Monday, May 29, 2017

The Warrant, the Network Investigative Technique and Child Pornograph

This post examines an opinion from the U.S. District Court for the Northern District of Texas: U.S. v. Perdue, 2017 WL 661378 (2017). The judge begins the opinion by explaining that
[t]he instant motions to suppress and dismiss the indictment challenge the Federal Bureau of Investigation's (`FBI's’) seizure of a computer server that hosted a child pornography website called `Playpen,’ and the FBI's ensuing operation of the website on a government server.
U.S. v. Perdue, supra.
The Judge goes on to explain why, and how, the prosecution arose:
The facts of this case that are material to the court's decision are undisputed. In early 2015, acting on a tip from a foreign law enforcement agency, the FBI located and seized a computer server that contained a child pornography website called Playpen. Playpen existed as a hidden website on the Tor Network, also known as the dark web. Through sophisticated encryption, the Tor Network anonymizes and actively conceals identifying information about website users, including a user's true Internet Protocol (`IP’) address. To access Playpen, it was necessary for users to know the website's address on the Tor Network. Users could not, for example, stumble upon Playpen while browsing the Internet. Once on the Playpen website, users logged in with dedicated usernames and passwords. Playpen offered users various forums for different child pornography topics, including `Incest’ and `Toddlers.’ Inside each forum were discussion posts, images, and videos related to the particular topic.

Because the Tor Network anonymizes its users, the FBI could not uncover who was operating or accessing the Playpen website through normal investigative techniques. The FBI devised a plan to investigate Playpen's users, who would normally be untraceable. The plan called for the FBI to copy the Playpen server and continue to operate the Playpen website on the FBI server. While operating the website, the FBI would use a network investigative technique (`NIT’) that allowed it to retrieve information from the computers of the persons who logged in to the Playpen website. The NIT—computer code developed by the FBI—would be attached to various files uploaded to Playpen. When the website user downloaded a file, the NIT would force the user's computer to send to the FBI the user's actual IP address and other identifying information. With the actual IP address, the FBI could identify and locate the user.

Acting according to the plan, the FBI copied the Playpen server and brought it to a government facility located in the Eastern District of Virginia. On February 20, 2015 the FBI applied for and obtained from a United States Magistrate Judge of the Eastern District of Virginia a search warrant (the `NIT Warrant’) authorizing the FBI to deploy the NIT program for a period of up to 30 days.

On or about February 23, 2015, Perdue accessed the Internet from his residence using a personal computer. Using the Tor Network, he logged in to the Playpen website and clicked on a post entitled, `8 Year Old Blonde,’ which contained child pornography. As the content from this post downloaded onto the computer, the NIT computer code was sent automatically. The NIT relayed Perdue's IP address and other information back to the FBI in the Eastern District of Virginia.

Based on this information, the FBI issued a subpoena to AT & T, the Internet service provider connected with Perdue's IP address, and learned that Perdue was the account holder associated with the address. The FBI obtained a warrant to search Perdue's residence, and it found (1) a computer containing child pornography, and (2) a flash drive containing an 80–page Microsoft Word document containing links to child pornography websites. Perdue subsequently confessed to accessing Playpen and using the Tor Network to obtain child pornography.
U.S. v. Perdue, supra.
The federal judge goes on to point out that
[t]he grand jury later indicted Perdue for the offenses of receipt of child pornography, in violation of 18 U.S. Code §2252A(a)(2)(A), and possession of child pornography involving a prepubescent minor, in violation of 18 U.S. Code § 2252A(a)(5)(B). Perdue moves to suppress all evidence obtained from the NIT, alleging that the authorizing warrant was made without jurisdiction under 28 U.S. Code §636(a) and Fed. R. Crim. P. 41. He also moves to dismiss the indictment. The government opposes both motions.
U.S. v. Perdue, supra. This opinion only examines the court’s analysis of Perdue’s motion to suppress.
The District Court Judge began his analysis of the issues in the case with Perdue’s motion to suppress evidence, in which he argued that the evidence at issue was obtained in violation of the Fourth Amendment.  U.S. v. Perdue, supra. He began the analysis by explaining that
[t]he general rule under the Fourth Amendment is that searches of private property are reasonable if conducted pursuant to a valid warrant issued upon probable cause. See, e.g., Katzv. United States, 389 U.S. 347, 357 (1967). `A defendant normally bears the burden of proving by a preponderance of the evidence that the challenged search or seizure was unconstitutional.’ United States v. Waldrop, 404 F.3d 365, 368 (5th Cir. 2005 (citing United States v. Guerrero–Barajas, 240 F.3d 428, 432 (5th Cir. 2001)). `The exclusionaryrule prohibits introduction at trial of evidence obtained as the result of an illegal search or seizure.’ United States v. Runyan, 275 F.3d 449, 466 (5th Cir. 2001). The exclusionary rule also `encompass[es] evidence that is the indirect product or ‘fruit” of unlawful police conduct.’ Id. (citing WongSun v. United States, 371 U.S. 471, 488 (1963)).
The judge goes on to explain that Perdue argued that the
magistrate judge in the Eastern District of Virginia who issued the NIT Warrant lacked authority under both Fed. R. Crim. P. 41(b) (2015) and § 636(a) of the Federal Magistrate Judges Act, 28 U.S.C. § 636(a), to authorize the search of a computer in Texas. The government responds that the NIT is functionally a tracking device that `was used to track the movement of [information] both within and outside of Virginia.’ Gov't Br. 10. According to the government, `[t]he NIT program, by way of operation, used [a communication stream between the government's server in Virginia and Perdue's computer in Texas] to track from where Perdue's computer signal emanated.’ Id.
U.S. v. Perdue, supra.
The District Court Judge went on to explain that
Rule 41(b)(4) provides that `a magistrate judge with authority in the district has authority to issue a warrant to install within the district a tracking device; the warrant may authorize use of the device to track the movement of a person or property located within the district, outside the district, or both.’ A `tracking device’ is `an electronic . . . device which permits the tracking of the movement of a person or object.’ 18 U.S. Code § 3117see also Rule 41(a)(2)(E) (incorporating definition in § 3117). And the rules indicate that `property’ includes `information.’ Rule 41(a)(2)(A).

The courts that have considered the NIT Warrant have split on the issue. See United States v. Torres, 2016 WL 4821223, at *4 (W.D. Tex. Sept. 9, 2016) (collecting cases). Courts that have held that Rule 41(b) was not violated have concluded that the defendants `voluntarily and deliberately came to the Eastern District of Virginia when [they] took affirmative steps to log into the Playpen website by entering a username and password.’ United States v. Sullivan, ––– F.Supp.3d ––––, ––––, 2017 WL 201332, at *6 (N.D. Ohio Jan. 18, 2017); see also United States v. Anzalone, 208 F.Supp.3d 358, 370 (D. Mass. 2016) (collecting cases). It was therefore permissible for the magistrate judge to authorize affixing a tracking device—i.e., the NIT code—to the defendants' computers once they were present in the district. Courts that have held that the magistrate judge violated Rule 41(b) have reasoned that the government's defense of the magistrate judge's authority stretches the Rule. See, e.g., United States v. Hammond, ––– F.Supp.3d ––––, ––––, 2016 WL 7157762, at *4 (N.D. Cal. Dec. 8, 2016) (`[Defendant's] computer is a physical object that at all times remained in his home in the Northern District of California, and the download, too, occurred here and not ‘virtually’ in the Eastern District of Virginia.’).
U.S. v. Perdue, supra.
The judge goes on to explain that the
court agrees with the courts that have concluded that Rule 41(b)(4) does not extend to the NIT Warrant. Although caselaw suggests that the court is to construe Rule 41broadly, see United States v. N.Y. Tel. Co., 434 U.S. 159, 169 (1977) (holding that Rule 41(b) `is sufficiently flexible to include within its scope electronic intrusions authorized upon a finding of probable cause’), it cannot render it meaningless. As one court has explained:

`[i]f the “installation” occurred on the government-controlled computer, located in the Eastern District of Virginia, applying the tracking device exception breaks down, because [defendant] never controlled the government-controlled computer, unlike a car with a tracking device leaving a particular district. If the installation occurred on [defendant's] computer, applying the tracking device exception again fails, because [defendant's] computer was never physically located within the Eastern District of Virginia.’

United States v. Michaud, 2016 WL 337263, at *6 (W.D. Wash. Jan. 28, 2016). Accordingly, the court holds that the NIT Warrant exceeded the magistrate judge's authority under Rule 41(b) by authorizing the search of a computer in Texas.
U.S. v. Perdue, supra.
The judge then took up the issue of whether, since the magistrate exceeded his/her authority by authorizing the search, the evidence should be suppressed. U.S. v. Perdue, supra. He began his analysis of this issue by explaining that the
exclusionary rule precludes the government from relying on illegally-seized evidence. United States v. Houltin, 566 F.2d 1027, 1030 (5th Cir. 1978). `The purpose of the exclusionary rule is to deter unlawful police conduct.’ United States v. Pope, 467 F.3d 912, 916 (5th Cir. 2006). This purpose will not be served, and thus the rule is inapplicable, where evidence is obtained in `objectively reasonable good-faith reliance upon a search warrant.’ Id. (citations and internal quotation marks omitted). `Under the good-faith exception, evidence obtained during the execution of a warrant later determined to be deficient is admissible nonetheless, so long as the executing officers' reliance on the warrant was objectively reasonable and in good faith.’ United States v. Payne, 341 F.3d 393, 399 (5th Cir. 2003) (citing United States v. Leon, 468 U.S. 897, 921–25 (1984)). The good-faith exception cannot apply if `the issuing magistrate/judge was misled by information in an affidavit that the affiant knew was false or would have known except for reckless disregard of the truth[.]’ Id. at 399 (quoting United States v. Webster, 960 F.2d 1301, 1307 n.4 (5th Cir. 1992) (per curiam)). `The “good faith inquiry is confined to the objectively ascertainable question whether a reasonably well-trained officer would have known that the search was illegal despite the magistrate's authorization.”’ Pope, 467 F.3d at 917 (quoting Leon, 468 U.S. at 922 n.23, 104 S.Ct. 3405).
In the context of a Rule 41 violation,
`where there is no constitutional violation nor prejudice in the sense that the search would likely not have occurred or been as abrasive or intrusive had Rule 41 been followed, suppression ... is not appropriate if the officers concerned acted in the affirmative good faith belief that the warrant was valid and authorized their conduct.’

United States v. Comstock, 805 F.2d 1194, 1207 (5th Cir. 1986). This is because the balance of interests inherent in an exclusionary rule analysis `weighs much less heavily [when] the [Rule 41] violation is neither of constitutional dimensions nor intentional.’ Id. at 1210.
U.S. v. Perdue, supra.
For these and other reasons, the judge denied Perdue’s motion to suppress evidence and his motion to dismiss the indictment against him. U.S. v. Perdue, supra.

No comments: