United States v. Arterbury
Decision Date | 25 April 2016 |
Docket Number | Case No. 15-CR-182-JHP |
Parties | UNITED STATES OF AMERICA, Plaintiff, v. SCOTT FREDRICK ARTERBURY, Defendant. |
Court | U.S. District Court — Northern District of Oklahoma |
Before the Court is the Motion to Suppress Evidence Seized from Residence ("Motion to Suppress") and Request for an Evidentiary Hearing of Defendant Scott Fredrick Arterbury ("Arterbury"). [Dkt. No. 33]. On March 23, 2016, the matter was referred to the undersigned United States Magistrate Judge for Report and Recommendation on the Motion to Suppress. [Dkt. No. 35]. The Motion for hearing has been GRANTED, and a hearing conducted on April 25, 2016. After considering the submissions of the parties and the arguments of counsel, the undersigned makes the following findings and recommendation to the District Court.
This case involves what is known as the "The Dark Net," the "Tor Network" or "Tor" for short.1 Owen and Savage, at 1. An individual living under a repressive government such as North Korea, for example, might make use of Tor to access or post certain information while avoiding government surveillance. However, after analyzing Tor Dark net sites over a six-month period, Owen and Savage found that Id.
The Tor network is designed to route communications through multiple computers, protecting the confidentiality of Internet Protocol ("IP") addresses and other identifying information. See, Keith D. Watson, The Tor Network: A Global Inquiry into the Legal Status of Anonymity Networks, 11 Wash. U. Global Stud. L. Rev. 715 (2012) (hereafter, "Watson"). See, for example, U.S. v. Frater, 2016 WL 795839, *3 (D. Ariz. March 1, 2016).
To combat illegal activity using the Tor network, the Government has developed so-called "Trojan horse devices." These may include: "data extraction software, network investigative technique, port reader, harvesting program, remote search, CIPAV for Computer and Internet Protocol Address Verifier, or IPAV for Internet Protocol Address Verifier." Brian L. Owsley, Beware of Government Agents Bearing Trojan Horses, 48 Akron L. Rev. 315, 316 (2015). In the instant case, the parties have referred to the warrant issued by the U.S. magistrate judge in the Eastern District of Virginia as a NetworkInvestigative Technique ("NIT") warrant, and the Court will adopt that terminology.
Once approved, the NIT is installed on the target Website. "Once installed on Website A, each time a user accessed any page of Website A, the NIT sent one or more communications to the user's computer which caused the receiving computer to deliver data to a computer controlled by the FBI, which would help identify the computer which was accessing Website A." U.S. v. Pierce, 2014 WL 5173035, *3 (D.Neb. Oct. 14, 2014). In some cases, the Government has even activated a target computer's built-in camera to take photographs of the persons using that computer and send the photos back to the Government. E.g., In re Warrant to Search a Target Computer at Premises Unknown, 958 F. Supp. 2d 753, 759 (S.D. Tex. 2013).
The critical point is that without the use of such techniques as NIT, agents seeking to track a Tor user to his home computer will not be able to take that pursuit beyond the exit node from which the Tor user accessed the regular Internet.2 NIT allows the Government to surreptitiously send a message back through the Tor network to the home computer directing it to provide information from which the user may be identified.
The Government obtained evidence regarding Arterbury's alleged criminal conduct through a multi-step process that began in the Fall of 2014. At that time, Agents of the Federal Bureau of Investigation ("FBI") began investigating the Playpen website, a global online forum believed to be hosting users for purposes of distributing and accessing child pornography.3 In February 2015, agents apprehended the administrator of Playpen in Naples, Fla., took control of the site, and moved it to Virginia. Rather than shut Playpen down immediately, agents decided to allow the site to continue operation for 12 days (February 20, 2015 to March 4, 2015) in the hopes of identifying and prosecuting Playpen users. In furtherance of the investigation, the Government sought to use a Network Investigative Technique that would covertly transmit computer code to Playpen users. That code would direct users' computers to provide investigators with information which could then be used to locate and identify the users. In order to employ the NIT, however, the Government needed to obtain an "NIT search warrant."
In February 2015, a warrant application was prepared and presented to a magistrate judge in the Eastern District of Virginia. Absent the use of the NIT, the Government had no ability to locate and identify users of the Playpenwebsite. Special Agent Douglas Macfarlane, in his Affidavit in Support of Application for the NIT Search Warrant, stated:
Due to the unique nature of the Tor network and the method by which the network protects the anonymity of its users by routing communications through multiple computers or "nodes" . . . other investigative procedures that are usually employed in criminal investigations of this type have been tried and have failed or reasonably appear to be unlikely to succeed if they are tried.
[Dkt. No. 34-1, Affidavit in Support of Application for Search Warrant, at 28-29, ¶ 31].
On February 20, 2015, U.S. Magistrate Judge Theresa Carroll Buchanan issued the NIT warrant. When users accessed Playpen, the NIT caused data extraction software to be installed on the user's computer - wherever it was located. The computer then sent - without Defendant's knowledge or permission - requested information to a Government-controlled computer.4 In this way, the Government could determine the identity of the person accessing Playpen - even when that person was using a computer that was located outside the Eastern District of Virginia.
Using NIT, agents determined that a Playpen registrant with the user name "johnnyb5" and an IP address of 70.177.122.133 had logged on to the website from February 20 to March 4, 2015. Agents were able to determine that the IP address was operated by Cox Communications, Inc. Using an administrative subpoena directed at Cox, they secured the name and address of the account holder. This information was included in the affidavit of SpecialAgent Joseph Cecchini in support of a search warrant application presented to U.S. Magistrate Judge T. Lane Wilson in the Northern District of Oklahoma (the "Oklahoma warrant") on November 2, 2015. See 15-mj-196-TLW, [Dkt. 1]. The affidavit supporting the Oklahoma warrant is quite similar to the affidavit supporting the NIT warrant application. However, the Oklahoma warrant details the Defendant's alleged conduct regarding the Playpen website and the information obtained as a result of the NIT.
Judge Wilson issued the search warrant for 1515 S. Nyssa Place, Broken Arrow, Oklahoma. Agents executed the warrant, and located and seized alleged child pornography. Judge Wilson then executed a Criminal Complaint and a warrant for the Defendant's arrest.
Defendant appeared...
To continue reading
Request your trial