sec. 2703(d): “relevant and material” just means cell site evidence “might be pertinent to an ongoing investigation,” whereas probable cause requires a “quantum of individualized suspicion” before police can start rummaging. So a Section 2703(d) subpoena is not enough to support obtaining cell site data. Mr. Carpenter’s conviction, based in part on cell site location data showing his phone was near several stores at the time they were robbed, was thrown out.

Published on:

By

Last week, President Trump signed legislation that expands criminal liability for people who own or operate online platforms that “promote or facilitate” not only sex trafficking, but virtually any consensual sex work. The new law, which amends Section 230 of the Communications Decency Act (“CDA”), is commonly referred to as the “Allow States and Victims to Fight Online Sex Trafficking Act (“FOSTA”), or by its Senate name, the “Stop Enabling Sex Traffickers Act (SESTA).”

The FOSTA-SESTA amendment to the CDA is fairly short, but raises questions about how it will be enforced by prosecutors and plaintiffs’ attorneys granted a private right of action under the law. Under the new law:

  1. Anyone who “owns, manages, or operates” an online platform or “conspires or attempts to do
Published on:

By

Two huge illicit markets operating on the Dark Web, AlphaBay and Hansa, were shut down today after being infiltrated by the government for the past several weeks. The sites had claimed up to 200,000 users, 40,000 vendors and 350,000 listings for illegal drugs, stolen credit card information, hacked computer code, counterfeit goods and other illegal items. A Canadian citizen based in Thailand was arrested last month in connection with AlphaBay.

The Dark Web consists of websites accessible only though the Tor network, an easy-to-use, technically sophisticated way to communicate anonymously over the internet. The technology, much to the dismay of governments around the world, has become popular with political dissidents as well as criminals hiding their activities from law enforcement. The Dark Web is home to numerous high-traffic online marketplaces with few limits on what can be bought or sold. These businesses conduct transactions in BitCoin, Ethereum and other cryptocurrencies.

According to the Department of Justice press releasee, AlphaBay users bought and sold “deadly illegal drugs, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals throughout the world.”

Published on:

By

The conviction of Ross Ulbricht, the mastermind behind the Silk Road marketplace on the Dark Web, has given the Second Circuit a chance to explore how to apply the Fourth Amendment to the search and seizure of stored digital information.

The government seized and searched Mr. Ulbricht’s laptop. Ulbricht, backed by the National Association of Criminal Defense Lawyers, argued on appeal that the search violated what is known as the “particularity” requirement of the Fourth Amendment. Under the Fourth Amendment, all warrants must be supported by probable cause and “particularly describ[e] the place to be searched, and the persons or things to be seized.” The Framers adopted the requirement that a warrant describe in a particular manner both the place to be searched and what the government intends to seize as evidence of a crime to prevent “general warrants.” A general warrant is a warrant that grants government agents discretion to search any and all property owned by a criminal suspect in an unrestrained and exploratory manner. By contrast, the Fourth Amendment demands that agents tell the court, before searching a suspect’s property, where they plan to search, what they plan to seize, and how the place to be searched and the things to be seized relate to the charged conduct.

Systems with digital information present special challenges for agents attempting to describe the target of their search and for courts attempting to fashion warrants that don’t authorize agents to rummage through wholly irrelevant digital files. The appeals court in U.S. v. Ulbricht recognized that hard drives typically contain a wide range of highly sensitive information, such as “tax records, diaries, personal photographs, electronic books, electronic media, and medical data, records of internet searches, [and] banking and shopping information.” Second, as a practical matter, it is difficult—if not impossible in most cases—for the government to separate sensitive, private, or irrelevant information from information that is targeted before they conduct an examination of a digital device. Often, agents must seize a suspect’s entire computer system, or gain access to a suspect’s entire email account, before they can determine if it contains evidence relevant to their investigation.