Court reinstates evidence against Norwood man snared by FBI malware on child-porn site

A federal appeals court ruled today that prosecutors can use eight child-porn files allegedly found on Alex Levin's computer as evidence against him even though a judge in Virginia should not have issued the search warrant used to authorize the software that linked him to one of the world's largest child-porn Web sites.

Originally set up by actual child-porn purveyors, the site was taken over and run by the FBI for two months in 2015 an attempt to snare people who downloaded images and text files. A federal judge in Virginia had given the FBI permission to attach malware - called "Network Investigative Technique" (NIT) by the FBI - to downloaded files that would beam information about the user's computer and Internet connections back to the FBI, including his IP address, system name, operating system and "media access control" address.

The FBI said it needed to do this because the site, Playpen, was not readily accessible, and its users not normally easily tracked, because it relied in part on TOR, a network system that hides user's IP addresses.

In 2016, a judge in US District Court in Boston ruled federal prosecutors could not use the files as evidence against Levin because Massachusetts was out of the Virginia judge's jurisdiction. Since the search warrant was invalid, so was any evidence seized under it, the Boston judge concluded.

But in a ruling today, the US Court of Appeals for the First Circuit in Boston dismissed that ruling and reinstated the evidence, saying the FBI agents in the case were protected under a "good faith" doctrine - they did not know the Virginia judge had no jurisdiction beyond his court district at the time (the federal rule on such orders has since been modified to allow cross-jurisdictional search warrants in such cases).

To the extent that a mistake was made in issuing the warrant, it was made by the magistrate judge, not by the executing officers, and the executing officers had no reason to suppose that a mistake had been made and the warrant was invalid. ... [The] warrant was not written in general terms that would have signaled to a reasonable officer that something was amiss. The warrant in this case was particular enough to infer that, in executing it, "the [executing officers]
act[ed] with an objectively 'reasonable good-faith belief' that their conduct [was] lawful." Davis, 564 U.S. at 238.

And while the FBI did not know whom it would catch with the software, they couldn't do anything with the information they obtained without getting a second, more specific search warrant, the court continued:

In the case at hand, in contrast, the NIT warrant did not leave to the discretion of the executing officials which places should be searched, because the NIT warrant clearly specifies that only activating computers -- that is "those of any user . . . who logs into [Playpen] by entering a username and password" -- are to be searched. The NIT warrant specifies into which homes an intrusion is permitted (those where the activating computers are located), and on what basis (that the users in those homes logged into Playpen). And if the government wished to conduct any further searches of anyone's home, it would have needed obtain an additional warrant -- which is exactly what it did in this case. Therefore, the NIT warrant "was not so facially deficient that the executing officers could not reasonably have presumed it to be valid." Woodbury, 511 F.3d at 100.

The court concluded:

[B]ecause the government acted in good faith reliance on the NIT warrant, and because the deterrent effects on law enforcement do not outweigh the great cost to society of suppressing the resulting evidence, suppression is not warranted.

Innocent, etc.




PDF icon Complete Levin ruling32.35 KB


Supreme Court?

The facts in this particular case are heinous, and allowing this suspect to go free on a technicality seems wrong. However, this seems to be yet another ruling allowing police work to hide behind a shield of ignorance.

How often do we hear authorities say "ignorance of the law is no excuse?" Apparently it is, when police are concerned and the ends seem important enough to justify the means. I think this standard of "reasonably presumed" needs clarification, but more importantly, consistency across all people and lines of work.

Voting is closed. 26

I agree

By on

I was thinking the same thing as I read the story. No one with any common sense whatsoever would want someone like this to go free, but, the law is the law and the constitution and bill of rights is there for everyone so they have a fair trial. Even the most heinous people are afforded the same protections that everyone else is entitled to.

Voting is closed. 25

What does it matter what the

By on

What does it matter what the police thought? If the search warrant was invalid, the evidence should be thrown out.

Voting is closed. 14

What does it matter?

By on

Did you read the links?

What does it matter what a website commentor thinks when a high court has ruled on the subject?

Voting is closed. 18


By on

I don't see any reason that there should be any difference between police compromising evidence by not following procedure and law and a judge compromising evidence by not following procedure and law.

Voting is closed. 3

Typographical note

By on

Tor is spelled "Tor" with an initial caps, not "TOR", regardless of its historical formation as an acronym. "TOR" is a persistent and idiosyncratic miscapitalization you'll see in US government documents. They really, really like all-caps acronyms, you know.

Voting is closed. 23