Volokh Conspiracy: Does obtaining leaked data from a misconfigured website violate the CFAA?

The U.S. Department of Justice is current prosecuting Ross Ulbricht for being the apparent mastermind of the illegal narcotics website Silk Road, which was run for years on a hidden website. In defending the prosecution, the U.S. Attorneys Office recently filed a very interesting brief explaining how investigators found the computer server that was hosting the Silk Road (SR) server. Although the brief is about the Fourth Amendment, it has very interesting implications for the Computer Fraud and Abuse Act, the federal computer hacking statute.

The brief explains how the FBI found the SR server:

The Internet protocol (IP) address of the SR Server (the Subject IP Address) was leaking from the site due to an apparent misconfiguration of the user login interface by the site administrator i.e., Ulbricht. FBI agents noticed the leak upon reviewing the data sent back by the Silk Road website when they logged on or attempted to log on as users of the site. A close examination of the headers in this data revealed a certain IP address not associated with the Tor network (the Subject IP Address as the source of some of the data). FBI personnel entered the Subject IP Address directly into an ordinary (non-Tor) web browser, and it brought up a screen associated with the Silk Road login interface, confirming that the IP address belonged to the SR Server.

The FBIs declaration explains that the investigating agent entered miscellaneous information into the login prompt of the Silk Road server and received an error message. A forensic analysis of the error message found that it contained an IP address not associated with Tor. That IP address was the address of the Silk Road server.

The DOJ brief argues that there was nothing unconstitutional or otherwise unlawful about obtaining the inadvertently leaked IP address from the Silk Road server:

There was nothing unconstitutional or otherwise unlawful in the FBIs detection of that leak. The Silk Road website, including its user login interface, was fully accessible to the public, and the FBI was entitled to access it as well. See United States v. Meregildo, 883 F. Supp. 2d 523, 525 (S.D.N.Y. 2012) (noting that web content accessible to the public is not protected by the Fourth Amendment and can be viewed by law enforcement agents without a warrant). The FBI was equally entitled to review the headers of the communications the Silk Road website sent back when the FBI interacted with the user login interface, which is how the Subject IP Address was found.

It does not matter that Ulbricht intended to conceal the IP address of the SR Server from public view. He failed to do so competently, and as a result the IP address was transmitted to another party which turned out to be the FBI who could lawfully take notice of it. See United States v. Borowy, 595 F.3d 1045, 1048 (9th Cir. 2010) (finding that defendant had no legitimate privacy interest in child pornography files posted on peer-sharing website, notwithstanding that defendant had made ineffectual effort to use site feature that would have prevented his files from being shared); United States v. Post , __ F. Supp. 2d __, 2014 WL 345992, at *2-*3 (S.D. Tex. Jan. 30, 2014) (finding that defendant had no legitimate privacy interest in metadata used to identify him that was embedded in file he had posted on Tor website, notwithstanding that he did not realize he was releasing that information and he intended to remain anonymous).

In short, the FBIs location of the SR Server was lawful, and nothing about the way it was accomplished taints any evidence subsequently recovered in the Governments investigation.

I wonder: Does DOJs position that there is nothing . . . unlawful about this procedure mean that DOJ concedes that it would not violate the Computer Fraud and Abuse Act, 18 U.S.C. 1030, the federal computer hacking statute?

The FBIs location of the SR server brings to mind the prosecution of my former client Andrew Auernheimer, aka weev, who readers may recall was criminally prosecuted for his role in visiting website addresses on an AT&T server that AT&T had thought and hoped would not be found by the public. Auernheimers co-conspirator found that AT&T had posted e-mail addresses on its server at IP addresses that the public was not expected to find.

Here is the original post:

Volokh Conspiracy: Does obtaining leaked data from a misconfigured website violate the CFAA?

Quinn: Supreme Court should clarify Fourth Amendment rights in the digital age - April 26th, 2014 [April 26th, 2014]
Fourth amendment | Wex Legal Dictionary / Encyclopedia ... - April 26th, 2014 [April 26th, 2014]
The Fourth Amendment is destroyed by the Roberts led Supreme Court. - Video - April 26th, 2014 [April 26th, 2014]
Protections for e-data clear Senate committee - April 27th, 2014 [April 27th, 2014]
Weighing The Risks Of Warrantless Phone Searches During Arrests - April 29th, 2014 [April 29th, 2014]
Court may let cops search smartphones - April 29th, 2014 [April 29th, 2014]
Supreme Court to hear case on police searches of cellphones - April 29th, 2014 [April 29th, 2014]
Fourth Amendment in the digital age: Supreme Court to decide if police can search cellphones without a warrant - April 30th, 2014 [April 30th, 2014]
What Scalia knows about illegal searches - April 30th, 2014 [April 30th, 2014]
Should police be allowed to search your smartphone - Video - April 30th, 2014 [April 30th, 2014]
The Shaky Legal Foundation of NSA Surveillance on Americans - May 1st, 2014 [May 1st, 2014]
Pennsylvania Supreme Court rules police don't need warrants to search cars - May 3rd, 2014 [May 3rd, 2014]
Local police: Updated vehicle-search law still requires probable cause - May 3rd, 2014 [May 3rd, 2014]
Liberal Supreme Court Justice Comes To The Defense Of Scalia - May 3rd, 2014 [May 3rd, 2014]
Smartphones and the Fourth Amendment - Video - May 4th, 2014 [May 4th, 2014]
Fourth Amendment Defined & Explained - Law - May 6th, 2014 [May 6th, 2014]
I-Team: Do police seek search warrant friendly judges? - May 8th, 2014 [May 8th, 2014]
Is Big Brother Listening? Applying the Fourth Amendment in an Electronic Age - Video - May 9th, 2014 [May 9th, 2014]
Magistrate waxes poetic while rejecting Gmail search request - May 10th, 2014 [May 10th, 2014]
The Fourth Amendment - Video - May 10th, 2014 [May 10th, 2014]
License reader lawsuit can be heard, appeals court rules - May 15th, 2014 [May 15th, 2014]
Seize the Rojo - Video - May 16th, 2014 [May 16th, 2014]
NSA Spying Has a Disproportionate Effect on Immigrants - May 16th, 2014 [May 16th, 2014]
Motorists sue Aurora, police in 2012 traffic stop after bank robbery - May 18th, 2014 [May 18th, 2014]
Judge Says NSA Phone Surveillance Likely Unconstitutional - Video - May 21st, 2014 [May 21st, 2014]
New York Attorney Heath D. Harte Releases a Statement on Fourth Amendment Rights - May 22nd, 2014 [May 22nd, 2014]
The Fourth Amendment Rights - Video - May 23rd, 2014 [May 23rd, 2014]
Bangor Area School District teachers vote no to random drug - May 24th, 2014 [May 24th, 2014]
I Don't Care About The Contitution, Take Your Fourth Amendment And Shove It The Hills Hotel - Video - May 27th, 2014 [May 27th, 2014]
Lonestar1776 at Illegal Checkpoint 80 Miles Inside Border - Standing UP & Pushing Back! pt 2/2 - Video - August 31st, 2014 [August 31st, 2014]
Suit charges Daytona Beach's rental inspection program violates civil rights - September 3rd, 2014 [September 3rd, 2014]
4th Amendment - Laws.com - September 4th, 2014 [September 4th, 2014]
YOU CAN ARREST ME NOW (cops refuse, steal phone) - Video - September 7th, 2014 [September 7th, 2014]
The Feds Explain How They Seized The Silk Road Servers - September 8th, 2014 [September 8th, 2014]
Defence asks judge in NYC to toss out bulk of evidence in Silk Road case as illegally obtained - September 10th, 2014 [September 10th, 2014]
Family of a mentally ill woman files lawsuit against San Mateo Co. after deadly shooting - September 10th, 2014 [September 10th, 2014]
Minnesota Supreme Court upholds airport drug case decision - September 12th, 2014 [September 12th, 2014]
Law Talk - Obamacare Rollout; Fourth Amendment, NSA Spying Stop & Frisk DUI Check Points lta041 - Video - September 12th, 2014 [September 12th, 2014]
Volokh Conspiracy: The posse comitatus case and changing views of the exclusionary rule - September 15th, 2014 [September 15th, 2014]
Guest: Why the privacy of a public employees cellphone matters - September 16th, 2014 [September 16th, 2014]
Volokh Conspiracy: Apples dangerous game - September 19th, 2014 [September 19th, 2014]
Judge expounds on privacy rights - September 20th, 2014 [September 20th, 2014]
Great privacy essay: Fourth Amendment Doctrine in the Era of Total Surveillance - September 20th, 2014 [September 20th, 2014]
The Fourth Amendment By Maison Erdman - Video - September 20th, 2014 [September 20th, 2014]
Volokh Conspiracy: When administrative inspections of businesses turn into massive armed police raids - September 22nd, 2014 [September 22nd, 2014]
The chilling loophole that lets police stop, question and search you for no good reason - September 23rd, 2014 [September 23rd, 2014]
Pet Owners Look to Muzzle Police Who Shoot Dogs - September 27th, 2014 [September 27th, 2014]
Volokh Conspiracy: A few thoughts on Heien v. North Carolina - September 29th, 2014 [September 29th, 2014]
Volokh Conspiracy: Third Circuit on the mosaic theory and Smith v. Maryland - October 1st, 2014 [October 1st, 2014]
Volokh Conspiracy: Third Circuit gives narrow reading to exclusionary rule - October 2nd, 2014 [October 2nd, 2014]
Volokh Conspiracy: Supreme Court takes case on duration of traffic stops - October 3rd, 2014 [October 3rd, 2014]
Search & Seizure, Racial Bias: The American Law Journal on the Philadelphia CNN-News Affiliate WFMZ Monday, October 6 ... - October 3rd, 2014 [October 3rd, 2014]
Argument preview: How many brake lights need to be working on your car? - October 3rd, 2014 [October 3rd, 2014]
The 'Barney Fife Loophole' to the Fourth Amendment - October 3rd, 2014 [October 3rd, 2014]
Search & Seizure: A New Fourth Amendment for a New Generation? - Promo - Video - October 4th, 2014 [October 4th, 2014]
Ap Government Fourth Amendment Project - Video - October 4th, 2014 [October 4th, 2014]
Lubbock Liberty Workshop With Arnold Loewy On The Fourth Amendment - Video - October 5th, 2014 [October 5th, 2014]
Feds Hacked Silk Road Without A Warrant? Perfectly Legal, Prosecutors Argue - October 7th, 2014 [October 7th, 2014]
Supreme Court Starts Term with Fourth Amendment Case - October 7th, 2014 [October 7th, 2014]
Argument analysis: A simple answer to a deceptively simple Fourth Amendment question? - October 9th, 2014 [October 9th, 2014]
Feds Say That Even If FBI Hacked The Silk Road, Ulbricht's Rights Weren't Violated - October 9th, 2014 [October 9th, 2014]
Mass Collection of U.S. Phone Records Violates the Fourth Amendment - Video - October 9th, 2014 [October 9th, 2014]
Leggett sides with civil liberties supporters - October 10th, 2014 [October 10th, 2014]
Search & Seizure / Car Stops: A 'New' Fourth Amendment for a New Generation? - Video - October 10th, 2014 [October 10th, 2014]
The Fourth Amendment- The Maininator Period 4 - Video - October 10th, 2014 [October 10th, 2014]
Judge nukes Ulbricht's complaint about WARRANTLESS FBI Silk Road server raid - October 11th, 2014 [October 11th, 2014]
Montgomery County will not hold immigrants without probable cause -- Gazette.Net - October 13th, 2014 [October 13th, 2014]
Debate: Does Mass Phone Data Collection Violate The 4th Amendment? - October 14th, 2014 [October 14th, 2014]
Does the mass collection of phone records violate the Fourth Amendment? - October 19th, 2014 [October 19th, 2014]
When Can the Police Search Your Phone and Computer? - October 21st, 2014 [October 21st, 2014]
Supreme Court to decide if cops can access hotel registries without warrants - October 22nd, 2014 [October 22nd, 2014]
Third Circuit Allows Evidence from Warrantless GPS Device - October 22nd, 2014 [October 22nd, 2014]
US court rules in favor of providing officials access to entire email account - October 24th, 2014 [October 24th, 2014]
EL MONTE POLICE OFFICER VIOLATES ARMY VETERAN'S FOURTH AMENDMENT RIGHT - Video - October 25th, 2014 [October 25th, 2014]
FBI demands new powers to hack into computers and carry out surveillance - October 30th, 2014 [October 30th, 2014]
Fourth Amendment (United States Constitution ... - November 4th, 2014 [November 4th, 2014]
Fourth Amendment - Video - November 4th, 2014 [November 4th, 2014]
Call Yourself a Hacker and Lose Fourth Amendment Rights - Video - November 5th, 2014 [November 5th, 2014]
Volokh Conspiracy: Magistrate issues arrest warrants for 17 years but is new to probable cause - November 7th, 2014 [November 7th, 2014]
The Fourth Amendment of the U.S. Constitution - Video - November 8th, 2014 [November 8th, 2014]