Computer Crime Research Center

Hacker's vigilante efforts deemed inadmissible in court
(Lisa M Bowman)

Welcome to a legal grey area...

A US federal judge has ruled that law enforcement officials went too far when they tried to use evidence gathered by a known hacker to convict someone of possessing child pornography.

The decision is believed to be the first to say that hacking into an internet-connected home PC without a warrant violates the Fourth Amendment, which prohibits unreasonable searches and seizures.

Orin Kerr, an associate professor at George Washington University Law School, said: "This makes it clear that law enforcement needs a search warrant to do this."

Should hacking in the name of the law be permitted?

The Virginia judge suppressed evidence of child porn possession after the defendant's lawyers argued the evidence had been illegally obtained by a hacker whose methods had received approval from law enforcement officials.

The decision came out of a case in which a hacker uploaded a file to a child porn newsgroup that made it possible to track who downloaded files from the service. The uploaded file contained the SubSeven virus, which the hacker used to remotely search people's computers for porn.

The hacker then played the role of a cyber-vigilante, sending anonymous tips to law enforcement officials alerting them to child porn files the hacker had found on people's PCs.

In one case, the hacker tipped off officials in Alabama about a doctor in that state who had downloaded files from the newsgroup. The doctor was eventually sentenced to 17 years in prison. The hacker later contacted the same officials about a Virginia man who the hacker suspected was involved with child porn.

The Alabama officials told the FBI of the hacker's suspicions. The bureau, through the Alabama officials, encouraged the hacker to send more information. Based on that further data, US attorneys and state prosecutors filed numerous charges against the Virginia man, William Adderson Jarrett, related to creating and receiving child porn.

Jarrett pleaded guilty. However, his attorneys also argued that the FBI had violated Jarrett's Fourth Amendment rights when they retrieved the information, via the hacker, without a warrant.

The judge agreed with that assertion, ruling that the evidence could not be used in court because the FBI had approved of hacking as a means of obtaining it, a move that violates protections against unreasonable search and seizure.

The judge's ruling said: "By requesting that [the hacker] send the information, the FBI indicated its approval of whatever methods [the hacker] had used to obtain the information."

The decision put Jarrett's guilty plea on hold.

Although US prosecutors are likely to appeal the ruling, the case could be a cautionary tale for agencies that try to use hackers as an arm of law enforcement without first obtaining a warrant.

The ruling also could open the door for other defendants to use similar arguments in their cases.

Source: www.silicon.com

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org