Here’s a fascinating issue that just led to an unusual opinion by Magistrate Judge Stephen Wm. Smith of the Southern District of Texas, who is no stranger to the Volokh Conspiracy for his, um, unusual opinions. The issue: What are the legal standards for the government to search a hacker’s remote computer to determine the hacker’s identity and location? In this case, someone hacked the e-mail account of a victim in Texas and used the e-mail account to access the victim’s bank account. After the unauthorized access to the account was blocked, the hacker set up an e-mail address almost (not not quite) identical to the real e-mail account and tried to wire money to a foreign bank. The location of the hacker is unknown, although there are signs that he is abroad: The most recent IP address resolved to a country in Southeast Asia. In this case, the government applied for a search warrant to remotely access the intruder’s computer and search it for evidence of who the intruder is and where he located.
I. Magistrate Judge Smith’s Denial of the Warrant Application
The application went before Magistrate Judge Smith, who denied the application for a warrant. As his occasional practice, Smith authored a published opinion, forthcoming in the F. Supp.2d., explaining the different reasons why he denied the warrant application. As far as I can tell, he did not ask for briefing on the issue; he just issued the opinion based on his own research. Anyway, here are the three reasons he offers for denying the application:
1) Rule 41 of the Federal Rules of Criminal Procedure generally only authorizes warrants to search property inside the magistrate’s own district. Because the location of the computer that will be searched is unknown, the magistrate does not have sufficient assurance […]