Relying on "good Faith" as a Judicial Stopgap for Advancing Technology: Nit Warrants & Federal Rule of Criminal Procedure 41(b)
| Publication year | 2021 |
| Author | Written by Jennifer Kelly Corcoran |
Written by Jennifer Kelly Corcoran1
Bryan Gilbert Henderson regularly accessed child pornography from his home in San Mateo, California, where he lived with his grandmother.2 Under the moniker "askjeff," Henderson logged into Playpen, a child pornography website, and accessed over thirty hours of content during a six-month period.3 Henderson, along with 150,000 Playpen users,4 avoided law enforcement detection by utilizing "The Onion Router," colloquially known as "Tor."5 Tor is a downloadable software that allows individuals to anonymously access websites.6 Instead of accessing the website directly from an internet browser, Tor's network connects the user to the website through a "series of virtual tunnels," thus masking the user's internet protocol (IP) address.7
On March 1, 2015, Henderson logged into Playpen through Tor.8 This time, however, his mask came off. Unbeknownst to any of Playpen's 150,000 users, the Federal Bureau of Investigation (FBI) had secured a Network Investigative Technique (NIT) warrant which authorized a search of any computer that logged onto Playpen with a username and password.9 The FBI, in conjunction with the Department of Justice's Child Exploitation and Obscenity Section, had secured the NIT warrant specifically to take down Playpen and its previously anonymous users.10 Operation Pacifier, targeting Playpen, resulted in the successful arrests of over 350 individuals in the United States and over 548 individuals abroad.11
But law enforcement success did not come easily. Defendants like Henderson launched legal challenges in courts across the country, arguing that evidence of their Playpen activities should be suppressed because the NIT warrant violated Federal Rule of Criminal Procedure 41 and their constitutional rights.12 They claimed that the NIT warrant was problematic because it was issued by a magistrate judge in the Eastern District of Virginia, but authorized searches of computers "wherever located," in clear contravention of the rule's venue provisions.13 Law enforcement knows that a search warrant must be sought from a magistrate judge with authority over persons or property located "within the district."14 Yet in Henderson's case, the NIT warrant signed by the magistrate judge in Virginia reached into his grandmother's home in California, nearly 3,000 miles away.15
Courts almost unanimously sided with defendants like Henderson and agreed that the warrant clearly violated the plain text of Rule 41.16 Some held that the procedural violation was so severe that it rose to the level of a Fourth Amendment constitutional violation.17 But courts refused to suppress the evidence.18 Instead, district court after district court, and circuit court after circuit court, held
[Page 7]
that the "good faith" exception to the exclusionary rule applied.19 Leaning on the Supreme Court's decision in United States v. Leon,20 lower courts explained that "the exclusionary rule aims to deter government violations of the Fourth Amendment"21 and that law enforcement officers should not be penalized for what courts concluded was a mistake on the part of the magistrate judge in issuing the warrant in the first place.22 The fruits of the NIT warrant thus remained admissible, and defendant after defendant was convicted of possession of child pornography in violation of 18 U.S.C. § 2252 on the basis of evidence seized pursuant to the NIT warrant.23
Interestingly, during the pendency of the nationwide litigation, the Federal Advisory Committee on Criminal Rules was working feverishly to amend Rule 41 to explicitly permit the type of cross-district warrant issued here.24 In fact, a year before the FBI sought the NIT warrant for Playpen, a representative from the Department of Justice conceded that Rule 41 did not work for crimes "involving anonymizing networks, like Tor" and that absent an amendment, "the government would be left to litigate the issue and 'hope the courts [would] create an exception to the rule.'"25
Instead of reading in an exception to Rule 41 to permit the government's conduct, courts leaned on the good faith exception to the exclusionary rule as a stopgap solution until the rule was officially amended. The amendments to Rule 41 took effect in December 2016 and granted new powers to judges "to issue a warrant to use remote access within or outside that district when the district in which the media or information is located is not know because of the use of technology such as anonymizing software."26 There is no question that the current version of Rule 41 would have authorized the NIT warrant issued for the Playpen investigation.
Thus, the issue here is that the courts' reliance on the good faith exception essentially bestowed retroactive effect upon the new Rule 41, even though the rule's text has no such retroactivity provision. Further, if the Department of Justice knew that a NIT warrant authorizing searches of computers located outside the district where the warrant was issued contravened the pre-amended Rule 41, did they really deserve lower courts' generous assessment that they acted in good faith in applying for it anyway?
This paper proceeds as follows. First, it examines what the NIT warrant is and why its issuance constituted a Rule 41 violation. Second, it discusses how the application of the good faith to the exclusionary rule precluded Playpen defendants from vindicating the violation of their constitutional rights. Finally, it argues that the circuit courts erroneously applied the good faith exception in the face of clear evidence that the Department of Justice knew the warrant did not comport with the rule. Essentially, I argue that the judicial stopgap remedy of applying the good faith exception in the Playpen cases is logically flawed; misinterprets the Supreme Court's good-faith jurisprudence by extending the exception to warrants which are void ab initio; and creates a dangerous precedent for courts to liberally apply the exception to cover situations not intended to be covered by the exception when they encounter challenges with new technology.
The Supreme Court has refused to weigh in on the propriety of applying the good faith exception to the NIT warrant issued in Operation Pacifier, denying certiorari to all the Playpen defendants' legal challenges.27 However, the Court has never blessed the application of the good faith exception to the specific facts encountered by lower courts, in this case. Specifically, courts were forced to extend the application of the good faith exception to warrants which are ab initio—an issue that has never been squarely by the highest court.28 Here, the NIT warrant was void ab initio because of "fatal jurisdictional issues"29 and because it violated two sources of positive law. First, the magistrate judge had no authority to issue the warrant under the Federal Magistrates Act, which cabins magistrates' authority to the "powers and duties conferred . . . by the Rules of Criminal Procedure" and in the geographic area where the magistrate presides.30 Second, the magistrate judge had no authority to issue the warrant pursuant to Rule 41(b) because it authorized a search of persons or property not located "within the district."31 This section explains what exactly the NIT warrant is, how it violated then-Rule 41, and how courts used the good faith exception to the exclusionary rule to fend off Playpen defendants' motions to suppress evidence from the NIT warrant.
[Page 8]
The NIT, or Network Investigative Technique, is a type of malware designed to access a user's computer without their consent.32 The malware remotely installs software on a computer to obtain the user's IP address and other identifying data.33 Recall that Playpen could only be accessed through Tor, software that masked the users' IP addresses. To identify the users of Playpen in the dark web, the FBI needed access to these IP addresses. After receiving a tip from foreign law enforcement, the FBI learned that Playpen was being hosted from a U.S. IP address in Naples, Florida.34 The FBI searched the Florida home of its founder and seized control of the website's server.35 In other circumstances, the FBI would simply "take down" the website and log the website's visitors.36 But because users accessed Playpen through Tor, there was no visitor log. So, the FBI needed to create one. The FBI allowed the website to remain operational but applied for the NIT warrant to begin creating the visitor log of IP addresses via the NIT.37 The website thus transitioned from being hosted in the Playpen founder's home in Naples, Florida, to an FBI government facility at an undisclosed location in Virginia.38
The FBI operated Playpen from February 20, 2015 through March 4, 2015.39 After securing the NIT warrant, the FBI began deploying the malware against all users who logged into Playpen with a username and password.40 Once a Playpen user logged in, the NIT sent "instructions designed to cause those computers to transmit certain information"41 to the government facility in Virginia. The malware was successful in breaking through Tor and obtaining seven pieces of key information from each Playpen user: (1) the computer's IP address; (2) a unique identifier which could distinguish data from one computer to another; (3) the type of computer operating system; (4) whether the NIT malware had already been activated on the particular computer; (5) the computer host name; (6) the operating system username; and (7) the computer's media access control address.42 The NIT was incredibly potent—by some estimates, the single warrant captured thousands of IP addresses during those two weeks.43 Once the FBI had these IP addresses, they applied for subpoenas...
To continue reading
Request your trial