FYI.

This story is over 5 years old.

Tech

Second Judge Argues Evidence From FBI Mass Hack Should Be Thrown Out

There's controversy over whether the warrant the FBI used to search suspects' computers is valid.
Image: Shutterstock

Last week, a Massachusetts judge threw out evidence obtained via a piece of malware in the FBI's mass hack of visitors to a dark web child pornography site. On Monday, a judge recommended that evidence should also be suppressed in another, similar case.

The new recommendation relates to a case brought by Scott Fredrick Arterbury, who was arrested in November 2015 in Oklahoma on suspicion of possession of child pornography.

Advertisement

The case was brought forward following Operation Pacifier, the FBI's investigation into dark web child pornography site Playpen. In February 2015, the FBI ran Playpen from a government facility for just under two weeks in order to deploy a network investigative technique (NIT)—the agency's term for a hacking tool—designed to identify users of the site by circumventing the protections offered by the Tor Browser and anonymity network and grabbing IP addresses, as well as other technical information.

"This Court finds that the NIT warrant was not authorized by any of the applicable provisions of Rule 41," Magistrate Judge Paul J Cleary wrote in his report and recommendation. Rule 41 governs when judges can issue warrants for search and seizures; legal problems can arise when the FBI hacks computers in unknown locations.

"The warrant is void ab initio, suppression is warranted and the good-faith exception is inapplicable"

Cleary pointed explicitly to other cases in the Playpen investigation, and also to last week's decision to throw out evidence. A key issue is whether the judge who signed the NIT warrant, Magistrate Judge Theresa C Buchanan in the Eastern District of Virginia, had the authority to green-light a search outside of her district.

The Department of Justice has claimed that the search took place in the Eastern District of Virginia, where the government facility temporarily running the Playpen server was located.

Advertisement

Cleary, however, agreed with Arterbury's defense that the search occurred on the suspect's computer in Oklahoma, which is outside of Virginia. This echoes what Judge William G Young in Massachusetts wrote in his ruling last week.

"The property seized in this instance was Arterbury's computer, which at all relevant times remained in Oklahoma," Cleary wrote.

According to Cleary's report, the defense argued two other points in its sealed motion to suppress evidence: that the NIT warrant application falsely described the homepage of Playpen as containing images of "prepubescent females, partially clothed with their legs spread," and that there was not probable cause to search any computer that registered with the site. The second point hinges around the fact that, just before the FBI seized the site, a Playpen administrator changed the homepage image. However, these points didn't come up in Cleary's analysis.

Law enforcement is sometimes granted a good-faith exception on Rule 41 in cases where investigators are thought to have acted on what they believed to be a legal warrant.

Cleary said that did not apply in this case, pointing to previous arguments made in the Massachusetts ruling. The judge also said that the search of Arterbury's home would not have happened at all if it wasn't for this violation.

"The warrant is void ab initio, suppression is warranted and the good-faith exception is inapplicable," Clealy wrote.

The FBI obtained over one thousand IP addresses for suspected US-based users of Playpen, and charges have been filed against at least 137 people in the country. Some of them have already pleaded guilty, but with two judges now saying that evidence obtained by the FBI's malware should be disregarded, it seems possible other defense lawyers may push similar arguments.

Arterbury's trial is set for 17th May.