Good Faith Beats Bad Warrant In Another Win For FBI's World-Traversing NIT Malware

from the this-should-keep-this-out-of-the-Supreme-Court's-hands dept

Another challenge of the NIT (Network Investigative Technique) warrant used by the FBI during its investigation of a dark web child porn website has hit the appellate level. A handful of district courts have found the warrant used invalid, given the fact that its reach (worldwide) exceeded its jurisdictional grasp (the state of Virginia, where it was obtained). That hasn’t had much of an effect on appeals court rulings, which have all found the warrant questionable to varying degrees, but have granted the FBI “good faith” for violating the jurisdictional limits the DOJ was attempting to have rewritten (Rule 41 — which governs warrant jurisdictional limits, among other things) to allow it to do the things it was already doing.

Even though the FBI had to have known searches performed all over the world using one Virginia-based warrant violated Rule 41 limits, appellate judges have declared the FBI agent requesting the warrant wasn’t enough of a legal expert to know this wasn’t allowed. Two appeals courts have stated suppressing the evidence is pointless because the law changed after the jurisdiction limit violation took place. The appellate decisions have been troubling to say the least, providing further evidence that the good faith exception is the rule, rather than the outlier.

The latest decision [PDF] dealing with the NIT warrant comes from the Third Circuit Appeals Court. It, too, finds the warrant questionable. And it states the government has agreed the warrant was not valid under Rule 41(b).

The Government conceded below that “[a]lthough Rule 41 does authorize a judge to issue a search warrant for a search in another district in some circumstances, it does not explicitly do so in these circumstances.” App. 91 (Government Br. in Opposition to Motion to Suppress) (emphasis added).

The opinion goes on to note the government, having admitted its warrant was bad, then argued it was good because it was apparently thinking of a different part of Rule 41 when it applied for a warrant, even though none of this thought made its way into the affidavit as words.

On appeal, however, the Government curiously has reversed course, and now contends that the NIT was in fact explicitly authorized by Rule 41(b)(4), which provides that a magistrate judge may “issue a warrant to install within the district a tracking device; the warrant may authorize use of the device to track the movement of a person or property located within the district, outside the district, or both.” Fed. R. Crim. P. 41(b)(4) (emphasis added).

According to the Government, under this Rule, “the NIT warrant properly authorized use of the NIT to track the movement of information—the digital child pornography content requested by users who logged into Playpen’s website—as it traveled from the server in [EDVA] through the encrypted Tor network to its final destination: the users’ computers, wherever located.”

Wrong again, says the court, noting the disingenuousness of the government’s goalpost move. (All emphasis added by me and not the court from this point forward.)

We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit.

The court also helpfully finds that computer users have an expectation of privacy in their IP addresses and other identifying info housed in their computers. It points out the government obtained this directly from targets’ computers rather than third parties, making this a Fourth Amendment search rather than a Third Party Doctrine case.

But that’s where the good news ends for the defendant. The appeals court says the warrant was invalid the moment it was issued, but that this can’t be held against the FBI. It rationalizes its opinion this way: suppression of evidence is for deterrence, not for righting the government’s wrongs. So, it’s OK for the FBI to rely on an invalid warrant because the judge made the error approving it. The FBI was not wrong to rely on the warrant, even though it very likely knew its request violated Rule 41 jurisdictional limits. Then it arrives at this conclusion — one reached previously by another appeals court:

More importantly, the exclusionary rule “applies only where it ‘result[s] in appreciable deterrence.’” Herring, 555 U.S. at 141 (quoting Leon, 468 U.S. at 909) (emphasis added). Thus, even though Rule 41(b) did not authorize the magistrate judge to issue the NIT warrant, future law enforcement officers may apply for and obtain such a warrant pursuant to Rule 41(b)(6), which went into effect in December 2016 to authorize NIT-like warrants. Accordingly, a similar Rule 41(b) violation is unlikely to recur and suppression here will have no deterrent effect.

In other words, because it’s now impossible for the FBI to engage in this violation of Rule 41, there’s nothing to be gained by suppressing the evidence. In essence, the court is saying that if the DOJ can get laws changed quickly enough to codify earlier statutory violations, defendants challenging evidence based on legal violations that occurred before the law was changed are shit out of luck. Compare and contrast this to civil rights lawsuits where the courts have awarded good faith to law enforcement for apparent rights violations because they occurred before such acts were declared unconstitutional by precedential opinions. It’s “heads I win, tails you lose” in federal courts, thanks to the good faith exception.

More cases will reach the appellate level but it hardly seems likely any of those will result in suppressed evidence for Playpen defendants. These findings will be reached despite most appellate judges declaring the underlying warrants void from the moment they were issued. Defendants asking for suppression are going to run into judges willing to forgive the FBI both before and after the fact, which means there’s very little justice left in the justice system’s tanks.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Good Faith Beats Bad Warrant In Another Win For FBI's World-Traversing NIT Malware”

Subscribe: RSS Leave a comment
Anonymous Coward says:

First, this is NOT "law" nor statute, it's a COURT RULE. Those are strong, but change-able at need. Why are you complaining that it's been updated for "teh internets"? WHY is Techdirt so hot on this narrow technical question?

Why should police be "punished" by not knowing ramifications of a narrow point that takes lawyers and judges some time to untangle?

Why should (any) defendants be let entirely off the hook over a court rule that simply needs updated, has been, and in future will be fine? — There is simply NO way that search warrants of this kind are NOT going to cover the situation. NO WAY IN HELL. SO QUIT HOPING, TECHDIRT.

Every time child pornography comes up, Techdirt wants good solid cases to be thrown out on some technicality.

Anonymous Coward says:

Re: First, this is NOT "law" nor statute, it's a COURT RULE. Those are strong, but change-able at need. Why are you complaining that it's been updated for "teh internets"? WHY is Techdirt so hot on this narrow technical question?

Is it like a bunch of people’s law? Like several groups together? A “common law” if you wil.

That Anonymous Coward (profile) says:

Re: First, this is NOT "law" nor statute, it's a COURT RULE. Those are strong, but change-able at need. Why are you complaining that it's been updated for "teh internets"? WHY is Techdirt so hot on this narrow technical question?

Because violating the law is violating the law.
Just because the accused are connected to CP, is no reason to find ways to bend and twist the law to get the outcome desired.
You might not like someone accused of CP to get a break, but using ‘good faith’ as a magic key that bypasses the letter of the law undermines the entire system.

Anonymous Coward says:

Re: Re: First, this is NOT "law" nor statute, it's a COURT RULE. Those are strong, but change-able at need. Why are you complaining that it's been updated for "teh internets"? WHY is Techdirt so hot on this narrow technical question?

Exactly – and of course, no one ever would even think of false accusation just for the sake of gaining an advantage.

mik says:

Re: First, this is NOT "law" nor statute, it's a COURT RULE. Those are strong, but change-able at need. Why are you complaining that it's been updated for "teh internets"? WHY is Techdirt so hot on this narrow technical question?

In other words “wont somebody pleeeease think of the children”
Your point is effectively a cartoon meme.
Its time for the “good faith” thing to die. Its very clear law enforcement use it as a deliberate dodge for deliberate malfeasance.

discordian_eris (profile) says:


This reinforces my opinion that the application of the law in the US is based upon nothing but pure sophistry.

noun, plural sophistries.
a subtle, tricky, superficially plausible, but generally fallacious method of reasoning.

ALL of these judges know exactly what is happening and what they are doing. It’s not a conspiracy, there’s no apparent coordination. But it is a cabal focused on allowing their good buddies, the LEOs of various stripes,to do as they will. Between ‘good faith’, ‘qualified immunity’ and other sophistic contrivances, the judiciary is decimating justice in this country. It is going to continue until judges wake up, admit they are severely damaging the fabric of justice, and actually do their jobs.

Impartiality. When the courts actually apply it, this might be stopped. Until then, this is not a country that actually follows the rule of law.

Anonymous Coward says:

Re: Sophistry

ALL of these judges know exactly what is happening and what they are doing.

Yes, THEY DO, but you display ignorance of law.

This is not new, as proven by the very existence of jurisdictional questions. It’s not bizarre: judges have considered it, and fudge a mere Court Rule to cover new technology.

YOUR way — which in the instant case is to say that IP addresses simply can’t be captured because unknown where come from — would allow persons accused to escape justice. — And remember, there’ll still be a trial on the merits. This is sheerly pre-trial maneuvering to suppress the key evidence.

Courts must come down police have done nothing wrong in pursuing this even though an out-of-state IP address.

Horrible violation of civil rights, huh? Getting an IP address in one state and following it to search in another. Only EVERY web-site that you click to does exactly same…

Techdirt is insanely insisting on obtaining warrant in unknown place ahead of capturing an IP address, holding that the very capture is illegal! That’s not workable.

Guess I can’t explain it any better, since I’m up against what I see as literally insane claim that evidence should be suppressed — in this case, where the downloading of child pornography isn’t actually questioned. This was always just a faint hope. But, courts allow even faint hopes.

However, when courts decide narrow technical points a way that you don’t agree with, there’s absolutely no call to go berserk and claim there’s no justice and police are trampling rights. It’s JUST clearing up a technical point.

RESTON says:

Re: Re: Re: Square Peg

” …. if the law is flawed it isn’t their job to hammer the square peg into the round hole.”

Excellent point about law generally.

If learned judges have difficulty understanding/applying any specific law — then how are ordinary citizens supposed to understand it ?

Any law that is not readily understandable by the primary judges responsible for applying it — should be declared null & void by the judiciary.

That is a PRIMARY responsibility of the judiciary to protect the integrity of the legal system and protect citizens.

Anonymous Coward says:

Re: Re: Sophistry

“IP addresses simply can’t be captured”

This is incorrect as logs typically do this without prompting.

“Techdirt is insanely insisting on obtaining warrant in unknown place ahead of capturing an IP address, holding that the very capture is illegal! “

I doubt this. How is a server to ack requests if the IP Addr is unknown?

Anonymous Coward says:

LATE BREAKING NEWS: "Judge dismisses coal mogul's defamation lawsuit against HBO/John Oliver..."

Just to get snark in before Techdirt’s gloating.

Techdirt would have gone APE today if found out in time, but there’s always next week in which to cheer your “right” to be vulgar and attack persons. — Really, though, how valuable is that? It nearly — and may yet — cost Masnick 15 million!

That Anonymous Coward (profile) says:

Re: Re:

No that is just for the little people.
They paid that best buy tech good money to find a thumbnail downloaded by a piece of click malware that the owner never saw & launch a case to destroy his life… but an FBI agent can totally violate the law.

Just because we assisted in the creation and distribution of new CP is no reason to hold us to the law meant to punish little people.

Anonymous Coward says:

The End of Checks and Balances

"…appellate judges have declared the FBI agent requesting the warrant wasn’t enough of a legal expert to know this wasn’t allowed."

Judge: You cant do that – it’s illegal.

Agent: But, but, I want it to be legal (stomping foot and sticking out bottom lip)!

Judge: You little dickens…oh, all right.

David says:

"good faith" for a world-wide warrant...

Why not just press the Red Button now and claim “good faith”? “I didn’t know I wasn’t supposed to bomb the Ruskies into oblivion.”

I can accept that criminal insanity prevents regular sentencing, but I then want to see the perpetrators locked into a mental institution.

Even though arguably the U.S. counts as one these days.

That One Guy (profile) says:

"Well... I mean... it's not like the law actually MATTERS..."

If a judge is going to point out multiple ways in which the FBI’s actions didn’t comport with the law, and even after all that give them a pass anyway, they need to just resign.

They’re not upholding the law at that point, nor punishing violations of it, they’re just acting as rubber stamps, handing out retro-active approval to anyone with a badge that wanders into the court.

Anonymous Coward says:


I’m posting this because I believe all of us “OUTSIDE” in the firearms community should read it. I apologize if the text isn’t quoted. I can’t figure out how to do it from my phone. But here goes:

Posted on Patreon by the Military Arms Channel.

Interview with the New York Times

I was asked to do an interview with the New York Times. I have very strict guidelines I stand by when engaging with the media so they can’t twist my words. I was asked to do a phone interview, but declined and asked the journalist submit his questions in writing to me. Here’s my response to his questions. I will be very surprised if this makes it into print. Here’s my response to Jack, the NYT’s reporter:


I don’t know what your deadline is but I am packing and racing around in preparation for a hunt in Texas this week. We leave 7am tomorrow and I’m trying to get all the stuff packed. I am hunting with an AR rifle and we’re hunting an Axis Buck. I hunt almost exclusively with modern firearms such as the AR15. I can provide you with pictures from the field, however we won’t be in Texas until Saturday late afternoon. I can answer your questions, but I won’t be available for a photo shoot until I return on March 3rd.

This video will give you the back story on my first AR15. I got it while I was in High School. This video tells the whole story if you have the time to watch it.

I don’t publicly discuss the number of firearms I own. I will say I own several rifles based on the AR15 in various calibers. I keep one for personal protection and I have several I use for hunting all around the country. There isn’t a single game animal that can’t be cleanly and humanely taken with an AR rifle of some type. I prefer them because they’re inherently accurate, accessories are readily available, there are plenty of calibers to choose from, and generally speaking they are light weight making them perfect field rifles when you’re stalking game animals sometimes up to 1 mile or more a day on foot.

The AR15 is popular because it’s America’s longest serving US service rifle. Many Veterans prefer to own them because they served with a similiar rifle, the M16A2, M16A4 or M4 Carbine. The AR15 is not the same rifle as these, but is a close facsimile and thus very familiar Vets. Outside of that, even more non-Veterans (Vet’s account for about 1% of the US population) own AR15’s because they’re affordable, light weight for hunting, competitive shooting and for self defense. It’s “America’s rifle”. Most are chambered in .223 because it’s the standard caliber and it’s affordable. This is the caliber the vast majority of AR15’s are chambered in. AR type rifles used for hunting in larger, more powerful cartridges for larger game animals are far more expensive, are larger in size, several pounds heavier and therefore can fire larger calibers. The term “AR” describes a very broad number of rifles whereas “AR15” is very specific, and this is the most common AR type rifle out there, which is chambered in .223 Remington.

I have never used a firearm in self defense, in terms of having to fire the weapon at an assailant. I have deterred one robbery decades ago by showing a 7-11 store robber I was armed. He left the store he was attempting to hold up when he realized I had the position of advantage and I was armed. As with most criminals, they seek out “soft targets”. They look for stores with “no guns” signs, or choose places like movie theaters (almost all of them have no gun policies) or even, sadly, schools because federal law makes them “gun free zones”. Criminals are cowards and when confronted by someone able to fight back, they generally do everything they can to get out of the situation. They don’t want to meet with resistance, they want to carry out their cowardly act with little chance of meeting with armed resistance.

Here is a fact sheet with citations:

It’s interesting to point out that the GOA link above shows that armed citizens who use weapons in self defense do so more responsibly than police. Only 2% of the shootings where armed Americans used a firearm in self defense resulted in an innocent person being killed. Compare that to police who accidentally shoot the wrong person 11% of the time. This is not an attack on police, I 100% support our law enforcement, and police are in far more shootings than average gun owning Americans because of their profession. My point is that armed Americans are highly responsible people who legally use their firearms millions of times a year, without even firing a shot many times, to stop a crime or to save lives.

A Police One poll shows that the vast majority of our nations police believe armed citizens are a good thing and support our 2nd Amendment rights. Police One requires their members to prove their status as LEO’s before being admitted to their website. You can see the article and polling data here:

The media generally seeks out police who are anti-gun, and who clearly are in the minority, to interview as it drives a political agenda many journalists are pushing. I would rather journalists stick to the documented facts and let the political commentators interject their agenda’s into their commentary. It seems true journalism is mostly dead in the United States these days as everyone has an agenda.

The AR15 is not an “assault rifle”. The phrase is a loose translation of Sturmgewehr, or a German word meaning “storm rifle” used to describe the StG 44 developed by Germany during WWII. An “assault rifle” is a very specific phrase that describes a light weight, select fire (machine gun), air cooled, firearm that chambers an intermediate caliber. The media mislabels civilian AR15’s as “high power rifles” as well as “assault rifles”. Neither is factually correct.

During 1994 the Clinton Administration knew the true definition of an “assault rifle” (banned since 1986 by President Reagan with the help of the NRA) so they fabricated a phrase that sounded similar for political reasons. The phrase they created out of thin air was “assault weapon”. The “assault weapon” can’t be defined by function because it’s nothing more than a self loading rifle, so they defined it by features and appearances. A pistol grip, a bayonet lug (how many bayonetings have you read about?), a ventilated hand guard, capable of accepting standard capacity magazines, etc. So, the “assault rifle” is only in common use by the US military while the “assault weapon” is a fabricated definition defined by a set of cosmetic features used to scare non-gun owners into thinking they’re one in the same (assault rifle being synonymous with assault weapon, which isn’t accurate). It’s dishonest and politically motivated.

You will see a confirmation of my assertions above by watching this video. These random folks on the street have been programed by the media using inaccuracies and purposely false narratives to drive a political agenda. This is the net result:

The media gets many things wrong, which I’ve pointed out a few of those items above. Average AR15’s aren’t “assault rifles”. They’re not “high powered rifles”. They’re not “military weapons”. They’re nothing more than a self loading rifle that looks scary and those with a political agenda use these scary looking features to drive a false political narrative to serve their agenda.

According to the FBI more people are killed by hands and feet than are killed with rifles, not just AR15’s, but rifles as an entire class of firearms. We don’t see politicians calling for registration of martial artists or MMA fighters. More people are killed by knives, again according to FBI data, than rifles — and not just AR15’s. AR15’s account for a very small percentage of long arms used by criminals. More people are killed by blunt objects than rifles according to the FBI. Source:

When I see someone commit an act of evil or even gross negligence (like an accidental shooting), I crushes me. However, I’ve known more people killed by drunk drivers, motorcycle accidents and cancer than by a bad person using a gun. I don’t know a single person in my 50 years on this planet, that wasn’t in a combat zone, who was killed by a criminals using a firearm. I’ve known several people killed by drunk drivers. I lost 5 friends to motorcycle accidents as a young man. Should “crotch rockets” be banned?

When a drunk driver gets into a Corvette, that can easily violate the speed limit several times over, and kills a family in a minivan, do you blame the alcohol? Do you blame the car that’s capable of breaking all posted speed limits? Or do you blame the driver of the car? Do you call for prohibition on alcohol? Do you demand Chevy stop making the Corvette? Of course not. You always blame the driver.

When a terrorist blows himself up in a crowded market do you blame the bomb, or do you blame the terrorist?

When a terrorist rents a truck and drives it over a crowd of people, do you blame rental trucks or do you blame the terrorist driving it?

Why does the media grossly over exaggerate the illegal use of firearms and always blame the gun vs. blaming the person using it? Why the double standard?

In the case of the Florida shooter, why aren’t people blaming the FBI who had multiple reports of this mans actions and threatening statements and failed to investigate? Why don’t they blame the school who prohibited him from having a backpack on campus because he was known to be mentally unstable?

As a parting point, I would like for you to read some hard data regarding legal gun ownership in America. Again, all data presented cites the source.

Thank you for your time.

Tim / MAC

Sic Semper Tyrannis

Anonymous Coward says:

Dear fellow board members and associates…

Success demands constant vigilance and the willingness to do what must be done.

It is imperative that we insure the validity and value of our products, and safe-guard our ancient commercial resource, by eliminating wherever possible, any who would encroach upon our domain or attempt to lessen the value of our products by offering an equal or better product at lower cost and to the general public masses via the internet.

To this end gentlemen, insure that all legislation passed in your jurisdictions, bestows upon all who are caught – outside of our corporate circle – the harshest of penalties and punishments the new laws and trade agreements we make, will allow.

Insure also that such marauders receive as much negative public exposure as is possible.

With the inclusion of the personal computer and cheap photographic tools, as well as the abundance of orphaned and abandoned children today, we must be vigilant and pro-active to insure that no upstart non-member merchants succeed in accessing, let alone stealing any part of the golden market that is the property of the Worn Kings of Pall Street.


D. T.

Anonymous Coward says:

“Troubling” but unsurprising. The Courts were supposed to protect us from government overreach. As far as criminal cases are concerned they’re complicit with wholesale violation of rights nationwide at all levels by enabling LEO corruption and ignorance in the very people that should NOT be ignorant in the law, the police. The courts system has failed the citizenry at large by being consistently underfunded public defenders and mental health advocates by “law and order” types; undermined, and bought out by corporations and the ultra rich by purchasing laws through “campaign donations”, smear campaigns against consumer friendly watchdogs and reasonable regulatory regimes; and tying the system up in endless prohibitively expensive appeals that exclude any but the 1% from getting justice.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...