Judge Says FBI's NIT Warrant Invalid, Points Out FBI Agent Knew It Was Invalid When He Requested It

from the new-strategy-needed-for-spreading-malware-worldwide dept

A Minnesota judge has granted a motion for suppression in an FBI Playpen case, using an agent's nineteen years of service and expertise against the government's good faith arguments. The court here found the warrant to be invalid from the moment it was signed, meaning everything obtained past that point to be fruit of the poisonous tree. (via FourthAmendment.com)

While other courts have noted the warrant's invalidity under Rule 41's territorial limitations (now nonexistent), no other judge has taken time to point out the FBI agent requesting the warrant knew it was invalid when he requested it.

First, the decision [PDF] points to the breathtaking scope of the single warrant the FBI obtained.

[T]he Government claims legal authority from this single warrant, issued in the Eastern District of Virginia, to hack thousands of computers in 120 countries and to install malicious software for the purpose of investigating and searching the private property of uncounted individuals whose identities and crimes were unknown to the Government before launching this massive worldwide search.

From there, the judge makes the point that the government can't claim it had any "good faith" in its warrant because it knew the scope and reach of the warrant exceeded the jurisdictional limitations imposed by Rule 41. As evidence of this knowledge, Judge Franklin Noel points to sworn statements by Agent Macfarlane, which indicate he knew the request was invalid when he submitted his warrant request.

The search warrant application and the warrant, as issued, expressly limit themselves to the search of persons or property located in the Eastern District of Virginia. Yet paragraph forty-six of Agent Macfarlane's affidavit explains in some detail how the NIT malware might be deployed anywhere on earth. Specifically, paragraph forty-six provides that "the NIT may cause an activating computer wherever located -- to send to a computer controlled or known to the government, network level messages containing information that may assist in identifying the computer." Under these circumstances, Agent Macfarlane must have known that he was acting in reckless disregard of proper procedure. It was not objectively reasonable for Agent Macfarlane, a "law enforcement . . . veteran" employed by the FBI "for 19 years" to believe that the NIT warrant, which he knew could reasonably reach any computer in the world, was properly issued given the specific territorial limits under Rule 41(b) and the language of the warrant itself… Put differently, it was not objectively reasonable for Agents to believe that a single warrant, which by its terms was explicitly limited to searches in the Eastern District of Virginia, could be used to electronically search Carlson's computer in Minnesota…

The judge goes on to point out the government can't avail itself of the "good faith" argument because it relies on a valid warrant's issuance. In this case, the warrant was invalid the moment it was issued, making this akin to having no warrant at all. Good faith denied.

The court also finds the warrant defective in other ways. The NIT warrant had no particularity -- a requirement for valid warrants. Since the government didn't know who it would infect with its malware or where they were located, its warrant could not possibly satisfy particularity requirements, even if it somehow managed to adhere to Rule 41 jurisdictional limitations.

Identification of the particular place to be searched cannot depend upon facts that have not yet occurred. A warrant must particularly describe the place to be searched at the time it is issued. Just as a warrant must be supported by probable cause at the time it is issued, this Court concludes that the warrant must particularly describe the place to be searched when it is issued. [...] As neither the Magistrate Judge nor the affiant know which computers are to be searched until after the search has already occurred, the NIT warrant fails to particularly describe the place to be searched.

This suggests the FBI may not be completely in the clear despite the Rule 41 changes. The malware it deployed targeted individuals who visited the seized server, but the FBI had no way of knowing who would visit or when. This is a take we haven't seen from other judges in Playpen/NIT cases and this order will likely be cited by several defendants still facing prosecution.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, fbi, malware, nit, privacy, warrant