Judge Says FBI's NIT Warrant Invalid, Points Out FBI Agent Knew It Was Invalid When He Requested It

from the new-strategy-needed-for-spreading-malware-worldwide dept

Fri, Apr 7th 2017 3:25am — Tim Cushing

A Minnesota judge has granted a motion for suppression in an FBI Playpen case, using an agent's nineteen years of service and expertise against the government's good faith arguments. The court here found the warrant to be invalid from the moment it was signed, meaning everything obtained past that point to be fruit of the poisonous tree. (via FourthAmendment.com)

While other courts have noted the warrant's invalidity under Rule 41's territorial limitations (now nonexistent), no other judge has taken time to point out the FBI agent requesting the warrant knew it was invalid when he requested it.

First, the decision [PDF] points to the breathtaking scope of the single warrant the FBI obtained.

[T]he Government claims legal authority from this single warrant, issued in the Eastern District of Virginia, to hack thousands of computers in 120 countries and to install malicious software for the purpose of investigating and searching the private property of uncounted individuals whose identities and crimes were unknown to the Government before launching this massive worldwide search.

From there, the judge makes the point that the government can't claim it had any "good faith" in its warrant because it knew the scope and reach of the warrant exceeded the jurisdictional limitations imposed by Rule 41. As evidence of this knowledge, Judge Franklin Noel points to sworn statements by Agent Macfarlane, which indicate he knew the request was invalid when he submitted his warrant request.

The search warrant application and the warrant, as issued, expressly limit themselves to the search of persons or property located in the Eastern District of Virginia. Yet paragraph forty-six of Agent Macfarlane's affidavit explains in some detail how the NIT malware might be deployed anywhere on earth. Specifically, paragraph forty-six provides that "the NIT may cause an activating computer wherever located -- to send to a computer controlled or known to the government, network level messages containing information that may assist in identifying the computer." Under these circumstances, Agent Macfarlane must have known that he was acting in reckless disregard of proper procedure. It was not objectively reasonable for Agent Macfarlane, a "law enforcement . . . veteran" employed by the FBI "for 19 years" to believe that the NIT warrant, which he knew could reasonably reach any computer in the world, was properly issued given the specific territorial limits under Rule 41(b) and the language of the warrant itself…

Put differently, it was not objectively reasonable for Agents to believe that a single warrant, which by its terms was explicitly limited to searches in the Eastern District of Virginia, could be used to electronically search Carlson's computer in Minnesota…

The judge goes on to point out the government can't avail itself of the "good faith" argument because it relies on a valid warrant's issuance. In this case, the warrant was invalid the moment it was issued, making this akin to having no warrant at all. Good faith denied.

The court also finds the warrant defective in other ways. The NIT warrant had no particularity -- a requirement for valid warrants. Since the government didn't know who it would infect with its malware or where they were located, its warrant could not possibly satisfy particularity requirements, even if it somehow managed to adhere to Rule 41 jurisdictional limitations.

Identification of the particular place to be searched cannot depend upon facts that have not yet occurred. A warrant must particularly describe the place to be searched at the time it is issued. Just as a warrant must be supported by probable cause at the time it is issued, this Court concludes that the warrant must particularly describe the place to be searched when it is issued.

[...]

As neither the Magistrate Judge nor the affiant know which computers are to be searched until after the search has already occurred, the NIT warrant fails to particularly describe the place to be searched.

This suggests the FBI may not be completely in the clear despite the Rule 41 changes. The malware it deployed targeted individuals who visited the seized server, but the FBI had no way of knowing who would visit or when. This is a take we haven't seen from other judges in Playpen/NIT cases and this order will likely be cited by several defendants still facing prosecution.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, fbi, malware, nit, privacy, warrant

21 Comments

If you liked this post, you may also be interested in...

Reader Comments

The First Word

“

The ends justified the means.

Big headlines, lots of soundbites, little effort.
They could have ridden the good PR for a while.

Instead they violated the law, lied to a Judge (who should have known better).
They are letting people who sought out CP, walk away rather than explain & allow discovery about the secret weapon.
They are having cases shattered as courts look at what they did and can't find a way to twist their duty to defend the indefensible.

So lets see what we got out of this.

Wasted resources.
Violation of rights.
Production of NEW CP on their watch.
People we would consider criminals are walking in droves.
Some citizens will still blindly screech about those damn judges, ignoring that EVERYONE has rights.

So their crown jewel case is a giant turd, and heads should roll. We need to demand better & remind them to play by the rules or else.

—That Anonymous Coward

”

Subscribe: RSS

View by: Time | Thread

Anon E. Mous (profile), 7 Apr 2017 @ 3:50am

I am no fan of anyone who dabbles in CP. Do I think anyone who dabbles, creates or possesses CP should be punished to the full extent of the law, yes I do but the FBI seems to have f*cked this up royally where the Playpen case is concerned.

The Playpen cases across the U.S. that have played out have been a mixed bag of rulings with courts saying " yeah you have to disclose the NIT to defense counsel" and some courts saying "no need to disclose the NIT" and some courts saying the "warrant used was invalid" and other courts sayin" warrant was good" It has been a mixed bag of rulings.

The issue I see is that some of the courts seem more than okay with letting the FBI get away with all the problems with the various Playpen cases from the warrant problems, to the disclosure issues etc etc etc.

With the mixed bag of rulings out there, I see these cases dragging on and on and either the US DOJ dismissing the ones that are sure to be appealed or to cut them off before they head from an appeals court and to SCOTUS at some point.

For every ruling where the Judges such as this one in MN are calling the US DOJ out on what has transpired before this case landed in court, there have been just as many courts ruling the opposite and letting the cases advance forward.

I have little empathy for those who were caught in these cases, but I still believe the US DOJ and it's law Enforcement agencies need to play by the rules
[ link to this | view in chronology ]
- Ninja (profile), 7 Apr 2017 @ 6:42am
  
  Re:
  Your last phrase hits the nail beautifully. As much as those engaged in CP should be punished it's not "ends justify means" party. If anything law enforcement should be thoroughly shamed for ignoring due process and letting these people walk free. Of course people will instead lash out at judges who chose to protect their own rights as if they are helping the criminals.
  [ link to this | view in chronology ]
  - Unanimous Cow Herd, 7 Apr 2017 @ 7:25am
    
    Re: Re:
    I might be more forgiving of the FBI's laziness and incompetence if they bent the rules a little to catch producers or traffickers of CP. In this case, they took the Drug War route and went after the "users". We all know how successfully the Drug War has worked out.
    [ link to this | view in chronology ]
    - Anonymous Coward, 7 Apr 2017 @ 9:32am
      
      Re: Re: Re:
      Not just that, the FBI took over the role as supplier, still serving CP along with their NIT malware by keeping the site active. Exploiting children to nab users they ultimately let walk anyway.
      [ link to this | view in chronology ]
- David, 7 Apr 2017 @ 6:49am
  
  Re:
  Here's the thing: Since they played so loose with the rules, are all the people pulled into this net actually guilty? They aren't willing to disclose a lot of the information about this. So as a jurist, would you feel confident enough that it wasn't the FBI's NIT that proactively injected CP on the persons computer?
  
  The FBI has manufactured terrorists where there haven't been, as has been detailed here at TechDirt. Could they also be manufacturing child pornographers as well? It's high profile, and people are generally against CP's and terrorists - are they banking on the fact we hate CP's and terrorists more than the violation of our rights? That's not a slope I want our government to slip in.
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 Apr 2017 @ 9:19am
    
    Re: Re:
    Imagine this scenario:
    Someone online sends you an onion link as a joke, saying "you've got to see what's on there."
    
    So, you open up your TorBrowser, paste the link, and whammo! You're suddenly looking at a bunch of CP, which has now been cached on your computer.
    
    You immediately close down Tor and try to erase those images from your mind.
    
    But unknown to you, that session also loaded the FBI's NIT, which promptly called home and also reported the known CP images on your computer (in your cache*, where you'll never see them).
    
    Then you get a visit from a SWAT team, and are named in a court case as an alleged CP offender with the FBI themselves gathering the evidence directly from your computer.
    
    I can guarantee that in this scenario, your life is pretty much permanently ruined, even if the case never goes to court. About the only thing you can do is attempt to start over with a new identity and hope that your past never catches up with you.
    
    *The thing about TorBrowser is that it's supposed to keep the cache encrypted, so you'd probably have to actually intentionally save the images somewhere for them to be visible to the NIT -- but there are likely all sorts of edge cases where you could end up with this stuff somewhere visible to the NIT.
    [ link to this | view in chronology ]
That Anonymous Coward (profile), 7 Apr 2017 @ 4:09am

The ends justified the means.

Big headlines, lots of soundbites, little effort.
They could have ridden the good PR for a while.

Instead they violated the law, lied to a Judge (who should have known better).
They are letting people who sought out CP, walk away rather than explain & allow discovery about the secret weapon.
They are having cases shattered as courts look at what they did and can't find a way to twist their duty to defend the indefensible.

So lets see what we got out of this.

Wasted resources.
Violation of rights.
Production of NEW CP on their watch.
People we would consider criminals are walking in droves.
Some citizens will still blindly screech about those damn judges, ignoring that EVERYONE has rights.

So their crown jewel case is a giant turd, and heads should roll. We need to demand better & remind them to play by the rules or else.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2017 @ 4:51am
  
  Re:
  I agree 100% with what you say. The government should have used all of the data from this failed NIT to put further surveillance on the targets. Prosecuting them based on fruit of the poison tree is a failure of the justice system.
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 Apr 2017 @ 5:23am
    
    Re: Re:
    fbi badly needs to reform itself. otherwise we will see more and more pedophiles roaming the streets.
    [ link to this | view in chronology ]
  - David, 7 Apr 2017 @ 6:33am
    
    Re: Re:
    But surveilling them based solely on the evidence from the poisonous tree is also poisonous. We've already decried use of parallel construction, where the government is allowed to use illegal means to identify, and then find some method to excuse warrants without revealing the only way they knew about that was their previously illegal actions. And when that's been discovered, they've folded several of those cases, too.
    [ link to this | view in chronology ]
    - Anonymous Coward, 7 Apr 2017 @ 6:42am
      
      Re: Re: Re:
      Lol Last year it became legal for 7 different agencies to delve through all of the captured data that the NSA sorts and stores. Parallel construction is about to get the workout of its life.
      [ link to this | view in chronology ]
      - Anonymous Coward, 7 Apr 2017 @ 8:29am
        
        Re: Re: Re: Re:
        And still illegal as fuck!
        
        But hey... since when did illegality stop those fucks!
        
        Here we have a judge saying... yea I know you fucked broke the law... but I aint gonna do shit! wink wink!
        [ link to this | view in chronology ]
  - Unanimous Cow Herd, 7 Apr 2017 @ 7:31am
    
    Re: Re:
    Yes, individual warrants after the PP sting would have been needed. But the whole tree was poison to the roots because of the initial warrant. Many of these cases would like have gotten thrown out. I'm not a lawyer, so I could be wrong on that though.
    [ link to this | view in chronology ]
  - Anonymous Coward, 7 Apr 2017 @ 11:26am
    
    Re: Re:
    "The government should have used all of the data from this failed NIT to put further surveillance on the targets."
    
    So.... you are ok with parallel construction?
    
    **Note: Just to be clear, I do not condone CP.
    [ link to this | view in chronology ]
- Ninja (profile), 7 Apr 2017 @ 6:43am
  
  Re:
  I hadn't read your comment. Bravo.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2017 @ 5:08am

Lessons Learned
By the FBI, none to speak of...yet.

Let's mercilessly and relentlessly mock, deride, and humiliate the FBI in the public forums over the overt illegality and ineffectualness of their actions in this case. Repeat this public derision until the Playpen case becomes a meme that the FBI fails when it relies on "think-of-the-children" arguments to excuse their incompetent criminality.
[ link to this | view in chronology ]
spodula, 7 Apr 2017 @ 6:21am

Idiots..
With the subject matter involved its *really* annoying this whole case is likely to fall apart because of the Laziness and incompitence of this agent!

I hope this agent gets more than a telling off.
Sadly i suspect they wont even get that.
[ link to this | view in chronology ]
- David, 7 Apr 2017 @ 6:36am
  
  Re: Idiots..
  No, the lesson here is they need to try to deceive the judges better.
  [ link to this | view in chronology ]
That One Guy (profile), 7 Apr 2017 @ 11:01am

Don't see that nearly enough
A Minnesota judge has granted a motion for suppression in an FBI Playpen case, using an agent's nineteen years of service and expertise against the government's good faith arguments. The court here found the warrant to be invalid from the moment it was signed, meaning everything obtained past that point to be fruit of the poisonous tree.

That the agent knew the warrant wasn't valid and yet still filed for it isn't terrible surprising, as the FBI seems to have adopted a 'The ends justify the means' mindset for a good while now. What is refreshingly surprising is that the judge wasn't willing to give them a pass anyway.

After having far too many(which is to say 'more than zero') judges in these cases admit that the FBI screwed up in one form or another, and yet shrugging it off because they're going after Really Bad People and the pesky 'rules' and 'laws' are getting in the way, nice to see a judge willing to stand up to the rights of everyone, and not treat the laws as inconveniences that can be ignored whenever they get in the way of The Good Guys.
[ link to this | view in chronology ]
Steven (profile), 8 Apr 2017 @ 1:45pm

What about the judge?
Shouldn't the judge have known this was an invalid request? Isn't that the whole point of judicial review, a check on the FBI and other agencies? Isn't the point of a warrant to force these agencies to go through a check to make sure what they are doing is legal?

There should be sanctions placed on judges that issue such invalid warrants.
[ link to this | view in chronology ]
Anonymous Coward, 9 Apr 2017 @ 12:50pm

FBI is terrorist.
[ link to this | view in chronology ]