back to article Hey, non-US websites – FBI don't have to show you any stinkin' warrant

US government attorneys have argued that the FBI didn't need a warrant to snoop evidence from the Silk Road darknet drugs souk, for a simple reason: its servers were located outside the United States. Attorneys representing accused Silk Road headman Ross Ulbricht have suggested that the FBI used hacking techniques to pull data …

  1. Anonymous Coward
    Anonymous Coward

    A USA Inc marketing ploy?

    So, they're saying you need to use US based servers to avoid warrantless search by the FBI (and by extension CIA, NSA etc)?

    This sounds like an attempt to get legitimate businesses to use US based servers, to me, on the basis that otherwise the spooks will be all over your data, for the simple crime of using someone elses server farm!

    1. Mark 85

      Re: A USA Inc marketing ploy?

      The spooks are all over everyone anyway... so what difference does being in the States make? In real the real world, not the so-called legal world?

      1. Anonymous Coward
        WTF?

        Re: A USA Inc marketing ploy?

        So by that assumption,that outside of the country of residence all systems are fair game to hack, everyone else can hack US severs. After all they *may* contain illegal material.

        1. Saint Gerbil

          Re: A USA Inc marketing ploy?

          What makes it more interesting is based on their punt at it the US law is what matters on the iceland servers.

          I'm sure China could hack in to most places in the US and find stuff which breaks Chinese laws.

          Purely on the anti-time travel law you could hack in to most film studios, book publishers or other forms of entertainment since time travel is a fairly common storyline in books and movies.

      2. CommanderGalaxian

        Re: A USA Inc marketing ploy?

        Surely then this means it is perfectly OK for some foreigner to hack into US servers if they are looking for evidence about something?

    2. Anonymous Coward
      Anonymous Coward

      Re: A USA Inc marketing ploy?

      The FBI's claim that they can do it "without a warrant" is quite interesting. If that sticks it means that US foreign policy, a matter for the political leadership of the US, can be completely undermined by their law enforcement agencies without the political leadership having any visibility or control over what's going on. It means that the political leadership would not be able to make a promise to another country that the US won't violate that country's sovereignty. Rather the opposite in fact.

      That could make negotiations with countries from whom the US does actually need cooperation very difficult indeed.

      Also that's only one tiny step away from the law enforcement agencies claiming the legal privilege to do the same within the US.

      That sounds really ****ing scary. That is a police state.

      1. h3

        Re: A USA Inc marketing ploy?

        The funnier side is the Chinese doing exactly the same as the USA did to Britain a few centuries ago.

      2. big_D

        Re: A USA Inc marketing ploy?

        The FBI's claim that they can do it "without a warrant" is quite interesting. If that sticks it means that US foreign policy, a matter for the political leadership of the US, can be completely undermined by their law enforcement agencies without the political leadership having any visibility or control over what's going on.

        Most countries have laws against this sort of hacking attack. The FBI are opening themselves and their employees up to prosecution in those other countries. The FBI and the judge are correct, they don't need a US warrant in order to look at / hack overseas servers. They are wrong to think that makes it legal; what they need is a warrant issued in the country where the servers are!

        1. A A

          Re: A USA Inc marketing ploy?

          big_D: They are wrong to think that makes it legal; what they need is a warrant issued in the country where the servers are!

          This should be the correct answer.

        2. Curtis

          Re: A USA Inc marketing ploy?

          Since the FBI is part of the Department of Justice, and the head of the DOJ is the Attorney General of the US, a cabinet position, then saying that the political leadership does not have any visibility or control is inaccurate.

          It's more accurate to say the current leadershit doesn't care about the Consitution. Ours, Yours, or any other country's.

    3. WatAWorld

      Merkel has the right idea, make the non-UK EU internet like a corporate intranet

      Merkel has the right idea, make the non-UK part of the EU internet like a corporate internet -- keep internal traffic internal, and put up boundary defenses at the interfaces with the outside internet.

      Failure to do that is a failure of governments in job #1, the job of safeguarding their own citizens from hostile foreign powers.

      1. FordPrefect

        Re: Merkel has the right idea, make the non-UK EU internet like a corporate intranet

        Great idea until you realise that the US already has the back doors to all of the solutions that the EU could deploy. And if it doesn't it will just install fibre taps like its already done before. That is unless the EU wants to fund a ground up re engineering of computers and networks starting at the hardware and firmware level and working up?

      2. Anonymous Coward
        Anonymous Coward

        Re: Merkel has the right idea, make the non-UK EU internet like a corporate intranet

        Can I get a VPN connection from North Carolina into that?

    4. big_D

      Re: A USA Inc marketing ploy?

      Shame the servers weren't in the UK, they could get the FBI arrested and extradidted to the UK under RIPA... Finally something RIPA is good for!

      1. Hans 1

        Re: A USA Inc marketing ploy?

        @big_D

        >Shame the servers weren't in the UK, they could get the FBI arrested and extradidted to the UK under RIPA... Finally something RIPA is good for!

        Do you have a precedent ? Has the US ever extradited a US citizen ? Thought so ... RIPA is one-way only, mate.

    5. Anonymous Coward
      Anonymous Coward

      Re: A USA Inc marketing ploy?

      I'll continue to use my offshore runbox.com (e-mail by Vikings!) accounts because I trust their privacy and security best practices more than any U.S. based provider. With them I'm a customer, not product -- or "the enemy" that U.S. intel and law enforcement agencies seem to consider everyone outside their own small, insular, circle to be.

  2. Spender

    Seriously, the phpMyAdmin connection is paper-thin nonsense. Sadly, it's all too easy to bamboozle those who live in the intersection of law and software with blatant bullshit.

    Coming next... Suspect breathes. Terrorists breath. Suspect must be a terrorist.

    1. Neil Barnes Silver badge
      FAIL

      Oh noes

      I have a compiler. Virus writers use compilers. Therefore I am a virus writer...

      I am an animal. Hamsters are animals. Therefore I am a hamster.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh noes

        I've got Ham but I'm not a Hamster

        1. AbelSoul
          Coat

          Re: I've got Ham but I'm not a Hamster

          I've got toast but I'm not a toaster?

        2. Fungus Bob
          Happy

          Re: Ham but not Hamster

          If a roadster is a thing that runs on a road then a hamster must run on ham...

          I am *definitely* a hamster!

      2. Swarthy
        Angel

        Re: Oh noes

        I am an animal. Hamsters are animals. Therefore I am a hamster.

        God is Love. Love is Blind. Therefore Ray Charles is God.

        1. Curtis

          Re: Oh noes

          That reminds me of one I pulled years ago for a movie's Touring Machine:

          "What is God?"

          ``I Prefer to thing of God as a Who than a What``

          "Then Who is God?"

          ``God is Master of the Universe``

          "Then what is He-Man?"

          5 seconds later:

          ``He-Man is God``

    2. AbelSoul
      Black Helicopters

      the phpMyAdmin connection is paper-thin nonsense

      Yep, it's nonsensical kiech of the smelliest kind. For example, lots of university and college courses still have students using phpMyAdmin as part of an introduction to web development.

      All those student band / baking / biking / etc. sites (and doubtless many others developed later by the same students) are clearly illicit and must be hacked forthwith.

    3. kmac499

      I've got a web-browser just think of things I could be looking at..

      (Now go and clean your keyboards you naughty little peeps....)

  3. sisk

    I was following their logic right up until phpMyAdmin. If the presence of phpMyAdmin is enough to rifle through its drives looking for evidence of crimes then very few servers running MySQL (or MariaDB for that matter) are safe.

    1. Anonymous Coward
      Anonymous Coward

      I don't take that is what they were implying. I think they were implying that the use of the software proved activity...I think. Or, they could be implying phpMyAdmin is a lovely target and they enjoy when criminals use it.

      1. dan1980

        @MyBackDoor

        No, I think that's pretty much what they are implying.

        I believe the idea is similar to a police report saying that a wanted criminal was last seen driving a red, late model Ford Falcon sedan (insert local equivalent) and then matching that with a suspect driving the same car.

        Except, in this case, the report is more akin to saying that the suspect was seen driving 'a van'.

        In other words, flimsier than anything any normal person would dare claim.

        1. Fatman
          Joke

          RE: In other words...

          flimsier than anything any normal person would dare claim a sheet of single ply toilet tissue.

          FTFY!!

    2. John Smith 19 Gold badge
      Unhappy

      @Sisk.

      "If the presence of phpMyAdmin is enough to rifle through its drives looking for evidence of crimes then very few servers running MySQL (or MariaDB for that matter) are safe."

      Exactly

  4. heyrick Silver badge
    FAIL

    Bollocks about "we can examine servers anywhere", bollocks about the standard admin console (like, gee, we haven't seen that before have we? are we all satellites of Silk Road?), bollocks, bollocks, and more bollocks.

    Frankly, the icon just doesn't do it justice.

    1. 404
      Mushroom

      Better?

      Scorched earth seems more appropriate - Feds have lost their fucking minds...

  5. goldcd

    So it's OK, if the server is outside of the US?

    Would that mean that any US company that hosts a mirror/backup/load-balancer (AWS and all the rest of it) that isn't in the states, forfeits legal protection from their own government?

    1. Anonymous Coward
      Anonymous Coward

      Re: So it's OK, if the server is outside of the US?

      Not just that - it is also a confirmation of the maxima that as far as USA law enforcement any law or moral principle is null and void when applied to a foreign subject. While we always knew that, it is nice to have that in writing anyway.

    2. g e

      Re: So it's OK, if the server is outside of the US?

      I'd have thought something like 'If they're willing to gain illegal access (as in if a member of public tried that shit on) to a machine then what proof do they have that they didn't plant the evidence there to entrap the defendant?' would be an approach.

      Which, I suspect, is none.

  6. Mephistro
    Flame

    So why bother to send a letter of request to a foreign country...

    ... when you can just hack the foreign servers?

    I'm hoping the Icelandic judiciary will take issue with this act by the FBI and consider the organization as a whole guilty of a serious crime.

    And to the USA as a whole: It makes sense to treat your allies the same way you would treat North Korea in a similar case. NOT.

    Disclaimer: I reckon this Ulbricht guy to be a piece of scum, but if the feds and other TLAs are allowed to use these tactics against 'true criminals', what exactly stops them to use said tactics against the rest of the population, criminals and innocents alike?

    1. Eguro
      Meh

      Re: So why bother to send a letter of request to a foreign country...

      I wonder how the US would react if a foreign national criminal investigation bureau hacked a hosting business in the US, because they either couldn't go through regular international routes - or because they couldn't be bothered to do so.

      Just imagine an Icelandic police force hacking GoDaddy (only US host provider I know o.0) to get to an Icelandic citizen they believed had an illegal server/service running through them.

      1. tom dial Silver badge

        Re: So why bother to send a letter of request to a foreign country...

        "I wonder how the US would react if a foreign national criminal investigation bureau hacked a hosting business in the US" would not seem to be the comparable question.

        The relevant question would be how a non-US court in, say, the UK, Germany, France, or Iceland, would react if their national police agency hacked a server at a hosting business in the US or another country. For the example given in the second paragraph, would the court in Iceland reject evidence the Iceland police force had gathered from a GoDaddy server?

      2. veti Silver badge

        Re: So why bother to send a letter of request to a foreign country...

        I imagine GoDaddy would be upset in that scenario, but I don't see how the FBI would be involved.

        Actually, I sympathise with the FBI this time round. If you want to conduct a search in foreign territory, where do you apply for a warrant? Whom do you serve it to? What if the territory concerned has no concept of a "search warrant"?

        Clearly, what they should have done is to apply to the Icelandic police to do their dirty work for them, because they'd have the framework in place for jumping through their own administrative hoops. But I can well imagine scenarios in which that would be contra-indicated (e.g. if you don't trust the Icelandic plod not to say something to someone), and then they'd end up right back here.

        I really don't see how you can blame the FBI for not following US law outside the US. If you want to criticise them for breaking Icelandic law then go right ahead, but that's a different rant entirely.

        1. tom dial Silver badge

          Re: So why bother to send a letter of request to a foreign country...

          US law includes provisions of treaties made by the President with the advice and consent of the Senate (2/3 of the Senators must concur). If there is a treaty with Iceland that covers this, the FBI would be required to follow it, and failure to do so could damage or destroy the admissibility of any evidence they gathered.

          1. Dave Bell

            Re: So why bother to send a letter of request to a foreign country...

            Also there is the "legal attache" in the local US Embassy, usually an FBI Agent, with the job of handling cooperation, both ways, with the law enforcement systems of a foreign country. There are probably precedents over international financial crimes, and a warrant from a US court could be part of the process, evidence that a lawful investigation is taking place.

        2. WatAWorld

          existing procedures for dealing with foreign governments and foreign law enforcement

          @veti, "... If you want to conduct a search in foreign territory, where do you apply for a warrant? Whom do you serve it to? What if the territory concerned has no concept of a "search warrant"? ..."

          There are existing procedures for dealing with foreign governments and foreign law enforcement agencies that the FBI that the FBI is well aware of and uses regularly for non-cyber searches.

          1. Alan Brown Silver badge

            Re: existing procedures for dealing with foreign governments and foreign law enforcement

            "There are existing procedures for dealing with foreign governments and foreign law enforcement agencies that the FBI that the FBI is well aware of and uses regularly for non-cyber searches."

            Like the way they stuck to the rules when they raided Kim Dotcom?

            (Who by the way, is another slimeball that the FBI have succeeded in generating a lot of sympathy for.)

        3. Anonymous Coward
          WTF?

          Re: So why bother to send a letter of request to a foreign country...

          People (and for this purpose that includes corporations) have been repeatedly found guilty of violating US law in other countries. The classic case is bribing foreign officials. So some sort of penumbra of US law does apply to US citizens operating in other countries. The interesting part is reconciling the CFAA with what law enforcement is saying as legal beyond the country's borders.

          What I expect is that Italy will be first off the mark if this is done to any system within their borders. They've done it before to CIA operatives even if they had to try them in absentia.

    2. DragonLord

      Re: So why bother to send a letter of request to a foreign country...

      I figure that what they should do is get a warrant for hacking the server, and once they locate the server either the server is in the USA at which point the warrant still stands, the server is in a country they have a treaty with at which point they did their good faith bit by getting the warrant in the first place and now they can in good faith get assistance from the Icelandic government. Finally if it's in a country with no treaty they can ask a diplomat for advice and, because they've already got a warrant whatever course of action is advised will have started in good faith.

      1. billse10

        Re: So why bother to send a letter of request to a foreign country...

        "I figure that what they should do is get a warrant for hacking the server, and once they locate the server either the server is in the USA at which point the warrant still stands"

        well, yes and NO NO NO ;) Find out where the server is, then apply for a warrant if it's in the US. Otherwise apply to the relevant jurisdiction, via diplomatic channels if necessary, proving that criminal law has been broken in that jurisdiction. Not US law broken, relevant law broken: no-one gave the US legal system legislative control of the world.

        1. Anonymous Coward
          Holmes

          Re: So why bother to send a letter of request to a foreign country...

          "[N]o-one gave the US legal system legislative control of the world." Well, yes everyone did by accepting the lone super-power paradigm. Personally I find that total bullshit even if I was part of the enforcement arm for over a decade.

    3. Anonymous Coward
      Anonymous Coward

      Re: So why bother to send a letter of request to a foreign country...

      "I'm hoping the Icelandic judiciary will take issue with this act by the FBI and consider the organization as a whole guilty of a serious crime."

      what really would be funny is if the Icelandic authorities issue warrants for any and all FBI officials and/or contractors who were are part of this, (and every single level of management up to Director), extradite them to Iceland pending charges and then say they have no right to defend themselves as they were not in Iceland at the time of the alleged crime so Icelandic law does not apply.

  7. Adrian Midgley 1

    illegal abroad surely

    Isn't the FBI claiming they can do abroad things which would be illegal for thrmvto do in their own country, and which are rather likely to be illegal - criminal - in the country where the server is?

    Odd interpretation.

    1. frank ly

      Re: illegal abroad surely

      Does this also mean that I can hack into US servers, because I'm a senior police officer in my own (self declared) small country? If there are any technical objections, I'll get the government (me) to enact laws to bypass them.

      1. Gwaptiva

        Re: illegal abroad surely

        Ok, so they get away with this line of defence without sparking a full-blown international scandal because it's possible to search a server in Iceland from the US.

        Which is a bit rich for an agency (and its government) that is hellbound on treating the internet as the same as the physical world.

        Can you imagine what the reaction would've been had the FBI flown out to Reykjavik to search suspect's appartment without a warrant... or even with a warrant signed by a US judge?

        But if it's all the same, can the Met please perform a search of Mr G.W. Bush's private residence? No warrant needed, because it's abroad, and the crimes he's suspected of are quite serious

      2. Anonymous Coward
        Anonymous Coward

        Re: illegal abroad surely

        yes.

        frank.ly (my dear) they don't give a damn.

      3. Anonymous Coward
        Anonymous Coward

        Re: illegal abroad surely

        If this precedent stands then the other members of the 5-eyes can hack into US based computers and turn the results over to the NSA for distribution to the relevant TLA's [FBI, DEA, heck the US Coast Guard for that matter!]. Now that's scary.

        1. tom dial Silver badge

          Re: illegal abroad surely

          "If this precedent stands then the other members of the 5-eyes can hack into US based computers and turn the results over to the NSA ...".

          I do not think this is correct. It may mean it is legal under UK law to penetrate US systems without a UK warrant and present the results as evidence in a UK court (and similarly for Australia, Canada, and New Zealand). Then again, depending on treaty arrangements, it might not be legal. My guess is that in all of the 24 possible pairs of Five Eyes governments there are treaties in effect that would make such evidence gathering unlawful and the evidence collected inadmissible. That might or might not be true for the US and Iceland. Presumably Ulbrucht's attorneys are competent enough to have brought any such information to the attention of the judge who will be deciding the issue.

    2. ecofeco Silver badge

      Re: illegal abroad surely

      Not only are they claiming it, they've been doing it for many years.

      "Renditions" anyone?

    3. tom dial Silver badge

      Re: illegal abroad surely

      Yes. But more significantly for the case at hand, they are claiming that their actions are consistent with US law. Whether it is or not will be determined by a US court, taking into account any treaties that the Senate has ratified that govern the specifics. Contrary to the claim, there is nothing especially odd about this; settling issues like this is what lawyers do occupationally as a matter of normal practice.

    4. WatAWorld

      Re: illegal abroad surely

      It is especially odd since the acts of hacking into the foreign server are being committed on US soil.

      In essence the FBI is claiming it can ignore US law and ignore international law when in the USA and dealing with foreigners.

      The FBI is claiming we aren't human so the protections humans get under US and international law do not apply to us.

      1. Message From A Self-Destructing Turnip

        Re: illegal abroad surely

        Taking this logic to the extreme would mean that the US could commit murder and atrocity on foreign soil with impunity..... Oh no wait a minute.

      2. Anonymous Coward
        Anonymous Coward

        Re: illegal abroad surely

        Since you're not american, all your activities are unamerican activities, elimination of which is the traditional brief of the FBI.

  8. The_Idiot

    I think I...

    ... got thrown off on that last tight bend. So let me get this straight.

    OK. So if your servers are in a foreign country, like, for instance, Ireland, they are still subject to US jurisdiction if you're an American or a US Company, and you have to give US authorities any and all data on them if they ask.. OK. I think I'm with it so far - whether or not I agree notwithstanding.

    Buuuut...

    If your servers are in a foreign country, and you're an American or a US citizen, those servers aren't within the scope of US law, so can be searched without a warrant.

    SCREEEEEECH!

    With apologies to Jan and Dean - I think I just hit Dead Man's curve again. Am I missing something?

    1. ecofeco Silver badge

      Re: I think I...

      Nope, you go it.

      Tails they win, heads you lose.

    2. PatientOne

      Re: I think I...

      "OK. So if your servers are in a foreign country, like, for instance, Ireland, they are still subject to US jurisdiction if you're an American or a US Company, and you have to give US authorities any and all data on them if they ask."

      No. If your servers are in a foreign country, they aren't protected by US law. Therefor obtaining data from those servers doesn't break US law. Therefor such data is admissible in US courts as evidence. Those servers are not subject to US juristiction.

      If the owner of the server or the data stored on the server is a US entity, however, then they can be asked to retrieve the data and hand it over. Currently the legality of such a request is under question, particularly where the data pertains to non-US entites. This does not mean the FBI has the right to go and get the data itself.

      In translation: The FBI broke the laws of the nation where the servers were located. The US courts don't care, however: As far as they're concerned, the evidence is admissible as no US law was broken. What the hoste nation, or hoste company for that matter, wish to do about this is up to them: The US courts aren't concerned with that: That's a mess for the US Government to clean up.

  9. xeroks

    Entirely off topic

    Anyone happen to know when the phrase "have your cake and eat it" came into common usage?

    1. James 82

      Re: Entirely off topic

      Isn't it you can't have your cake and eat it?

      1. dan1980

        Re: Entirely off topic

        All your cake is belong . . .

    2. WatAWorld

      Re: Entirely off topic

      https://en.wikipedia.org/wiki/You_can%27t_have_your_cake_and_eat_it

      "An early recording of the phrase is in a letter on 14 March 1538 from Thomas, Duke of Norfolk to Thomas Cromwell, as "a man can not have his cake and eate his cake".[8]

      The phrase occurs with the clauses reversed in John Heywood's "A dialogue Conteinyng the Nomber in Effect of All the Prouerbes in the Englishe Tongue" from 1546, as "wolde you bothe eate your cake, and have your cake?".

      And it carries on with other examples of continuous use since 1538.

      You cannot both eat the cake and have the cake as an uneaten asset.

    3. Roj Blake Silver badge

      Re: Entirely off topic

      And more to your point - if you can't eat your cake what's the point of having it in the first place?

  10. Anonymous Coward
    WTF?

    Is it me, or...

    ...did the US Government, in the person of the FBI, just admit to international criminal computer misuse by means of illegally accessing a computer based on non-us soil?

    Or, to put this another way: WTFFFFFFF?!

    1. ecofeco Silver badge

      Re: Is it me, or...

      Admitted it and proud of it.

      And they wonder why the rest of the world is getting tired of their bullshit? (not that others nations are any better)

  11. ecofeco Silver badge

    Team America!

    World Police!

    (somebody had to say)

    1. hplasm
      Big Brother

      Re: Team America!

      We are at war with the USA government. We have always been at war with the USA government.

      Nice of them to finally tell us.

    2. P. Lee
      Mushroom

      Re: Team America!

      > World Police!

      Better than that, World Police and there are no laws outside the US.

    3. AbelSoul

      Re: Team America!

      > World Police!

      F*ck Yeah!

  12. lucki bstard

    @The_Idiot

    To use a appropriate US term...

    Its Catch 22

    1. billse10

      Re: @The_Idiot

      Catch 22, subparagraph (a)

  13. Anonymous Coward
    Anonymous Coward

    A good judge would...

    ...throw the case out and a better judge would open an investigation against the criminal conduct by the FBI. And a good defense lawyer would make sure a corresponding investigation is conducted in Iceland and international warrants are issued for the computer law abusers.

    Not that I condone the silk road business - but law enforcers have to follow the law, or else...

    1. tom dial Silver badge

      Re: A good judge would...

      No. A good (US) judge would decide the issue on the basis of US law and relevant Senate-affirmed treaties. That might or might not result in criminal charges in the US.

      A good defense lawyer might seek to involve the government of Iceland. The government of Iceland might agree their laws were violated and and issue international warrants. Depending on treaty provisions, they might or might not be enforceable in the US.

  14. Anonymous Coward
    Anonymous Coward

    Lazy Lunacy

    It's crazy because I'm sure that if the US approached the Icelandic government seeking assistance there would be a ton of official cooperation. Iceland is a decent place, it doesn't want to be seen hosting dodgy stuff. I'm sure they'd be only too glad to lend a hand.

    Choosing to hack instead seems to be blatantly lazy, and ultimately inefficient. Hacking every time takes, well, time. Getting a good working relationship running means that in the long run the efficiency would be high.

    If you ignore your neighbours sooner or later they'll start ignoring you. That applies to states as well as streets.

    Submissable Evidence

    This may not be relevant to this particular case: if they're to start presenting IT based evidence gathered without a warrant, how can anyone be expected to believe in it in a court of law?

    1. tom dial Silver badge

      Re: Lazy Lunacy

      The fact that evidence was gathered with help of a warrant, or without it, says nothing at all about it's credibility in a court proceeding. Credibility of evidence and testimony are entirely matters for the jury to decide. Lack of a warrant for evidence obtained in a search may, but will not always, cause it to be excluded from the jury's consideration. In practice, a great deal of the evidence in criminal cases is collected without a warrant - evidence colected at a crime scene, for instance, or in a personal searche incident to an arrest.

      The question before this court, at the present time, is whether particular evidence collected from a foreign server will be admissible in a still hypothetical future trial.

      1. Anonymous Coward
        Anonymous Coward

        Re: Lazy Lunacy

        "The question before this court, at the present time, is whether particular evidence collected from a foreign server will be admissible in a still hypothetical future trial."

        Surely the question before the court is whether evidence gathered without a valid warrant in a location over which the FBI has no jurisdiction should be laughed out of court, and those collecting it ordered to be extradited to that jurisdiction to face investigation and possible hypothetical future trial for computer crimes, with the court providing a statement confirming they have confessed to such activities ...

        1. tom dial Silver badge

          Re: Lazy Lunacy

          No, it is as I said. The FBI claims a warrant was not required and the evidence should be admitted; Ulbrucht claims the opposite. The judge will decide whether which is the case. The loser might appeal, but the decision eventually will be final one way or the other.

          Whether to extradite the FBI or other US government personnel involved in collecting the evidence at issue depends on a number of details:

          - whether Iceland officials find that a crime has been committed under Iceland law;

          - whether there is an extradition treaty between Iceland and the US;

          - if the answer to the first two is "yes", whether the Iceland government seeks extradition;

          - if the answer to the first three is "yes", whether the US grants the request.

    2. Alan Brown Silver badge

      Re: Lazy Lunacy

      "if they're to start presenting IT based evidence gathered without a warrant, how can anyone be expected to believe in it in a court of law?"

      A good US defence lawyer would have such evidence thrown out as "fruit of a poisoned tree" - which is exactly what would happen if a warrantless search via hacking happened on servers based on US soil.

    3. Mike Smith

      Re: Lazy Lunacy

      "how can anyone be expected to believe in it in a court of law?"

      I guess that depends on what you mean by 'anyone'. It'll be the jury that decides, and that could be the weak point for the defendant and the killer for the FBI. Twelve reasonably-educated people would probably acquit instantly because of such dodgy evidence. On the other hand, Cleetus and his eleven good ol' boy buddies from the Holy Gospel Church of God down Deliverance County way might not need that much persuasion, given that it's a goddam foreign illegal doin' drugs 'n' shit on the web, y'all.

      1. tom dial Silver badge

        Re: Lazy Lunacy

        There is no reason to suppose that evidence gathered with a warrant is either more or less reliable than that gathered without one. Whether or not the evidence is "dodgy" depends much more on showing that it was handled in a way that ensures against alteration by the offeror, whether prosecution or defense. Ultimately, under US (and, I think also UK) law, the jury determines that, and whether the evidence is relevant, and whether it supports a finding of "guilty" or "not guilty".

        The present issue is whether the evidence was collected in a way that allows it to be brought to a trial and offered to a jury, along with testimony, elicited in direct and cross examination, about it.

  15. john devoy

    This seems to be US policy now, all foreigners have no rights and international law must bow to what bought US judges say is legal; and these are the people who hold themselves up as the example of truth and justice the rest of us should strive towards.

  16. Anonymous Coward
    Stop

    I don't know the established case law....

    But I do know the principal that constitutional protections apply to you as soon as you land in U.S. jurisdiction, and I think that applies to investigations that get extradited or produce evidence that is used against you in court. So I kind of think that the defense has a point that the evidence against Mr. Ulbricht was illegally obtained.

  17. MrDamage

    If the FBI hacked the foreign server

    Then is is still illegally obtained, as they only have the scope to work within the USA, not outside. That's the CIA's job.

    1. Anonymous Coward
      Unhappy

      Re: If the FBI hacked the foreign server

      The FBI can get evidence from outside the country, but even if you spend your whole life in Outer Mongolia, once you appear in a U.S. court then your constitutional protections kick in, just the same as the most American of American citizens, who has never left Iowa or Kansas in his whole life.

      I'd think it was pretty dangerous to essentially say "Well, the accused lived outside the U.S., so the preponderance of the evidence of his wrong-doing was outside the U.S., so we just grabbed that evidence outside the U.S. using "whatever means necessary", and now the accused has been extradited to the U.S. and is in the custody of this court."

      1. Alan Brown Silver badge

        Re: If the FBI hacked the foreign server

        "... even if you spend your whole life in Outer Mongolia, once you appear in a U.S. court then your constitutional protections kick in"

        A good chunk of US LE and judiciary don't give a rat's arse about constitutional protections for non-citizens.

        It's only a small step from there to "everyone"

    2. Bartholomew

      Re: If the FBI hacked the foreign server

      The problem is probably that the FBI and NSA are slightly more buddy buddy than the CIA and NSA are. I do not think that the black baggers who destabilise governments and the global peeping toms are allowed to work directly with each other anyhow.

      1. Anonymous Coward
        Anonymous Coward

        Re: If the FBI hacked the foreign server

        When you meet the USA spooks it's actually irrelevant which of the sixteen agencies they work for. The end result is "hack"/"attack" I've met FBI outside the USA who've planted NSA bugs, 'whilst visiting the bathroom' I've met DIA who might be CIA who later co-ordinated a Stuxnet, and I'm not even Iran!

        You're right about the FBI/NSA partnership, one of the first Snowden nuggets was that NSA process all technical stuff for the FBI, including domestically.

        1. Alan Brown Silver badge

          Re: If the FBI hacked the foreign server

          "When you meet the USA spooks it's actually irrelevant which of the sixteen agencies they work for. "

          Sixteen - that we know about.

          Given how hard the USA tried to hide the NSA, it's highly likely that another agency (or three) was formed before they even started acknowledging it existed.

        2. circuitguy

          Re: If the FBI hacked the foreign server

          NSA does not use FBI to do field work for remote data collections. FBI technically is still in the dark ages compared to most other US Agencies. FBI is trying to pr-ing its way to the 21st century. FBI has little power or skill set for non-USA operations, except rare prisoner transport where there is public pr interest. FBI is trying to build a powerful image in the world social networks........ and this is more about getting more funding and not being a obsolete agency and becoming under funded and forgotten.......

  18. bad horsey

    Selective use of 'criminal'

    "Given that the [Silk Road] Server was hosting a blatantly criminal website, it would have been reasonable for the FBI to 'hack' into it in order to search it,"

    By what legal system was the website deemed 'criminal'? Are we talking american laws here? If so, shouldn't the same laws be applied to the method of gathering evidence?

    Or are we talking about crime as measured by the Icelandic legal yardstick? In which case Icelanders themselves would presumably have their own codes for determining civilized limits on government snooping.

    Surely the merkins weren't just projecting their own legal definition of 'criminal' overseas whilst confining their own rules on evidence-gathering to the homeland? Surely they would never be so arrogant.

  19. Steven Roper

    Fine

    If my systems are fair game for you to attack because I'm not in the USA then you're fair game for my systems to whack you with a trojan when you break into them.

  20. Allan George Dyer
    Facepalm

    Who had control of the server?

    The fact that the FBI could break in and collect evidence implies that anyone with the same skill could break in and plant evidence, or, indeed, could have run the illegal operation without the knowledge of the legitimate owner. This seems like an excellent opportunity for Mr. Ulbricht's lawyer to raise reasonable doubt.

    Even if the US is arrogant enough to assume that only US law matters, are they stupid enough to ignore procedures for good evidence gathering?

    1. tom dial Silver badge

      Re: Who had control of the server?

      Pretrial motions are not the place to raise questions of reasonable doubt. All the government has to establish at that point is that there is, indeed, probable cause to think the crime in the indictment or charge was committed by the defendant, and that the evidence to be offered is admissible. If the matter goes to trial, the jury will determine the outcome based on the evidence, considering any alternatives offered by the defense that raise reasonable doubt about guilt.

  21. David 14

    Two-faced...

    Okay... so today there is a defense that if the machine is not in the USA then it is not under US laws and protection. Just a short while ago, the US decided to tell Microsoft that mail sitting on an Irish server, for an Irish citizen is really a US asset because Microsoft is a US-based company, so they had to release this man's personal email to them.

    The USA is looking more and more like an evil empire every day... which is sad as I really like the place, have lots of american friends, and enjoy visiting. But the citizen need to really look at this kind of crap and get it under control.

    My $0.02

  22. Bartholomew

    So by their 'logical' extension

    Iran or North Korea can hack into US servers suspected of crimes that may have taken place in Iran or NK. Like all US government computers for example ?

    The U.S. is pulling some interesting global rules out of their a$$.

    1. tom dial Silver badge

      Re: So by their 'logical' extension

      "Iran or North Korea can hack into US servers ..."

      That probably would violate the Computer Fraud and Abuse Act, just as what the FBI is alleged to have done may violate the law in Iceland. It does not appear that the FBI has claimed compliance with the law anywhere but in the US. The symmetric case would be for the government of Iran or North Korea to take the position that hacking computers in the US (whether government or not) does not violate their laws. And they might be entirely correct in making such a statement.

  23. Anonymous Coward
    Anonymous Coward

    Replace "hack servers outside the US" with...

    "Murder people outside the US".

    Oh hang on, they already do this.

    My bad

    1. Anonymous Coward
      Unhappy

      Re: Replace "hack servers outside the US" with...

      "My bad." Nope, our (US) bad. Really, really bad. Back when Ronnie Ray-gun was President, there was an emphasis in our training in the US Navy about what the oath of enlistment means, Constitutionality, lawful and unlawful orders with an emphasis on being ordered to do something is no defense, .... Basically, making sure we don't end up staring a Court Martial in the face.

      Now, you can ignore all that as post-9/11 it's all noise. The elites and their tier-1 serfs got whacked when the World Trade Center came down and they have the money, and therefore the power in the US, to make damn sure it don't happen again. No matter what the cost to morals, ethics, or finances for that matter. That can all be paid for by rubber-checks written against people that won't, Hell can't, pay off. Given that the government of China is facing an internal threat in the same form, it should be no surprise that both actually kind-of like each other. Thus all the corporate types stopping by on a regular basis.

      /soap-box.

  24. WatAWorld

    If you aren't human you don't get human rights

    If you aren't human you don't get human rights.

    Clearly the people who run the USA, US voters, don't think of the rest of us as human.

    1. heyrick Silver badge

      Re: If you aren't human you don't get human rights

      Corporations are people. People are not people. Err, something like that.

    2. 404

      Re: If you aren't human you don't get human rights

      Hey, I didn't vote for the Nobel Peace Prize winner.... 6 years of enlightenment thus far... not sure if my brain can handle 2 more... feels squishy atm.

  25. WatAWorld

    So the FBI's position is that it is legal for governments to hack US servers?

    So the FBI's position is that it is legal for the Chinese, Russian Israeli, French and Iranian governments to hack US servers without warrants? Really?

    Because that is the logical conclusion from this:

    "US government attorneys have argued that the FBI didn't need a warrant to snoop evidence from the Silk Road darknet drugs souk, for a simple reason: its servers were located outside the United States."

    1. tom dial Silver badge

      Re: So the FBI's position is that it is legal for governments to hack US servers?

      This logic is quite incorrect. The FBI apparently takes the position that their search of a foreign server did not require a warrant because it was located outside the US. The logically comparable assertion would be that the national police agency in China (or Russia, Israel, France, or Iran) takes the position that searching servers in the US or other foreign countries is consistent with their laws. Such an assertion might well be correct. The FBI certainly would not agree to that.

      Whether conducting searches outside the US complies with US law or requires a warrant depends on treaty provisions which, once a treaty is ratified by the Senate, have the force of law in the US. It is possible, for instance, that it is unlawful in Iceland to act as the FBI appears to have done, yet not unlawful in the US because there is no treaty provision that makes it so, and Constitutional protections generally apply to those under US jurisdiction - citizens anywhere and legal US residents in the US.

      1. heyrick Silver badge

        Re: So the FBI's position is that it is legal for governments to hack US servers?

        "generally apply to those under US jurisdiction - citizens anywhere and legal US residents in the US."

        Are you sure about that? While consular protections can be offered to Americans in other countries, for the duration of the stay those people must abide by the laws of the host country, not America.

        Example? The right to bear arms. One wouldn't get far walking around carrying a gun.

        1. Dr. Mouse

          Re: So the FBI's position is that it is legal for governments to hack US servers?

          IANAL, but as I understand it the logic is:

          The constitutional protections don't extend to the foreign nation. The protections are from the US govt. So, for example, a US agency would be violating the constitution if they forced someone to incriminate themselves, even if that person was in a country with no such protection.

        2. tom dial Silver badge

          Re: So the FBI's position is that it is legal for governments to hack US servers?

          Carrying a gun in the UK might be illegal under UK law but not under US law. UK law certainly would apply, and the US consul, in such a case probably would provide little or no assistance. But the act probably would not violate US laws. Similarly, the FBI might have violated the laws of Iceland but not those of the US.

  26. MrXavia
    WTF?

    Hold on... so they are saying they need no warrant to commit a crime in another nation? USA world police....

    1. tom dial Silver badge

      A US court's warrant would be valid outside the US only to the extent provided by treaty.

      It would be quite interesting to have a comment on this episode from an Icelandic attorney.

  27. Anonymous Coward
    Anonymous Coward

    similar to the way America claim to have the right to board/search/seize foreign ships in international water to combat drug trafficking

    1. Anonymous Coward
      FAIL

      ... or for any reason we can come up with such as arms-trafficing from North Korea to Iran, or vice-versa. Protecting merchant vessels is the actual job description but that got tossed as well. Now it's freedom on the open seas (international waters) if we happen to like you. Maybe.

  28. alain williams Silver badge

    Gary McKinnon

    I wonder what he would say about the idea that attacking computers in another country is OK and that those who do so are immune from prosecution ?

  29. Graham Marsden
    WTF?

    I just have to say...

    ... Oh, the IRONY!

    *cough* Gary McKinnon *cough*

    (PS Damn, I see alain williams just beat me to that one :-/ )

    1. tom dial Silver badge

      Re: I just have to say...

      Gary McKinnon violated US law by accessing government operated equipment. The US Government requested that he be extradited to stand trial in a US court, and the UK government, after a great deal of deliberation declined to do that. And the case is largely closed, although I would not recommend that Mr. McKinnon plan to vacation in the US.

      The corresponding scenario in the present case would be for the government of Iceland, if they believe Iceland law to have been violated, to request that the accused FBI personnel be extradited to stand trial in their courts. I do not know whether there is an extradition treaty in effect between Iceland and the US, or whether a request, if made under such a treaty, would be honored or declined as the UK did in the McKinnon case.

      In any event, the FBI is claiming only that they violated no US law and did not require a search warrant from a US court. We have yet to see what the judge will have to say about that and the defense argument to the contrary.

  30. sawatts
    WTF?

    Who are the bad guys again?

    While I've no sympathy for the alleged activities of Silk Road, its always amazing how the US agencies can turn themselves into the "bad guys" so regularly.

    So its okay for government agencies of one country to hack computers in another country, that they suspect of serving an interest contrary to their own? China will be happy (allegedly).

  31. 404

    Wait for it....

    ... Next Fed lawyers* will claim US air space or sea boundary applies here - packets become US property and subject to US law when being passed through American networks...

    /shame

    /bullshit

    *World would be a happier place without lawyers - get a 2-fer since most politicians are lawyers too. Just saying.

  32. Salamander

    Flee clauses

    In the offshore finance industry, there is such a thing as a flee clause. Suppose that you have an offshore trust that you are using for tax evasion. What you do is that you set the trust up with a flee clause so that if the FBI apply to the host country for a search warrant, the trust will automatically flee to another jurisdiction, typically by winding up the trust and transferring the assets to a trust located in another country.

    I do not know if you can set up flee clauses with web site and server hosting companies. But I can image the FBI want to use computer hacking so that they do not have to go through proper channels and hence activate flee clauses.

  33. steward
    Pirate

    It's not 4th Amendment, it's Article I, section 8!

    Attacking the infrastructure of another country - like Iceland - doesn't have anything to do with the 4th Amendment. It's an act of war against Iceland, and the FBI doesn't have the power to declare war - only Congress has that power.

    1. tom dial Silver badge

      Re: It's not 4th Amendment, it's Article I, section 8!

      Article I, Section 8, Paragraph 11 grants the Congress has the power "To declare War, grant Letters of Marque and Reprisal, and make Rules concerning Captures on Land and Water".

      To call subverting a privately owned server located in Iceland "attacking the infrastructure" and therefore an act of war seems quite a stretch. However, what the FBI is claimed to have done seems likely to fall into the "Captures on Land and Water" box, where the Constitution explicitly grants the power to the Congress. There might even be US law to cover what they did.

  34. John Savard

    Turnabout

    Now, if the directions were reversed, and somebody in a foreign country hacked computers in the United States, he could be extradited to the United States. The FBI, after all, is not the NSA, it is not a military espionage outfit, and so its agents are still private citizens who are not above the law - if they hack into computers in a country that isn't at war with the U.S., or at least close enough to an enemy country, not extraditing them could lead to problems in diplomatic relations with the ally involved.

  35. bluest.one

    Don't the Americans demand we extradite people who do that to them from here?

  36. JLV

    Sounds like sloppy police work, being explained after the fact

    I mean, how difficult would it have been to ask Iceland for cooperation for a clearly criminal entreprise?

    Granted, if it was a server in a known-to-harbor-miscreants state, they might have had reasons not to do so. But in this case?

    If I were the judge, I would not accept the government's "non-US server means open season on hacking" claim. Not least because the US will itself have a hard time making a case for for redress if its servers get hacked from abroad (cough, China, cough).

    Whether or not that should get Ulbricht off the hook is another story, he does sound like he deserves being put away for a while.

    Same crap as with the blanket eavesdropping - US law protecting individuals somehow does not apply when foreigners are involved. Good thing for them they are not a tinpot country somewhere, because no one would put up with that crap from a tinpot country.

  37. Oninoshiko

    I'm thinking the only way some of this can be replyed to is this:

    mu.

  38. e^iπ+1=0

    Don't give up your faith in US justice yet

    ... wait until the last avenue of appeal is over before giving up.

    At the moment the prosecution lawyers are attempting to validate some of the tactics being used, and get evidence deemed to be admissible.

    Maybe the alleged Silk Road bloke's lawyers can get some of this invalidated. At the end of the day it probably comes down to how much plausibly legal money he has available to pay for the (no doubt expensive) legal team needed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like