If the FBI believes you have committed a crime—for example, setting up a massive ecstasy laboratory inside an insulated sea/land container near Escondido, California—they have the power to gather "pen register" information on you without a warrant. This information includes phone numbers dialed, IP addresses of web sites visited, and e-mail addresses contacted. But can the government collect this information from a person's PC using spyware and still do so without a warrant?

That question was raised by the widely-covered Ninth Circuit ruling in US v. Forrester. The court ruled that the FBI has the right to electronic pen register information like e-mail addresses, but it did not say how the FBI had gathered this information. That led commentators to wonder if the FBI was using the CIPAV spyware that it has deployed in other recent cases (in the linked case, a warrant was obtained before CIPAV was used) to gather this information. If so, was the court really saying that the Feds could go around implanting spyware on computers with only minimal judicial oversight?

Apparently not. The sharp eyes at Wired note that the court has now amended the ruling in the US v. Forrester case to remove this ambiguity. The brief addition (PDF) simply states that the surveillance in question was done the traditional way, at a local ISP office. In this case, the data was collected using a "mirror port" on a PacBell Internet router in San Diego.

While the court does not come out and say that the FBI does need a warrant before installing CIPAV on a suspect's computer, the new language certainly suggests that the court is attempting to limit the scope of its initial ruling so that it applies only to more traditional pen register tools.