Wednesday, October 07, 2015

Child Pornography, "Torrential Downpour" and the Fourth Amendment

This post examines an opinion recently issued by a judge in the U.S. District Court for the Western District of Oklahoma:  U.S. v. Maurek, 2015 WL 5472504 (20150.  The Judge begins by explaining that
Gregory Maurek has been indicted for receipt, distribution, and possession of child pornography. He moves to suppress all evidence acquired in the search of his computer . . . on the grounds that (1) law enforcement's use of the `Torrential Downpour’ software program to access files from his computer constituted a warrantless search; and (2) the warrant authorizing the search lacked probable cause because the supporting affidavit neither disclosed the fact that `Torrential Downpour’ was only accessible to law enforcement, nor did it describe the software's technical or scientific reliability. The government filed its brief in opposition and an evidentiary hearing was held September 14, 2015.
U.S. v. Maurek, supra.  For an overview of how the Fourth Amendment applies to law enforcement’s searching for and seizing evidence, check out this Wikipedia entry.
The judge begins the substantive part of his opinion by explaining that
[a]s previously noted in this Court's Order of August 31, 2015 . . ., BitTorrent is a peer-to-peer (`P2P’) file sharing network that is used to distribute large amounts of data over the Internet. BitTorrent is one of the most popular P2P networks used by individuals, as well as Ares, KaZaA, eDonkey, DirectConnect and Gnutella. Warner Bros. Records, Inc. v. Does 1–4, 2007 WL 1960602 (U.S. District Court forthe District of Utah July 5, 2007).
As one court explained, since its release over ten 10 years ago:
`BitTorrent has allowed users to share files anonymously with other users. Instead of relying on a central server to distribute data directly to individual users, the BitTorrent protocol allows individual users to distribute data among themselves by exchanging pieces of the file with each other to eventually obtain a whole copy of the file. When using the BitTorrent protocol, every user simultaneously receives information from and transfers information to one another. In the BitTorrent vernacular, individual downloaders/distributors of a particular file are called “peers.” The group of peers involved in downloading/distributing a particular file is called a “swarm.” A server which stores a list of peers in a swarm is called a “tracker.” A computer program that implements the BitTorrent protocol is called a “BitTorrent client.”’ First Time 
Videos, LLC v. Does 1–76, 276 F.R.D. 254 (U.S. District Court for the Northern District of Illinois 2011) (citations omitted).’
U.S. v. Maurek, supra.  
The District Court Judge went on to point out that
`[a]lso prominent in the BitTorrent lexicon are “torrents,” small files which describe the file being shared/distributed. Third Degree Films, Inc. v. Does 1–47, 2012 WL 4005842, at *1 (U.S. District Court for the District of Colorado Sep.12, 2012). Torrents contain information such as how the file is divided and other information needed for its distribution (e.g., name, description, etc.).  New Sensations, Inc. v. Does 1–426, 2012 WL 4675281 at *2 (U.S. District Court for the Northern District of California Oct.1, 2012). People may search for torrents for a specific work on the Internet; after a person finds a torrent, they may open the file with their BitTorrent client, and they then join the “swarm.” New Sensations, Inc. v. Does 1–426, supra. In turn, as each peer receives portions of the file being downloaded, that peer usually makes those portions available to other peers in the swarm. New Sensations, Inc. v. Does 1–426, supra. Consequently, each peer in the swarm is simultaneously copying and distributing pieces of the file. New Sensations, Inc. v. Does 1–426, supra. One swarm may last for months up to well over a year, depending on the popularity of the work, and people may leave and re-enter the same swarm at any time. New Sensations, Inc. v. Does 1–426, supra.’
U.S. v. Maurek, supra.  
He then took up the search warrant being challenged in this case, noting that it
was based on an affidavit in which Kari Newman, a Special Agent with Homeland Security Investigations, asserted that an investigation of the activities of an IP address registered to Defendant's residence established probable cause to believe someone at that address had received, possessed, and/or distributed child pornography over a P2P network. Agent Newman's affidavit described how P2P file sharing works, how a user can search for specific files and connect directly with another user's computer, and then download that file directly from the other user. She explained, in specific detail, the technological methods used by law enforcement to track down, identify, and arrest suspected users/distributors of child pornography on P2P networks. Lastly, Agent Newman explained how digital media devices were being used to store child pornography and the requisite skill and knowledge necessary to search these devices for evidence.

The affidavit recounted the investigative steps that were taken to identify Defendant's computer. Agent Newman attested that on March 18, 2015, Detective Chris Lamer of the Moore Police Department conducted an online undercover investigation and he was able to connect with a computer with IP address and download numerous files. Based on Agent Newman's review of the files, as well as her training and experience, she determined that the files depicted children under the age of eighteen engaged in sexually explicit conduct and thus constituted `child pornography’ as that term is defined in 18 U.S. Code § 2256(8).
U.S. v. Maurek, supra.  
The opinion goes on to explain that
[a]t the evidentiary hearing, the Court heard testimony from Robert Erdely, who teaches courses in online investigations of child pornography and participated in the development of Torrential Downpour. He testified that Torrential Downpour is a law enforcement surveillance software that is used exclusively by law enforcement. It is used to track, investigate, and eventually arrest those sharing child pornography through various P2P sharing networks.

Mr. Erdely testified that Torrential Downpour is `somewhat unique’ in that (1) it is designed to target and download files from a single IP address, as opposed to multiple sources, and restrict downloads to come from only that particular address (this is called a `single source download’); (2) Torrential Downpour creates a detailed log of events for evidentiary purposes; and (3) Torrential Downpour does not share files. Mr. Erdely provided additional testimony on the overall nuances of Torrential Downpour and its role in the field of P2P file sharing. Of particular note, he stated Torrential Downpour's direct connection capabilities were no different from other commercially available versions of BitTorrent and it (Torrential Downpour) had no rate of error.
U.S. v. Maurek, supra.  
And, finally, the judge explained that
[t]hrough a subpoena, Detective Lamer discovered the street address corresponding with the aforementioned IP address at the date and time of the downloads. He then conducted a search of the Oklahoma Department of Motor Vehicles records and confirmed that Defendant had a valid Oklahoma Driver's License which listed him as residing at the same street address. The search warrant application was granted and upon execution of the warrant, agents seized and confiscated several digital storage devices from Defendant's residence. Child pornography, consisting of both videos and still images, was found on a computer.
U.S. v. Maurek, supra.  
He went on to point out that the purpose of a court’s holding a suppression hearing is
`to determine preliminarily the admissibility of certain evidence allegedly obtained in violation of defendant's rights under the Fourth and Fifth Amendments.’ U.S. v. Merritt, 695 F.2d 1263 (U.S.Court of Appeals for the 10th Circuit 1982). `The proper inquiry is whether [the challenged action] violated the Fourth Amendment rights of [the] criminal defendant making the challenge.  U.S. v. Allen, 235 F.3d 482 (U.S. Court of Appeals for the 10th Circuit 2000) (quoting U.S. v. Erwin, 875 F.2d 268 (U.S. Court of Appeals for the 10th Circuit 1989) (paraphrasing in original)).

`The proponent of a motion to suppress has the burden of adducing facts at the suppression hearing indicating that his own rights were violated by the challenged search.’ U.S. v. Eckhart, 569 F.3d 1263, 1274 (U.S. Court of Appeals for the 10th Circuit 2009) (quoting U.S. v. Allen, supra). The controlling burden of proof at a suppression hearing is proof by a preponderance of the evidenceU.S. v. Matlock, 415U.S. 164 (1974).
U.S. v. Maurek, supra.  
The Judge then took up the critical issue:  “whether use of the `Torrential Downpour’ software constituted a warrantless search” under the Fourth Amendment. U.S. v. Maurek, supra.  He began by explaining that the Fourth Amendment
protects only reasonable expectations of privacy. Katz v. U. S., 389 U.S. 347, (1967) (Harlan, J., concurring). Whether a defendant's Fourth Amendment rights were violated by a challenged search turns on the classic Fourth Amendment test: (1) whether the defendant manifested a subjective expectation of privacy in the area searched and (2) whether society is prepared to recognize that expectation as objectively reasonable. U.S. v. Barrows, 481 F.3d 1246, 1248 (U.S. Court of Appeals for the 10th Circuit 2007).  `What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.’ U.S. v. Katz, suprasee also Smith v. Maryland, 442 U.S. 735 (1979) (`a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties’).
U.S. v. Maurek, supra (emphasis in the original).
Next, the judge explained that the U.S. Court of Appeals for the 10th Circuit, whose decisions are binding authority on the District Courts in Oklahoma (among other states),
and numerous other federal courts, including this Court, have uniformly held there is no reasonable expectation of privacy in files made available to the public through peer-to-peer file-sharing networks.  See U.S. v. Brese,  2008 WL 1376269, at *2 (U.S. District Court for the Western District of Oklahoma Apr.9, 2008) (`The Court finds that, notwithstanding any subjective expectation that Defendant may have had in the privacy of his computer, it was not reasonable for him to expect privacy in files that were accessible to anyone else with LimeWire (or compatible) software and an internet connection’); U.S. v. Perrine, 518 F.3d 1196 (U.S. Court of Appeals for the 10th Circuit 2008) (`Furthermore, as [defendant] conceded, he had peer-to-peer software on his computer, which permitted anyone else on the internet to access at least certain folders in his computer.

To the extent such access could expose his subscriber information to outsiders, that additionally vitiates any expectation of privacy he might have in his computer and its contents’); U.S. v. Abston, 401 Fed. App'x 357 (U.S. Court of Appeals for the 10th Circuit Nov.5, 2010) (`An individual who has “enabled peer-to-peer file sharing on his computer, thereby giving anyone with internet access the ability to gain entrance to his computer . . . holds no reasonable expectation of privacy that the Fourth Amendment will protect.’”) (quoting U.S. v. Perrine, supra ).

As one court stated, `[r]ather than evidencing a subjective expectation of privacy, Defendant's participation in the BitTorrent swarm demonstrates the exact opposite. By using peer-to-peer file sharing BitTorrent software, Defendant opened up his computer to allow other users of BitTorrent to access certain files to download. By opening his computer to the public, Defendant negates any claim he may have to subjective expectation of privacy in the files he made accessible to BitTorrent users online.’ U.S. v. Palmer, 2015 WL 4139069, at *12 (U.S. District Court for the Middle District of Florida July 8, 2015).
U.S. v. Maurek, supra.  
The judge then applied the standards outlined above to this case, explaining that
[Maurek] does not dispute that the files downloaded from his computer were found and shared over the BitTorrent P2P network. [He], therefore, has not established a reasonable, subjective expectation of privacy and his Motion to Suppress is overruled on this ground. [Maurek’s] attempt to distinguish the law enforcement version of the software as somehow different, or more invasive, than standard P2P programs does not alter the fact that he allowed public access to the files on his computer which contained images of child pornography, and thus compels no different conclusion.
U.S. v. Maurek, supra.  
Even though the judge found that Maurek’s “failure to show a reasonable expectation of privacy effectively completes this Court's analysis”, he noted that
out of interests of completeness, the Court addresses his second proposition that the affidavit failed to establish probable cause due to deliberate or reckless omissions regarding the use of Torrential Downpour, namely, the fact it is only accessible to law enforcement and there was nothing that attested to the program's technical or scientific reliability.
U.S. v. Maurek, supra.  The judge went on to explain that
`[a] search warrant can issue only upon a showing of probable cause.’ U.S. v. Long, 774 F.3d 653 (U.S. Court of Appeals for the 10th Circuit 2014). . . . `The supporting affidavit must provide a substantial basis to conclude that there is a fair probability that contraband or evidence of a crime will be found in a particular place.’ U.S. v. Long, supra (quoting U.S. v. Nolan, 199 F.3d 1180 (U.S. Court of Appeals for the 10th Circuit 1999) (internal quotations omitted)). Courts examine the `totality of the circumstances’ in the affidavit provided to determine whether it provided a substantial basis for finding a fair probability that contraband or other evidence of a crime would be found at the searched premises. U.S. v. Myers, 106 F.3d 936 (U.S. Court of Appeals for the 10th Circuit 1997). `[T]he Court must show deference to the magistrate's finding of probable cause and must interpret the affidavit in a “common sense and realistic fashion.”’ U.S. v. Taylor, 2013 WL 2149644 (U.S.District Court for the Northern District of Oklahoma May 16, 2013) (quoting U.S.v. Grimmett, 439 F.3d 1263 (U.S. Court of Appeals for the 10th Circuit 2006)).

A search warrant must be voided where a court: (1) finds that the affiant knowingly or recklessly included false statements in or omitted material information from an affidavit in support of a search warrant; and (2) concludes, after excising such false statements and considering such material omissions, that the corrected affidavit does not support a finding of probable cause. U.S. v. Garcia–Zambrano, 530 F.3d 1249 (U.S. Court of Appeals for the 10th Circuit 2008).
U.S. v. Maurek, supra.  
The judge then pointed out that information that is
omitted from an affidavit is material only if it affects a finding of probable cause. U.S. v. Kennedy, 131 F.3d 1371 (U.S. Court of Appeals for the 10th Circuit 1997) In other words, `[w]hether the omitted statement was material is determined by examining the affidavit as if the omitted information had been included and inquiring if the affidavit would still have given rise to probable cause for the warrant.’ Stewart v. Donges, 915 F.2d 572, 582 n .13 (U.S. Court of Appeals for the 10th Circuit 1990). . . .

In U.S. v. Chiardio, 684 F.3d 265 (U.S. Court of Appeals for the 1st Circuit 2012), the FBI undertook an undercover investigation to search for child pornography, which involved using the `LimeWire' software, which, like BitTorrent, is a commercially available P2P file sharing program that enables users to transmit files to and from other members of the LimeWire network. Like BitTorrent, LimeWire users can search for files made available by other users, browse all the files made available by a particular user, and download desired files. U.S. v. Chiardio, supra.  They can also make their own files accessible for download by designating a folder on their computers that would automatically share its contents with the network. U.S. v. Chiardio, supra.
U.S. v. Maurek, supra.  
Next, the he outlined more of the facts in U.S. v. Chiardio, explaining that the
FBI developed and employed a special version of LimeWire, known as `enhanced peer-to-peer software’ (EP2P), which was customized to assist child pornography investigations. The EP2P software differed from LimeWire in three principal respects:

First, when a user of the commercially available version of LimeWire tries to download a file, the program seeks out all the users who are sharing the same file and downloads different pieces of that file from multiple locations in order to optimize download speed. EP2P eliminates that functionality; it allows downloading from only one source at a time, thus ensuring that the entire file is available on that source's computer. Second, in its commercially available iteration, LimeWire responds to a search term by displaying basic information such as the names of the available files, file types, and the file sharers' Internet Protocol (IP) addresses. EP2P displays not only that data but also the identity of the Internet Service Provider (ISP) and the city and state associated with the IP address sharing a particular file. Third, EP2P has been modified so that an agent can easily compare the hash value (essentially, the digital fingerprint) of an available file with the hash values of confirmed videos and images of child pornography. Taken together, these three modifications permit agents to download a file from a single source, learn the general location of the source, and facilitate the identification of child pornography as such.
U.S. v. Maurek, supra (quoting U.S. v. Chiardio, supra, (emphases in the original)). 
The Maurek judge explained that, in Chiardo, the FBI used the EP2P software
to trace child pornography to a computer owned by the defendant, and he was subsequently indicted and convicted for possessing and distributing child pornography.

On appeal, the defendant contended, as here, that the search warrant affidavit lacked probable cause because it was based on `largely untested’ software and the government did not sufficiently demonstrate the software's reliability pursuant to Daubert v. MerrellDow Pharm., Inc., 509 U.S. 579 (1993). The court overruled the motion by first noting that the Federal Rules of Evidence do not apply to proceedings surrounding the issuance of a search warrant, U.S. v. Chiardio, supra (citing Federal Rule ofEvidence 1101(d)(3)), and that `probable cause ‘does not require scientific certainty.’ Id. (quoting Roche v. John Hancock Mut. Life Ins. Co., 81 F.3d 249 (U.S. Court of Appeals for the 1st Circuit 1996)). The court found the issuing magistrate had made a sensible determination, based on a detailed affidavit, that a search of the defendant's residence was likely to turn up illicit images. U.S. v. Chiardio, supra. This, the court determined, was sufficient to find probable cause.
U.S. v. Maurek, supra.  
He also noted that the Chiardio court rejected the defendant’s second contention,
which also mirrors Defendant's challenge to Torrential Downpour, that the affidavit contained knowing or reckless material omissions about the reliability of EP2P. The First Circuit held the alleged omissions in the supporting affidavit were not material and had they been included, they would not have diluted the affidavit's showing of probable cause, but rather `had the affiant included the additional statements describing what was known about EP2P's reliability, those statements would have served no purpose except to strengthen the affidavit. It would be wildly illogical to suppress the fruits of a search on the ground that the warrant application omitted statements that, if included, would have increased the affidavit's persuasive force.’ U.S. v. Chiardio, supra (citation omitted, emphasis in original).
U.S. v. Maurek, supra.  
The judge then articulated his ruling, which overruled Maurek’s argument:
The material fact law enforcement was obligated to disclose was its use of investigative technology to track, identify, and download the files from [Maurek’s] computer. This fact was fully disclosed. More exacting details and disclosures simply were not required to establish probable cause. See U.S. v. Biglow, 562 F.3d 1272 (U.S. Court of Appeals for the 10th Circuit 2009) (`probable cause is a matter of ‘probabilities and common sense conclusions, not certainties’). . . . Defendant confuses the test for determining the admissibility of evidence from an expert witness at trial under Federal Rule of Evidence 702 with the more flexible and less demanding standard for evidence necessary to establish probable cause. See also Maryland v. Pringle, 540 U.S.366 (2003) (`The probable-cause standard is incapable of precise definition or quantification into percentages because it deals with probabilities and depends on the totality of the circumstances’).

And, as the court observed in Chiardio, had more information about the intricacies of Torrential Downpour been included, these additional disclosures would not have affected the determination of probable cause because they would have merely provided the magistrate judge with further information regarding the source and capabilities of the automated software. Under the totality of the circumstances, the affidavit provided a substantial basis for the magistrate's conclusion that there was probable cause for issuing the challenged warrant.

U.S. v. Maurek, supra.  He therefore denied Maurek’s motion to suppress. U.S. v. Maurek, supra.  

No comments: