Appeals court OKs evidence collected by FBI malware during child-porn sting
A federal appeals court has declined to suppress evidence amassed by malware the FBI surreptitiously installed on computers caught connecting to a child porn site briefly under its control.
The Fourth Circuit Court of Appeals issued a ruling Thursday affirming a lower court’s refusal to reject digital evidence collected in the case against Robert McLamb, a Virginia Beach resident arrested in 2016 as part of the government’s investigation into Playpen, a members-only child porn site that existed on the dark web, an unindexed portion of the internet significantly more difficult for authorities to monitor.
In-between seizing Playpen and shutting it down in 2015, the FBI re-configured the website so that any members attempting to log-on would silently be served malware that subsequently helped investigators identify and arrest hundreds of alleged users around the world, McLamb included.
Armed with identifying information collected by the FBI’s malware, or network investigative technique (NIT), authorities later searched McLamb’s residence and found a hard drive containing child pornography, paving the way for prosecutors to bring federal charges. McLab ultimately entered a conditional guilty plea, but he argued on appeal that the initial warrant that had allowed the FBI to install malware on the computers any and ever Playpen user regardless of their location “ignored the clearly established jurisdictional limits” set forth in federal law.
“It allowed FBI agents to conduct a borderless dragnet search with no geographic limitation. [Federal law] simply does not permit a magistrate judge to authorize the searches of computers around the country or around the world,” he argued previously.
The Fourth Circuit found otherwise, however, and its ruling said that the Supreme Court’s 1984 decision in U.S. v. Leon suggests that evidence collected by a warrant can only be suppressed due to certain conditions none of which were raised in McLamb’s appeal.
“Suppression . . . remains an appropriate remedy if the magistrate or judge in issuing a warrant was misled by information in an affidavit that the affiant knew was false or would have known was false except for his reckless disregard of the truth,” the Supreme Court previously concluded.
Douglas Macfarlane, the FBI agent who authorized the affidavit in support of the warrant used to hack Playpen visitors, did not “mislead the magistrate judge with falsehoods or reckless disregard of truth,” U.S. Circuit Judge Stephanie Thacker wrote for the Fourth Circuit.
“In his affidavit in support of the warrant application, Agent Macfarlane detailed the investigatory difficulties posed by the dark web and devoted several pages to explaining the NIT’s mechanism. Although he does not specifically use the term ‘tracking device’ in his affidavit, Agent Macfarlane’s detailed description of the NIT was sufficient to inform the magistrate judge of the scope of the warrant sought,” the opinion said.
“The boundaries of a magistrate judge’s jurisdiction in the context of remote access warrants were unclear at the time of the warrant application. Without judicial precedent for reference, the FBI consulted with attorneys from the Department of Justice Child Exploitation and Obscenity Section. Appellant casts the consultation in a cynical light, arguing that it evidences a guilty conscience. But in light of rapidly developing technology, there will not always be definitive precedent upon which law enforcement can rely when utilizing cutting edge investigative techniques,” the opinion said.
Andrew Grindrod, a public defender who represented McLamb in the appeals process, did not immediately return an email seeking comment.
Playpen boasted more than 150,000 users around the world prior to being seized in 2015, and authorities have arrested more than 800 so far in connection with the FBI’s probe.
Attorneys representing other alleged Playpen users have challenged the validity of the FBI’s wide-reaching warrant with varying success, and several cases stemming from the probe are ongoing.