Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Broy

United States District Court, C.D. Illinois, Peoria Division

September 21, 2016



          Michael M. Mihm, United States District Judge.

         This matter is now before the Court on Defendant Braman Broy's (“Broy”) Motion to Suppress Evidence (ECF No. 12). For the reasons set forth below, Broy's Motion to Suppress Evidence (ECF No. 12) is DENIED.

         Significance of the Present Case

         The Court notes the seriousness and complexity of the legal issues in this case and that similar issues are likely to present themselves as technology continues to evolve faster than the law can keep pace. It further recognizes that reasonable jurists can - and have - come to different conclusions on these issues and that district judges will await further guidance from the courts of appeals. The Court suggests readers familiarize themselves with previous cases stemming from the warrant at issue in this case before continuing to read this Order. See, e.g., United States v. Adams, No. 6:16-CR-11-ORL-40GJK, 2016 WL 4212079 (M.D. Fla. Aug. 10, 2016); United States v. Acevedo-Lemus, No. SACR 15-00137-CJC, 2016 WL 4208436 (C.D. Cal. Aug. 8, 2016); United States v. Eure, No. 2:16CR43, 2016 WL 4059663 (E.D. Va. July 28, 2016); United States v. Matish, No. 4:16CR16, 2016 WL 3545776 (E.D. Va. June 23, 2016); United States v. Darby, No. 2:16CR36, 2016 WL 3189703 (E.D. Va. June 3, 2016); United States v. Werdene, No. CR 15-434, 2016 WL 3002376 (E.D. Pa. May 18, 2016); United States v. Levin, No. CR 15-10271-WGY, 2016 WL 2596010 (D. Mass. May 5, 2016); United States v. Epich, No. 15-CR-163-PP, 2016 WL 953269 (E.D. Wis. Mar. 14, 2016); United States v. Michaud, No. 3:15-CR-05351-RJB, 2016 WL 337263 (W.D. Wash. Jan. 28, 2016).


         Playpen (“Website A”) was a website whose primary purpose was the advertisement and distribution of child pornography. ECF No. 20 at ¶ 1. Website A operated only on the “Tor” network, an open-source software tool which routes communications through multiple computers called “nodes” in order to mask a user's IP address and, thus, keeps the user's identity anonymous. ECF No. 13 at 1-2. These nodes are run by volunteers throughout the world. ECF No. 15 at 3. In order to use the Tor network, a user must download and run Tor software on his or her personal computer. ECF No. 13 at 2. When first logging into the Tor network, a user, whether knowingly or not, communicates his or her IP address to the first node volunteer. It is only after an IP address has been routed through multiple nodes that a user's IP address becomes masked. Indeed, when a user finally accesses a website while logged into the Tor network, only the IP address of the “exit node” is visible to that site (and, thus, any law enforcement officials monitoring that site). ECF No. 15 at 3-4. Traditional investigative techniques are therefore ineffective in finding a Tor user's real IP address. Id. at 4.

         Website A was a “hidden service” on the Tor network. Id. at 4. A “hidden service” does not operate like a normal Internet website, where one could find a page by happenstance, such as by entering key terms into a search engine. Id. at 4. Rather, a “hidden service” requires a user to acquire its exact web address from another source, such as another user of that “hidden service” or online postings detailing its web address, before accessing the website. Id. at 4. Thus, it was extremely unlikely anyone could have accessed Website A accidentally.

         Website A was hosted on a server in North Carolina and maintained by an administrator in Florida. ECF No. 20 at ¶ 2. In January 2015, FBI agents executed a search warrant and copied the contents of the server. ECF No. 15 at 5. Upon searching the website logs, the FBI determined that a Tor network user with the username “maproy99” had accessed several images of child pornography in January 2015. ECF No. 20 at ¶ 16. That username was later traced to Broy. Id. at ¶ 19. Rather than shutting down the server and Website A, the FBI continued to operate both at a government facility in the Eastern District of Virginia. Id. at ¶ 4. The FBI operated the server and Website A between February 20, 2015, and March 4, 2015. Id. at ¶ 4.

         Also on February 20, 2015, the FBI obtained from a district judge in the Eastern District of Virginia an order pursuant to Title III of the Electronic Communications Privacy Act, which prohibits the government from intercepting private electronic communications without a court order. Id. at ¶ 5. The Title III order permitted the FBI to intercept communications between Website A users. Id. at ¶ 5. On the same day the FBI obtained the order from the district judge, they also obtained from a magistrate judge in the Eastern District of Virginia a warrant which allowed them to implement a Network Investigation Technique (“NIT”) on the Website A server. Id. at ¶ 7. The NIT operated by sending to “activating computers” instructions designed to cause those computers to transmit certain information to a separate government computer, also located in the Eastern District of Virginia. Id. at ¶¶ 9, 12. The warrant authorized the FBI to obtain from an “activating computer” seven pieces of information: (1) the IP address of the computer and the date and time the NIT determined the IP address; (2) a unique identifier generated by the NIT to distinguish data from one activating computer from that of another; (3) the type of operating system used by the computer; (4) information about whether the NIT had already been delivered to the computer; (5) the computer's host name; (6) the computer's operating system username; and (7) the computer's media access control address. Id. at ¶ 8.

         On February 26, 2015, Broy, under the username maproy99, accessed a post containing child pornography from Website A, at which point the NIT was deployed to the activating computer.[1] ECF No. 13 at 3. The NIT, without Broy's awareness, collected the above-listed information and sent it to the separate government computer in the Eastern District of Virginia. ECF No. 20 at ¶ 12. The unmasked IP address allowed the FBI to determine the physical address of the activating computer, which was ultimately determined to be Broy's.[2] Id. at ¶ 13. It is undisputed that without the use of the NIT, law enforcement would not have been able to identify the IP address connected to Broy. Id. at ¶ 18. On October 19, 2015, the FBI obtained a residential search warrant from United States Magistrate Judge Tom Schanzle-Haskins, a magistrate in the district of Broy's residence, the Central District of Illinois. Id. at ¶ 20. On October 21, 2015, FBI agents executed that warrant at Broy's home, where they identified files containing child pornography. Id. at ¶ 20. Broy was subsequently indicted for receipt of child pornography, possession of child pornography, and access with intent to view child pornography. Id. at ¶ 21.


         Broy argues the execution of the NIT warrant constituted an unreasonable search and seizure under the Fourth Amendment and requires suppression of the evidence to which it led. Specifically, he argues the warrant contravened the Fourth Amendment's particularity requirement with regard to the place to be searched, rendering it a general warrant. He also claims the NIT's activation constituted a search in violation of his reasonable expectation of privacy in his computer and its contents. Broy further argues the magistrate judge lacked authority to issue the NIT warrant under the Federal Magistrate's Act and Rule 41(b) of the Federal Rules of Criminal Procedure. For the reasons set forth below, the Court finds that although the warrant itself was sufficiently particular, Broy was nevertheless the subject of an unreasonable, warrantless search in contravention of the Fourth Amendment. The Court, however, holds suppression is not an appropriate remedy in this case.

         A. Whether the NIT Warrant Lacked Particularity and Amounted to a General Warrant

         The Fourth Amendment to the United States Constitution provides, in part, “[n]o warrants shall issue, but upon probable cause, . . . and particularly describing the place to be searched, and the persons or things to be seized.” U.S. Const. amend. IV. This particularity requirement limits “the authorization to search to the specific areas and things for which there is probable cause to search” and, thus, “ensures that the search will be carefully tailored to its justifications, and will not take on the character of the wide-ranging exploratory searches the Framers intended to prohibit.” Maryland v. Garrison, 480 U.S. 79, 84 (1987). With regard to place, “[t]he requirement is satisfied if ‘the description is such that the officer with a search warrant can with reasonable effort ascertain and identify the place intended.'” United States v. McMillian, 786 F.3d 630, 639 (7th Cir. 2015) (quoting Steele v. United States, 267 U.S. 498, 503 (1925)). With regard to the items or information to be seized, “nothing [may be] left to the discretion of the officer executing the warrant.” Marron v. United States, 275 U.S. 192, 196 (1927). Only if both of these requirements are satisfied is a warrant sufficiently particular.

         Here, Broy asserts the NIT warrant did not state with particularity the place or places to be searched. He is misguided. Attachment A to the NIT warrant states the NIT was “to be deployed on the computer server described below, obtaining information from the activating computers described below. . . . The activating computers are those of any user or administrator who logs into the TARGET WEBSITE by entering a username and password.” ECF No. 14-1 at 2 (emphasis added). The attachment does not limit the warrant's applicability to “the computer of any user who resides in the Eastern District of Virginia.” Rather, it authorizes the deployment of the NIT onto the computer of “any user, ” which encompasses users who reside inside and outside the district. Id. at 2. It further required those users to log into Website A with a username and password, which, as described above, supra pages 2-3, was nearly impossible to do by accident. Moreover, the affidavit accompanying the warrant application asked the magistrate to authorize the NIT to “cause an activating computer - wherever located - to send” information to the government. ECF No. 15 at 33-34 (emphasis added). “Wherever located” clearly contemplates more than just users and computers located within the Eastern District of Virginia. That the warrant encompassed a large number of possible computers potentially located in a large number of districts does not mean it suffered from a lack of particularity; it merely indicates the FBI suspected a large number of users would access Website A from all over the country.

         Broy does not claim the particularity requirement was violated with regard to the things to be seized. Nor could he; attachment B of the warrant listed the seven specific pieces of information the NIT would gather from the activating computer and send back to the government computer in the Eastern District of Virginia. ECF No. 14-1 at 3. Thus, both the place and items to be seized were described with sufficient particularity so as not to render the warrant a general one.

         B. Whether the NIT's Activation Constituted a Fourth Amendment Search

         A threshold question in the Court's Fourth Amendment analyses is whether a defendant had a reasonable expectation of privacy in the things and places searched. A Fourth Amendment search occurs when “the government violates [the defendant's] subjective expectation of privacy that society recognizes as reasonable.” Kyllo v. United States, 533 U.S. 27, 33 (2001); see Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring). And “[a]lthough it has become an old saw that the Fourth Amendment protects people, not places, the starting point in the Katz inquiry generally ‘requires reference to a place.'” United States v. Cuevas-Perez, 640 F.3d 272 (7th Cir. 2011) (quoting Katz, 389 U.S. at 361 (Harlan, J., concurring) (internal quotation marks omitted)). Indeed, Rakas v. Illinois, 439 U.S. 128 (1978), and Rawlings v. Kentucky, 448 U.S. 98 (1980), make clear that “a person can have a legally sufficient interest in a place other than his home so that the Fourth Amendment protects him from unreasonable governmental intrusion into that place.” Rakas, 439 U.S. at 142-43, 148-49 (finding passengers of a car had a legally insufficient interest in a car in which they were riding). See also, Rawlings, 448 U.S. at 104-05 (finding defendant had a legally insufficient interest in his girlfriend's purse); United States v. Chadwick, 433 U.S. 1, 11 (1977) (finding defendant who placed marijuana in a double-locked footlocker could claim Fourth Amendment protection); Katz, 389 U.S. at 352 (finding defendant who entered a telephone booth, shut the door, and paid the toll to use the phone could claim Fourth Amendment protection). In 2010, the Seventh Circuit reiterated its reliance on a five-factor test, originally announced in United States v. Peters, 791 F.2d 1270 (7th Cir. 1986), used to determine whether a defendant had such a privacy interest:

(1) whether the defendant had a possessory [or ownership] interest in the thing seized or the place searched, (2) whether he had the right to exclude others from that place, (3) whether he exhibited a subjective expectation that it would remain free from governmental invasion, (4) whether he took normal precautions to maintain his privacy, and (5) whether he was legitimately on the premises.

United States v. Carlisle, 614 F.3d 750, 758 (7th Cir. 2010) (quoting Peters, 791 F.2d at 1281).

         The parties have dedicated much of their briefing to whether Broy had a reasonable expectation of privacy in his IP address. Indeed, many of the district courts that have considered the warrant at issue in this case have focused their Fourth Amendment analysis on this point. See, e.g., Acevedo-Lemus, 2016 WL 4208436 at **4-6; Werdene, 2016 WL 3002376 at **7-10; Michaud, 2016 WL 337263 at *7. But the analysis should not and does not end there. Whether Broy had a reasonable expectation of privacy in his computer and its contents is equally as important as whether he had one in his IP address. This is so because the NIT was designed to yield more than just Broy's IP address. Rather, it was designed to enter Broy's computer and gather ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.