Judge: child porn evidence obtained via FBI’s Tor hack must be suppressed
on
Get link
Facebook
X
Pinterest
Email
Other Apps
Third judge rules that Playpen search warrant was invalid from the start.
Cyrus Farivar
A federal judge in Iowa has ordered the
suppression of child pornography evidence derived from an invalid
warrant. The warrant was issued as part of a controversial
government-sanctioned operation to hack Tor users. Out of nearly 200
such cases nationwide that involve the Tor-hidden child porn site known
as "Playpen," US District Judge Robert Pratt is just the third to make
such a ruling.
"Any search conducted pursuant to such warrant is the equivalent of a warrantless search," Judge Pratt wrote Monday in his 19-page order in United States v. Croghan.
While the charges against Beau Croghan have not been dropped yet, the ruling significantly hinders the government's case.
Earlier this year, federal judges in Massachusetts and Oklahoma
made similar rulings and similarly tossed the relevant evidence.
Thirteen other judges, meanwhile, have found that while the warrants to
search the defendants' computers via the hacking tool were invalid, they
did not take the extra step of ordering suppression of the evidence.
The corresponding judges in the remainder of the cases have yet to rule
on the warrant question.
In all of these cases related to Playpen, a
federal magistrate judge in Virginia issued a warrant that was then
used to authorize the deployment of this tool, known as a "network
investigative technique," or NIT, as a way to locate users.
Under current rules of federal jurisprudence,
magistrate judges only have the authority to issue warrants within their
own district. However, a change in this rule
will almost certainly expand this power to magistrate judges later this
year, absent Congressional action. As of now, only more senior federal
judges, known as district judges, have the authority to issue
out-of-district warrants. So, Judge Pratt concluded, because the warrant
was invalid ab initio, or from the beginning, any evidence that resulted from that search must be suppressed.
"Here, by contrast, law enforcement caused an
NIT to be deployed directly onto Defendants' home computers, which then
caused those computers to relay specific information stored on those
computers to the Government without Defendants' consent or knowledge," Judge Pratt wrote.
"There is a significant difference between
obtaining an IP address from a third party and obtaining it directly
from a defendant’s computer."
As the judge continued:
If a defendant writes his IP
address on a piece of paper and places it in a drawer in his home, there
would be no question that law enforcement would need a warrant to
access that piece of paper—even accepting that the defendant had no
reasonable expectation of privacy in the IP address itself. Here,
Defendants' IP addresses were stored on their computers in their homes
rather than in a drawer.
Our tax dollars at work
As Ars has reported before, investigators
in early 2015 used the NIT to force Playpen users to cough up their
actual IP address, which made tracking them down trivial. In yet another
related case prosecuted out of New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen's 150,000 members and the malware's capabilities.
As a way to ensnare users, the FBI even took control of Playpen and ran it for 13 days
before shutting it down. During that period, with many users'
Tor-enabled digital shields down—revealing their true IP addresses—the
government was then able to identify and arrest the nearly 200 child
porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT’s deployment, which could suggest that even more charges could be filed.)
Privacy-minded experts applauded Judge Pratt's
reasoning—that the government should not have the ability, absent
proper warrants, to hack into people's computers.
"Judge Pratt correctly interpreted the NIT's function and picked the correct analogy," Fred Jennings, a New York-based lawyer who has worked on numerous computer crime cases, told Ars. Jennings continues:
[Pratt] correctly points out that
the usual analogies, to tracking devices or IP information turned over
by a third-party service provider, are inapplicable to this type of
government hacking. A common theme in digital privacy, with Fourth
Amendment issues especially, is the difficulty of analogizing to apt
precedent—there are nuances to digital communication that simply don't
trace back well to 20th-century precedent about physical intrusion or
literal wiretapping.
By contrast to Judge Pratt, other courts have struggled with the basics of how Tor and IP addresses work.
"In attempting to salvage the mess they made
with Playpen, [the Department of Justice] has tried to say that the NIT
is like a GPS tracking device," Chris Soghoian, a technologist for the American Civil Liberties Union, told Ars.
"And, sadly, several judges have bought it,
saying that the defendants traveled virtually to Virginia, and that the
NITs were installed in Virginia while they were virtually there."
For its part, the government has said it is not sure how it will deal with the suppression order in Croghan.
"Our office is still in the process of
reviewing the judge's order that was issued yesterday," Rachel Scherle, a
federal prosecutor in Iowa, told Ars by e-mail. "No decisions have been
made as to dismissal or appeal at this time, but I will keep you
posted."
Comments
Post a Comment