Volume 109

The Fourth Amendment and the Dark Web: How to Embrace a Digital Jurisprudence that Protects Individual Liberties

by McKenzie Hightower

A tip in February 2015 set off a chain of remarkable events that eventually led the Federal Bureau of Investigation (FBI) to a child pornography website on the dark web named “Playpen.” However, the FBI did not shut down the website right away. Instead, the FBI operated the website for two weeks to identify website users. Law enforcement eventually applied for a warrant in the Eastern District of Virginia to use the Network Investigative Technique (NIT) to identify Playpen’s users and administrators. The NIT can be thought of as a form of malware because it gains access to a suspect’s computer without his or her consent. Specifically, the NIT collects the target computer’s “Host Name,” operating system, IP address, and “Media Access Control” address as well as other information. This was a risky and controversial plan because it required the government to operate a child pornography website. To obtain a warrant, law enforcement prepared an affidavit documenting its basis for probable cause and the urgent need to identify some of the 150,000 users exploiting children on the website. However, the application did not—and could not—state with particularity the places to be searched because it was unknown where the users of Playpen were located due to their use of Tor, an anonymizing software.

The court issued a search warrant, and law enforcement sent malware using the NIT to a user’s computer when the user accessed the Playpen website. The malware caused the user’s computer to send identifying information to federal agents in the Eastern District of Virginia. After the NIT warrant was issued, the FBI obtained over 9,000 IP addresses across 120 countries from users logging in to Playpen. As a result of this sting, over 200 users were criminally charged, and forty-nine American children were rescued from exploitation. Because suspects were discovered outside the Eastern District of Virginia, however, courts have debated whether the magistrate judge exceeded his authority by issuing a warrant outside his jurisdiction. 

 To remedy this debate, the drafters of the Federal Rules of Criminal Procedure (FRCP) modified Rule 41 to explicitly allow future digital out-of-district searches under certain circumstances. The drafters gave one overriding reason for this modification: they worried about a “situation [where] the warrant sufficiently describes the computer to be searched, but the district within which the computer is located is unknown.” Of importance for this Note, the drafters explicitly stated that “[t]he proposed amendment does not address constitutional questions that may be raised by warrants for remote electronic searches, such as the specificity of description that the Fourth Amendment may require in a warrant for remotely searching electronic storage media or seizing or copying electronically stored information.” This Note will specifically address the constitutional question the drafters declined to answer and endeavor to ensure that individual liberty is balanced with the need to seek justice for those who use the dark web maliciously. 

Continue reading The Fourth Amendment and the Dark Web: How to Embrace a Digital Jurisprudence that Protects Individual Liberties.