Phil Fairbanks reports:
When the FBI uncovered a scammer targeting Wegmans two years ago, agents hacked into the suspect’s computer in an effort to learn his identity.
The hacking, approved by a judge, involved an email and attachment that, when opened, connected the suspect’s computer to an FBI server.
A new lawsuit in Buffalo federal court says the Wegmans case is just one example of how the government is now using hacking in ordinary, day-to-day investigations, and not just in national security and foreign intelligence probes.
Read more on The Buffalo News. They don’t seem to give the case information, but I’m embedding the complaint, filed in federal court for the Western District of New York, below so you can read it all for yourself.
pi_v._fbi_-_hacking_foia_-_complaint_-_as_filed
There seems to be a lot to unpack here. I am not an attorney, but it seems to me that the Wegmans reverse hack isn’t that controversial, given (as I understand it) it was a targeted investigation toward one individual and was authorized by a court via a search warrant. Although the specific identity of the individual doesn’t appear to have been known in advance, this doesn’t sound like an overly broad effort in which uninvolved parties could have been caught up.
The FOIA requests that are not being properly responded to should be enforced by the court, although the entities involved seem to believe that this suit will magically lead to a change in investigatory methods, which seems a stretch to me. I don’t see that they have standing to follow-up the FOIA lawsuit to sue on the merits of warrantless or overly broad searches. I’d guess they’ll eventually get the FOIA responses, the interesting facts will be redacted (to protect investigatory methods) and that will be the end of it.
Lastly, the policy issues of overly broad searches using new forms of technology are best dealt with by Congress, who to date has shown little appetite to reign in law enforcement on 4th amendment issues (no politician wants to be seen as soft on crime). The courts may smack down specific search methods periodically, but it’s hard to see the courts broadly redefining privacy rights absent an act of Congress.