NITs to Pick: An EFF Attorney Riffs on a Recent Ninth Circuit Malware Decision
The Electronic Frontier Foundation's Andrew Crocker says that a controversial warrant employed in an FBI child pornography sting also recently waived on by other circuits is “really inconsistent with the idea of the Fourth Amendment.”
November 02, 2018 at 03:23 PM
5 minute read
The Electronic Frontier Foundation isn't known for shying from its principles, even in the most controversial of debates. Take, for instance, the FBI's use of “Network Information Technique” malware to decode the IP addresses of Tor browser users logging into the child porn site Playpen. In the EFF's estimation, warrants to deploy NIT allow the “type of sweeping authority” the Fourth Amendment “was designed to precisely prevent.”
I recently caught up with EFF attorney Andrew Crocker to discuss the controversy and how it fits into a recent decision from the U.S. Court of Appeals for the Ninth Circuit deeming a NIT warrant unconstitutional, but allowing the evidence to be used on the basis that investigators were operating in good faith by assuming their actions were legal. Here's some of the highlights from our chat.
What's the implication of the Ninth Circuit joining other appellate courts in basically agreeing that the FBI's NIT warrant was unconstitutional but OKing it on good faith?
The greater implication is the message it sends to the government. By that, I mean the government has indisputably violated Rule 41 [of the Criminal Rules of Civil Procedure] and the Constitution thousands of times with this single warrant to do these NIT searches. And the message sent by the Ninth Circuit and other courts that have reached similar conclusions is, “That's totally fine. You can do similar kinds of violations around the edges, as long as you sort of immunize it after the fact it's totally cool.” That's really inconsistent with the idea of the Fourth Amendment. It's sort of like saying to the government, “You've done everything wrong but came to the right conclusion, so don't make the same mistake again.” But the government has no impetus to actually change the way they operate.
Tell us a bit why these NIT warrants are so inherently controversial.
The core of why it's controversial is it's a single warrant to search an unbounded number of computers, and not only is it unbounded in number, it's not bounded in terms of who the people are. The only criterion that's used to authorize the search in the warrant is [someone visits] a website. And there are certainly arguments back and forth in these cases about whether that's the best that the government can do, or the whole idea that people visiting these websites are taking steps to remain anonymous. And that's true but, in this [Ninth Circuit] case at least, the government controlled the website, controlled the Tor website, and so they had a lot more info at their disposal and at least arguably could have done a lot more to limit the terms of who they were searching.
So because the government was sending these users NIT code, controlling the servers, the approach they took with the warrant was questionable?
Yeah, they were acting as a site administrator, even though the way Tor works, they didn't have the IP addresses of the visitors themselves. Because they were going through Tor, they had usernames, they could see how active each user was, had a warrant to monitor chats on the site. So they may have had a lot of identifying info about these users even though they didn't have their IP addresses.
Is there any way to address what you see as problems with the NIT warrant? Could the FBI have done something differently?
I would say this—they did get a warrant, and by doing that acknowledge it's an invasive search, and they have to satisfy the Fourth Amendment, and that's a right because your computer is a private space and the government can't just search. The main problem here is the expansiveness of what that warrant authorized. I think they could have proceeded in a more measured, piecemeal approach. They wanted to go after everyone at once. And I understand why that is, but that's very much in tension with how the Fourth Amendment works.
And leaving little recourse for those being prosecuted.
Their challenge has been to the breadth of the warrant. And courts aren't particularly interested in looking at it. And I think that's a mistake.
Where are some other instances where this warrant is in question?
Probably a lot we don't know about, because so much of this happens under seal. We've seen the government use NITs in a variety of cases, and one thing that's sort of interesting is they're not always this broad. They're deployed against a single person and at least some larger effort is taken to identify who the target is going to be. And the way it's deployed goes along with that.
I've seen cases where it's sent in an email or a phishing link that the defendant target is manipulated into clicking on, and so there's reason to believe that targeted person clicking is going to be the person the FBI is actually investigating. I don't want to say that's totally cool. There's at least one other case where a judge has said that's problematic because if you send it in an email you don't know who is using the address. Maybe it's more than one person, maybe the account has been hijacked. So maybe you have an innocent victim and the target of the investigation using the same email account. So there might still be problems, but it's still clearly more limited in this case.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllHow the Deal Got Done: Sidley Austin and NWSL Angel City Football Club/Iger
How Uncertainty in College Athletics Compensation Could Drive Lawsuits in 2025
How I Made Practice Group Chair: 'Think About Why You Want the Role, Because It Is Not an Easy Job,' Says Aaron Rubin of Morrison Foerster
Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
19 minute readTrending Stories
- 1Considering the Implications of the 2024 Presidential Election for Jurors in White Collar Cases
- 22024 in Review: Judges Met Out Punishments for Ex-Apple, FDIC, Moody's Legal Leaders
- 3What We Heard From Litigation Leaders in 2024
- 4Akin and Simpson Create New Practice Groups With Integrated Teams
- 5Thursday Newspaper
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250