NewYorkUniversity
LawReview
Issue

Volume 90, Number 2

May 2015

Botnet Takedowns and the Fourth Amendment

Sam Zeitlin

The botnet, a group of computers infected with malicious software and remotely controlled without their owners’ knowledge, is a ubiquitous tool of cybercrime. Law enforcement can take over botnets, typically by seizing their central “command and control” servers. They can then manipulate the malware installed on private computers to shut the botnet down. This Note examines the Fourth Amendment implications of the government’s use of remote control of malware on private computers to neutralize botnets. It finds that the government could take more intrusive action on infected computers than it has previously done without performing a search or seizure under the Fourth Amendment. Most significantly, remotely finding and removing malware on infected computers does not necessarily trigger Fourth Amendment protections. Computer owners have no possessory interest in malware, so modifying or removing it does not constitute a seizure. Additionally, even if the government’s efforts cause some harm to private computers, this will rarely produce a seizure under the Fourth Amendment because any interference with the computer will be unintentional. Remotely executing commands on infected computers does not constitute a search under the Fourth Amendment unless information is returned to law enforcement.