United States District Court, C.D. Illinois, Peoria Division
Michael M. Mihm, United States District Judge.
matter is now before the Court on Defendant Braman Broy's
(“Broy”) Motion to Suppress Evidence (ECF No.
12). For the reasons set forth below, Broy's Motion to
Suppress Evidence (ECF No. 12) is DENIED.
of the Present Case
Court notes the seriousness and complexity of the legal
issues in this case and that similar issues are likely to
present themselves as technology continues to evolve faster
than the law can keep pace. It further recognizes that
reasonable jurists can - and have - come to different
conclusions on these issues and that district judges will
await further guidance from the courts of appeals. The Court
suggests readers familiarize themselves with previous cases
stemming from the warrant at issue in this case before
continuing to read this Order. See, e.g., United
States v. Adams, No. 6:16-CR-11-ORL-40GJK, 2016 WL
4212079 (M.D. Fla. Aug. 10, 2016); United States v.
Acevedo-Lemus, No. SACR 15-00137-CJC, 2016 WL 4208436
(C.D. Cal. Aug. 8, 2016); United States v. Eure, No.
2:16CR43, 2016 WL 4059663 (E.D. Va. July 28, 2016);
United States v. Matish, No. 4:16CR16, 2016 WL
3545776 (E.D. Va. June 23, 2016); United States v.
Darby, No. 2:16CR36, 2016 WL 3189703 (E.D. Va. June 3,
2016); United States v. Werdene, No. CR 15-434, 2016
WL 3002376 (E.D. Pa. May 18, 2016); United States v.
Levin, No. CR 15-10271-WGY, 2016 WL 2596010 (D. Mass.
May 5, 2016); United States v. Epich, No.
15-CR-163-PP, 2016 WL 953269 (E.D. Wis. Mar. 14, 2016);
United States v. Michaud, No. 3:15-CR-05351-RJB,
2016 WL 337263 (W.D. Wash. Jan. 28, 2016).
(“Website A”) was a website whose primary purpose
was the advertisement and distribution of child pornography.
ECF No. 20 at ¶ 1. Website A operated only on the
“Tor” network, an open-source software tool which
routes communications through multiple computers called
“nodes” in order to mask a user's IP address
and, thus, keeps the user's identity anonymous. ECF No.
13 at 1-2. These nodes are run by volunteers throughout the
world. ECF No. 15 at 3. In order to use the Tor network, a
user must download and run Tor software on his or her
personal computer. ECF No. 13 at 2. When first logging into
the Tor network, a user, whether knowingly or not,
communicates his or her IP address to the first node
volunteer. It is only after an IP address has been routed
through multiple nodes that a user's IP address becomes
masked. Indeed, when a user finally accesses a website while
logged into the Tor network, only the IP address of the
“exit node” is visible to that site (and, thus,
any law enforcement officials monitoring that site). ECF No.
15 at 3-4. Traditional investigative techniques are therefore
ineffective in finding a Tor user's real IP address.
Id. at 4.
A was a “hidden service” on the Tor network.
Id. at 4. A “hidden service” does not
operate like a normal Internet website, where one could find
a page by happenstance, such as by entering key terms into a
search engine. Id. at 4. Rather, a “hidden
service” requires a user to acquire its exact web
address from another source, such as another user of that
“hidden service” or online postings detailing its
web address, before accessing the website. Id. at 4.
Thus, it was extremely unlikely anyone could have accessed
Website A accidentally.
A was hosted on a server in North Carolina and maintained by
an administrator in Florida. ECF No. 20 at ¶ 2. In
January 2015, FBI agents executed a search warrant and copied
the contents of the server. ECF No. 15 at 5. Upon searching
the website logs, the FBI determined that a Tor network user
with the username “maproy99” had accessed several
images of child pornography in January 2015. ECF No. 20 at
¶ 16. That username was later traced to Broy.
Id. at ¶ 19. Rather than shutting down the
server and Website A, the FBI continued to operate both at a
government facility in the Eastern District of Virginia.
Id. at ¶ 4. The FBI operated the server and
Website A between February 20, 2015, and March 4, 2015.
Id. at ¶ 4.
February 20, 2015, the FBI obtained from a district judge in
the Eastern District of Virginia an order pursuant to Title
III of the Electronic Communications Privacy Act, which
prohibits the government from intercepting private electronic
communications without a court order. Id. at ¶
5. The Title III order permitted the FBI to intercept
communications between Website A users. Id. at
¶ 5. On the same day the FBI obtained the order from the
district judge, they also obtained from a magistrate judge in
the Eastern District of Virginia a warrant which allowed them
to implement a Network Investigation Technique
(“NIT”) on the Website A server. Id. at
¶ 7. The NIT operated by sending to “activating
computers” instructions designed to cause those
computers to transmit certain information to a separate
government computer, also located in the Eastern District of
Virginia. Id. at ¶¶ 9, 12. The warrant
authorized the FBI to obtain from an “activating
computer” seven pieces of information: (1) the IP
address of the computer and the date and time the NIT
determined the IP address; (2) a unique identifier generated
by the NIT to distinguish data from one activating computer
from that of another; (3) the type of operating system used
by the computer; (4) information about whether the NIT had
already been delivered to the computer; (5) the
computer's host name; (6) the computer's operating
system username; and (7) the computer's media access
control address. Id. at ¶ 8.
February 26, 2015, Broy, under the username maproy99,
accessed a post containing child pornography from Website A,
at which point the NIT was deployed to the activating
computer. ECF No. 13 at 3. The NIT, without
Broy's awareness, collected the above-listed information
and sent it to the separate government computer in the
Eastern District of Virginia. ECF No. 20 at ¶ 12. The
unmasked IP address allowed the FBI to determine the physical
address of the activating computer, which was ultimately
determined to be Broy's. Id. at ¶ 13. It is
undisputed that without the use of the NIT, law enforcement
would not have been able to identify the IP address connected
to Broy. Id. at ¶ 18. On October 19, 2015, the
FBI obtained a residential search warrant from United States
Magistrate Judge Tom Schanzle-Haskins, a magistrate in the
district of Broy's residence, the Central District of
Illinois. Id. at ¶ 20. On October 21, 2015, FBI
agents executed that warrant at Broy's home, where they
identified files containing child pornography. Id.
at ¶ 20. Broy was subsequently indicted for receipt of
child pornography, possession of child pornography, and
access with intent to view child pornography. Id. at
argues the execution of the NIT warrant constituted an
unreasonable search and seizure under the Fourth Amendment
and requires suppression of the evidence to which it led.
Specifically, he argues the warrant contravened the Fourth
Amendment's particularity requirement with regard to the
place to be searched, rendering it a general warrant. He also
claims the NIT's activation constituted a search in
violation of his reasonable expectation of privacy in his
computer and its contents. Broy further argues the magistrate
judge lacked authority to issue the NIT warrant under the
Federal Magistrate's Act and Rule 41(b) of the Federal
Rules of Criminal Procedure. For the reasons set forth below,
the Court finds that although the warrant itself was
sufficiently particular, Broy was nevertheless the subject of
an unreasonable, warrantless search in contravention of the
Fourth Amendment. The Court, however, holds suppression is
not an appropriate remedy in this case.
Whether the NIT Warrant Lacked Particularity and Amounted to
a General Warrant
Fourth Amendment to the United States Constitution provides,
in part, “[n]o warrants shall issue, but upon probable
cause, . . . and particularly describing the place to be
searched, and the persons or things to be seized.” U.S.
Const. amend. IV. This particularity requirement limits
“the authorization to search to the specific areas and
things for which there is probable cause to search”
and, thus, “ensures that the search will be carefully
tailored to its justifications, and will not take on the
character of the wide-ranging exploratory searches the
Framers intended to prohibit.” Maryland v.
Garrison, 480 U.S. 79, 84 (1987). With regard to place,
“[t]he requirement is satisfied if ‘the
description is such that the officer with a search warrant
can with reasonable effort ascertain and identify the place
intended.'” United States v. McMillian,
786 F.3d 630, 639 (7th Cir. 2015) (quoting Steele v.
United States, 267 U.S. 498, 503 (1925)). With regard to
the items or information to be seized, “nothing [may
be] left to the discretion of the officer executing the
warrant.” Marron v. United States, 275 U.S.
192, 196 (1927). Only if both of these requirements are
satisfied is a warrant sufficiently particular.
Broy asserts the NIT warrant did not state with particularity
the place or places to be searched. He is misguided.
Attachment A to the NIT warrant states the NIT was “to
be deployed on the computer server described below, obtaining
information from the activating computers described
below. . . . The activating computers are those of
any user or administrator who logs into the TARGET
WEBSITE by entering a username and password.” ECF No.
14-1 at 2 (emphasis added). The attachment does not limit the
warrant's applicability to “the computer of any
user who resides in the Eastern District of Virginia.”
Rather, it authorizes the deployment of the NIT onto the
computer of “any user, ” which encompasses users
who reside inside and outside the district. Id. at
2. It further required those users to log into Website A with
a username and password, which, as described above,
supra pages 2-3, was nearly impossible to do by
accident. Moreover, the affidavit accompanying the warrant
application asked the magistrate to authorize the NIT to
“cause an activating computer - wherever
located - to send” information to the government.
ECF No. 15 at 33-34 (emphasis added). “Wherever
located” clearly contemplates more than just users and
computers located within the Eastern District of Virginia.
That the warrant encompassed a large number of possible
computers potentially located in a large number of districts
does not mean it suffered from a lack of particularity; it
merely indicates the FBI suspected a large number of users
would access Website A from all over the country.
does not claim the particularity requirement was violated
with regard to the things to be seized. Nor could he;
attachment B of the warrant listed the seven specific pieces
of information the NIT would gather from the activating
computer and send back to the government computer in the
Eastern District of Virginia. ECF No. 14-1 at 3. Thus, both
the place and items to be seized were described with
sufficient particularity so as not to render the warrant a
Whether the NIT's Activation Constituted a Fourth
threshold question in the Court's Fourth Amendment
analyses is whether a defendant had a reasonable expectation
of privacy in the things and places searched. A Fourth
Amendment search occurs when “the government violates
[the defendant's] subjective expectation of privacy that
society recognizes as reasonable.” Kyllo v.
United States, 533 U.S. 27, 33 (2001); see
Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan,
J., concurring). And “[a]lthough it has become an old
saw that the Fourth Amendment protects people, not places,
the starting point in the Katz inquiry generally
‘requires reference to a place.'” United
States v. Cuevas-Perez, 640 F.3d 272 (7th Cir. 2011)
(quoting Katz, 389 U.S. at 361 (Harlan, J.,
concurring) (internal quotation marks omitted)). Indeed,
Rakas v. Illinois, 439 U.S. 128 (1978), and
Rawlings v. Kentucky, 448 U.S. 98 (1980), make clear
that “a person can have a legally sufficient interest
in a place other than his home so that the Fourth Amendment
protects him from unreasonable governmental intrusion into
that place.” Rakas, 439 U.S. at 142-43, 148-49
(finding passengers of a car had a legally insufficient
interest in a car in which they were riding). See
also, Rawlings, 448 U.S. at 104-05 (finding
defendant had a legally insufficient interest in his
girlfriend's purse); United States v. Chadwick,
433 U.S. 1, 11 (1977) (finding defendant who placed marijuana
in a double-locked footlocker could claim Fourth Amendment
protection); Katz, 389 U.S. at 352 (finding
defendant who entered a telephone booth, shut the door, and
paid the toll to use the phone could claim Fourth Amendment
protection). In 2010, the Seventh Circuit reiterated its
reliance on a five-factor test, originally announced in
United States v. Peters, 791 F.2d 1270 (7th Cir.
1986), used to determine whether a defendant had such a
(1) whether the defendant had a possessory [or ownership]
interest in the thing seized or the place searched, (2)
whether he had the right to exclude others from that place,
(3) whether he exhibited a subjective expectation that it
would remain free from governmental invasion, (4) whether he
took normal precautions to maintain his privacy, and (5)
whether he was legitimately on the premises.
United States v. Carlisle, 614 F.3d 750, 758 (7th
Cir. 2010) (quoting Peters, 791 F.2d at 1281).
parties have dedicated much of their briefing to whether Broy
had a reasonable expectation of privacy in his IP address.
Indeed, many of the district courts that have considered the
warrant at issue in this case have focused their Fourth
Amendment analysis on this point. See, e.g.,
Acevedo-Lemus, 2016 WL 4208436 at **4-6;
Werdene, 2016 WL 3002376 at **7-10;
Michaud, 2016 WL 337263 at *7. But the analysis
should not and does not end there. Whether Broy had a
reasonable expectation of privacy in his computer and its
contents is equally as important as whether he had one in his
IP address. This is so because the NIT was designed to yield
more than just Broy's IP address. Rather, it was designed
to enter Broy's computer and gather ...