The American Civil Liberties Union (ACLU) has filed a motion in the U.S. District Court of Maryland to allow access to a 2013 search warrant which authorized the FBI to use malware against TorMail users.
The motion was filed in an attempt to discover the scale of the agency’s hacking campaign, and whether it included people not suspected of a crime among its targets. The malware was delivered via the landing page of Freedom Hosting, which hosted TorMail and other Tor hidden services, and which was seized by the FBI in the summer of 2013.
After the seizure, a maintenance notification message was delivered to visitors to Freedom Hosting’s website, and according to a report by Motherboard, also to TorMail users. The page containing the message also included malware designed to see through the Tor networks anonymity.
Earlier this year, The Washington Post confirmed the FBI’s use of a “network investigative technique” or NIT against TorMail, citing sources who said the bureau had obtained a warrant listing specific TorMail accounts for which the standard of probable cause had been met. However, a TorMail user told Motherboard that the malware was activated and captured the user’s IP address when they visited the site, not when they logged in, begging the question of how the surveillance could have been applied only to those email addresses specified in the warrant. The ACLU is seeking the unsealing of the docket sheet containing the search warrant.
“When we obtain a warrant, it’s because we have convinced a judge that there is probable cause that we’ll be able to find evidence in a particular location,” a senior Justice Department Official told The Washington Post at the time.
“That the FBI engaged in a bulk hacking operation against all visitors to TorMail, which had many lawful, valid uses, raises serious concerns about the appropriateness of bulk hacking, and the extents to which courts should be authorizing and supervising such operations,” wrote ACLU attorneys Brett Kaufman, Nathan Wessler, and David Rocah in the motion filed last week.
Further, the ACLU says, the legislative branch of the U.S. government has never explicitly authorized the FBI’s hacking techniques, despite years of use, and a public dialogue informing legislative action requires a full understanding of the scope of the agency’s use of hacking techniques.
“To date, the only publicly accessible warrants authorizing the FBI to engage in bulk hacking have targeted websites that are dedicated to the distribution of child pornography, and, as a result, the government has been able to assert probable cause that everyone visiting the sites is engaged in a crime. The TorMail website, in contrast, was not dedicated to the distribution of child pornography—it was a free, anonymous email service that had many users who were using it to protect their lawful private communications,” according to the motion.