[Orin Kerr] Government ‘hacking’ and the Playpen search warrant

(Chris Ratcliffe/Bloomberg)

In recent months, over a dozen district courts have handed down divided opinions on the legality of a single search warrant that was used to search the computers of many visitors to a child pornography website. The warrant raises interesting legal issues, although I think the significant issues are mostly not the ones that have received the most media attention. Many of these cases are headed to various courts of appeal, so I thought I would present an overview of the investigation and discuss some of the legal issues raised by the warrant.

I. The Investigation

In September 2014, the federal government began investigating a child pornography website available only as a hidden service on the anonymized Tor network. The site, known as Playpen, could only be found if a person used Tor and knew the random string of numbers and letters that made up the site’s online address. In just a few months, Playpen drew more than 200,000 global users who contributed more than 100,000 posts. Every user had to log in with a username and password to visit the site. Thousands of posts on the site contained child pornography, and much of the rest of the site was discussions about child pornography.

As an anonymizing service, Tor hid the true IP addresses of Playpen account holders. Without knowing those IP addresses, there was no obvious way the government could identify and prosecute the account holders. The government devised the following strategy to reveal the users’ true location. After taking over the website pursuant to a warrant, the government obtained a second search warrant from a magistrate judge in the Eastern District of Virginia allowing the government to install a “network investigative technique” (“NIT”) on the computers of Playpen account holders. This second warrant is what I am calling the Playpen warrant.

According to the Playpen warrant, when a visitor logged in to the site with a username and password, the NIT would be secretly installed on the visitor’s personal computer. The NIT would then send the government identifying information about the user’s computer, most importantly the computer’s true IP address from inside the user’s machine.

For reasons I don’t quite understand, it appears that the government executed the warrant more narrowly than the warrant says. Although the warrant says that the NIT can be installed when a user logs in to his account, the government apparently only installed the NIT when a logged-in user clicked on a link to access the ‘Preteen Videos—Girls Hardcore’ forum. But the warrant itself was written more broadly to authorize the use of the NIT when a user logged in to a Playpen account.

The big picture here is that the NIT was used to bypass the anonymizing feature of Tor. Tor hid the users’ IP addresses, but the NIT would go directly into the suspect’s computer and retrieve the real IP addresses that Tor had hidden. When investigators learned the targets’ actual IP address, and addresses resolved to addresses inside the United States, investigators could then get additional court orders to identify where in physical space the computer was likely located. They could then obtain additional search warrants to conduct searches there, searching homes for the computers and finding child pornography on the machines.

During the time that the NIT was used, as authorized by the warrant, it led to the installation of the NIT on more than 1,000 visitor computers. This led to around 200 nearly identical criminal cases all around the United States charging child pornography offenses. All of the charges stemmed from the one search warrant issued by a magistrate judge in the Eastern District of Virginia.

The Playpen case has received a lot of media attention, including about the ethics of the government running the Playpen server for a window of time while the monitoring occurred. For the rest of this post, I’ll pick just three among the many issues that have received attention or that I think deserve more attention.

II. Retrieving IP Addresses is Clearly a Search

A significant amount of media attention about the Playpen cases has focused on a curious argument. A minority of the judges have held that the the Playpen searches were constitutional because they weren’t searches at all. According to this argument, a person has no Fourth Amendment rights in IP addresses. Because the most important