From the judge's ruling:
"Just as Justice Breyer wrote in concurrence that a police officer who peers through broken blinds does not violate anyone's Fourth Amendment rights, jd. at 103 (Breyer, J., concurring), FBI agents who exploit a vulnerability in an online network do not violate the Fourth Amendment. Just as the area into which the officer in Carter peered - an apartment - usually is afforded Fourth Amendment protection, a computer afforded Fourth Amendment protection in other circumstances is not protected from Government actors who take advantage of an easily broken system to peer into a user's computer"
The keywords are "exploit a vulnerability". In that sense, I'm inclined to agree with the judge.
Put another way, are broken blinds all that different from an unsecured (though attempting to be secured) network?
The counter might be: using an exploit of any kind is akin to first breaking the blinds yourself.
My counter would be that broken blinds are self-evidently broken, and the owner knows that they don't serve their intended purpose.
The same is not true of broken computer security, where usually the owner believes that the security feature does its job.
I'd say a better analogy would be a lock. The owner believes that the lock works and will keep people out. The fact that the lock can be picked doesn't mean everyone should expect their locks to be useless, nor does it allow the police to pick a lock to get into someone's house without a warrant.
I think this is akin to saying that windows and doors are vulnerable to rocks and bump keys/battering rams, respectively. In the case that police take advantage of the real world counterparts, they're expected to have warrants despite the "vulnerability" because the owner has the expectation that most decent people (the general public) won't exploit it. The standard is whether a member of the public could happen to see inside, not whether it's feasible for them to if they really wanted to.
A broken blind is more comparable to a server (http, ftp ...) with no authentication/password, maybe just for some directories that should have been protected. Also, wifi with no password.
Exploiting a vulnerability is more like using a bump key or picking the lock on the door. Would it be weird if the cops could pick the locks on your door without a warrant (you know they're all crap locks because hardly anyone knows the difference).
The analogy seems to break down a bit. Given that peering through broken blinds likely doesn't violate any laws but exploiting vulnerabilities does run afoul of CFAA (see 18 USC § 1030, a.2.C), merely "peering through the blinds" seems like bad faith.
The CFAA exempts law enforcement agencies so I don't think you are correct.
>This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States
Yes, and even if it didn't specifically exempt them it wouldn't necessarily affect the rules of evidence/fourth amendment stuff. My point was that "if a regular guy did this it would be a crime so maybe it's not quite the same as looking through the blinds."
The difference is the action, right? Suppose there were drapes on the outside, operable from the outside -- could the police operate them to make the window viewable?
The keywords are "exploit a vulnerability". In that sense, I'm inclined to agree with the judge.
Put another way, are broken blinds all that different from an unsecured (though attempting to be secured) network?
The counter might be: using an exploit of any kind is akin to first breaking the blinds yourself.