HideTechdirt is off for the long weekend! Looking for something to read instead? Check out our new Working Futures anthology »
HideTechdirt is off for the long weekend! Looking for something to read instead? Check out our new Working Futures anthology »

Judge: FBI's NIT Warrant Invalid And IP Addresses Do Have An Expectation Of Privacy, But No Suppression Granted

from the good-findings-mixed-with-questionable-conclusions dept

Thanks to the FBI's one-to-many NIT warrant, which was issued in Virginia but reached thousands of computers all over the world, yet another federal judge is dealing with the fallout of the feds' efficiency. Michigan federal judge Thomas Ludington finds plenty he doesn't like about the FBI's malware and the DOJ's defense of it, but still can't quite find enough to warrant suppression of the evidence [PDF link].

Properly stated, the question here is whether the FBI’s NIT warrant so exceeded the limits of the magistrate judge’s jurisdiction and authority or reasonable behavior by law enforcement as to require suppression to deter similar actions in the future. Although the NIT warrant exceeded the scope of Rule 41(b) as it existed at the time, the FBI’s actions in investigating and closing Playpen were reasonable and directed toward securing the judicial review of law enforcement which the Fourth Amendment contemplates. Given the circumstances, suppression is not appropriate.

That being said, the opinion does offer plenty of counters to the DOJ's legal rationale -- something that other defendants in the FBI's massive Playpen investigation might find useful. The court, like others, finds the FBI exceeded the jurisdictional limitations of Rule 41 and no amount of creative phrasing is going to change that.

None of the three bases in Rule 41(b) provided jurisdiction for the magistrate judge to approve the warrant. Rule 41(b)(1) cannot serve as the basis for jurisdiction. Under that provision, a magistrate judge can issue a warrant to seize property “located in the district.” Here, the server housing Playpen had been transported to Virginia by the FBI, but the NIT involved the transmission of information from that server to computers located around the country and then back to the server. The relevant information (or “property”8 ) was the information requested by the NIT from the user’s computer. The NIT cannot be reasonably construed as seizing information “located in the district” even if the request for the information originated from a server in Virginia.


Even if Kahler had some contact with the Playpen server located in Virginia, the information sought by the NIT was all located in Michigan. The mere fact that the information from outside the district was brought into the district cannot satisfy Rule 41(b)(2). If that scenario was sufficient, then there would effectively be no jurisdictional limit on warrants for seizure of personal property, because property can typically be moved.

It also finds -- during its discussion of Rule 41 limitations -- that the DOJ can't justify its defective warrant by claiming the software was merely a "tracking device." The NIT pulled information from a computer -- including information that would ID the user -- and left nothing behind to track further computer "movements." That changes the purpose -- and the scope -- of the intrusion.

The receipt of the username associated with the computer’s operating system goes beyond simple location data to descriptive data regarding the identity of the user. The NIT is more than just a “tracking device”; it is a surveillance device.

Additionally, the entire purpose of the NIT was to interact with a computer and obtain information that was located in another district. Even though the NIT was nominally installed on the Playpen Server, the NIT’s “tracking” functionality occurred in other districts. Finally, the purpose of the NIT was to discover the location of the users accessing Playpen, not track their movement.

The government also argued that even if the warrant was faulty, it was ultimately unnecessary because the information obtained fell under the Third Party Doctrine. The court disagrees (nodding to the Supreme Court's Riley decision), finding that efforts users make to cloak their identity -- even while engaging in criminal activity -- generates a layer of privacy protection under the Fourth Amendment.

The Government argues that, despite using a software which exists only to veil the user’s IP address from prying eyes, the user has no reasonable privacy interest in his or her IP address. This argument has little to recommend it. If a user who has taken special precautions to hide his IP address does not suffer a Fourth Amendment violation when a law enforcement officer compels his computer to disclose the IP address, the operating system, the operating system username, and other identifying information, then it is difficult to imagine any kind of online activity which is protected by the Fourth Amendment. Internet use pervades modern life. Law enforcement, acting alone, may not coerce the computers of internet users into revealing identifying information without a warrant, at least when the user has taken affirmative steps to ensure that third parties do not have that information.

This contrasts with other decisions dealing with the same subject matter, where judges have found there's no expectation of privacy in IP addresses, even when one has taken extra steps to obscure it. Those findings seem logically contradictory, at best. If someone's attempts to keep third parties from obtaining information, this information can't truly be considered held by a third party. Stripping away these efforts turns the FBI into the "third party," and the government isn't allowed to both act as a third party and excuse its actions with the Third Party Doctrine.

But in the end, there's no suppression. As the court points out, two things weigh against suppressing the evidence, even with the warrant being facially invalid under Rule 41. First, the FBI malware only infected registered users visiting the dark web child porn site, which makes the possibility of accidental infection almost nonexistent. Second, the fact that the FBI had no idea where the site's visitors were actually located makes this an inelegant solution to a problem, not a case of judge-shopping for compliant magistrates.

[T]his is not a case where the FBI purposely avoided compliance with the law. The investigation of Playpen was difficult precisely because the FBI had so little information about the location of the users. If the FBI had known where certain users were located but nevertheless chose to seek a warrant in another district, suppression would be appropriate. In that case, the FBI would have purposely skirted the law despite a legal alternative. Kahler’s arguments, if accepted, would imply that the FBI should not have conducted the NIT investigation at all because the users were masking their true location. The FBI’s decision to adopt novel tactics to bring individuals distributing child pornography behind location-concealing software to justice is not inherently troubling behavior.

In the future, the FBI won't have to deal with nearly as many suppression hearings, thanks to changes to Rule 41. These decisions are becoming relics of statutorial limitiations almost as soon as they're issued. Even if courts find the malware deployment to be a search invasive enough to trigger Fourth Amendment protections, the lack of jurisdictional limits going forward will prevent them from being challenged.

Unfortunately, the rule changes are almost guaranteed to encourage more frequent deployments of tools designed to decloak anonymous internet users. The breadth and reach of these warrants will be almost unchecked and that's bad news for activists, dissidents, and others who just want to stay off the internet grid. Sure, it's also bad news for child porn fans, but child porn, terrorism, drug warring, etc. is where these efforts start. It's seldom where they end.

Filed Under: 4th amendment, doj, fbi, malware, nit, playpen, warrant

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Anon E. Mous (profile), 27 Feb 2017 @ 3:40pm

    Holy typos in my original post...apologies folks.
    Lets try this again:

    I am no fan of any child exploitation but this ruling bothers me in the fact that the Judge knows and basically calls out the US DOJ for the tactics used to gather the evidence in the playpen case before the court.

    The problem here is that the Judge has called out the FBI methods and warrant that led to the suspect and the evidence at hand, but yet gives the US DOJ a pass and lets them use the tainted evidence anyway.

    This in my opinion is the court salvaging the US DOJ's case against this suspect and the court is leaning a little to much into being non impartial in it's ruling.

    We are seeing far too many cases where the US DOJ knows full well the methods used in cases are not to the letter of the law and are being allowed to pursue the case forward when evidence should have been tossed. It would seem that the playing field is being tilted in the US DOJ's favor which is wrong in my opinion.

    Many of us realize that some of these laws were written way back in the day and due to time and advancement in new technology in electronics and communication has left the statutes less applicable as it applies to the law, but that shouldn't give the US DOJ a pass.

    If the statutes are that far out of whack with today's technology then that is up to the goverment to work to bring the statutes up to date or pass new statutes to the penal code to meet today's advancement in tech an communications, and that is up to the politicians to do even though it seems they are to busy grifting cash from lobbyists and PAC's to do this.

    What should not happen is that the court knowing full well that the evidence should be tossed but allows it to be used anyways, and that is not the court being impartial and it is prejudicial against the defendant. I have no tolerance for child molesters etc, and they are the lowest form of life in my opinion, but the courts need to be impartial and follow the letter of the law.

    The Government expects the citizens to abide by the law and when they dont they are punished for it, but the goverment has to abide by the law as well, and if they or their Law Enforcement agencies break it then the chips should fall as they may, but they should not be allowed to break it and continue on

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.