Judge Throws Out FBI Evidence Obtained with Malware

British police say they arrested a teenager for a series of hacking attacks targeting top officials at the CIA, FBI, Homeland Security, the White House and other federal agencies
© AFP/File Thomas Samson

A judge has ruled that evidence obtained by the FBI with the assistance of malware is inadmissible in court, making all subsequent investigation of the case warrantless and unreasonable.

The case concerned a “dark web” child pornography site called Playpen, which was seized by the FBI in early 2015.  The feds kept the site running from a government facility for a few weeks, using a “network investigative tool” to track down visitors.

In other words, the FBI used a virus program to identify the computers that connected to the kiddie-porn site, which would presumably not have been stumbled across by very many innocent visitors, as it was located on the dark web, beyond the reach of search engines.

The program was very successful, as Motherboard reports over a thousand IP addresses for American users of the site were harvested during that limited span of time, plus at least 3,000 users abroad.

The lawyers for one of the users arrested during the investigation filed a motion with Judge William G. Young, of the District of Massachusetts, to suppress the evidence, in essence because it was unconstitutional to investigate thousands of subjects using evidence gained by malware intrusion from a single warrant.

TechCruch notes that one of the specific arguments made by the defense was that the warrant that authorized the FBI’s use of Network Investigative Techniques was issued by a magistrate judge in Virginia, while defendant Alex Levin accessed the Playpen site from a computer at his home in Massachusetts, outside the Virginia judge’s jurisdiction.

Critics of the FBI’s case have noted that the Bureau should have known better than to rely on a magistrate with limited jurisdiction to issue the warrant, rather than a district judge.

Judge Young ruled that the NIT warrant “was issued without jurisdiction and thus was void ab initio,” which meant the resulting searches were “conducted as though there was no warrant at all.”

TechCrunch notes Young was also skeptical of the notion that the FBI kept a child pornography site running in order to catch its users: “Unlike those undercover stings where the government buys contraband drugs to catch the dealers, here the government disseminated child obscenity to catch the purchasers — something akin to the government itself selling drugs to make the sting.”

“We are disappointed with the court’s decision and are reviewing our options,” the Justice Department said in a statement.  “The decision highlights why the government supports the clarification of the rules of procedure currently pending before the Supreme Court to ensure that criminals using sophisticated anonymizing technologies to conceal their identities while they engage in crime over the Internet are able to be identified and apprehended.”

Motherboard quotes ACLU technology expert Christopher Soghoian describing Judge Young’s ruling as “the first time a court has ever suppressed anything from a government hacking operation.”

There are a number of other cases pending against Playpen users around the country, whose presiding judges may or may not follow Young’s ruling.  TechCrunch quotes Electronic Frontier Foundation attorney Mark Rumold suggesting that “DOJ should just stop bringing these cases,” given the problems with the FBI investigation highlighted by Young’s court.


Please let us know if you're having issues with commenting.