Judge Says FBI's Hacking Tool Deployed In Child Porn Investigation Is An Illegal Search

from the can't-just-go-wherever-you-damn-well-please dept

The judicial system doesn't seem to have a problem with the FBI acting as admins for child porn sites while conducting investigations. After all, judges have seen worse. They've OK'ed the FBI's hiring of a "heroin-addicted prostitute" to seduce an investigation target into selling drugs to undercover agents. Judges have, for the most part, allowed the ATF to bust people for robbing fake drug houses containing zero drugs -- even when the actual robbery has never taken place. Judges have also found nothing wrong with law enforcement creating its own "pedophilic organization," recruiting members and encouraging them to create child pornography.

So, when the FBI ran a child porn site for two weeks last year, its position as a child porn middleman was never considered to be a problem. The "network investigative technique" (NIT) it used to obtain identifying information about anonymous site visitors and their computer hardware, however, has resulted in a few problems for the agency.

While the FBI has been able to fend off one defendant's attempt to suppress evidence out in Washington, it has just seen its evidence disappear in another case related to its NIT and the "PlayPen" child porn site it seized (and ran) last year.

What troubles the court isn't the FBI acting as a child porn conduit in exchange for unmasking Tor users. What bothers the court is the reach of its NIT, which extends far outside the jurisdiction of the magistrate judge who granted the FBI's search warrants. This decision benefits defendant Alex Levin of Massachusetts directly. But it could also pay off for Jay Michaud in Washington.

The warrants were issued in Virginia, which is where the seized server resided during the FBI's spyware-based investigation. Levin, like Michaud, does not reside in the district where the warrant was issued (Virginia - Eastern District) and where the search was supposed to be undertaken. As Judge William Young explains, the FBI's failure to restrict itself to the location where the NIT warrants were issued makes them worthless pieces of paper outside of that district. (via Chris Soghoian)

The government argues for a liberal construction of Rule 41(b) that would authorize the type of search that occurred here pursuant to the NIT Warrant. See Gov’t’s Resp. 18-20. Specifically, it argues that subsections (1), (2), and (4) of Rule 41(b) are each sufficient to support the magistrate judge’s issuance of the NIT Warrant. Id. This Court is unpersuaded by the government’s arguments. Because the NIT Warrant purported to authorize a search of property located outside the Eastern District of Virginia, and because none of the exceptions to the general territorial limitation of Rule 41(b)(1) applies, the Court holds that the magistrate judge lacked authority under Rule 41(b) to issue the NIT Warrant.
The government deployed some spectacular theories in its effort to salvage these warrants, but the court is having none of it.
The government advances two distinct lines of argument as to why Rule 41(b)(1) authorizes the NIT Warrant. One is that all of the property that was searched pursuant to the NIT Warrant was actually located within the Eastern District of Virginia, where the magistrate judge sat: since Levin -- as a user of Website A -- “retrieved the NIT from a server in the Eastern District of Virginia, and the NIT sent [Levin’s] network information back to a server in that district,” the government argues the search it conducted pursuant to the NIT Warrant properly can be understood as occurring within the Eastern District of Virginia. Gov’t’s Resp. 20. This is nothing but a strained, after-the-fact rationalization.
As the government attempts to portray it, the search was wholly contained in Virginia because the NIT was distributed by the seized server in the FBI's control. But, as the judge notes, the search itself -- via the NIT -- did not occur in Virginia. The NIT may have originated there, but without grabbing info and data from Levin's computer in Massachusetts, the FBI would have nothing to use against the defendant.
That the Website A server is located in the Eastern District of Virginia is, for purposes of Rule 41(b)(1), immaterial, since it is not the server itself from which the relevant information was sought.
And, according to Judge Young, that's exactly what the FBI has now: nothing.
The Court concludes that the violation at issue here is distinct from the technical Rule 41 violations that have been deemed insufficient to warrant suppression in past cases, and, in any event, Levin was prejudiced by the violation. Moreover, the Court holds that the good-faith exception is inapplicable because the warrant at issue here was void ab initio.
The judge has more to say about the FBI's last ditch attempt to have the "good faith exception" salvage its invalid searches.
Even were the Court to hold that the good-faith exception could apply to circumstances involving a search pursuant to a warrant issued without jurisdiction, it would decline to rule such exception applicable here. For one, it was not objectively reasonable for law enforcement -- particularly “a veteran FBI agent with 19 years of federal law enforcement experience[,]” Gov’t’s Resp. 7-8 -- to believe that the NIT Warrant was properly issued considering the plain mandate of Rule 41(b).
The court doesn't have a problem with NITs or the FBI's decision to spend two weeks operating a seized child porn server. But it does have a problem with the government getting warrants signed in one jurisdiction and using them everywhere but.

The decision here could call into question other such warrants used extraterritorially, like the DEA's dozens of wiretap warrants obtained in California but used to eavesdrop on targets located on the other side of the country. And it may help Jay Michaud in his case, seeing as he resides a few thousand miles away from where the search was supposedly performed.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, child porn, fbi, hacking, nit, warrant


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 21 Apr 2016 @ 11:49am

    All Hacking Tools

    should be considered inadmissible.

    There is just no fucking way anyone with technical chops should ever believe the government when they say, we used a hacking tool to discover the presence of CP.

    For all anyone knows, they put the CP there! They did fucking hack the system!

    link to this | view in chronology ]

    • icon
      DannyB (profile), 21 Apr 2016 @ 1:05pm

      Re: All Hacking Tools

      I agree with your reasoning. But taken to its logical conclusion one could then argue for the physical world the same as what is found on a computer . . .

      Why should we believe any law enforcement when they say they found something in a search? After all, they could have planted it there.

      If law enforcement wants to be believed when accused of planting evidence, they need to act absolutely above reproach. However, they do not act that way. Quite the opposite.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Apr 2016 @ 1:32pm

        Re: Re: All Hacking Tools

        Nothing is above reproach.

        We should never ever, NOT EVER!!! Believe law enforcement!

        We should LOOK at the evidence they supply, and evaluate motivation on ALL sides and THEN make a determination if we should "accept" the "PROPERLY DOCUMENTED & LEGALLY GATHERED" evidence.

        You have already made the mistake of thinking that there was ever, or will ever, be a point in time where anything even associated with "Government" could ever be above reproach.

        Always suspect their motivations! It HELPS to keep them honest!

        link to this | view in chronology ]

      • identicon
        Andy, 21 Apr 2016 @ 5:50pm

        Re: Re: All Hacking Tools

        The gov and fbi and cops have all been found guilty of imprioning or charging people with crimes thay did not commit, I would say all cases should eb paused and new laws enacted that ensure no innocent person is ever charged with a crime , that evidence , solid evidence be presented to the courts in every case, no he said she said cases allowed. And if the fbi or any other gov organisation is found guilty of faking evidence, ignoring laws or encouraging people to commit crimes they should be punished.

        Just imagine all the CP that is now on the internet due to the fbi putting it there, this is sickening and if America cannot control its fbi then maybe other countries need to start suing them for making CP available in there country/.

        They should also be punished for doing such a terrible job that they allow a Paedophile to get away with a crime he possibly committed.

        link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 21 Apr 2016 @ 11:55am

    But the rules don't matter, because our targets are really bad guys!

    The laws aren't maybe kinda sorta guidelines, they are how things are supposed to be done. This sloppy kind of corner cutting hoping that the courts will suspend the rights of the accused because they are bad guys weakens the entire system. The fact an agency charged with upholding the law time and time again gets passes to the point where they feel they can ignore the law, suggests that serious reform is needed.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2016 @ 12:16pm

      Re:

      The FBI could have avoided this whole problem if they just went to a district judge who would have rubber stamped the order just like the magistrate judge.

      link to this | view in chronology ]

      • icon
        DannyB (profile), 21 Apr 2016 @ 1:10pm

        Re: Re:

        I think the FBI could avoid a lot of problems if they could get friendly, courteous, expedited drive through general purpose search warrants. Please pull around to the 2nd window.

        link to this | view in chronology ]

    • icon
      DannyB (profile), 21 Apr 2016 @ 1:07pm

      Re:

      If they use that argument
      But the rules don't matter, because our targets are really bad guys!
      Then they should be required to show these really bad guys are worse than those applying for and executing the warrant.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2016 @ 12:11pm

    I still think everyone involved in the illegal aspects of that should be treated the same as the pedos they went after.

    If yopu break the laws to uphold the laws, then you have no laws Especially if you are let off scott free for your crimes solely because you are treated as above the law.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2016 @ 12:21pm

      Re:

      Interesting strategy... talk about chilling law enforcement activities ;)

      If you charge an alleged criminal, and the charge is dropped due to incorrect procedure, the person(s) responsible do the time for the charges instead?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Apr 2016 @ 1:06pm

        Re: Re:

        When the incorrect procedure cannot be easily dismissed as being sourced by an inexperienced person new to law enforcement? Yes, YES they should be on the hook (the exact same charges) for willfully violating peoples rights.

        link to this | view in chronology ]

        • icon
          Groaker (profile), 21 Apr 2016 @ 1:10pm

          Re: Re: Re:

          Ignorance of the law is no excuse for civilians. Why should it be an excuse for law enforcement. LEOs are trained, and have free access to legal opinion. Civilians do not.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Apr 2016 @ 1:23pm

            Re: Re: Re: Re:

            Not sure this quite rises to that level.

            We are talking about incorrect procedures, not incorrect application of the law itself. It is likely not going to serve either the police or the citizens if we nail officers to the wall for every procedural misstep. All I am saying is that we can cut a bit of slack for the inexperienced... the newly trained do make mistakes, experience just helps them make less over time.

            In the case of incorrect application of the law, then HELL yea, I agree with you 100% ignorance is no excuse at any point in time. Maybe that is what the original AC meant and we are just stuck in semantics?

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 Apr 2016 @ 1:49pm

              Consequences for failure to follow procedure

              I have no problem with them not facing serious charges over a procedural misstep, provided that the misstep did not cause serious hardship to people outside law enforcement. In this case, if they searched the computer without a proper warrant, suppressing the evidence is right. If they stopped there, and did not actually arrest the target nor impound his property, then I think a written reprimand to the officers, as well as some retraining, would be sufficient. If, on the other hand, they acted on their illegally obtained information by raiding the target's property, then they should face harsher consequences. Specifics will vary based on how much trouble they caused with their unjustified raid. At minimum, they should be responsible for repairing both the reputational and physical damage their raid caused.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 Apr 2016 @ 5:33pm

              Re: Re: Re: Re: Re:

              I am talking about running a pedophile porn site and knowingly distributing child pornography all in order to catch those same sickos.

              There are strict laws against such things that the FBI knowingly and willingly did.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 21 Apr 2016 @ 6:06pm

                Re: Re: Re: Re: Re: Re:

                Yea the FBI never had any business creating a CP honey pot.

                Everyone involved should be rotting in jail with the exact same charges as those they accuse!

                There is ZERO room in a civilized society for allowing law enforcement to break the law just to catch or entrap a criminal.

                You might catch criminals this way, but the actual end result is in the government causing more crime than it is preventing! But hell we already know the government is not interested in creating a safe America, they want one where they can arrest any asshole they deem worthy on a whim!

                link to this | view in chronology ]

        • icon
          nasch (profile), 22 Apr 2016 @ 12:49pm

          Re: Re: Re:

          Yes, YES they should be on the hook (the exact same charges) for willfully violating peoples rights.

          That would just substitute one injustice for another. They should be charged with violations of rights and if convicted serve the time appropriate to that crime. Not serve time for some other crime that they didn't commit.

          link to this | view in chronology ]

  • icon
    djl47 (profile), 21 Apr 2016 @ 3:11pm

    What should law enforcement do in cases like this?

    Serious question: What should law enforcement do in cases like this? Law enforcement is attempting to identify suspects who are trafficking in child porn. The suspects use TOR to anonymize their identity and location. Law enforcement can deploy snooping tools planted on the suspects computers to unmask their identity and location. Does law enforcement need to get a warrant in every court jurisdiction where a suspect may be located? That sets the bar extremely high

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2016 @ 4:21pm

      Re: What should law enforcement do in cases like this?

      Infilitrate pedo rings just like every other criminal organization. The human element is always the weakest to exploit.

      link to this | view in chronology ]

    • icon
      nasch (profile), 22 Apr 2016 @ 12:50pm

      Re: What should law enforcement do in cases like this?

      Does law enforcement need to get a warrant in every court jurisdiction where a suspect may be located? That sets the bar extremely high

      If they find a suspect not in their jurisdiction, I assume they should forward the information to that jurisdiction and/or to the feds.

      link to this | view in chronology ]

      • identicon
        jp, 15 Apr 2017 @ 7:48pm

        Re: Re: What should law enforcement do in cases like this?

        can't forward it to them. the info was illegally obtained since they didn't have a warrant in that jurisdiction. even if using that info they found other evidence if they only found it because of that info it would be inadmissible. that is why they shouldn't be able to legally collectthis info without a nationwide warrant

        link to this | view in chronology ]

  • icon
    djl47 (profile), 21 Apr 2016 @ 4:57pm

    Isn't that what they did in this case? They infiltrated the ring by assuming control of the server. They used the server to get IP addresses from the suspects computers. An address that is part of every communication your system has with the internet.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2016 @ 5:35pm

      Re:

      they distributed pictures of children for 2 weeks.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Apr 2016 @ 6:09pm

        Re: Re:

        correct, either way the children were exploited.

        I think it sends a clear message about the moral and intellectual integrity of law enforcement to make the literal claim that "It's okay for us to run a CP site, but NOT YOU!"

        I bet those sick bastards were enjoying every minute of it, only act out a sullen face the moment the cameras were rolling!

        link to this | view in chronology ]

    • identicon
      John Paul Howard Logan, 15 Apr 2017 @ 7:53pm

      Re:

      not exactly. they connected to the server using tor so in order to get the ip addresses they had to send malware to the computers to send out a message on the regular internet containing this info. if they just looked at the ips connecting to them all they would see is the last tor relay. in tor when you send to a server it goes to a relay then sent to another and another till it gets to the destination then it is sent back similarly through relays. the location of both end computers is not revealed

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2016 @ 12:42am

    Non facias malum ut inde veniat bonum.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 7:05am

      Re:

      translated... (latin)

      you should not make evil in order that good may be made from it

      link to this | view in chronology ]

  • identicon
    unby, 2 Jul 2016 @ 12:38pm

    outbound

    Always suspect their motivations! It HELPS to keep them honest! Law enforcement is attempting to identify suspects who are trafficking in child porn. Law enforcement can deploy snooping tools planted on the suspects computers to unmask their identity and location.
    They should also be punished for doing such a terrible job that they allow a Paedophile to get away with a crime he possibly committed, if the fbi or any other gov organisation is found guilty of faking evidence, ignoring laws or encouraging people to commit crimes they should be punished.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.