Judge Says FBI's Hacking Tool Deployed In Child Porn Investigation Is An Illegal Search

from the can't-just-go-wherever-you-damn-well-please dept

The judicial system doesn’t seem to have a problem with the FBI acting as admins for child porn sites while conducting investigations. After all, judges have seen worse. They’ve OK’ed the FBI’s hiring of a “heroin-addicted prostitute” to seduce an investigation target into selling drugs to undercover agents. Judges have, for the most part, allowed the ATF to bust people for robbing fake drug houses containing zero drugs — even when the actual robbery has never taken place. Judges have also found nothing wrong with law enforcement creating its own “pedophilic organization,” recruiting members and encouraging them to create child pornography.

So, when the FBI ran a child porn site for two weeks last year, its position as a child porn middleman was never considered to be a problem. The “network investigative technique” (NIT) it used to obtain identifying information about anonymous site visitors and their computer hardware, however, has resulted in a few problems for the agency.

While the FBI has been able to fend off one defendant’s attempt to suppress evidence out in Washington, it has just seen its evidence disappear in another case related to its NIT and the “PlayPen” child porn site it seized (and ran) last year.

What troubles the court isn’t the FBI acting as a child porn conduit in exchange for unmasking Tor users. What bothers the court is the reach of its NIT, which extends far outside the jurisdiction of the magistrate judge who granted the FBI’s search warrants. This decision benefits defendant Alex Levin of Massachusetts directly. But it could also pay off for Jay Michaud in Washington.

The warrants were issued in Virginia, which is where the seized server resided during the FBI’s spyware-based investigation. Levin, like Michaud, does not reside in the district where the warrant was issued (Virginia – Eastern District) and where the search was supposed to be undertaken. As Judge William Young explains, the FBI’s failure to restrict itself to the location where the NIT warrants were issued makes them worthless pieces of paper outside of that district. (via Chris Soghoian)

The government argues for a liberal construction of Rule 41(b) that would authorize the type of search that occurred here pursuant to the NIT Warrant. See Gov’t’s Resp. 18-20. Specifically, it argues that subsections (1), (2), and (4) of Rule 41(b) are each sufficient to support the magistrate judge’s issuance of the NIT Warrant. Id. This Court is unpersuaded by the government’s arguments. Because the NIT Warrant purported to authorize a search of property located outside the Eastern District of Virginia, and because none of the exceptions to the general territorial limitation of Rule 41(b)(1) applies, the Court holds that the magistrate judge lacked authority under Rule 41(b) to issue the NIT Warrant.

The government deployed some spectacular theories in its effort to salvage these warrants, but the court is having none of it.

The government advances two distinct lines of argument as to why Rule 41(b)(1) authorizes the NIT Warrant. One is that all of the property that was searched pursuant to the NIT Warrant was actually located within the Eastern District of Virginia, where the magistrate judge sat: since Levin — as a user of Website A — “retrieved the NIT from a server in the Eastern District of Virginia, and the NIT sent [Levin’s] network information back to a server in that district,” the government argues the search it conducted pursuant to the NIT Warrant properly can be understood as occurring within the Eastern District of Virginia. Gov’t’s Resp. 20. This is nothing but a strained, after-the-fact rationalization.

As the government attempts to portray it, the search was wholly contained in Virginia because the NIT was distributed by the seized server in the FBI’s control. But, as the judge notes, the search itself — via the NIT — did not occur in Virginia. The NIT may have originated there, but without grabbing info and data from Levin’s computer in Massachusetts, the FBI would have nothing to use against the defendant.

That the Website A server is located in the Eastern District of Virginia is, for purposes of Rule 41(b)(1), immaterial, since it is not the server itself from which the relevant information was sought.

And, according to Judge Young, that’s exactly what the FBI has now: nothing.

The Court concludes that the violation at issue here is distinct from the technical Rule 41 violations that have been deemed insufficient to warrant suppression in past cases, and, in any event, Levin was prejudiced by the violation. Moreover, the Court holds that the good-faith exception is inapplicable because the warrant at issue here was void ab initio.

The judge has more to say about the FBI’s last ditch attempt to have the “good faith exception” salvage its invalid searches.

Even were the Court to hold that the good-faith exception could apply to circumstances involving a search pursuant to a warrant issued without jurisdiction, it would decline to rule such exception applicable here. For one, it was not objectively reasonable for law enforcement — particularly “a veteran FBI agent with 19 years of federal law enforcement experience[,]” Gov’t’s Resp. 7-8 — to believe that the NIT Warrant was properly issued considering the plain mandate of Rule 41(b).

The court doesn’t have a problem with NITs or the FBI’s decision to spend two weeks operating a seized child porn server. But it does have a problem with the government getting warrants signed in one jurisdiction and using them everywhere but.

The decision here could call into question other such warrants used extraterritorially, like the DEA’s dozens of wiretap warrants obtained in California but used to eavesdrop on targets located on the other side of the country. And it may help Jay Michaud in his case, seeing as he resides a few thousand miles away from where the search was supposedly performed.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Judge Says FBI's Hacking Tool Deployed In Child Porn Investigation Is An Illegal Search”

Subscribe: RSS Leave a comment
28 Comments
DannyB (profile) says:

Re: All Hacking Tools

I agree with your reasoning. But taken to its logical conclusion one could then argue for the physical world the same as what is found on a computer . . .

Why should we believe any law enforcement when they say they found something in a search? After all, they could have planted it there.

If law enforcement wants to be believed when accused of planting evidence, they need to act absolutely above reproach. However, they do not act that way. Quite the opposite.

Anonymous Coward says:

Re: Re: All Hacking Tools

Nothing is above reproach.

We should never ever, NOT EVER!!! Believe law enforcement!

We should LOOK at the evidence they supply, and evaluate motivation on ALL sides and THEN make a determination if we should “accept” the “PROPERLY DOCUMENTED & LEGALLY GATHERED” evidence.

You have already made the mistake of thinking that there was ever, or will ever, be a point in time where anything even associated with “Government” could ever be above reproach.

Always suspect their motivations! It HELPS to keep them honest!

Andy says:

Re: Re: All Hacking Tools

The gov and fbi and cops have all been found guilty of imprioning or charging people with crimes thay did not commit, I would say all cases should eb paused and new laws enacted that ensure no innocent person is ever charged with a crime , that evidence , solid evidence be presented to the courts in every case, no he said she said cases allowed. And if the fbi or any other gov organisation is found guilty of faking evidence, ignoring laws or encouraging people to commit crimes they should be punished.

Just imagine all the CP that is now on the internet due to the fbi putting it there, this is sickening and if America cannot control its fbi then maybe other countries need to start suing them for making CP available in there country/.

They should also be punished for doing such a terrible job that they allow a Paedophile to get away with a crime he possibly committed.

That Anonymous Coward (profile) says:

But the rules don’t matter, because our targets are really bad guys!

The laws aren’t maybe kinda sorta guidelines, they are how things are supposed to be done. This sloppy kind of corner cutting hoping that the courts will suspend the rights of the accused because they are bad guys weakens the entire system. The fact an agency charged with upholding the law time and time again gets passes to the point where they feel they can ignore the law, suggests that serious reform is needed.

Anonymous Coward says:

Re: Re: Re:2 Re:

Not sure this quite rises to that level.

We are talking about incorrect procedures, not incorrect application of the law itself. It is likely not going to serve either the police or the citizens if we nail officers to the wall for every procedural misstep. All I am saying is that we can cut a bit of slack for the inexperienced… the newly trained do make mistakes, experience just helps them make less over time.

In the case of incorrect application of the law, then HELL yea, I agree with you 100% ignorance is no excuse at any point in time. Maybe that is what the original AC meant and we are just stuck in semantics?

Anonymous Coward says:

Re: Re: Re:3 Consequences for failure to follow procedure

I have no problem with them not facing serious charges over a procedural misstep, provided that the misstep did not cause serious hardship to people outside law enforcement. In this case, if they searched the computer without a proper warrant, suppressing the evidence is right. If they stopped there, and did not actually arrest the target nor impound his property, then I think a written reprimand to the officers, as well as some retraining, would be sufficient. If, on the other hand, they acted on their illegally obtained information by raiding the target’s property, then they should face harsher consequences. Specifics will vary based on how much trouble they caused with their unjustified raid. At minimum, they should be responsible for repairing both the reputational and physical damage their raid caused.

Anonymous Coward says:

Re: Re: Re:4 Re:

Yea the FBI never had any business creating a CP honey pot.

Everyone involved should be rotting in jail with the exact same charges as those they accuse!

There is ZERO room in a civilized society for allowing law enforcement to break the law just to catch or entrap a criminal.

You might catch criminals this way, but the actual end result is in the government causing more crime than it is preventing! But hell we already know the government is not interested in creating a safe America, they want one where they can arrest any asshole they deem worthy on a whim!

djl47 (profile) says:

What should law enforcement do in cases like this?

Serious question: What should law enforcement do in cases like this? Law enforcement is attempting to identify suspects who are trafficking in child porn. The suspects use TOR to anonymize their identity and location. Law enforcement can deploy snooping tools planted on the suspects computers to unmask their identity and location. Does law enforcement need to get a warrant in every court jurisdiction where a suspect may be located? That sets the bar extremely high

nasch (profile) says:

Re: What should law enforcement do in cases like this?

Does law enforcement need to get a warrant in every court jurisdiction where a suspect may be located? That sets the bar extremely high

If they find a suspect not in their jurisdiction, I assume they should forward the information to that jurisdiction and/or to the feds.

jp says:

Re: Re: What should law enforcement do in cases like this?

can’t forward it to them. the info was illegally obtained since they didn’t have a warrant in that jurisdiction. even if using that info they found other evidence if they only found it because of that info it would be inadmissible. that is why they shouldn’t be able to legally collectthis info without a nationwide warrant

Anonymous Coward says:

Re: Re: Re:

correct, either way the children were exploited.

I think it sends a clear message about the moral and intellectual integrity of law enforcement to make the literal claim that “It’s okay for us to run a CP site, but NOT YOU!”

I bet those sick bastards were enjoying every minute of it, only act out a sullen face the moment the cameras were rolling!

John Paul Howard Logan says:

Re: Re:

not exactly. they connected to the server using tor so in order to get the ip addresses they had to send malware to the computers to send out a message on the regular internet containing this info. if they just looked at the ips connecting to them all they would see is the last tor relay. in tor when you send to a server it goes to a relay then sent to another and another till it gets to the destination then it is sent back similarly through relays. the location of both end computers is not revealed

unby (user link) says:

outbound

Always suspect their motivations! It HELPS to keep them honest! Law enforcement is attempting to identify suspects who are trafficking in child porn. Law enforcement can deploy snooping tools planted on the suspects computers to unmask their identity and location.
They should also be punished for doing such a terrible job that they allow a Paedophile to get away with a crime he possibly committed, if the fbi or any other gov organisation is found guilty of faking evidence, ignoring laws or encouraging people to commit crimes they should be punished.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...