Legal fallout from the FBI’s “Playpen” investigation continues, as a federal judge in Texas has ruled that penetrating a computer with malware (or, as the FBI prefers to call it, a “Network Investigative Technique”) constitutes a “search” under the Fourth Amendment.
This would seem to directly contradict an earlier ruling that targets of this investigation did not have an expectation of privacy, so individual warrants for penetrating their computer systems were not required.
Playpen was a child pornography site on the “dark web” (which means only users who knew exactly how to access it, with special browser software, could pay a visit.) The FBI actually took over Playpen and kept it running for a short time, dropping malware packages into visitors’ computers so they could track down the consumers of vile kiddie porn peddled by the site.
One of the people identified by this Network Investigative Technique and charged with possession of child pornography was a man named Jeffrey Jerry Torres. On Friday, Judge David Alan Ezra in Texas ruled that law enforcement “placed code on Mr. Torres’ computer without his permission, causing it to transmit his IP address and other identifying data to the government” and said this was “unquestionably a ‘search’ for Fourth Amendment purposes.”
This is an important point, because as Motherboard points out, previous rulings held that persons using the special Tor browser to access Playpen on the dark web had no such expectation of privacy.
That’s because entering the Tor network requires users to reveal their Internet addresses to a “guard node” computer. Once the guard node is passed, IP addresses become hidden — indeed, this is a major reason why some people go to the trouble of using Tor — but that initial act of identification theoretically nullified the expectation of privacy, meaning the FBI could use its initial warrant against Playpen to hunt down its users with NIT malware. Otherwise, it would have been necessary for law enforcement to secure a warrant against each individual user, before it could breach their computers and force them to reveal their IP addresses.
Judge Ezra didn’t actually address this privacy argument; he dismissed it as having “no import” to the case, and ruled the NIT was “unquestionably a ‘search’ for Fourth Amendment purposes.”
The Hill adds that the warrant used by the FBI in the Playpen case “also came under question because it was used to obtain information beyond the district that it was issued in.”
However, Ezra did not rule in favor of Torres’ motion to suppress the evidence against him, because it could not be proven that the FBI “willfully” violated the rules against judges authorizing searches outside of their jurisdictions. The FBI wants that rule amended, because it argues such online crimes frequently involve users scattered across the country. In this case, the website was operated from the Eastern District of Virginia, but users accessed it from many other jurisdictions.
(One earlier challenge to Playpen charges failed because it so happened the defendant was using a computer located in the Eastern District of Virginia at the time, so there was no question of jurisdiction, but the FBI has noted it would be unusual for all of a website’s users to live in such close real-world proximity to the site administrators. For that reason, they believe the rule against magistrate judges issuing warrants for searches outside of their districts is insufficient to the needs of prosecuting cyber-crime.)
Judge Ezra agreed the issue needs to be addressed, writing that the NIT warrants have “brought to light the need for Congressional clarification regarding a magistrate’s authority to issue a warrant in the internet age, where the location of criminal activity is obscured through the use of sophisticated systems of servers designed to mask a user’s identity.”
“In court and out, the FBI is taking a beating, with judges across the nation, including in Knoxville, declaring constitutional violations and Internet privacy advocates crying foul,” wrote the Knoxville News Sentinel on September 6.
The paper was reporting a decision from U.S. Magistrate Judge Clifford Shirley, who ruled the FBI’s search-and-seizure against another Playpen defendant was a violation of federal rules of criminal procedure… but also refused to throw out the evidence. He ruled, as Judge Ezra did, that the FBI did not willfully violate the rules, invoking a “good faith” exception to let the evidence stand.
As the News Sentinel explained, such a “good faith” ruling essentially means no future searches similar to the Playpen operation, using a single search warrant obtained in the district where the server is physically located, would be tolerated. The report concludes that “the split among the courts is setting the stage for a U.S. Supreme Court review.”