Yet Another Court Says FBI's Hacking Tool In Child Porn Case Was An Illegal Search

from the the-4th-amendment-matters dept

Just last week, we wrote about another ruling in one of the many cases kicked off when the FBI took control over a Tor-based child porn site, called Playpen, and ran it for two weeks. While the courts have said that it was okay for the FBI to run a child porn service for two weeks as part of a sting operation, they've been having a lot more trouble with the fact that the FBI then used its control over the service to infect any visitor with malware in order to figure out who they were. In the ruling last week, in the case against Alex Levin, in the Massachusetts District Court, the court said that the malware/hacking tool represented an illegal search under the 4th Amendment and suppressed the evidence. The key issue was that the warrant was issued for searches in the Eastern District of Virginia, but Levin clearly was not there.

Now a court in the Northern District of Oklahoma, in a case against Scott Arterbury, has more or less reached the same conclusion. Specifically, Artebury's lawyers pointed out that his computer was "seized" by the malware (called the Network Investigative Technique or NIT), and that was clearly in Oklahoma, beyond the bounds of the warrant. The government tried to play some games, arguing that it was the data that was seized in Virginia when it accessed the FBI-hosted site. The court doesn't buy it. The NIT acted in Oklahoma, not Virginia:
The Court is not persuaded by this argument. The property seized in this instance was Arterbury’s computer, which at all relevant times remained in Oklahoma. The NIT warrant allowed the Government to send computer code or data extraction instructions to Arterbury’s computer, wherever it was located. The Government “seized” that computer and directed it to send certain information to the Government – all without Arterbury’s knowledge or permission. Arterbury’s computer was never in the Eastern District of Virginia and subsection (b)(2), therefore, does not apply. Furthermore, even if the property seized was electronic information, that property was not located in the Eastern District of Virginia at the time the warrant was signed. This information only appeared in Virginia after the Warrant was signed and executed and the Government seized control of Defendant’s computer in Oklahoma.
None of this, of course, is to absolve those who were actively engaged in activities around child pornography. But, as the judge notes, the FBI could have easily gotten an appropriate warrant:
Furthermore, the drafters of Rule 41 knew how to avoid the territorial limit on issuance of warrants when they wished to do so. Rule 41(b)((3) removes the territorial limitation in cases involving domestic or international terrorism. In such cases, a magistrate judge “with authority in any district in which activities related to the terrorism may have occurred has authority to issue a warrant for a person or property within or outside that district.” Rule 41(b)(3). The drafters of Rule 41 could easily have included child pornography in Rule 41(b)(3) and, thereby, avoided the territorial limitation of Rule 41(b)(1) & (2). They did not do so. The Court can only conclude that they did not intend to remove the territorial limit in cases such as the one before the Court.
The court then delves a bit deeper to determine if it should order the evidence suppressed. Even in some of the other cases where the court found the NIT to be an illegal search, it still allowed the evidence to be used, often because of the "good faith exception." But not here. After a long discussion about the good faith exception... the court explains it just doesn't apply here, because this wasn't just a technical error, but an error that destroys the entire warrant.
I conclude that where the Rule 41 violation goes directly to the magistrate judge’s fundamental authority to issue the warrant, as in the violation presented here, it is not a “technical violation” of the Rule. The warrant is void ab initio, suppression is warranted and the good-faith exception is inapplicable.
Once again, it's looking like the FBI and DOJ's failure to respect the 4th Amendment means that evidence will be suppressed.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, alex levin, doj, fbi, illegal search, nit, playpen, scott arterbury


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    GrooveNeedle (profile), 27 Apr 2016 @ 8:58am

    What Protects Child Pornographers More?

    The anti-encryption crowd, with their constant cries of "think of the children", really need to ask themselves if encryption is the problem, or if the FBI/DOJ's complete disregard for constitutional protections is.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 27 Apr 2016 @ 10:26am

      Re: What Protects Child Pornographers More?

      No! The children are more important! The judge is bad, cops should be allowed to execute pedophiles on sight. /derp

      link to this | view in chronology ]

  • identicon
    I.T. Guy, 27 Apr 2016 @ 9:20am

    LEO's like child porn. Especially when it's one of their own posing as a teen trying to get teenage girls to sleep with him. I'd bet some of the cops brought in their thumb drives to fill up in the 2 weeks they were hosting child porn.
    -
    The below article made me lose the last shred of respect I had for cops:
    https://www.techdirt.com/articles/20121022/19034720796/police-department-rewards-officer-caught -online-pedophile-sting-with-full-retirement-benefits.shtml

    They are all liars and thieves. Period.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Apr 2016 @ 12:24pm

      Re:

      don't forget traitors to the oath they swore upon becoming police officers.

      link to this | view in chronology ]

  • identicon
    Rule 41 Stickler, 27 Apr 2016 @ 10:25am

    The assertion that "the FBI could have easily gotten an appropriate warrant" seems a little misleading, or at least does not follow from the quoted text that follows the assertion. The court's analysis of Rule 41(b)(3) notes that the drafters of the rule could have built in a carve-out for child pornography, just as they did for terrorism, but they did not do so. Thus the court is reiterating the point that it was NOT easy for the FBI to obtain a warrant authorizing malware use in this case; the drafters didn't give them the same type of "out" as the one that exists for terrorism investigations.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 27 Apr 2016 @ 10:30am

      Re:

      Even if it's true they could have waited some time before deploying the method. Or at least done it if they felt there was urgency and warned the courts to examine the whole thing. If the courts said ok then ok.

      I'm not saying it isn't true by the way, I'm merely speculating on a point I don't have knowledge about. Even if law enforcement absolutely needs to take immediate action there are means to do it legally and make the evidence collected valid to the courts.

      link to this | view in chronology ]

      • identicon
        Rule 41 Stickler, 27 Apr 2016 @ 10:46am

        Re: Re:

        A judge in Levin v. U.S., another case related to this same warrant, indicated that the FBI could have secured a valid warrant by going to a district court rather than a magistrate judge: "[u]nlike magistrates, the jurisdiction of district courts is usually defined by subject matter and parties rather than strictly by geography." So I think you are right that the FBI had other options here.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Apr 2016 @ 10:26am

    When is the news going to start reporting that the FBI is just inept at doing their job. It's not hard to get a warrant. Especially when it does involve "the children". Anywhere else but the government the employees would be fired for costing the company so much money for their ineptitude.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Apr 2016 @ 12:30pm

      Re:

      this is more premeditation to commit felonies than just being inept

      link to this | view in chronology ]

  • icon
    DB (profile), 27 Apr 2016 @ 10:39am

    This was such an obvious attempt at judge-shopping for a warrant, I have to wonder if there isn't strategic element.

    Even more than terrorism, child pornography is a hot-button topic. You can get almost anything by saying 'child porn'. Especially when it's the real thing, not "is she 15 or 18" that sometimes gets lumped into the term.

    First, why go to a magistrate judge? Perhaps because the judge has a reputation of being a rubber stamp. This technique of planting malware on remote machines while operating a criminal enterprise might not pass muster with other judges. But once you get convictions, there is a precedent that lets you go after much less reviled crimes. Next is online harassment, followed by online 'slander'.

    Even if that ultimately fails, and it has, the FBI now has the perfect example to take to congress to ask for expanded warrant powers, or even the authority to do this without warrants.

    It does initially sound a bit far-fetched, but much less so after the iphone efforts. Someone at the FBI is definitely thinking strategically about how to expand their powers through judicial precedents and legislative action using carefully-selected cases.

    link to this | view in chronology ]

  • icon
    Spencer (profile), 27 Apr 2016 @ 10:52am

    This may be a somewhat unpopular opinion on TD, but I have to side with the FBI here. The court explicitly notes that getting a warrant without territorial restrictions was not possible for anything that isn't terrorism. Until the law changes, this ruling largely says the FBI would need to obtain a warrant for the data in every single jurisdiction that there is a user/creator of child porn, and they would need to do so simultaneously or under seal to prevent tipping the suspects off.

    Some would argue that's a perfectly fine burden, but what happens if you have a major site with several thousand users spread across every state? I don't doubt the court is correct on the letter of the law, but the law should be changed to catch up to reality; until then, I think the FBI acted in good faith to catch people who really need to be caught.

    I'm not for unlimited power to the FBI, and often find the "think of the children" argument overused and bland, but here we have an actual case where there are actual children at risk. How many of those caught in the sting were parents who had young children? Of all the cases you could pick to say the FBI is overreaching, I think this was the wrong one.

    link to this | view in chronology ]

    • identicon
      Quiet Lurcker, 27 Apr 2016 @ 12:09pm

      Re:

      Won't speak on others' behalf, but with me, you are quite unpopular (Does that term apply, given it's one opinion?).

      The law and the court are quite right here. It should be - no it needs to be - as cussedly difficult for the FBI as humanly possible to get any kind of warrant, subpoena, writ, or other order from any court, especially in this day and age, and most especially given what the FBI was getting up to in this instance. In fact, I suspect an argument could be made that the FBI was engaged in a type of entrapment. Why should it be hard for the FBI?

      First because of integrity. Once upon a time, say 50 or 60 years ago, the FBI might - might, I say - have gotten a pass because of their well-known integrity. That vaunted integrity has gone the way of the dodo bird, so the FBI must be held to the highest possible standard to compensate for that loss.

      Second, I believe that computer hacking and the methods related thereto, are or should technically be considered expert evidence - it takes special training and experience to do that kind of thing, and there are industry standard methods.

      Third and most importantly, the FBI has a track record of not sharing technical information with defendants, courts, even assistant US attorneys, for fear it will get into the hands of defendants. But in doing so, they deny the defense - and the courts, for that matter - the opportunity to question both the evidence and the witnesses. Any courts decisions otherwise be da*****d, the Constitution says that's a no-no (why yes, to answer your question, I am a strict constructionist). More to the point, courts are starting to look askance at that kind of thing, especially in light of some of the revelations coming out regarding stingray use. There's an even greater need for transparency when the sole evidence is what would only an expert should or could offer.

      So, until the FBI is willing to play it straight with everyone, and cough up all the technical bits so the defense can get a good look at and maybe impeach their evidence, they should have to work, and as hard as humanly possible at that, to get any kind of help from the court.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Apr 2016 @ 12:32pm

      Re:

      allow the FBI to get away with breaking 1 law and they will make it a precedent to break other laws. All in the name of the "greater good". Which would be fine and dandy save for 1 fact.

      The FBI are some of the biggest criminals around, and they decide who is guilty. So why would you want criminals with the power to break laws to go after people they don't like, while denying their victims any chance to defend themselves.

      link to this | view in chronology ]

  • identicon
    Shilling, 27 Apr 2016 @ 11:20am

    Quite funny that Americans can suppress evidence based on the 4th amendment. But it just makes me wonder if suspects from other countries who the FBI shared their findings with receive the same protections from law enforcement agencies. Yet this seems to remain unknown.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Apr 2016 @ 11:35am

    To think that they've added 7 more rules since the Rule 34 issue that started this...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Apr 2016 @ 12:21pm

    now we just need to get someone to charge and prosecute the agents involved in running that site for 2 weeks with aiding and distributing child porn.

    link to this | view in chronology ]

  • identicon
    Jim, 27 Apr 2016 @ 1:41pm

    Huh?

    Surprised, the defendants didn't go after the program, also. Planting something on another's computer? Legal in non terrorism cases? My, how far we have fallen.

    link to this | view in chronology ]

  • identicon
    James Comey, 27 Apr 2016 @ 5:02pm

    Terrorists. Pedophiles. Hmmm. Note to self: first thing tomorrow, append 'Judges'.

    link to this | view in chronology ]

  • identicon
    corey, 8 May 2016 @ 8:08pm

    story needs correction by author.

    @author of article
    QUOTE: "the court said that the malware/hacking tool represented an illegal search under the 4th Amendment and suppressed the evidence."
    Actually I been following this via multiple sources. My understanding is that the Evidence was suppress NOT because the technique was illegal or not. But because the judge issuing the warrant to the FBI exceeded their authority. And issued said warrant outside of their jurisdiction.

    EFF is the one who claimed the FBI technique was unconstitutional. NOT US District Judge Robert J. Bryan

    The courts never said one way or other, that the technique was illegal or unconstitutional.

    link to this | view in chronology ]

    • identicon
      corey, 8 May 2016 @ 8:15pm

      Re: story needs correction by author.

      PS I personally think the techneque is illegal. Because if the said device is in the home, inside the walls of your home, as if say a paper diary of deeds you have done. The FBI would not be allowed to do warrant-less search or phishing(not handing warrant to person they are searching) in order to search for physical diary in home. I apply that same view to electronic devices inside home REGARDLESS how it accesses the outside world via wire or door.

      link to this | view in chronology ]

  • identicon
    corey, 8 May 2016 @ 8:40pm

    pay attention

    google: "Federal judge rules FBI didn’t have proper warrant to hack child porn site" Posted Apr 20, 2016 by Kate Conger As starting point.

    This is at the root of problem FBI did not do warrant correctly. And they did not get the warrant from the right Judge. NIT technique is not the reason for FBI screw up

    They can still do "NIT" so long as they get the appropriate warrant.

    Which is a blow/violation to the constitution search and seizure

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.