>In any event, even if the FBI had somehow “hacked” into the SR Server in order to identify its IP address, such an investigative measure would not have run afoul of the Fourth Amendment. Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise. See United States v. Vilar, 729 F.3d 62, 86 (2d Cir. 2013) (Fourth Amendment warrant requirement does not apply extraterritorially); In re Terrorist Bombings of U.S. Embassies in East Africa, 552 F.3d 157, 167 (2d Cir. 2008) (same). At most, any search of the SR Server needed only to be “reasonable” – that is, justified by “legitimate governmental interests.” Vilar, 729 F.3d at 86. Given that the SR Server was hosting a blatantly criminal website, it would have been reasonable for the FBI to “hack” into it in order to search it, as any such “hack” would simply have constituted a search of foreign property known to contain criminal evidence, for which a warrant was not necessary.
It probably wouldn't have mattered, because the overwhelming majority of the evidence in the trial came from Ulbricht's laptop, which the USG searched both under a warrant and incident to Ulbricht's arrest --- an arrest for which they had some probable cause prior to the SR server search. There's also a doctrine of "inevitable discovery" with implications here as well.
The prevailing wisdom about this case seems correct: what shattered Ulbricht's legal defense was his utterly slipshod OPSEC.
Actually, an IRS agent found Google search results that tied him to Silk Road:
"That search led him to a thread on bitcointalk.org called 'A Heroin Store.' One of the posts there was from a user named 'altoid' who gave instructions on how to access Silk Road.
'You guys have a ton of great ideas. Has anyone seen Silk Road yet?' altoid wrote. 'It’s kind of like an anonymous Amazon.com. I don’t think they have heroin on there, but they are selling other stuff. They basically use bitcoin and tor to broker anonymous transactions.'
Once Alford had the username, the rest was as simple as clicking around. In a separate thread, altoid posted that he was looking for an IT pro. 'If interested, please send your answers to the following questions to rossulbricht at gmail dot com.'
That’s all Alford needed to get a warrant to gain access to that email. By comparing the data found in the email to the data found on Ulbricht’s laptop, the government has created an even more convincing argument that Ross Ulbricht is, in fact, Silk Road’s Dread Pirate Roberts."
It's not legal to spy on citizens. Assuming the NSA (and likely not the FBI) held illegally seized data, it still wouldn't be admissible as evidence in a trial.
This was countered, above, in the states own motion.
Basically, 1.) that's not how they did that, 2.) even if it was, it wasn't illegal, as they did not know at the time of the search that the server belonged to a citizen and 3.) Ulbricbht hasn't even admitted the server was his so how could we have violated his rights if the server didn't belong to him in the first place?
People keep wanting to insist the government did something illegal here, but as far as I can tell, there's no evidence that speaks to that.
It actually requires neither. As many lawyers have pointed out in various threads, the defense team could have claimed the server was Ulbricht's property before trial, and had the motion failed, denied so during trial - so long as he never testified.
I suppose it is slightly weird, but it kinda makes sense from a "lawyered!" perspective.
He was possibly the first person to ever post about Silk Road. A few months later, that same user is recruiting for a "lead developer in a venture backed bitcoin startup company" conveniently avoiding specifics. If you recall, they also seized a package sent to Ulbricht containing nine fake IDs with different names in July 2013 (he was arrested three months later). Cumulatively, that's probably enough to merit suspicion/the issuance of a warrant to search his e-mail.
There is literally nothing unusual about "conveniently avoiding specifics" in a tech recruiting post. It's not even a tiny bit suspicious.
He may or may not have been the first to post about Silk Road on Bitcointalk, or anywhere for that matter, but that seems awfully thin ground for getting a warrant.
I'm surprised HN seems to be in favor of such action.
If someone is the first to post about a particular site specializing in illegal transactions, and it's publicly determinable that they were, before that, soliciting for developers familiar with the kind of infrastructure the site would need, and, that person also is the intended recipient of a package of false identity documents, and...
...things add up and produce enough cause to get a warrant. Given the analysis from opsec people, it's not surprising that there was eventually a warrant and an arrest and a trial; given that he was leaking so much information about who he was and what he was doing, the surprising thing is that the feds didn't catch him even sooner.
> He made the post mentioning Silk Road on Jan 29, 2011.
which was apparently the first mention. So, as far as the agent could tell, this was the first person to mention Silk Road on the open Internet. That's what's reasonable.
(Also, from a pure Bayesian POV, the fact that it nailed DPR on the very first try goes a lot towards demonstrating its relevance. NB: this parenthetical is not a legal argument; otherwise you could justify any search that turns up evidence.)
Along these lines, someone once tried to convince me that governments should be allowed to use evidence no matter how they get it. He basically proposed that police could go into someone's house to search without a warrant, but if they didn't find anything then the police could be prosecuted, which makes them only do it if they have a really strong reason to think they'll find something. It was a surprisingly good argument for something that many people would instinctively flinch away from.
Anyway, my answer was that if the police really had such strong suspicion of someone and they were right, they've got to have enough to get a warrant anyway, which is similar to what you're saying.
Also if they expected to face prosecution were they not to find anything, you might expect them to often 'find' things whether they were there or not...
To you, there might be "literally nothing" suspicious about it, but when that user's previous post on the forum discussed Silk Road, likely for the first time ever, a law enforcement officer, having few leads to go on, might feel inclined to investigate that individual further. Again, there's also the tiny detail about a package with nine fake IDs being sent to Ulbricht in July 2013. DHS agents confronted him about it around that time: "The photos also matched his Texas driving license, which the DHS investigators asked to see. All of this happened around the same time that Dread Pirate Roberts was discussing obtaining fake IDs on Silk Road, the FBI affidavit said. The FBI put the final piece of the puzzle in place by pulling Ulbricht's Texas driving license and comparing it with the license that Ulbricht showed the DHS. The numbers matched. At this point, it must have considered that it had enough evidence." http://www.coindesk.com/ross-ulbrichts-silk-road-head-smacki...
You can't just look at the individual bits of evidence in isolation to determine whether there was probable cause, you have to look at it all together.
There's nothing suspicious about the recruitment ost, but it does contain his contact details. There is somethin gsuspicious about the 'have you heard about this great new site' post - a classic come-on - but it lacks identifying information about the author. One post provides the probable cause, the other supplies information about where to pursue further information.
Right, so the whole 'probable cause' is built on one post about Silk Road. As I say, that seems an awfully thin reason to go digging in someone's email.
I couldn't care less one way or the other about Ulbricht or Silk Road. Not my circus, not my monkeys, as they say.
But I do think it's disturbing one moderately suspicious post is enough to have your privacy violated.
I don't disagree, but given the highly illegal nature of the business (whether or not it ought to be legal is a separate, political question; I'd say yes, but as the law stands something like silk Road is clearly not legit), and Ulbricht's post being the social origin of public awareness, how is it not suspicious? If you can't find any earlier sign of its existence, it's reasonable* to suspect the social origin coincides with the operational origin. Remember he also posted (under the same username, altoid) to the Shroomery (a website dedicated to the consumption of psychedelic mushrooms) and set up a wordpress page with the basics of access and an invitation to come and sell drugs through there: http://web.archive.org/web/20110204025853/http://silkroad420...
I would imagine the FBI asked Wordpress for their logged data about that, which could have provided them with additional circumstantial evidence.
* in the legal sense of being arguable via logic, as opposed to an inexplicable decision based on intuition or unthinking application of dogma.
He had deleted the original comment, but someone had replied and copied the text. He subsequently posted an ad for job postings with the same username and his personal email address (I think rossulbricht@gmail.com).
Basically, he was about as sloppy as it gets if you're running a criminal drug enterprise. Also, his confidant, Variety Jones/Cimon, hinted that he had done some research on Ulbricht and found some stuff. He was absurdly cocky about evading law enforcement. Makes you wonder if he has some kind of psychological disorder.
HN has a timed limiter for nested replies that grows in length depending on nested depth, mainly to stop flame wars. You have to wait a few minutes or take the hint that the thread is getting too deep.
Interesting workaround, but that doesn't make what I said untrue does it? It just sounds like they put the MVP in and never completed the functionality.
There is no source on that because it isn't true[1].
Ulbricht was found via the server - all evidence that came as a result of that (including the laptop) would have been dismissed if a 4th amendment appeal was successful.
The only evidence found outside of the server chain was the posts to the Shroomery and Bitcointalk - and as the link in grandparent comment points out, this is not sufficient probable cause for a search warrant (and a search warrant on the Gmail in any case would still not have linked Ulbricht to DPR sufficiently)
[1] right in the second paragraph of article linked in grandparent comment:
> The arrest of Ross Ulbricht got its start when the FBI somehow discovered the real location of the Silk Road server in Iceland.
and
> Every shred of evidence except for two “hey, I found this site” posts derives solely from the server seizure.
Basically USA claimed to be using the CoE Convention on Cybercrime in order to have the server raid performed. But that convention requires that USA's government bodies extend the same legal protections to those in other countries as if they were USA citizens within their own jurisdiction (and the other country has to provide the safeguards of their own law too). That is, if the Fourth protects Ulbricht if he was in USA then the same protections must be applied.
This is very sensible. It means that parties can't go off on hunting expeditions and treat the citizens/subjects of other countries in the [convention's] union worse than they treat their own citizens.
Now the testimony I linked to in that prior post at once claimed that the CoE Convention was being used and claimed they weren't certain. To me that strongly suggests the USA government agent(s) was attempting to deceive whilst under oath, perhaps not strictly lying but certainly not being helpfully informative - perhaps they realised after the fact that they'd failed to abide by the convention and so claimed it was maybe "comity" in order to have a get out clause when the issue of safeguards was raised?
> ">In any event, even if the FBI had somehow “hacked” into the SR Server" //
So, such an unauthorised intrusion may not have run afoul of the Fourth, perhaps, but it would either have broken the domestic law or breached obligations under international conventions depending on if they sort permissions from Sweden first or not. [and possibly neither if they established a protocol that bypassed international agreement].
From where I'm viewing it seems USA don't really care about the application of the rule of law neither in USA nor in other countries when it comes to USA government agents.
I think you may be reading too much into the treaty. It isn't clear to me that it demands countries extend all domestic protections (but I have not read it terribly closely). I see where it says the laws they pass to comply with the treaty should provide protections.
Beyond that, I don't think it obligates the US and Iceland to cooperate solely under that framework, what it does is create a situation where if the US comes to Iceland with a proper warrant, Iceland is obligated to comply with that warrant. If the FBI just wants to send the police in Iceland a tip and Iceland does something based on that tip, well, that's that.
>I don't think it obligates the US and Iceland to cooperate solely under that framework //
Yes, agreed. But the statement by the FBI [cf previous Scribd link] claimed they used the Convention to acquire cooperation.
>"Although the Complaint and search warrants in this case refer to the request as a “Mutual Legal
Assistance Treaty request,” this description is not technically correct, as the United States does
not have an MLAT with Iceland. The request was instead an official request to Iceland issued
pursuant to the 2001 Council of Europe Convention on Cybercrime and other relevant law of
Iceland, and as a matter of comity."
That statement is sketchy as anything ("we said it was MLAT but it wasn't"): it absolutely _looks_ like they concocted the rationale allowing the search after the fact and without due process.
I'm not sure if the treaty has anything about bypassing its terms either.
The request was instead an official request to Iceland issued pursuant to the 2001 Council of Europe Convention on Cybercrime and other relevant law of Iceland, and as a matter of comity." isn't sketchy. It's 3 reasons Iceland would cooperate with a request from the US.
I really have no idea if the MLAT error would matter or not, but if the lawyer writing the brief is aware of the mistakes in the previous documents, it'd be way sketchier to not mention it.
The initial claim is they used MLAT. But then the FBI claimed they didn't, because they don't have an MLAT treaty in place - doesn't that seem a little, um, unprofessional at least not to even know the legal status of their own request. When they documented the phone call to the officials in Iceland what did they write down, what did they say was the legal basis for the investigation? It sure looks like they didn't have a basis at that point beyond need for the investigation.
It doesn't look like a mistake beyond the "we got caught in a lie" type of mistake.
For avoidance of doubt I don't personally think that this should invalidate the evidence gained. To me the truth is important. However, the officials involved if proven to be acting without legal rationale and without attention to due process and the rule of law should be heavily punished. Indeed if my reading of the CoE Convention is correct then an official apology would be due to Iceland for breaching the terms of the Convention as well.
When they documented the phone call to the officials in Iceland what did they write down, what did they say was the legal basis for the investigation? It sure looks like they didn't have a basis at that point beyond need for the investigation.
I'm not sure what you are getting at here. I imagine the call went something like:
US: "We think we've found [blah blah blah]. We'd like you to seize the server."
Iceland: "Eh, OK, sounds good."
Then, if the statements that RMP followed Icelandic law are not a fabrication, they would have continued on until the RMP felt they had sufficient information to get their warrant or whatever.
I don't think the Icelandic government or police would have treated the FBI as an adversary.
You don't think Iceland wants to know why, or ensure that the action is lawful? Ordinarily speaking a democratic state doesn't have blanket powers to do as it pleases - the Icelandic authorities are bound by their own and EU laws, and other treaties.
I'm not suggesting they'd treat a request adversarially, I'm suggesting that they'd need to get evidence to apply to a court for a warrant (or whatever the local procedures are) under local laws or they'd need to ensure the operation met the requirements if the request was under CoE Convention say.
Perhaps I have too high an opinion of law enforcement agencies and the idea[l] of rule of law is just a charade?
Iceland are signatories to the ECHR for example which extends property and privacy rights.
It doesn't make sense to assume that the RMP (police in Iceland) failed to follow Icelandic law. Especially when the memorandum you linked says they followed local law and applied for a warrant (or so).
Subsequently, after obtaining the legal process required under Icelandic law to search the server, and after consulting with U.S. authorities concerning the timing of the search, the RMP covertly imaged the server and shared the results with the FBI on or about July 29, 2013.
It's certainly possible that the memo is full of misrepresentations or that the FBI mislead the RMP, but I don't think it is so likely that it should be assumed to be the case.
Even if the US was given the information in violation of Iceland law, which I'm not convinced of, it wouldn't have any bearing on what happens in a US court. My point stands completely.
And if Iceland gave over the info in error, that's their problem, not the US's.
The law they claimed to use to require Iceland to do the search also requires that USA provide the same protections as if the suspect and search had been made in the USA. USA of course can renege on their agreement to abide by the Convention but under rule of law it should have an effect on the US court.
If Iceland did the USA's bidding and in doing so contravened the USA's Convention agreement then it certainly looks like that should be the USA's problem - in practice USA don't seem to care about that sort of thing. The international community shouldn't allow USA to act unlawfully to parties just because they're not on USA soil.
What I'm saying is that it looks like the USA's request required them to provide certain legal protections that they didn't extend. It seems like they were prepared to flout the rule of law in order to apprehend DPR. The ends are right but I don't think they entirely justify the means.
There was at least one entry in Ulbricht's diary file with an entry like 'leaked real IP again'. If you believe Ulbricht actually wrote the diary file.
The government says https://ia600603.us.archive.org/21/items/gov.uscourts.nysd.4...
>In any event, even if the FBI had somehow “hacked” into the SR Server in order to identify its IP address, such an investigative measure would not have run afoul of the Fourth Amendment. Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise. See United States v. Vilar, 729 F.3d 62, 86 (2d Cir. 2013) (Fourth Amendment warrant requirement does not apply extraterritorially); In re Terrorist Bombings of U.S. Embassies in East Africa, 552 F.3d 157, 167 (2d Cir. 2008) (same). At most, any search of the SR Server needed only to be “reasonable” – that is, justified by “legitimate governmental interests.” Vilar, 729 F.3d at 86. Given that the SR Server was hosting a blatantly criminal website, it would have been reasonable for the FBI to “hack” into it in order to search it, as any such “hack” would simply have constituted a search of foreign property known to contain criminal evidence, for which a warrant was not necessary.
which seems reasonable.