Last month, a United States district court judge threw out evidence in a child abuse imagery case that the Federal Bureau of Investigation (FBI) had obtained using a hacking tool. While the court ruled to suppress the evidence, it did not prohibit the FBI from using the hacking tool—called a “network investigative technique” (NIT)—to install malware code on suspects’ computers. Rather, the court’s ruling stated that the magistrate judge wrongly granted the FBI’s NIT warrant because the case was not within her jurisdiction, thus violating Federal Rule of Evidence 41(b). Still, this ruling marks a possible stumbling block to an FBI probe and the resulting charges against approximately 137 individuals in the United States.
This was the first time that a court has thrown out evidence obtained by government malware. In this case, the warrant granted was used to hack into the computers of those who were visiting a site called "Playpen", which hosted images of
serious child abuse and provided advice on how to sexually abuse others without getting caught.
United States v. Levin
Up until early 2015, Playpen operated, disseminating child pornography on the Tor network—a network that offers greater anonymity and privacy to its users. In February of 2015, instead of closing the site down, the FBI opted to take control of Playpen and continue to operate it for two weeks to attempt to identify users. It did this by injecting malware onto their computers. It hosted the website from a server in a secure governmental Virginia location. Because of the server’s location, the FBI sought and obtained a warrant from a magistrate judge in Virginia to allow the FBI “covertly to transmit code” or malware to the defendant’s computer.
Use of the NIT allowed the FBI to garner information about Alex Levin, a Massachusetts man, who allegedly visited the site in March of 2015. The FBI was then able to locate Levin, obtain a warrant to search his home and computer, and discover evidence at Levin’s home and on his computer. This evidence subsequently formed the basis of the charges against Levin.
Levin’s attorneys submitted a motion to suppress the evidence—meaning to exclude certain parts of evidence used by the investigators. They alleged that the FBI had improperly obtained the evidence given the lack of jurisdiction by the magistrate judge.
U.S. District Judge William G. Young of Boston agreed with Levin’s lawyers, ruling that the magistrate judge located in Virginia who had granted the warrant did not possess the proper jurisdiction to issue it for an individual in Massachusetts, despite the server’s presence in Virginia. The issuance of the warrant had violated Federal Rule of Criminal Procedure 41(b), which governs the scope of the authority to issue a warrant, because the relevant evidence obtained was not located in Virginia. The Department of Justice argued for the good-faith exception, one which law enforcement is granted when it is believed to have acted on a legal warrant. Judge Young disagreed, stating that “[i]t was
not objectively reasonable for law enforcement[…] to believe that the NIT Warrant was properly issued considering the plain mandate of Rule 41(b).”
Even though this order does not invalidate the use of NIT technology by the government, it still has implications for other cases in which law enforcement has violated Rule 41(b) by seeking search warrants in wrong jurisdictions.
If you or someone you care about has been investigated and charged based on evidence obtained by the use of Network Investigative Techniques (NIT) in Orange County, or in the surrounding areas, and would like to speak with a qualified Federal Criminal Defense Attorney, call Scott D. Hughes today at 714-423-6928. Our experienced Federal Orange County criminal defense lawyers and attorneys are aggressive, professional litigators who are ready to help you.
FBI’s evidence in a Dark Web case ruled inadmissible, Abhimanyu Ghosal, The Next Web, 21 April 2016.
Rule 41, Federal Rules of Criminal Procedure, Cornell University.
United States v. Levin, case no. 15-10271-WGY (order dated 04/20/16).
U.S. judge rules search warrant in FBI child porn website probe invalid, Nate Raymond, Reuters, 20 April 2016.
Why a judge threw out evidence from an FBI mass hacking campaign, Joseph Cox, Motherboard, 21 April 2016.