Fourth Circuit Declines to Toss Evidence FBI Gathered Via Malware

RICHMOND, Va. (CN) – The Fourth Circuit declined Friday to suppress evidence the FBI collected using malware placed in a server used by a worldwide child porn ring.

The case, argued before a three-judge panel last fall, involves the discovery of a server containing thousands of child porn images at the residence of a Florida man. The sever hosted a website called Playpen which ran on the Tor network, a part of the dark web that is harder to access, monitor, or track.

Through the Playpen website users were able to anonymously share and view child pornography. After a tipster lead the FBI to the server, they took it into custody and brought it to Virginia.

According the opinion, the FBI then asked a federal judge for a warrant allowing them to install government-developed malware on the server that would allow them to circumvent the Tor network’s protections for users and collect the personal data of anyone who accessed the site.

The FBI ran the malware for a month and then shared the collected user data with authorities across the country and around the world. Over 800 people were arrested as a result of the sting.

Among them was the plaintiff in the case before the Fourth Circuit, Robert McLamb. After the FBI confirmed his identity, a warrant was issued for his arrest and the search of his Virginia Beach home. Investigators found a hard drive in the house that contained child porn.

McLamb is challenging the lawfulness of the initial warrant that allowed for the malware-based investigation.

Judges ordinarily authorize warrants for the jurisdictions in which they preside. In this case, however, McLamb says, the warrant listed “activating computers … of any user or administrator who logs into the [Playpen] by entering a username and password… wherever it may be located.”

McLamb contends in this case the issuing court “ignored the clearly established jurisdictional limits set forth in [Federal law].”

“It allowed FBI agents to conduct a borderless dragnet search with no geographic limitation. [Federal law] simply does not permit a magistrate judge to authorize the searches of computers around the country or around the world,” McLamb says in court documents.

Other courts have already agreed with McLamb’s argument. In U.S. v. Terry Carlson, a federal magistrate judge in Minnesota joined five other courts around the country which found the warrant should not have reached as far as it did.

“The Government-controlled server housing the [Playpen] website was located in the Eastern District of Virginia,” wrote U.S. Magistrate Judge Franklin Noel last March in suppressing the evidence collected under the warrant. “Crucially, the identifying … information sought through the NIT’s deployment was stored on Carlson’s activating computer, which at all relevant times was located in Minnesota.”

But Richmond-based U.S. Circuit Judge Stephanie Thacker, an Obama appointee, found otherwise in an opinion released Thursday.

According to Thacker, the U.S. Supreme Court’s 1984 ruling in U.S. v. Leon states the evidence gathered under a warrant can only be suppressed if the warrant was granted based on misleading or false information.

“[The FBI] didn’t mislead the magistrate judge with falsehoods or reckless disregard of truth,” in seeking the warrant, Thacker wrote.

As for McLamb’s argument on jurisdiction, Thacker said because the servers were located within the judge’s jurisdiction, it was entirely appropriate for the judge to sign them.

Thacker conceded this case’s complexity stems from its modern issues and she called the FBI’s use of malware in pursuit of suspects “cutting edge.”

“In light of rapidly developing technology, there will not always be definitive precedent upon which law enforcement can rely when utilizing cutting edge investigative techniques,” she wrote. “In such cases, consultation with government attorneys is precisely what Leon’s “good faith” expects of law enforcement.”

But privacy advocates and legal organizations are concerned that the ruling give federal agencies a free hand to use malware without jurisdictional limits.

“No court would seriously consider a comparable warrant in the physical world,” wrote the National Association of Criminal Defense Attorneys and the Electronic Frontier Foundation in an amicus brief supporting McLamb. “No principled basis exists to allow such a warrant in the digital context.”

%d bloggers like this: