Legal Issues

by Tim Cushing


Filed Under:
fbi, hacking, malware, nit, playpen, rule 41



Two More Courts Find In Favor Of The FBI And Its NIT Warrant; No Suppression Granted

from the malware-deployment-is-a-go dept

Two more rulings on suppression motions in FBI Playpen cases have been handed down. (h/t Riana Pfefferkorn) The ruling [PDF] in Tennessee agrees with the defendant that the FBI's NIT warrant exceeded Rule 41 jurisdiction limits. The following quotes are from the more substantive "Report and Recommendation" [PDF] by the magistrate judge, which has been adopted by the court overseeing the criminal trial.

The undersigned agrees with the majority of courts to analyze the Virginia search warrant that it violates Rule 41(b) because the magistrate judge in the Eastern District of Virginia lacked authority to issue a search warrant to search property located outside of her district.

Defendant’s computer was never located in the Eastern District of Virginia. See Fed. R. Crim. P. 41(b)(1) & (2). Moreover, the FBI was not investigating a crime of terrorism in the Eastern District of Virginia, nor was it attempting to seize property located in a United States territory or foreign state. See Fed. R. Crim. P. 41(b)(3) & (5). The Government argues that Rule 41(b)(4) is persuasive because the NIT is analogous to a tracking device, which was installed on the Defendant’s computer when his electronic transmission “touched down” in the Eastern District of Virginia, where Playpen was hosted. However, as observed by the Western District of Washington, applying Rule 41(b)(4) to the Virginia warrant “stretches the rule too far…"

That being said, the court decides suppression is not the right remedy for this violation:

In balancing the present facts and circumstances, the magistrate judge first correctly concluded that suppressing the evidence in this case would not meaningfully deter future law enforcement misconduct. The defendant’s objections that officers acted deliberately, recklessly, or with gross negligence, and that it should have been apparent to law enforcement that the Virginia magistrate lacked authority to sign the warrant, are simply unsupported by the record.

[...]

To the extent that there was error in this investigation, such error “rests with the issuing magistrate, not the police officer, and ‘punish[ing] the errors of judges’ is not the office of the exclusionary rule.”

Interestingly (and a bit infuriatingly), the court grants good faith to the FBI for its apparent inability to fully comprehend the "intricacies of the jurisdictions of federal magistrates." This gives the FBI credit for pretending to misunderstand the very statutes it's in the process of trying to change. The FBI -- and the DOJ above it -- very much want the jurisdictional limitations of Rule 41 removed precisely for cases like these: where a search and seizure is performed on remote computers located far outside the jurisdiction where the warrant was issued.

The Nebraska decision [PDF] is much, much worse. First, the court finds there's no expectation of privacy in an IP address, even if the defendant has taken affirmative steps to obscure it.

With or without Tor, Defendant was sharing his IP address with others—total strangers, to potentially include law enforcement officers—with the hope and belief that the users of the first “node” computer would keep his IP address secret. While Defendant’s choice to use Tor may be evidence of his “actual, (subjective) expectation of privacy” in his IP address, using Tor does not elevate that expectation to “one that society is prepared to recognize as ‘reasonable.’”

Not only that, but the court rules the NIT is not a search (nor a "tracking device," as the government argued in the Tennessee case), even though it had to extract this information from the user's computer.

But deploying the NIT to reveal the IP address was not a computer search. Defendant’s IP address is not a “physical component” of the computer or a file residing on his computer like electronic documents or pictures. Rather, the IP address is assigned to a user by the ISP and typically is “maintained on the internet modem that connects an internet device to the internet.” Thus, the NIT essentially compelled Defendant’s computer to produce its IP address (similar to a return address on an envelope) when the NIT instructed the computer to send other information identified in the Virginia Warrant. And the NIT was deployed only after Defendant sought out and visited the Playpen website. “The FBI did not come looking for Defendant. Instead it waited until he came to them and engaged in illicit activity by downloading content from Playpen.”

And here we have another reason why digital-to-analog so often fails. Comparing the compelled production of an IP address to a return address on an envelope is a non-starter because utilizing the postal service does not require the use of a return address, whereas an internet connection almost always requires an IP address.

Worse, the opinion cites Virginia judge Henry Morgan Jr.'s decision in another Playpen case -- where he asserted the FBI could hack computers with invalid warrants because, hey, computers get hacked all the time.

See also Matish, --- F. Supp. 3d ---, 2016 WL 3545776 at *22-24 (holding that with the prevalence of computer hacking and the “compromise of unprecedented amounts of data previously thought to be private,” all individuals have a diminished expectation of privacy once they log onto the internet.)

The court also finds that the FBI's NIT reach didn't exceed Rule 41 geographical limitations. Instead, the defendant made a virtual "trip" to the warrant's jurisdiction to access content stored on the seized server.

Finally, even if the defendant had raised a Fourth Amendment challenge the court found valid, the good faith exception would have prevailed. As in the Tennessee decision, the court finds the FBI held up its side of the deal by providing the magistrate with an affidavit full of technical language and specifics about the search method to be deployed.

This appears to be the broader finding across the large number of Playpen/NIT cases. The FBI's warrant may be invalid but either there's no expectation of privacy in the information obtained or the good faith exception prevents suppression of the obtained evidence.

The first is less problematic than the latter. While some users may undertake efforts to obscure their IP addresses, their expectation of privacy is no more "reasonable" than that of those who don't. Either the info has an expectation of privacy or it doesn't. The legal justifications used by judges, however, haven't been all that great, with the worst being that having your anonymity stripped and your information absconded with is just the price of doing business on the internet -- whether it's a criminal or law enforcement performing the actions apparently matters very little.

The latter part -- the reliance on the FBI's good faith -- is more of an issue. The FBI clearly knew its NIT would travel far beyond the jurisdiction the warrant was issued in. It apparently felt that it benefited heavily from good faith rulings as it made little attempt to obscure this fact from the magistrate judge it presented its affidavit to. But it still withheld some information, including the fact that it would actually be delivering a malware package that would "phone home" once it reached its destination. Just because the search sort of originated at a seized server in Virginia does not excuse seizures performed all over the nation utilizing a single, jurisdictionally-limited warrant.






Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 17 Oct 2016 @ 8:51am

    The exclusionary rule is there to prevent misbehavior by law enforcement. Misbehavior by judges? Their attitude is apparently that it can't happen. They can only make mistakes, and would never ever have a motive to violate someone's rights.

    But, now that there is an obvious precedent that they can't do this, perhaps if they ever try this again it WILL be suppressed, and the FBI won't get away with saying it didn't know.

    reply to this | link to this | view in chronology ]

  • identicon
    Digitari, 17 Oct 2016 @ 9:27am

    what did you expect?

    It is already established law that those that enforce it do not have to know the law.

    "I AM the law"

    or

    "How convenient"

    depending on how we bend that day

    (don't forget to vote)

    reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 17 Oct 2016 @ 9:37am

      Re: what did you expect?

      that's called tyranny. Something those in charge have been desperatly trying to make people think the founding fathers were terrorists to be hated and reviled not respected and adored.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Oct 2016 @ 10:08am

        Re: Re: what did you expect?

        Well... its fucking working. The founders are generally hated and ignored for their extensive wisdom.

        As one of the few that understand the Constitution, its purpose and having read the founders on multiple subjects I feel at though I am surrounded by very spoiled fucking idiots that have just exactly no clue how much they are fucking this shit up with their ignorance and hubris!

        The constitution is clear as a fucking bell, however many have "allowed" those in power to pull the wool over their eyes for political expediency.

        reply to this | link to this | view in chronology ]

  • identicon
    Travis, 17 Oct 2016 @ 9:34am

    My Take on the first case's response

    Well, we know the FBI broke the law, but we know punishing them won't make them act differently, so we won't.

    That about right?

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 18 Oct 2016 @ 12:48am

      Re: My Take on the first case's response

      Pretty much. "Yeah they broke the law, but punishing them for doing so isn't likely to result in them doing anything different next time, so we won't bother."

      An argument like that makes it pretty clear that the judge sees nothing wrong in breaking the law if the ones doing so have a badge.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 18 Oct 2016 @ 1:44am

        Re: Re: My Take on the first case's response

        Suppressing evidence is not punishment for the FBI, it's the protection of the rights of the people.

        And if anything, it's punishment for the state as a whole, for allowing the FBI to continue with its blase attitude regarding proper procedure.

        If this doesn't change the FBI's behavior, then continued enforcement of the fourth amendment would push the rest of the system to change the FBI.

        ...or they can settle for a short term victory at the expense of further damage in the future.

        reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 17 Oct 2016 @ 9:34am

    who needs a nation of laws when you can rule through fear, said every wannabe tyrant ever.

    Every day there is a new reason for people to never go to the USA.

    reply to this | link to this | view in chronology ]

  • identicon
    Uh Huh, 17 Oct 2016 @ 10:36am

    The Big Bang

    What it ultimately comes down to is: Power comes from the barrell of the biggest, baddest (fill in the blank), which is directed by the persons having the most (fill in the blank), usually obtained by clandestine, criminal, predatory activities, and executed by minions of limited intellectual and moral capacity, of which there is an abundance without end. Have a nice day.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Oct 2016 @ 11:00am

      Re: The Big Bang

      and executed by minions of limited intellectual and moral capacity

      This should read more like...

      "and executed by opportunistic minions of limited moral capacity"

      There are many very intelligent "minions" taking their slice of the pie as they pass it along to the "big man", so it's not entirely fair to plaster them all as low intelligence.

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 18 Oct 2016 @ 1:50am

      Re: The Big Bang

      Free states have to be protected. Otherwise it falls back to feudalism and divine right (e.g. the right of might).

      Our nation of men is the natural state. We do what is possible. Those with power dominate those without.

      But then they can't really complain when terrorists fly planes into buildings or madmen shoot up schools can they? Hatred-fueled subterfuge and having no moral high ground is the consequence of ruling by force.

      reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 17 Oct 2016 @ 11:30am

    "Sure the FBI broke into the suspect's house without a warrant and then beat a confession out of him, but they have a good faith exception to believe that what they were doing was legal, so I'll allow it."

    reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 17 Oct 2016 @ 7:52pm

    Dear Judges:

    Dear Judges:
    The FBI concealed material facts from the magistrate. Think through the implications of that -- if they are willing to lie to judges (not only about this, but also "parallel construction") -- then *no* evidence they give can be credible! Falsus in Unum, Falsus in Omnes has been in many a jury instruction, and it should apply to the FBI just as it does any other witness.

    The FBI has basically chosen some people to destroy; whether they are actually bad people who did what they claim has become completely immaterial to them, and you should treat their testimony accordingly.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2016 @ 1:24pm

    FBI thinks they are above the law.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Close

Email This

This feature is only available to registered users. Register or sign in to use it.