Good Faith Beats Bad Warrant In Another Win For FBI's World-Traversing NIT Malware

from the this-should-keep-this-out-of-the-Supreme-Court's-hands dept

Another challenge of the NIT (Network Investigative Technique) warrant used by the FBI during its investigation of a dark web child porn website has hit the appellate level. A handful of district courts have found the warrant used invalid, given the fact that its reach (worldwide) exceeded its jurisdictional grasp (the state of Virginia, where it was obtained). That hasn't had much of an effect on appeals court rulings, which have all found the warrant questionable to varying degrees, but have granted the FBI "good faith" for violating the jurisdictional limits the DOJ was attempting to have rewritten (Rule 41 -- which governs warrant jurisdictional limits, among other things) to allow it to do the things it was already doing.

Even though the FBI had to have known searches performed all over the world using one Virginia-based warrant violated Rule 41 limits, appellate judges have declared the FBI agent requesting the warrant wasn't enough of a legal expert to know this wasn't allowed. Two appeals courts have stated suppressing the evidence is pointless because the law changed after the jurisdiction limit violation took place. The appellate decisions have been troubling to say the least, providing further evidence that the good faith exception is the rule, rather than the outlier.

The latest decision [PDF] dealing with the NIT warrant comes from the Third Circuit Appeals Court. It, too, finds the warrant questionable. And it states the government has agreed the warrant was not valid under Rule 41(b).

The Government conceded below that “[a]lthough Rule 41 does authorize a judge to issue a search warrant for a search in another district in some circumstances, it does not explicitly do so in these circumstances.” App. 91 (Government Br. in Opposition to Motion to Suppress) (emphasis added).

The opinion goes on to note the government, having admitted its warrant was bad, then argued it was good because it was apparently thinking of a different part of Rule 41 when it applied for a warrant, even though none of this thought made its way into the affidavit as words.

On appeal, however, the Government curiously has reversed course, and now contends that the NIT was in fact explicitly authorized by Rule 41(b)(4), which provides that a magistrate judge may “issue a warrant to install within the district a tracking device; the warrant may authorize use of the device to track the movement of a person or property located within the district, outside the district, or both.” Fed. R. Crim. P. 41(b)(4) (emphasis added).

According to the Government, under this Rule, “the NIT warrant properly authorized use of the NIT to track the movement of information—the digital child pornography content requested by users who logged into Playpen’s website—as it traveled from the server in [EDVA] through the encrypted Tor network to its final destination: the users’ computers, wherever located.”

Wrong again, says the court, noting the disingenuousness of the government's goalpost move. (All emphasis added by me and not the court from this point forward.)

We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit.

The court also helpfully finds that computer users have an expectation of privacy in their IP addresses and other identifying info housed in their computers. It points out the government obtained this directly from targets' computers rather than third parties, making this a Fourth Amendment search rather than a Third Party Doctrine case.

But that's where the good news ends for the defendant. The appeals court says the warrant was invalid the moment it was issued, but that this can't be held against the FBI. It rationalizes its opinion this way: suppression of evidence is for deterrence, not for righting the government's wrongs. So, it's OK for the FBI to rely on an invalid warrant because the judge made the error approving it. The FBI was not wrong to rely on the warrant, even though it very likely knew its request violated Rule 41 jurisdictional limits. Then it arrives at this conclusion -- one reached previously by another appeals court:

More importantly, the exclusionary rule “applies only where it ‘result[s] in appreciable deterrence.’” Herring, 555 U.S. at 141 (quoting Leon, 468 U.S. at 909) (emphasis added). Thus, even though Rule 41(b) did not authorize the magistrate judge to issue the NIT warrant, future law enforcement officers may apply for and obtain such a warrant pursuant to Rule 41(b)(6), which went into effect in December 2016 to authorize NIT-like warrants. Accordingly, a similar Rule 41(b) violation is unlikely to recur and suppression here will have no deterrent effect.

In other words, because it's now impossible for the FBI to engage in this violation of Rule 41, there's nothing to be gained by suppressing the evidence. In essence, the court is saying that if the DOJ can get laws changed quickly enough to codify earlier statutory violations, defendants challenging evidence based on legal violations that occurred before the law was changed are shit out of luck. Compare and contrast this to civil rights lawsuits where the courts have awarded good faith to law enforcement for apparent rights violations because they occurred before such acts were declared unconstitutional by precedential opinions. It's "heads I win, tails you lose" in federal courts, thanks to the good faith exception.

More cases will reach the appellate level but it hardly seems likely any of those will result in suppressed evidence for Playpen defendants. These findings will be reached despite most appellate judges declaring the underlying warrants void from the moment they were issued. Defendants asking for suppression are going to run into judges willing to forgive the FBI both before and after the fact, which means there's very little justice left in the justice system's tanks.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, doj, fbi, good faith exception, nit, playpen, rule 41, third circuit, warrant


Reader Comments

Subscribe: RSS

View by: Thread


  1. identicon
    Anonymous Coward, 25 Feb 2018 @ 11:38am

    Re: Re: Sophistry

    "IP addresses simply can't be captured"

    This is incorrect as logs typically do this without prompting.


    "Techdirt is insanely insisting on obtaining warrant in unknown place ahead of capturing an IP address, holding that the very capture is illegal! "

    I doubt this. How is a server to ack requests if the IP Addr is unknown?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.