United States v. Taylor

• Citation: 935 F.3d 1279
• Decision Date: 28 August 2019
• Docket Number: No. 18-11852,No. 17-14915,17-14915
• Parties: UNITED STATES of America, Plaintiff - Appellee, v. James Ryan TAYLOR, Defendant - Appellant. United States of America, Plaintiff - Appellee, v. Steven Vincent Smith, Defendant - Appellant.
• Court: U.S. Court of Appeals — Eleventh Circuit

935 F.3d 1279

UNITED STATES of America, Plaintiff - Appellee,

v.James Ryan TAYLOR, Defendant - Appellant.

United States of America, Plaintiff - Appellee,

v.Steven Vincent Smith, Defendant - Appellant.

No. 17-14915

No. 18-11852

United States Court of Appeals, Eleventh Circuit.

August 28, 2019

Corrected September 4, 2019

Manu Balachandran, AUSA, Michael B. Billingsley, Praveen S. Krishna, U.S. Attorney Service - Northern District of Alabama, U.S. Attorney's Office, Birmingham, AL, for Plaintiff - Appellee.

Kevin L. Butler, Glennon Fletcher Threatt, Jr., Allison Case, Tobie John Smith, Ebony Glenn Howard, Assistant Federal Public Defender, Federal Public Defender, Birmingham, AL, for Defendant - Appellant.

Before TJOFLAT and NEWSOM, Circuit Judges, and ANTOON,^* District Judge.

NEWSOM, Circuit Judge:

James Taylor and Steven Smith are the latest in a long line of child-pornography consumers to argue that the evidence of their crimes should be suppressed because the warrant that led to its discovery—issued by a magistrate judge in the Eastern District of Virginia but purporting to authorize a nationwide, remote-access computer search—violated the Fourth Amendment. By our count, we become today the eleventh (!) court of appeals to assess the constitutionality of the so-called "NIT warrant." Although the ten others haven't all employed the same analysis, they've all reached the same conclusion—namely, that evidence discovered under the NIT warrant need not be suppressed. We find no good reason to diverge from that consensus here, but the case nonetheless calls for careful consideration, as it implicates several important issues.

As an initial matter, did the NIT warrant violate Federal Rule of Criminal Procedure 41(b), which specifies where and in what circumstances a magistrate judge may issue a warrant—and relatedly, if the warrant did violate Rule 41(b), was that violation of constitutional magnitude? We hold that because the magistrate judge's actions exceeded not only Rule 41(b) but also her statutorily prescribed authority under the Federal Magistrates Act, 28 U.S.C. § 636(a) —which circumscribes the scope of a magistrate judge's jurisdiction—the warrant was void ab initio , rendering any search purporting to rely on it warrantless and thus presumptively unlawful under the Fourth Amendment.

That leads us to the question of remedy, which we take in two parts: First, is exclusion required—without regard to the reasonableness of the officers' reliance—where, as here, the warrant was void from the outset, as Taylor and Smith urge? Or, as the government contends, should a void warrant be treated no differently from other defective warrants, such that the good-faith exception to the exclusionary rule can still apply? We hold that, because the exclusionary rule is concerned solely with deterring culpable police misconduct—and not at all with regulating magistrate judges' actions—void and voidable warrants should be treated no differently; accordingly, an officer's reasonable reliance on the former, like the latter, can provide the basis for applying the good-faith exception.

Second, even if the good-faith exception can apply when an officer relies on a void warrant, should the exception apply in the particular circumstances of this case? We hold that the officers' warrant application here adequately disclosed the nature of the technology at issue and the scope of the intended search, that the officers reasonably relied on the magistrate judge's determination that the search was permissible, and, accordingly, that the good-faith exception applies in this case.

I

A

We begin with a bit of context. In the normal world of web browsing, an internet service provider assigns an IP address—a unique numerical identifier—to every computer that it provides with internet access. Websites can log IP addresses to keep track of the computers that visit, in essence creating a digital guest book. Internet browsing, therefore, isn't quite as private as most people think—it's actually pretty easy, for instance, for law enforcement to find out who visited what sites, when, and for how long simply by subpoenaing IP-address logs from service providers.

Not so when it comes to the "dark web," the part of the internet "only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable." Blog.OxfordDictionaries.com.¹ "The Onion Router"—usually abbreviated "Tor"—is one such software program. Tor, which was the brainchild of the U.S. Navy but has since been released to the public, works by routing a user's webpage requests through a series of computer servers operated by volunteers around the globe, rendering the user's IP address essentially unidentifiable and untraceable. In the words of the folks who currently administer the "Tor Project," a Massachusetts-based § 501(c)(3) organization responsible for maintaining Tor, you might think of what Tor does as "using a twisty, hard-to-follow route in order to throw off someone who is tailing you—and then periodically erasing your footprints."²

As you can imagine, Tor has plenty of legitimate uses—think military and law-enforcement officers carrying out investigations, journalists seeking to maintain anonymity, and ordinary citizens researching embarrassing topics. As you can also imagine, Tor has spawned—and effectively enables—a cache of unsavory sites for black-market trading, child-pornography file-sharing, and other criminal enterprises. This is so because, in addition to allowing users to access public websites without leaving a trail, Tor also hosts a number of so-called "hidden services," i.e. , sites accessible only through Tor. You can't just Google a hidden service; rather, a user can access one of these Tor-specific sites only by knowing its exact URL address. Most Tor-site addresses comprise a random jumble of letters and numbers followed by the address ".onion"—in place, say, of ".com" or ".org"—and are shared via message-board postings on the regular internet or by word of mouth.

The hidden-service page at issue here, "Playpen," was a child-pornography-distribution site accessible only through Tor. At the time the FBI began monitoring Playpen, the site contained more than 95,000 posts, had 160,000 members, and hosted up to 1,500 visitors per day. The FBI monitored the site for several months until, based on a foreign-government tip, it found and arrested the administrator. Rather than shuttering Playpen immediately, the FBI covertly took control of the site and began operating it out of a government server in Newington, Virginia, hoping to snare more users.

As a means of ferreting out Playpen visitors whose identities were masked by Tor, the FBI sought to deploy government-created malware—specifically, a computer code called the Network Investigative Technique ("NIT")—that would transmit user information back to the FBI. Here's how the NIT worked: When a Playpen user downloaded images from a Tor-based site, the NIT would essentially "hitchhike" along, invade the host computer, and force it to send to the FBI (among other information) the computer's IP address, the computer's host name, and the username associated with the computer. Based on that information, the FBI could identify the user's internet service provider and the computer affiliated with the account that accessed Playpen, thereby unmasking the user and providing probable cause for the FBI to seek a warrant to seize computers and hard drives.

B

To effectuate this plan, FBI Agent Douglas Macfarlane submitted a search-warrant application to a magistrate judge in the Eastern District of Virginia, requesting authorization to deploy the NIT. The application wasn't a model of clarity or precision, particularly regarding the issue that most concerns us here—namely, the geographic scope of the requested search authority. In the case caption, the application described the "property to be searched"—seemingly without territorial restriction—as "COMPUTERS THAT ACCESS upf45jv3bziuctml.onion," which we now know to be associated with Playpen. Just below, however, in the body, the application asserted a reasonable belief that evidence of child-pornography-related crimes was contained on property "located in the Eastern District of Virginia." As part of the same statement—regarding the "property to be searched"—the application referred to an "Attachment A." Attachment A in turn stated that the NIT was "to be deployed on the computer server ... operating the [Playpen] website" and specified that the server was "located at a government facility in the Eastern District of Virginia." Attachment A then went on to state, though, that the goal of deploying the NIT was to obtain information from "[t]he activating computers ... of any user or administrator who logs into [Playpen] by entering a username and password."

As is often the case, the NIT application also referenced an attached affidavit. Agent Macfarlane's affidavit summarized the applicable law, explained numerous technical terms of art, and described Tor and the "Target Website"—i.e. , Playpen. On page 29 of 31, under the bolded heading "SEARCH AUTHORIZATION REQUESTS," the affidavit stated, for the first time expressly, that "the NIT may cause an activating computer—wherever located —to send to a computer controlled by or known to the government" certain information, including the IP address and host name.³

A magistrate judge in the Eastern District of Virginia signed the warrant and the FBI deployed the NIT.

C

Not long thereafter, NIT-transmitted data revealed to the FBI that a certain Playpen user was linked to a computer with the host name "RyansComputer." After the user accessed several images of child pornography, the FBI sent an administrative subpoena to the user's internet service provider and discovered that the IP address associated with the computer was assigned to James Taylor in Birmingham, Alabama. A magistrate judge in the Northern District...