As I’ve noted in earlier posts, courts have consistently rejected defendants’ claims that it is a “search” under the 4th Amendment for a law enforcement officer to use file-sharing software, such as LimeWire, to locate child pornography on someone’s hard drive.
The issue in these cases, as I’ve explained, is whether using P2P software to access files on someone’s hard drive is a “search” under the 4th Amendment. If it is a search, then the officer needs either a search warrant or an exception to the warrant requirement, such as consent, in order to access the files without violating the 4th Amendment. If, as courts have consistently held, it isn’t a search, then the officer doesn’t need either a warrant or an exception to the warrant requirement.
As I’ve noted in earlier posts, the test a court uses to determine if something is a 4th Amendment “search” is the test the U.S. Supreme Court enunciated in Katz v. U.S., 389 U.S. 347 (1967). The Katz Supreme Court held that one has a reasonable expectation of privacy in a place if two conditions are met: (i) He subjectively believes it is private; and (ii) society accepts his belief that the place is private as objectively reasonable.
The Katz Court also noted that whatever someone “knowingly exposes to public view” isn’t private and therefore isn’t protected by the 4th Amendment. So, to preserve a 4th Amendment expectation of privacy in a place, you have to shield it from the public by, say, putting shutters or blinds on your windows.
That brings us to U.S. v. Ladeau, 2010 WL 14427523 (U.S. District Court for the District of Massachusetts 2010). David Ladeau was charged with one count of possessing child pornography in violation of federal law, i.e., in violation of 18 U.S. Code § 2242(a)(4)(b). U.S. v. Ladeau, supra. After being charged, Ladeau “filed a motion to suppress all of the evidence seized as a result of the search of his apartment”, arguing that the warrantless search of his apartment violated the 4th Amendment. U.S. v. Ladeau, supra.
This is how the search came about:
[T]he Royal Canadian Mounted Police (`RCMP’) . . . arrested an individual for child exploitation offenses. The individual had used Gigatribe software . . . to post videos depicting child pornography onto an online network for exchange. . . [T]he RCMP, with [his] consent, began using [his] online identity to engage with other potential suspects. . . . within the individual's Gigatribe network.
Gigatribe is a peer-to-peer file-sharing program that allows users to share computer files with others in their network. The Gigatribe software enables a user to create his own private network, which he controls. He can invite guests to join his network, and remove guests from [it]. . . . He can prevent other users from viewing his personal information without his permission. A user can join the networks of other Gigatribe users, but only with the permission of the user who created the network. Users select specific folders on their computers they wish to share with other users in the network. . . .
Users [can] search for files on other users' computers. They can scroll through the available files to choose which files to download. The files may be available in thumbnail format, which provides a preview to anyone considering whether to download the files. Gigatribe software encrypts files before transmitting them from one user to another. Once received, the file is decrypted to allow the user to view it. . . . .
The . . . investigation using the . . . individual's online identity began on November 23, 2007. On August 20, 2008, an undercover investigator downloaded 171 files believed to be child pornography. These files were designated for sharing through Gigatribe by a user called `Tjayxx.’ Three of the files contained videos of pre-pubescent boys and girls engaged in sex acts with other pre-pubescent children and adult men. . . .
Gigatribe records showed that `Tjayxx’ signed onto Gigatribe on August 24, 2008, using IP address 18.104.22.168. . . . `Tjayxx's’ last log-on before the warrant was obtained was on October 15, 2008, from the same IP address. Gigatribe records contained two e-mail addresses for `Tjayxx’: Tjay@hushmail.com and firstname.lastname@example.org. . . .
Eric LaForte, a special agent with the Department of Homeland Security, Immigration and Customs Enforcement (`ICE), was informed by Gigatribe that it is not possible to have two accounts with the same username on the Gigatribe network. . . . [or] run the same Gigatribe account on two computers at the same time. LaForte concluded that . . . there was only one user on Gigatribe named `Tjayxx.’
Further investigation . . . revealed that IP address 216.195 .19.156 is provided by Shrewsbury Electric and Cable Operations (`SELCO'). . . . ICE issued an administrative subpoena to SELCO . . . . [and] SELCO identified David Ladeau of Shrewsbury, MA, as the user of the IP address. . . . Ladeau's account was listed as `active’ and he had an e-mail address of email@example.com. . . .
U.S. v. Ladeau, supra. The ICE agents did a lot of other things to link Ladeau to the IP address on the dates when the investigator downloaded files from Tjayxx’s network and Tjayxx logged into the Gigatribe network and otherwise establish probable cause to search Ladeau’s apartment for evidence of child pornography. U.S. v. Ladeau, supra. They got the warrant on April 14, 2009, executed it on April 15 and seized “computer equipment and various storage devices”, on which they apparently found the child pornography which resulted in Ladeau’s being prosecuted. U.S. v. Ladeau, supra.
As I noted, Ladeau moved to suppress the evidence, arguing that the remote download of the files from his network was a 4th Amendment search which was conducted without a warrant or an exception to the warrant requirement:
Ladeau contends that he had a reasonable expectation of privacy in the files the RCMP downloaded from his computer. . . . [H]e argues that by using Gigatribe software, which contains features that are designed to prevent members of the general public from accessing his computer files, he exhibited a subjective expectation of privacy. He also contends that because society has increasingly come to rely on the Internet to complete many transactions that require a measure of privacy (such as banking, shopping, corresponding through e-mail, and the like), society is prepared to recognize an expectation of privacy on a peer-to-peer network (such as Gigatribe) as reasonable.
U.S. v. Ladeau, supra. The government argued, in response, that “while Ladeau may have had a subjective expectation of privacy” in the files, the expectation was not objectively reasonable because “regardless of the amount of privacy safeguards Gigatribe offers its users, an individual cannot have a reasonable expectation of privacy in information he voluntarily shares with another.”
U.S. v. Ladeau, supra. Ladeau, in turn, argued that while users of other file-sharing software, such as LimeWire, may
not have a reasonable expectation of privacy in the contents of their computers, the same cannot be said of Gigatribe users. . . . because Gigatribe contains safeguards to prevent unauthorized users from accessing a Gigatribe user's computer. As LaForte described in his affidavit in support of the warrant, an individual may only access a Gigatribe user's computer if he is granted permission to enter that user's network [and] users may remove other users from their network. . . .
U.S. v. Ladeau, supra. The federal district court judge who has the case found that Gigatribe’s “security measures support the argument that Ladeau had a subjective expectation of privacy in his computer files” because he “controlled who accessed the files” and which files were “available to share with other users.” U.S. v. Ladeau, supra. The judge also found, however, that these security measures did not “establish that his expectation” of privacy was objectively reasonable:
No matter how strictly Ladeau controlled who accessed his . . .files, he had no control over what those people did with information about the files once he granted them access. . . . .Once Ladeau turned over the information about how to access the network to a third party, his expectation of privacy in the network became objectively unreasonable. Because the files he claims were private were made available to anyone on the network, his expectation of privacy in those files was also objectively unreasonable. Ladeau bore the risk that any person who had access to his Gigatribe network would provide information to the police about illegal acts occurring on the network. As a consequence, he also bore the risk that such a person would enable the police to access the network and download any files Ladeau made available for download. . . .
U.S. v. Ladeau, supra. The judge also noted that the fact that the RCMP investigators “accessed the network with the consent of the informant and downloaded the files does not require a different result” because the investigators could have “easily instructed the informant to download certain files and then had the informant turn the files over to them.” U.S. v. Ladeau, supra.
It’s not uncommon for courts to find that a defendant had a subjective expectation of privacy in a place or thing; like this judge, though, courts often find that the expectation wasn’t objectively reasonable.
As this case illustrates, under current law it is impossible to establish a 4th Amendment expectation of privacy in files you share with others regardless of the security measures you (and they) use to keep outsiders from gaining access to those files. The inescapable defect lies not in the technology but in the fact that you share the files with another person. The U.S. Supreme Court has held, in a long line of cases, that if you trust others, you assume the risk that they will betray you.