United States v. Rigmaiden
| Decision Date | 08 May 2013 |
| Docket Number | No. CR 08-814-PHX-DGC,CR 08-814-PHX-DGC |
| Parties | United States of America, Plaintiff, v. Daniel David Rigmaiden, Defendant. |
| Court | U.S. District Court — District of Arizona |
The government has indicted Defendant Daniel Rigmaiden on 74 counts of mail and wire fraud, aggravated identity theft, and conspiracy. Doc. 200. The charges arise from a scheme to obtain fraudulent tax refunds by filing electronic tax returns in the names of hundreds of deceased persons and third parties. The government located and arrested Defendant, in part, by tracking the location of an aircard connected to a laptop computer that allegedly was used to perpetrate the fraudulent scheme. Defendant argues that the technology and methods used to locate the aircard violated his Fourth Amendment rights. He also argues that the government violated the Fourth Amendment by obtaining various documents and data through Court orders, relying on warrants that lacked particularity and probable cause, and exceeding the scope of the warrants.
Defendant has filed a motion to suppress and many related motions and memoranda.1 Although Defendant Rigmaiden represents himself and has no formal training in the law, his motions and memoranda are thoroughly researched and factually detailed. The Court and its staff have read hundreds of pages of briefing and exhibits, and oral argument was held on March 28, 2013. After thorough consideration of the parties' arguments, Defendant's motion to suppress will be denied.
The government alleges that in 2007 and 2008, using the identities of deceased and living individuals, including their social security numbers, Defendant e-filed more than 1,200 fraudulent tax returns claiming more than $3,000,000 in tax refunds. Doc. 873 at 3.2 In reliance on the fraudulent filings, the IRS deposited hundreds of thousands of dollars in bank accounts and debit cards maintained by Defendant and his co-conspirators. This order will describe only the most relevant portions of the year-long investigation that led to Defendant's arrest.
In June 2007, an IRS e-file provider notified the IRS that a large volume of tax returns had been filed through its website by an unknown person using an automated process. IRS agents subpoenaed the subscriber information for one of the IP addresses from which a return was filed and learned that the IP address was associated with a Verizon Wireless broadband access card provided to a Travis Rupard in San Jose, California. This access card, which was used to make a wireless connection between a computer and the Internet, became a key focus in the investigation. The access card will be referred to in this order as "the aircard."In March of 2008, the IRS Fraud Detection Center in Austin, Texas ("AFDC") identified a number of recently-filed fraudulent tax returns which directed that refunds be sent to various debit cards connected with a single Meridian Bank account. Doc. 873 at 9-10. IRS agents subpoenaed subscriber information for these fraudulent filings and found that some of the IP addresses ultimately traced back to the Verizon aircard and the related account maintained by Travis Rupard. Investigators also found the name "Travis Rupard" to be a false identity - the aircard account subscriber information provided by "Travis Rupard" listed a non-existent address, and the California driver's license number provided by "Travis Rupard" was in fact assigned to a female with a different name.
On April 15, 2008, as a result of various investigative efforts, agents executed a search warrant on a co-conspirator's computer and obtained e-mail correspondence between the coconspirator and an individual known to the co-conspirator as "the Hacker." The coconspirator had never personally met the Hacker, but had communicated with the Hacker by encrypted e-mail and had, at the Hacker's direction, established bank accounts to receive refunds from the fraudulent tax return scheme. Following his arrest, the co-conspirator agreed to work with the government as a confidential informant, and is referred to by the government as "CI-2."
On April 17, 2008, the Hacker contacted CI-2 through a secure e-mail account and provided detailed encrypted instructions for delivering $68,000 in proceeds from the tax-refund scheme to the Hacker. The Hacker directed CI-2 to wash the $68,000 of cash in lantern fuel to avoid drug detection dogs, double vacuum seal the currency, place the sealed cash inside a stuffed animal, and mail the animal in a gift-wrapped box with a birthday card addressed to a dying child. The Hacker instructed CI-2 to send the package to "Patrick Stout" at a FedEx/Kinko's store in Palo Alto, California. Investigators found "Patrick Stout" to be another false identity - it was traced to a post office box in Sacramento, California, opened through the use of a fraudulent California driver's license bearing a number assigned to yet another female with a different name.
The package containing $68,000 in currency was delivered to the FedEx/Kinko's storeon May 6, 2008. The next day, at approximately 5:00 a.m., a white male wearing a dark jacket and hood entered the store, presented identification in the name of Patrick Stout, and retrieved the package. The individual opened the package outside the store, removed the cash, discarded the shipping box, and then proceeded to a nearby train station where he eluded agents who had him under surveillance. The Hacker e-mailed CI-2 on May 8, 2008, and confirmed receipt of the money.
On June 25, 2008, the government obtained Verizon transaction logs for the aircard and compared them with transaction information for other activities of the Hacker, including his e-mail communications with CI-2. The IP addresses accessed by the aircard and the date/time stamps shown for its connections were consistent with activities of the Hacker, suggesting that the Hacker was in fact using the Travis Rupard aircard. In addition, the AFDC reported that more than 100 fraudulent tax refund claims were filed between May 22 and June 5, 2008. Doc. 873 at 16-23. The times when these false filings were made corresponded with activity on the Travis Rupard aircard. Although the false filings were made from different IP addresses, investigators believed the Hacker was using the aircard to access proxy computers or other anonymous tools on the Internet to mask his IP address. Consistent with this theory, the Hacker had stated in an April 15, 2008 e-mail to CI-2 that he used a different IP address for each fraudulent tax return in order to avoid detection. Id. at 26. Through these and other investigative efforts, investigators became convinced that the Hacker was using the Travis Rupard aircard and that locating the aircard would lead them to the Hacker.
As discussed in more detail below, in June and July of 2008 the government obtained historical cell-site records from Verizon that reflected communications from the aircard. These cell-site records showed that the aircard communicated regularly with several cell towers in the area of Santa Clara, California. Using the cell-tower information, a map, and various calculations, a government agent was able to narrow the location of the aircard to an area of 6,412,224 square feet, or just under one-quarter of a square mile. Doc. 824-1 at 167. The government obtained an order from a Federal Magistrate Judge in the Northern Districtof California that authorized the installation of a pen register and trap and trace device to obtain additional cell site information, and a warrant authorizing the use of a mobile tracking device to communicate with the aircard. On July 16, 2008, agents used this mobile device to track the aircard's location to unit 1122 of the Domicilio apartment complex in Santa Clara. The government then obtained information from the apartment complex indicating that unit 1122 was rented in the name of Steven Travis Brawner. The rental application listed a fake California driver's license bearing a number that belonged to a female with a different name, and the handwriting of "Steve Brawner" on the apartment application was found by a handwriting expert to be similar to the handwriting of "Patrick Stout" on a post office box application. In addition, "Steve Brawner" had provided a fraudulent 2006 tax return when he applied to rent the apartment. Using this and other information generated during the investigation, the government obtained a warrant to search apartment 1122.
To ascertain the arrival and departure habits of the apartment's occupant, agents obtained gate access data from the Domicilio apartment's alarm company. This information showed when the occupant of unit 1122 used his fob to enter or leave the complex. Agents conducted surveillance of the apartment through the rest of July 2008 without observing the occupant. On the night of July 22, 2008, an undercover FBI agent used the ruse of a fast food delivery to knock on the apartment's door, but nobody answered.
Finally, on August 3, 2012, at approximately 4:15 p.m., agents observed a person matching the description of Steven Brawner walking near the apartment. The person began to act suspiciously when he saw the agents, and then began running to evade the agents. After a foot chase through the surrounding area, Defendant was apprehended by local police officers who happened to be on the scene. Agents searched the suspect incident to his arrest and found a set of keys in his pocket. An agent took the keys to unit 1122 and confirmed that they fit and turned the door lock. The agent waited for the arrival of other agents with the search warrant before entering the apartment.
Once in the apartment, agents found identification bearing the suspect's photograph and the name Patrick Stout, along with many of the pre-recorded $100 bills that were partof the $68,000 delivery in May. Agents also found the aircard, a laptop computer, and computer storage devices that eventually were found to...
To continue reading
Request your trial