Judge In Playpen Case: FBI's Warrant Is Valid, Even If Its Claims About No Privacy In IP Addresses Are Not
from the a-net-win-for-the-feds dept
Another court handling an FBI Playpen case has handed down its decision on a motion to suppress. Like other courts fielding prosecutions resulting from this massive investigation, it has found [PDF] that the FBI's NIT (Network Investigative Technique) is invasive enough to be called a "search." (via FourthAmendment.com)
The FBI must have felt its NIT deployment would be considered a search. That's why it obtained a warrant in the first place. But it's been frantically peddling "not a search" theories as court after court has declared its warrant invalid because the searches were performed outside of the issuing magistrate's jurisdiction.
In this case, the issue of whether or not the NIT deployment was a search has not been disputed by either party. The court addresses it anyway because it affects the reasoning that follows.
Before reaching the merits of Defendant's motions, it will be useful to address a preliminary question unaddressed by the parties: Was the deployment of the NIT a "search" of Defendant's computer within the meaning of the Fourth Amendment? If the use of the NIT was not a search, the Fourth Amendment was not implicated, no warrant was required, and any violation of Rule 41(b) irrelevant.
Rule 41(b), which may be drastically altered by the end of this year, restricts searches to the jurisdiction where the warrants were issued. The FBI is well aware of the deficiencies of its NIT warrant, which is why it presented this legal theory to court in response to an earlier motion.
The government in its response to Defendant's First Motion to Suppress never argues that no warrant was required because deployment of the NIT was not a Fourth Amendment search. See Gov't's Resp. to First Mot. at 15-38. In failing to raise this argument when it would have been appropriate, the government has likely waived it. The government does, in justifying the scope of the warrant, argue that Defendant had no reasonable expectation of privacy in his IP address, even though he was using the Tor network.
The court blows past the "no expectation of privacy in IP addresses" for the moment, instead focusing on the execution of the FBI's NIT.
The "contents" of a computer are nothing but its code. In placing code on Defendant's computer, the government literally—one writes code—invaded the contents of the computer. Additionally, the code placed on Defendant's computer caused Defendant's computer to transmit certain information without the authority or knowledge of Defendant. In this manner the government seized the contents of Defendant's computer. Just as in Riley, it is irrelevant that Defendant might not have a reasonable expectation of privacy in some of the information searched and seized by the government. The government's deployment of the NIT was a Fourth Amendment search.
This key element having been decided, the court moves on to the warrant itself, as well as the government's contention that an IP address has no expectation of privacy. As to the latter, the court points out that the government obtained much more than just an IP address with its NIT and that it used an intrusive means to do so. The court ultimately agrees with the assertion about the lack of privacy in IP addresses, but does not agree that obtaining an IP address in this fashion can be considered harmless under the Fourth Amendment. Hence the nod to the Supreme Court's Riley decision. While many records contained on a phone may be subject the Third Party Doctrine and obtained without a warrant, they must be obtained from the third parties, rather than from the phone itself. Replace "phone" with "computer," and information with no built-in expectation of privacy gains a privacy shield due to where these "records" are stored.
The defendant's second motion to suppress brings up the Rule 41(b) issue. But it fails, spectacularly, because of the defendant's location.
Defendant argues that Rule 41(b) only allows magistrate judges to issue warrants for searches outside of their districts in limited, well-defined circumstances, none of which apply to the facts of the instant case. Second Mot. at 6-11. Of course, Defendant acknowledges that the website was being run from within the Eastern District of Virginia, that the magistrate judge sits in the Eastern District of Virginia, and that Defendant's computer was located in the Eastern District of Virginia when the NIT was deployed.
The legal theory advanced by the defense is that the warrant is still invalid, even when deployed in its proper jurisdiction, because it permitted the FBI to search an untold number of computers located all over the country. The court doesn't buy this rationale. In fact, it states it would have denied suppression even if the warrant had failed to hold up because the FBI took every step it could to ensure the legitimacy of its search.
The FBI agents in this case did the right thing. They gathered evidence over an extended period and filed a detailed affidavit with a federal magistrate in support of their search warrant application. They filed the warrant application in the federal district that had the closest connection to the search to be executed. The information gathered by the warrant was limited: primarily the IP addresses of those that accessed Playpen and additional information that would aid in identifying what computer accessed the site and what individual used that computer.
The judge doesn't let the FBI off the hook entirely. It also addresses the FBI's last-minute argument that the defendant shouldn't even have been allowed to challenge the warrant.
The government also argues that Defendant does not have standing to challenge the warrant because the alleged defect in the warrant, that it exceeded the magistrate's jurisdiction, does not apply to him because his computer was in the Eastern District. This seems to be a novel interpretation of standing law in Fourth Amendment cases. The standing inquiry in Fourth Amendment cases asks if the individual seeking suppression had a reasonable expectation of privacy in the thing searched. See Rakas v. Illinois. 439 U.S. 128, 133-34 (1978). Defendant's computer was searched, and he has a reasonable expectation of privacy in his computer.
The Playpen saga is a complete mess. There's nothing in this mixed bag of decisions that tips the scale in either direction. For every win about the lack of privacy in IP addresses the FBI secures, it loses another one to the invasive method it used to obtain these addresses. Every time a court grants its credit for "good faith," multiple courts countered with opinions finding the warrants invalid from the moment they were signed by a magistrate.
About the only "win" the FBI can definitively claim is that its NIT secrets are still mostly secret. And in order to achieve that, it had to watch its evidence be dismissed by a judge who actually believed the FBI had legitimate reasons for refusing to disclose this info.
And yet, it's unlikely that this will result in the FBI examining its investigation methods. As of right now, it has less than six months before the proposed Rule 41(b) changes are adopted by Congress. And there's a good chance they will be because Congress has to have the will and determination to "opt out" while distracted by an extended holiday season of shorter work weeks, the annual budget process, reelection campaigns, and a change in regimes.