> they typed “miscellaneous” strings of characters into the login page’s entry fields
So this is legal when the FBI does it, but when someone else does essentially the same thing on an AT&T server it's identity fraud and conspiracy to access a computer without authorization
Assuming the FBI had a warrant, they had a right to do whatever they wanted to SR's server, no?
I think weev's sentence was utter bullshit, but you can't equate the two things. SR was a drug marketplace, AT&T is not. This is like arguing police shouldn't be able to pick the lock of your drug safehouse door because you aren't allowed to pick other people's locks.
A warrant entitles you to search a specific place for a specific thing. It isn't a letter of marque. Courts can't order the FBI to go Dirty Harry up the Internet if it brings down that damn drug website. That's illegal.
Of course, who watches the watchers? The US government already imprisons people for life without trial or charge, interrogates using the same torture techniques the Soviets used on captured Japanese scientists, and surveils the diplomats of its own allies. It might be, and you know, probably is committing industrial espionage.
At some point you have to raise your head up, see the forest amongst the trees, and just admit that the rule of law is dead in the world. The power asymmetries are too vast, and the people who rule your life know it.
Sure you can equate the two cases. Someone with power decided weev and Ross would be removed from the board and so they were. Let that be a lesson to anyone who could piss off the truly powerful.
> A warrant entitles you to search a specific place for a specific thing.
Not all warrants are the same, but I've seen them do a lot of damage (broken-down doors, torn up mattresses, general mayhem) in the course of executing a warrant. This seems in spirit with that.
That's the thing - the FBI didn't have a warrant. They're trying to argue that they should be allowed to use the information anyway, because it wasn't 'hacking,' it was 'entering miscellaneous strings.'
On a related note, why the hell didn't they get a warrant? I doubt it would have taken long.
However, to play devil's advocate a bit: the FBI essentially saw the output of the PHP call `print_r($_SERVER)`. The only thing that's actually sensitive in there is the server's IP address and hostname. This is not usually considered sensitive information. If it is to be believed that is as far as they went before getting a warrant (and I don't know if that's the case or not), then obtaining the IP address would allow them to actually serve a court order to the hosting provider. In that sense it could be seen as non-invasive and purely conducive to their investigation.
But I agree there should not be a double standard. I think what weev did was not illegal, and what the FBI did here was not illegal, personally.
I remember reading rumors that this happened to some random user when the site went a bit wrong and they posted the information to the SR forums. I think it then got deleted fast.
A search warrant isn't a license for law enforcement to break the law; it's a license to lawfully conduct a search and seizure based on probable cause of the commission of a crime. Warrants exist because of the Fourth Amendment, which /specifically/ deals with searches and seizures; warrants have nothing to do with a nonexistent general rule preventing law enforcement from breaking any law. Law enforcement can and does break the law all the time to conduct sting operations regarding drugs, prostitution, child porn, hitmen, etc.
For instance, the DEA can buy drugs in order to trace and later apprehend drug suppliers. They don't need a warrant to do this (though information gained from such a sting operation may later lead to a judge issuing a search warrant).
Completely irrelevant. Many more drug deals have probably been arranged through email than through Silk Road too. SR's express purpose was to provide a marketplace for drug vendors to sell to drug buyers.
oh, so a warrant is a free pass to do whatever you want?
apparently "no-knock" warrants that get issued like mints at a dance allow SWAT teams to flashbang a baby and no one faces criminal negligence charges.
I guess regular warrants will let law enforcement really make us grab our ankles and do whatever they want to us.
SR being a drug marketplace and AT&T "not being a drug marketplace" are irrelevent. Law enforcement is tasked with the EXACT SAME LAWS AS EVERYONE ELSE.
Apparently you like to confuse law and justice with "who's got which legislatures on their payroll and can put people down for accessing their stuff without permission"
That's very much the point. The FBI can make an argument that they weren't trying to gain access (since a real attempt to gain access would have looked different from "entering miscellaneous strings"). They were trying to see what the system did when authorization attempts failed. As far as I know, there's no law against that. It's similar to going through a suspect's trash.
Well, there is a general principle that police can do things that ordinary citizens cannot. But, subject to rules, not indiscriminately. For instance, they can enter a property if they have a warrant, whereas if someone else does this, it is break and enter. If the FBI established "probable cause" that the server is used for crime, they could have gotten a warrant. I can't imagine it would have been difficult, so why wouldn't they have taken the legal precaution.
So this is legal when the FBI does it, but when someone else does essentially the same thing on an AT&T server it's identity fraud and conspiracy to access a computer without authorization