Monday, February 22, 2010

Kyllo and "A Forensic Software Program"

In a 2008 post, I talked about the U.S. Supreme Court’s decision in Kyllo v. U.S., 533 U.S. 27 (2001). I reviewed the holding in the case – which involved law enforcement’s using a thermal imager to detect heat radiating from Danny Kyllo’s home.

As I noted in that post, the Supreme Court found it was a search for a federal agent to stand across the street from the garage and use the thermal imager to detect heat signatures emanating from the garage. The Court held that it is a 4th Amendment “search” to (i) use technology that is not in general public usage (ii) to detect information from inside a home. (Since the garage was, I believe, attached to Kyllo’s home, that made it part of the home for 4th Amendment purposes.)

The Kyllo decision came down in 2001. I noted in 2008 that I was waiting for a case to apply the Kyllo (Nearly all of the cases involving the Kyllo standard deal with whether or not it applies to the use of drug detection dogs.) I finally found one. holding to the use of computer technology, including computer forensic software.

The case is U.S. v. Borowy, 2010 WL 537501 (U.S. Court of Appeals for the 9th Circuit 2010) and here, according to the Court of Appeals, is how it arose:

On May 3, 2007, Special Agent Byron Mitchell logged onto LimeWire, a . . . peer-to-peer file-sharing computer program, to monitor trafficking in child pornography. Agent Mitchell conducted a keyword search in LimeWire using the term `Lolitaguy,’ a term known to be associated with child pornography. From the list of results returned by this search, Agent Mitchell identified known images of child pornography using a software program that verifies the `hash marks’ of files and displays a red flag next to known images of child pornography. At least one of these files was shared through what was later determined to be [Charles] Borowy's IP address.

Using the `browse host’ feature of LimeWire, Agent Mitchell viewed a list of the names of all of the approximately 240 files being shared from Borowy's IP address, several of which were explicitly suggestive of child pornography and two of which were red-flagged. Agent Mitchell downloaded and viewed seven files from Borowy's IP address, four of which were child pornography. Prior to downloading the files, Agent Mitchell did not have access to the files' contents. Execution of a search warrant resulting from Agent Mitchell's investigation led to the seizure of Borowy's laptop computer, CDs, and floppy disks. Forensic examination of these items revealed more than six hundred images of child pornography, including seventy-five videos.

U.S. v. Borowy, supra. Borowy was indicted for distributing and possessing child pornography in violation of 18 U.S. Code § 2252A. Appellant’s Opening Brief, U.S. v. Borowy, 2009 WL 2898223. After being indicted, Borowy moved to suppress the evidence seized from his home, claiming that Mitchell’s

locating and downloading the files from LimeWire constituted a warrantless search and seizure without probable cause that violated Borowy's Fourth Amendment rights. Borowy argued that because he had purchased and installed a version of LimeWire that allows the user to prevent others from downloading or viewing the names of files on his computer and because he attempted to engage this feature, he had a reasonable expectation of privacy in the files. However, for whatever reason, this feature was not engaged when Mitchell downloaded the seven files from Borowy's computer, and there was no restriction on Mitchell's accessing those files. The district court refused to suppress the evidence, finding Mitchell's conduct was not a search under the Fourth Amendment and that Mitchell had probable cause to download the files.

U.S. v. Borowy, supra. Borowy pled guilty to possessing child pornography in violation of 18 U.S. Code § 2252A(a)(5)(B), but reserved his right to appeal the district court’s denial of his motion to suppress. U.S. v. Borowy, supra. The primary issue on appeal, therefore, was whether Mitchell’s accessing and downloading the files constituted a 4th Amendment “search.”

As I’ve explained in earlier posts, the standard courts use to determine if conduct constituted a search under the 4th Amendment is the standard the Supreme Court articulated in Katz v. U.S., 389 U.S. 347 (1967). For law enforcement activity to constitute a “search” under Katz it must violate an individual’s “reasonable expectation of privacy” in a place or thing. To have a reasonable expectation of privacy under Katz, I must subjectively believe a place is private and society must accept my belief as objectively reasonable. If you want to read more about the application of the Katz standard, check out this post.

Lots of cases – including lots of computer search cases – involve the applicability of the Katz standard. That isn’t what makes the Borowy case interesting (and, ultimately, aggravating): What makes it interesting is that Borowy invoked the Supreme Court’s decision in Kyllo, along with Katz. What makes it aggravating is that the Kyllo argument wasn’t particularly well-developed.

Under Rule 28 of the Federal Rules of Appellate Procedure, three briefs (excluding any amicus briefs) are filed in an appeal from a decision of a federal district court: The first is the Appellant’s Brief, i.e., the brief filed by the party initiating the appeal; the second is the Appellee’s Brief, which is filed by the party who won below. The third and final brief is the Appellant’s Reply Brief, in which the Appellant responds to the arguments the Appellee made in its Reply Brief.

I don’t know if Borowy raised the Kyllo issue in his motion to suppress, but I suspect he didn’t. The reason I don’t think he raised it at the district court level is that he doesn’t seem to have raised it in his Appellant’s Brief (there’s no citation to Kyllo in that brief). Appellant’s Opening Brief, supra. He raised it in his Reply Brief, as you can see from this excerpt:

The development of tools that allow access to the home or items in the home - that are not available to the general public - exceed what the senses any member of the public could have used to detect the exposed material and thus become a search governed by the Fourth Amendment. The Supreme Court in Kyllo ruled that `[w]here, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a “search”. . . . ’ In Kyllo, the court found that the use of thermal imaging device . . . violated the Fourth Amendment. . . . Without the forensic analysis it is not readily apparent the item is contraband. This was true even though the heat signature via the outside of the home was obviously exposed to the public. The point was that the intrusion revealed intimate details of the home.

Here the agent ran the forensic hashmark program on 240 files. The computer in this case was inside the home. The government intruded by means of a forensic program to which the average member of the public does not have access.

U.S. v. Borowy, supra. The Kyllo argument seems to have been meant to rebut the argument the prosecution made in its Appellee’s Brief (and probably in its opposition to the motion to suppress), i.e., that what Mitchell did wasn’t a 4th Amendment search because Borowy made the files publicly accessible. As I’ve noted in earlier posts, that argument has, as far as I can tell, consistently succeeded in cases in which officers use P2P software to locate child porn on someone’s computers.

The rather belated Kyllo argument ultimately didn’t help Borowy with his appeal. The 9th Circuit Court of Appeals brusquely rejected the argument, as such:

Borowy argues that the use of a `forensic software program’ that is unavailable to the general public to confirm that the files contained child pornography rendered Mitchell's conduct an unlawful Fourth Amendment search. We disagree. Borowy had already exposed the entirety of the contents of his files to the public, negating any reasonable expectation of privacy in those files. . . . Moreover, the hash-mark analysis appears to disclose only whether the files in the list that Mitchell's keyword search returned were known child pornography. . . . In this context, the hash-mark analysis functioned simply as a sorting mechanism to prevent the government from having to sift, one by one, through Borowy's already publically exposed files.

U.S. v. Borowy, supra. The Court of Appeals noted, however, that it wasn’t closing the door on future Kyllo arguments involving computer forensic software:

We do not rule on whether, if confronted with different facts -- for example, where the information was not already exposed to the public at large, where the hash-mark analysis might reveal more than whether a file is known child pornography, or where the government `vacuumed’ vast quantities of data indiscriminately -- we might find a Fourth Amendment violation. Here we are presented only with the limited case of a targeted search of publicly exposed information for known items of contraband.

U.S. v. Borowy, supra. The actual outcome in the case doesn’t really aggravate me; what aggravates me is the cursory treatment Borowy and the Court of Appeals gave the Kyllo argument.

At one level, a Kyllo argument seems a viable option in circumstances like those at issue in the Borowy case because they are analogous to the circumstances at issue in Kyllo, at least in one respect.

In both instances, law enforcement captures information that is being broadcast from inside a home (the most sacrosanct “place” for 4th Amendment purposes). The Kyllo Court found, correctly IMHO, that the fact the officer was outside the home when he captured the heat signatures emanating from Kyllo’s home did not prevent his actions from constituting a 4th Amendment search. Any other result would take us back to the bad old days when Olmstead was the law. (As I’ve noted in other posts, in Olmstead v. U.S. the Supreme Court held it wasn’t a search for federal agents to use a tap on a phone line outside Olmstead’s home to listen in on his phone calls. The Supreme Court reversed Olmstead in Katz.)

I’m not, however, sure a viable Kyllo argument is possible when it’s directed at law enforcement’s using P2P software to access files someone has made available for sharing online. Like other defendants who’ve been caught because they were sharing child porn via P2P networks, Borowy claimed he didn’t realize he was sharing files because he thought he’d disabled the file-sharing feature.

Even if we accept Borowy’s argument at face value, it seems to me the P2P scenario is distinguishable from the scenario at issue in Kyllo in at least one important respect: Danny Kyllo’s broadcasting waste heat into the external atmosphere wasn’t a volitional act. Kyllo’s buying a house with a furnace and/or installing a furnace was a volitional act, just as Borowy’s buying LimeWire was a volitional act, but from there on, IMHO, the two scenarios differ. Borowy had the ability to eliminate his computer’s ability to share files (and file names) via LimeWire but failed to exercise this ability. Like the rest of us, Danny Kyllo didn’t have the ability to prevent his home (and/or garage) from emanating waste heat; as far as I know, there’s no way to prevent a structure from radiating heat, and I gather we wouldn’t want to do that if we could. As I understand it, we’d suffer some unpleasant effects from heat exhaustion, etc.

My point is that Borowy not only knew he was exposing file information online, he was responsible for his computer’s ability to do just that. Since he was, in effect, knowingly broadcasting that information outside his home, I don’t see Borowy can complain when a law enforcement officer picks up on his broadcast. (I’m inferring, maybe extrapolating, knowledge from his having the program installed; I’m assuming he must have noticed, at some point, that the file-sharing function was active.) So I guess I basically agree with the 9th Circuit; I just wish they’d provided a more detailed analysis of the issue.

And yes, I still think there can be viable Kyllo arguments as to other uses of computer forensic software. I’m still waiting for one.


Peter said...

If you are a computer programmer writing programs that deal with disk drives at a very low level (i.e. bits and bytes), you will have software that can read the hashmarks. Otherwise the hashmarks are a technical artifact of no particular interest. So the software is easily available to the public, but the public isn't interested. An analogy might be that a home insulation contractor might have a thermal imaging camera, but the typical homeowner does not.

What kind of idiot puts limewire on a computer holding CP? My guess is that Bowory used limewire to copy CP from others, and that he removed the sharing restriction to let others copy from him. Perhaps he did this only for certain others, and in this instance, didn't reset the sharing restriction. I think this puts you back to the "unauthorized access" issue you discussed a little while ago.

Anonymous said...

IE 6 is known to be horribly insecure, and susceptible to many hacks and compromises. Yet people continue to use it, thus exposing their private files and confidential information.

Here's an article from just a few days ago: “Why You Can't Pry IE6 Out Of Their Cold Dead Hands” (IT Expert Voice).

So, in parallel with your argument:

... IE 6 users have the ability to eliminate their computer’s ability to share files (and file names) via IE 6 but fail to exercise this ability.

My point is that IE 6 users not only know they are exposing file information online, they are responsible for their computer’s ability to do just that.

You might counter that an IE 6 compromise typically involves additional code or instructions transmitted to the user's browser. But in the case you're discussing, the government admittedly transmitted code or instructions to view the files on Borowy's computer.

Lokkju said...

I think the consistent issue across all these ("computer crime" related) cases is the lack of understanding of how the underlying technology works, and an unfair (in terms of goose for gander) treatment of a computer user's actions.

It seems to come down to responsibility - if a given user could have secured his system, then to have a 4th amendment claim, the courts say he should have. The problem is that this does not hold true in reverse - if you have a Windows XP system configured to share all it's files, and I access it without your permission, then in most jurisdictions I have committed a crime. I think a much more reasonable interpretation of privacy as it relates to computers would be "did the law enforcement official do something that if done by a normal citizen would be a crime". This would serve a few goals:
1) it would make the "goose for gander" hold true, which I always think it should.
2) it would encourage more thought about what computer crime is and is not
3) it would be a bright line (comparatively) for law enforcement to follow - especially since they, of anyone, should know the law.

As for distinguishing Kyllo, I completely disagree. I would argue that for most people, the knowledge of how to actually secure your computer from leaking information is at least as enigmatic as how to prevent a building from radiating heat (which is not only doable, it is relatively easy - to me).
While it may be *easier*, from an effort standpoint, to secure your computer, that is only because people have written software, that if you trust, will do a decent job. even knowing which software to trust can be a challenge though.
As for the waste heat, there are even buildings today that are heat sinks - they actually draw in more heat than they produce.

@Peter - actually LimeWire directly shares the hash of a file when listing available files. just because someone doesn't know what that means, doesn't change the fact that they have easy access to it.
As well, you obviously don't understand "hashmarks" - a hash is simple a computed signature for a file, that for any given hash, it is unlikely to find two sets of input that produce that hash. of course, it isn't impossible, and hash collisions are a well known attack on hash verification schemes.

Anonymous said...

This is bad characterization of how limewire works and how a search for a file on limewire works.

Including the original computer there are only a tiny fraction of other computers who know what search terms the original computer is sharing. The original computer tells nobody the actual file names or hash values of the files themselves, it just shares the search terms.

When you do a search you eventually will ask the original computer to provide you a list of the files that matches the search terms. The original computer is in no way broadcasting the files it shares.

To use a metaphor, Its like going up to a house and asking the five your old child living there if their parents have drugs and then asking the five year old to get the drugs for you. Only on limewire you are able to do this search over millions of computers in seconds skipping over the houses that don't have five year olds or who don't have five year olds whose parents don't have drugs.

Samuel said...

I don't think Kyllo comparisons would be successful in this setting because none of the tools involved in the potential search are unavailable. As I read it, this case involved three programs: LimeWire, hashing, and the forensic software. That the defendant is actually running LimeWire rules it out. Hashing programs are free and widely available.

The only tool involved that might qualify is the forensic software. The trouble I see with that is that its purpose is not to search through the captured data, but to assure that data is unmodified so that results are admissible. This sort of software is often quite expensive, but it's also narrowly targeted to a law-enforcement market (with a side of corporate computer security applications). In the thermal-imaging instance, the tool used to gather data is what was uncommon or not in general use. Here, data was gathered with common tools, but preserved by tools used only by law-enforcement.

software systems design said...

I gone through entire post. I like the point of discussion and it is straight to the point.

Thanks to be shared with us!!