Internet users should not have any expectation of privacy
On June 23, 2017 the federal judge for the Eastern District of Virginia, in the matter of Playpen, a hidden offensive service on the Tor network that FBI seized by the means of a network investigative technique that identifies the visitor’s IP, denies Defendant’s Motion to Suppress ruling that computer security is ineffectual against hacker attacks and therefore, internet users should not have any expectation of privacy even if using countermeasures as hidden networks.
The Tor Network once was made to defend Government
Playpen is a website showing illicit content that operates on a peculiar network, called “The Tor Network” or “the onion router”.
The Tor project was created by the U.S. Naval Research Laboratory with the purpose to protect government communications and then made publicly accessible. Individuals and organizations only need to download Tor browser from Tor website to start using it for free.
What makes Tor so fashionable is that it provides anonymity protections both to operators of a hidden service and to visitors of a hidden service.
Tor’s goal is to maintain both users and hidden websites anonymous
For users, it allows them to access Internet anonymously by keeping hidden IP addresses from websites’ operators so that the user browsing Internet with Tor is not identifiable.
On the other hand, Tor allows hidden services websites to operate only within Tor network so that users who log into a hidden service cannot identify or locate the website itself and cannot decrypt any communication.
Tor is well provided. Users can even search for hidden services of Tor through index websites like they would do through common search engines and its network counts more than 1.000 servers all around the world.
Attracted by anonymity, a large number of users chose to browse Tor for their illegitimate purposes, because of IP address kept hidden they can escape Government identification.
Tor hosts hidden websites of illegal activities too and Playpen is one of them
Playpen is one users of those that use Tor for illegal activities. Precisely, its activities are diffusion and online exploitation of illegal sexual content.
Playpen website is organized with sections, forums, and sub-forums all categorized and subdivided by criteria. Users of Playpen that went to register an account with Playpen were even warned for their own safety not to enter a real email address or post identifying information in their profiles.
Despite all efforts to keep their hidden services websites really hidden, Tor network eventually fails connection with Playpen server and the result is that Playpen can be found and viewed on the regular internet network too.
In December 2014, a foreign law enforcement agency alerted the FBI having discovered Playpen.
FBI keeps track of Playpen hacking its server with the NIT
FBI locates Playpen's operator in a Florida home and, instead of shutting the server down, it assumes control of Playpen, continuing to operate it from a government facility in the Eastern District of Virginia.
FBI experiences on Playpen the NIT or network investigative technique, a brand-new technology that works to identify computers of any user or administrator who logs into the server by entering a username and password.
Deploying NIT makes every IP address identifiable
By NIT, FBI is now able to identify every activating computer’s IP address, to generate and give every IP a unique identifier, to figure out type, version and architecture of the operating system running on the activating computer, to figure out its Host Name, its operating system username, its media access control ("MAC") address.
When a user log in Playpen, FBI stands still and waits to deploy NIT until the users starts to download illegal sexual content to his computer. At this point, FBI sends a subpoena to an Internet Service Provider able to identify the computers that possessed that IP address. By this trick, FBI has seized the criminal mind behind Playpen.
All Trial phases
Pursuant to Defendant’s Motions to Suppress, the first hearing of trial was held on May 19, 2016, where the Court heard testimony from FBI Special Agents and admitted several Defense Exhibits. The Court received a brief of amicus curiae from the Electronic Frontier Foundation, informing the Court's understanding of relevant facts. Then the Court orders denial on June 2017.
Defendant’s Motions to challenge the magistrate’s warrant
With his First Motion to Suppress, Third Motion to Suppress, and Motion to Compel Discovery, the Defendant seeks to suppress all evidence seized from his home computer by the FBI through the use of a network investigative technique, or NIT, as well as all fruits of that search.
He challenges that the warrant authorizing the search is lacking probable cause and or specificity, that the FBI included false information and omitted material information in the supporting affidavit intentionally or recklessly, and that the warrant's triggering event never occurred. He also argues that the search is unconstitutional for the warrant is void ab initio. He compels the Government to provide him with the network investigative technique's full source or programming code.
Government, that charged Defendant with access with intent to view child pornography and receipt of child pornography in violation of 18 U.S.C. § 2252A, denies all above mentioned arguments.
The Court’s ruling against the Defendant
The Court denies Defendant's First and Third Motions to Suppress and Defendant's Motion to Compel Discovery. The Court grants Defendant's Consent Motion for Leave to File an Expert Declaration Relevant to the Motion to Compel Discovery and the Government's Motion to Unseal the Court's Opinion and Order denying Defendant's First and Third Motions to Suppress.
Discovery of the full NIT code would be harmful for the public interest
First, the Court denies the Defendant's Motion to Compel Discovery of the full NIT source code. Federal Rule of Criminal Procedure provides the defendant with the pretrial discovery granted by which the government must meet his request to inspect every item about him within the government's possession, custody, or control if it is going to be used in a trial.
Balancing the Government's need to keep certain information private with the defendant's need for the information, the Court finds that Defendant’s assertion to support his request – challenging the government's chain of custody for supposed failures of NIT system – has not encountered approval because cross-examinations has testified that the FBI uncovered the user "Broden," which it later linked to Defendant's computer, before it deployed the NIT.
The same assertion comes under Qualified Law Enforcement Privilege. The Government alleges that the full NIT source code includes information pertaining to law enforcement techniques whose disclosure would be harmful to the public interest allowing individuals to evade detection and discouraging governmental agencies to use these techniques in critical situations. Thus, the privilege applies against the implied right of privacy under the Fourth Amendment.
On the legal background of the issuance of the NIT Warrant and related affidavit
Second, although the question whether NIT constituting malware it is immaterial to the decisions concerning the Motions to Suppress and the Motion to Compel Discovery, the Court states that law enforcement tactics preventing criminal actions must be allowed to advance with technological changes.
Third, on whether probable cause can support the issuance of the NIT Warrant, the warrant should be issued for the probability that contraband or evidence of a crime will be found in a particular place and the magistrate must be provided by the affidavit with a substantial basis for determining the existence of probable cause. The Courts finds that the fully described Playpen's circumstances of the affidavit lead to the conclusion that a fair probability existed that those accessing Playpen intended to view and trade child pornography and that the NIT would help uncover evidence of these crimes.
Fourth, a Franks hearing under Fourth Amendment is not warranted because the affidavit does not contain false statement and the Defendant has not made a substantial preliminary showing that the affiant included the inaccurate description of Playpen's home page either intentionally or recklessly.
The warrant does not violate the Fourth Amendment and it was not even necessary
Fifth, the NIT warrant did not lack specificity under Fourth Amendment because it particularly describes the place to be searched and the persons or things to be seized. The things array is narrowed by the fact that any computer logging Playpen possessed the intent to view and trade child pornography while the place is described as the computers of any user or administrator who logs into Playpen.
The Court finds that anticipatory warrant is granted by the affidavit of a so-called “triggering condition” and that this is satisfied by the logging to the Playpen website by the “Broden” user. By the way, the FBI did not employ the NIT until he clicked on an actual child pornography forum or section within Playpen.
Then, the Court finds that the magistrate judge did not exceed her authority under Rule 41(b) issuing a warrant authorizing the FBI to install a tracking device on each user's computer that was going to enter the magistrate judge's district when its user logged into Playpen via the Tor network. And, even if the contrary occurred, suppression is not warranted because the Government did not need a warrant to deploy the NIT and capture Defendant's IP address.
Users should not expect any privacy when connecting to internet because hacking is always a risk
It is outlined that the Defendant has no expectation of privacy in his IP address whose acquisition by the Government did not represent a prohibited Fourth Amendment search. Indeed, Internet users should know that IP address is an information directed from Internet service providers to third party - whether individual or an 'entry node' - and even those using hidden networks know that they are requested to disclose such information to complete connection to them.
When first connecting to Tor, in fact, the user must disclose his real IP address to the first Tor node that can see the IP address using Tor. Thus, the technique used by Government only revealed additional information, the IP address, that the suspect already exposed to a third party.
When the Internet infiltration comes from Government to prosecute a crime, it is not malware.
The ruling contains the principle that any Internet user should not have an expectation of privacy. FBI infiltrated to visitor’s computers identifying their IP address in order to prosecute against them for child exploitation. This technique consented FBI to take control of Playpen, a hidden service running on a hidden network, discovering several criminal individuals by hacking their computers.
The magistrate granted a single warrant for the whole mass hacking, and this was upheld by the US District Judge that states it unnecessary because of the type of crime being investigated and because Internet users should have no objectively reasonable expectation of privacy. He outlines that it is almost a certainty that every computer accessing the Internet has been or will be hacked.
The opinion of digital-rights advocates
Electronic Frontier Foundation, which stands in the trial by amicus curiae, is a digital rights group that finds the ruling as a threat against everyone’s privacy for authorizing Government to use malware on citizens’ computers. But FBI denies NIT program is malware since it was court-authorized and made no changes to the security settings of targeted computers.
Against a 2007 legal precedent
The Ninth Circuit US Court stated the opposite in 2007. Indeed, it rules that the connection of a computer to the network does not undermine a user's subjective expectation of privacy and an objectively reasonable expectation of privacy in his personal computer.