Sunday, February 04, 2007

Can you trust your network?

As you may know, law enforcement officers are using file-sharing programs like Limewire to search people’s hard drives for child pornography.

This summary of facts from a recent case – United States v. O’Rourke, 2007 WL 104901 (U.S. District Court for the District of Arkansas – gives you an idea how this works:
Defendant O'Rourke came to the attention of the FBI on January 3, 2005, when Special Agent Robin Andrews conducted an undercover investigation of people involved in the possession and distribution of child pornography. . . . Conducting a search through the peer-to-peer Internet file sharing software known as `Limewire,’ Agent Andrews downloaded images of child pornography from Defendant's computer. . . . The FBI was able to identify Defendant through his Internet Protocol address and a subpoena of his Internet Service Provider, and subsequently obtained a search warrant for Defendant's home and computer. . . . The search warrant was executed on February 22, 2005, and Defendant's computer was found to contain 46 movie files and several hundred still images of child pornography. . . . The Government alleges that these movies and images were saved on Defendant's hard drive and were available to be downloaded over the Internet by others using Limewire software. . . .

The Government seized Defendant's computer and presented evidence to a federal grand jury. The grand jury indicted Defendant. . . .
Here’s a summary of what happened in a similar case involving a search by a state officer:
[T]his case began on February 28, 2005, when at 4:35 p.m., Trooper Robert Erderly of the Pennsylvania State Police was logged onto a computer located at the Pennsylvania State Police barracks in Indiana, Pennsylvania. . . .

Installed on the computer. . . was a file-sharing software program called Phex. Trooper Erdely used the Phex program to search for files on the Gnutella network.. BearShare and LimeWire are other such file-sharing software programs. . . .

The Gnutella network, BearShare, Phex and LimeWire share all types of files, including music, movie, photograph/still image, and text files. . .

On February 28 2005, the defendant, Arthur Abraham, was logged on to his computer at his residence at 3129 West Queen Lane, Philadelphia, Pennsylvania, and running a peer-to-peer file-sharing program called BearShare, version 4.6.3. . . .Once BearShare is installed, any file a person chooses to share is available to anyone on the Gnutella network. Every computer that is running this Gnutella network can participate in the sharing of the files. In order to install . . . the BearShare program . . . the defendant had to have accepted the terms of an end user software licensing agreement. With this agreement, the user acknowledges that he is using a file sharing program which can be used both to download files and to send files out over the Internet, i.e. share files. . . .

Returning to . . . February 28, 2005, the. . . defendant had to have his computer on and be using the "share the files in the library" option . . . when Trooper Erdely did his search because Trooper Erdely found the file being shared and was able to download it from the defendant's computer. . . .

Trooper Erdely knew that there was a movie file that was being shared across the Internet which is named Hindoo. Utilizing the Phex program, he searched the word Hindoo and got a number of hits. Once the result of Trooper Erdely's search came up, the Internet Protocol ("IP") addresses of those sharing the files on which Trooper Erdely got a hit were visible.

One of the IP addresses from one of Trooper Erdely's hits was an IP address belonging to Verizon Internet service. The IP was 141.151.19.66. . . . The complete name of the file being shared by IP 141.151.19.66 was (Hussyfan)(pthc) (r@ygold) (babyshivid) Hindoo4.mpg. Exhibit 5, unnumbered page 2.

Trooper Erdely obtained a state court order compelling Verizon to tell him who was the subscriber with the IP address 141.151.19.66. Verizon informed Trooper Erdely that the subscriber of that service at that date and time was . . . Arthur Abraham of 3129 West Queen Lane, Philadelphia, Pennsylvania 19129.

Trooper Erdely downloaded the file "Hindoo" that IP address 141.151.19.66 was sharing onto a CD Rom. The file on the CD Rom that Trooper Erdely downloaded from IP address 141.151.19.66 contains child pornography as prohibited by law. . . .

On March 17, 2005, a warrant was obtained to search the defendant's house at 3129 West Queen Lane, Philadelphia, Pennsylvania 19129. . . .
United States v. Abraham, 2006 WL 3052702 (U.S. District Court for the Western District of Pennsylvania 2006).

I find many things interesting about how law enforcement officers are using file-sharing programs to hunt for child pornography, but the one I want to focus on here wasn’t raise in the opinions in either of these cases, nor was it raised in the four other similar cases that are reported in Westlaw.

The issue is the Fourth Amendment which, as I’ve noted before, protects us from the government’s conducting “unreasonable” searches and seizures. The issue that would determine the applicability of the Fourth Amendment to the conduct of Agent Andrews and Trooper Erdely is whether what they did resulted in a “search” or a “seizure.”

As I’ve said before, a Fourth Amendment search is law enforcement’s intruding into a place, or an activity, in which the person has a “reasonable expectation of privacy.” You have a reasonable expectation of privacy in a place – your home, say – if (a) you think it’s private (subjective expectation) and (b) society agrees it is reasonable for you to think that (objective expectation). The home, of course, is clearly private – we all think our homes are private and our society emphatically agrees. That doesn’t mean law enforcement officers can’t search our homes; it just means they have to get a search warrant to do so.

The computers in both of these cases were in homes. Was it, then, a search for the law enforcement officers to access the hard drives on the computers to locate and copy a file or files (which, arguably, is a seizure)?

On the one hand, you could argue it was a search because we have an intrusion – a virtual kind of intrusion – by law enforcement into someone’s home. On the other hand, you can argue this is not a search because O’Rourke and Abraham both “opened the door” for law enforcement officers to “enter” their computers by installing and using the file-sharing software.

That is, as to the second argument, you can argue that (a) neither O'Rourke nor Abraham could have had a subjective expectation of privacy in their hard drives because they knew they were using file-sharing software and were online and (b) regardless of what they thought, society would not accept the notion that their hard drives were private given their use of that software. Society, in other words, would see their using the file-sharing software as the equivalent of my (hypothetically) putting my favorite marijuana plant (purely hypothetical) on a table next to the large window on the front of my house and pulling back the curtains so it could get plenty of sun. It would not be a search for a police officer to walk by and see the marijuana plant -- I gave up any expectation of privacy I had with regard to the plant by putting it on public display.

I assume none of the defendants raised the Fourth Amendment argument because they thought it would fail . . . or maybe they did raise it unsuccessfully and the courts simply did not issue a published opinion on that issue. I can see why the second argument would probably prevail . . . there's a long line of cases which say that if you engage in criminal activity with other people, don't complain if one of them turns out to be a snitch or, worse yet, an undercover FBI agent.

It seems to me, thought, that the second argument against law enforcement's using file-sharing software to explore people's hard drives raises a larger, perhaps more difficult issue: If I link my computer to a network, have I lost any Fourth Amendment expectation of privacy in the contents of my hard drive?

3 comments:

Spot said...

If I link my computer to a network, have I lost any Fourth Amendment expectation of privacy in the contents of my hard drive?

You answered your own question. It isn't the placing of the (hypothetical) pot plant on the table that makes it public, it's the opening of the window. You can certainly be attached to a network and only intend to participate in communications initiated by you.

If the popo has to find a way around your firewall, or guess the password on your fileshare, it's very different than if you publish the contents of your hard drive for everyone to see. And clearly the police in these cases understand the distinction, since they freely downloaded the files that were in the shared directories (in front of the open window), but obtained search warrants for the remainder of the hard drive.

Aram ZS said...

I'm curious, what you've cited here seems to hold under law, what would this mean if a Federal Agent was able to access an online video feed (or, alternatively, access an online computer and activate a camera feed) that depicted it's owner performing illegal acts? The next step would be, what if (in either case) the camera had accessible controls that the agent manipulated in order to gain a view of an illegal act? Presumably, the 4th amendment continues to guarantee a "reasonable expectation of privacy" even in the technological age. Would data recorded from a camera in any of the above situations be legit in a court of law?

One requires a warrant to tap a phone, does the same apply to sticking a video camera in someone's window (to carry your metaphor)? If not, what does this mean for the general evolution of technology in the home? Apple computers have a function that allows the desktop to be viewed remotely, if active, does recorded information from there count as freely available as well, even if it was only intended for the user. If the users intent is not public release, even though it ends up that way, how can that be dealt with? With the road warrior type of business person they could reasonably claim that, by keeping connected, the walls of their home are extended into cyberspace, a sort of private public space. To bring the question to an even stranger level, what about Private public areas in virtual worlds, such as Second Life. By creating a piece of virtual property and erecting digital walls and privacy filters this would seem to be situational similar to a home, but the data is stored outside of the user's direct control. If one of these protected virtual spaces were suspected to contain illegal information would the police have to get a warrant for the properties' owner, or for the company that hosts the space?

john mcginnis said...

Susan,

You passed on the most applicable point of your whole exercise -- vector hopping thru the P2P network. Try this out, using the Gnutella protocol:

The police on Host A, I Host B and a third Host C. They make a query for porn file X. Now this request for the file gets propigated thru the network. For argument's sake, lets say that the File X is on Host C but the closest Host A vector is Host B. When the officer made the request the file will traverse Host C --> Host B --> Host A. From the police's perspective the last traveled IP was Host B and wrongly ID'd for criminal purposes. Yet Host B was only the conduit. Host C was the source of the file.

That is the whole point of many P2P networks -- their anonymous nature. Some of the P2P programs do vector transfer of files automatically. Other programs require you to set a parameter to permit your computer to be a vector.

Susan I think you identified the wrong point for a defense. There is a body of case law on the books I believe that exempts someone like a Verizon as an ISP from criminal prosecution so long as they move to correct/eliminate the offending materials related to that account. Being merely a conduit they cannot be held liable for what traverses their servers only the content that remains on it. I would therefore hold that the same defense could be made that a P2P computer acting only as a conduit is functioning as an ISP and may only be held criminally liable to the extent that they do not act in due course to remove the materials. And generally traversed files do not remain on the Host acting as a conduit except maybe as a temp file. (Which I guess would beg the question, is the temp file hosting or planted evidence?)

One last observation, what happens to the 4th Amend privilige if all access by anyone is prefixed by "Use and viewing of files on this device are considered private materials and not public domain." or similiar? Does such a notification of a 'locked door' oblige the officer to now officially cease any search and obtain a warrant to go further?

Something to ponder....