Wednesday, October 13, 2010

ShreazaLE and the 4th Amendment

This post is about a recent case in which a defendant who was using peer-to-peer file-sharing software to share images of child pornography. More precisely, it’s about the defendant’s argument that law enforcement’s use of a particular software program – ShreazaLE – violated his rights under the 4th Amendment.

As I’ve explained in several earlier posts, courts have – so far, anyway – consistently held that one who uses P2P file-sharing software to download and/or distribute child pornography (or, presumably, any other contraband) does so at their own risk, as far as becoming the focus of a law enforcement investigation is concerned. As I’ve noted, courts have rejected defendants’ claims that an officer’s using file-sharing software to download child pornography from a defendant’s computer constitutes a “search” under the 4th Amendment, which would mean the officer would have to obtain a search warrant (or be able to invoke a valid exception to the warrant requirement) for the downloading to be lawful under the 4th Amendment.

The case this post is about shares many of the same characteristics as the cases I’ve written about earlier, but has one distinguishing aspect. The case is U.S. v. Gabel, 2010 WL 3927697 (U.S. District Court for the Southern District of Florida 2010), and this is how it arose:

On April 29 [and May 3], 2010, Detective Joe Vella of the Broward County Sheriff's Office discovered an internet user was sharing files over a peer-to-peer (P2P) file-sharing network called Gnutella. All Gnutella peers have a `shared folder’ on their computer. This folder's contents are available for search and download to all other peers logged onto the network at a given time. . . .

On April 29, Vella . . . logged onto Gnutella . . . [and discovered Gabel’s IP address was offering child pornography files for distribution]. . . .
[After confirming that Gabel was offering child pornography,] Vella contacted [Donald] Cannon, who works in the Child Predator Cybercrime Unit of the Florida Attorney General's Office. . . . Cannon had independently determined that Gabel's IP address was sharing . . . images of child pornography and was preparing to obtain a search warrant. . . . Using publically available data, Cannon determined that Gabel's IP address was assigned to Comcast Cable Communications. Cannon subpoenaed from Comcast the physical address where the computer using the IP address was located, which was a residence in Weston, Florida.

U.S. v. Gabel, supra. A judge issued the search warrant Cannon later applied for and it was executed at Gabel’s residence on May 7, 2010. U.S. v. Gabel, supra. The officers found child pornography on Gabel’s computer, and he also confessed to using Limewire to download child pornography. U.S. v. Gabel, supra. On June 8, 2010, Gabel was indicted for violating 18 U.S. Code § 2252 by knowingly accessing and possessing with intent to view child pornography. U.S. v. Gabel, supra.

Gabel then filed a motion to suppress the evidence “gathered during warrantless searches of his computer files”, the evidence found at his home and his confession. U.S. v. Gabel, supra. We’re not concerned with the last two issues, only with the first one.

Gabel’s motion to suppress the evidence Vella downloaded from his computer relied in large part on the software Gabel used to do so:

Vella logged on [to Guntella] using a program called ShreazaLE. . . . a law enforcement enhanced program. . . . ShreazaLE . . . organize[s] data and download[s] files in a manner that screens for child pornography and creates an evidentiary record. . . .

[W]hen a typical Gnutella peer wants to download a song or movie, he will usually do so by downloading from multiple users, which reduces download time. Although individual peers
can download a file solely from one other individual peer, ShreazaLE is automatically set to do so. In this way, law enforcement can confirm that a file containing images of illegal child pornography came from a single source. This assists law enforcement in proving that illegal images of child pornography came from a single source, rather than trying to prove which part of the image came from which source.

The `browse’ or `search’ function on Gnutella clients permits peers to view files being shared from a specific user and allows peers to choose among those files for download. Gnutella makes public to all peers the IP (internet protocol) addresses of all others peers. The IP address is a unique number assigned to everyone who logs onto the internet. It also makes available the `SHA-1’ values of the files available for download. A SHA-1 value, where information is given an arithmetic algorithm, is, in effect, a digital fingerprint specific to each computer file. Thus, while two users might title a file differently, the network is able to identify that the two files are the same for download purposes. Users searching for child pornography frequently search for files under code names, such as `pthc,’ which stands for `pre-teen, hard core.’

Keeping track of SHA-1 value is important to law enforcement investigating child pornography. Using a national database of `child notable’ images, which are images officers from around the country consider to be illegal child pornography in their jurisdiction, law enforcement can scan for files previously identified as containing child pornography without having to download and view them.

[When Vella logged into Gnutella on April 29, 1010 using ShreazaLE, he] saw Gabel's IP address was offering more than 1,000 files for distribution, and was able to determine that they likely contained child notable images because ShreazaLE cross-referenced their SHA-1 values. . . . Vella downloaded more than 100 child notable files from Gabel's shared folder on April 29 and again on May 3 . . .. Vella opened the files to verify they contained images of child pornography. . . .

U.S. v. Gabel, supra.

This brings us back to Gabel’s motion to suppress the images Vella downloaded from his computer. One thing is clear, and the rest isn’t. What’s clear is that Vella, like the other defendants I’ve written about who were charged with using file-sharing software to distribute or download child pornography, based his motion to suppress the downloaded images on the argument that Vella’s accessing his computer and downloading the images constituted a “search” under the 4th Amendment, one that was conducted without a valid search warrant or applicable exception to the warrant. If Gabel’s argument was correct, i.e., if what Vella did constituted a 4th Amendment “search,” the search would have been unlawful because it was not authorized either by a warrant or an exception to the warrant requirement.

As I’ve explained in other posts, the test courts use in deciding whether particular law enforcement conduct constituted a 4th Amendment “search” is the test the Supreme Court enunciated in U.S. v. Katz, 389 U.S. 347 (1967). The Katz Court held that one has a reasonable expectation of privacy in a place if both of two conditions are met: (i) He subjectively believes it is private; and (ii) society accepts his belief that the place is private as objectively reasonable. The Katz Court also noted that whatever someone “knowingly exposes to public view” isn’t private and therefore isn’t protected by the 4th Amendment.

As I’ve noted in earlier posts, other courts have rejected defendants’ claims that law enforcement’s downloading child pornography from their computers was a search when the defendant was using file-sharing software to distribute and/or download images of child pornography. Those courts have held, basically, that the defendant might have subjectively believed the contents of his hard drive were private, but that this isn’t an expectation society is prepared to accept as objectively reasonable. Courts have found that if you know you’re using file-sharing software, you know you’re opening at least some of the contents of your hard drive up to others, which means it’s objectively unreasonable for you to believe those files are “private.”

Here, though, I think Gabel is relying on the fact that Vella used special law enforcement software, software that had some features not found in generic file-sharing software. Not having access to the briefs in the case, I can’t be sure, but at one point in the opinion the federal judge refers to the Supreme Court’s decision in Kyllo v. U.S., 533 U.S. 27 (2001), which, as I explained in an earlier post, held that it is a “search” for officers to use technology that is not in general public use to obtain information from inside a home. I believe Gabel argued that Vella’s using ShreazaLE was a 4th Amendment search under Kyllo because the software was technology that is not in general public use and was employed to obtain information from inside Gabel’s home. I base that belief, in part, on this portion of the opinion:

Gabel [claims] he had a reasonable expectation that only those users logging on the Gnutella network in the usual manner would be able to view his files. Since law enforcement used enhanced programs unavailable to the public, which enabled them to target their search, more easily identify images of child pornography and create a log reflecting Gabel's file-sharing history, Gabel argues that their warrantless search violated the Fourth Amendment.

U.S. v. Gabel, supra. Gabel’s argument didn’t work. The judge didn’t find that this issue fell within the Kyllo holding given the relatively restricted capabilities of the software:

Although the enhanced law enforcement programs Vella and Cannon used allowed them to document and track IP addresses sharing child pornography, at no time before obtaining the subpoena and search warrant did they access information that was unavailable to any other Gnutella peer. Any member of the general public could have logged onto Gnutella and downloaded all of the files which Vella and Cannon downloaded in this case, and they could have determined the IP address sharing those files. Thus, the main difference between the law enforcement enhanced programs and the Gnutella client programs used by the public is that the law enforcement versions automatically document and save publically available information.

U.S. v. Gabel, supra. In denying Gabel’s motion to suppress the downloaded files, the judge also explained that Vella’s use of “enhanced” software

merely permitted law enforcement to more easily organize and classify information that was otherwise available to the public, which aided them in obtaining evidence to support a search warrant. Gabel had no reasonable expectation of privacy in his files. He was, essentially, sharing them with the entire world. Anyone with internet access could have easily downloaded Gnutella client software, logged onto the network and downloaded Gabel's files. The fact law enforcement did so with a device that enabled them to screen for child pornography and collect data for evidentiary purposes does not alter the privacy analysis. . . . The tool used by law enforcement here is no different, from a constitutional perspective, than the myriad special means -- street cameras, radar and canines -- that police legally use every day without prior judicial approval to efficiently gather evidence by accessing public information. These police tools do not generate Fourth Amendment concerns because they do not access anything the public cannot access. Thus, law enforcement's use of an enhanced computer program is the digital equivalent of a pole camera, which is legal and which does not require a warrant or court order.

U.S. v. Gabel, supra.

No comments: