According to ComputerWorld, a peer-to-peer (P2P) network is created “when two or more PCs are connected and share resources without going through a separate server computer.” Some estimates say that peer-to-peer networks account for anywhere from 43% to 70% of the Internet traffic.
Child pornographers are known to use file sharing programs, like Gnutella and LimeZilla, to receive and distribute child pornography among each other. Law enforcement uses a sensitive software called ShareazaLE to identify and track individuals using P2Ps to share child pornography.
ShareazaLE enables law enforcement to identify Globally Unique Identifier (GUID) numbers that link P2Ps to a particular IP address. Each internet network is assigned a separate address—an address that identifies the physical location of a particular network. When a P2P file sharing program like LimeZilla or Gnutella is either installed or updated, and remains associated to a given computer while a P2P is in use, a GUID is produced and remains the same regardless of whether the computer logs into different networks with different IP addresses across the country. Law enforcement can thus use ShareazaLE to download files exclusively from a targeted computer because “users of publicly available file-sharing programs download from multiple sources in order to expedite the download process.”
And that’s what happened to Joseph Pirosko who used IP addresses of hotels across the country between 2008 and 2012 to log into Gnutella and LimeZilla to share files of child pornography.
In March 2012, Nebraska Department of Justice Officer Edward Sexton discovered an IP address sharing files of child pornography through Gnutella and LimeZilla. Sexton identified three different GUIDs associated with this particular IP address. Since the third GUID was generated in January 2012 and was the one most frequently used, Sexton began tracking this GUID with ShareazaLE by setting up a “direct connection” with the identified computer, and when possible, he downloaded the files being shared with that computer. This investigation lasted several months during which the third GUID was identified with several IP addresses from different hotels across the country. By examining the guest lists at these hotels, Sexton determined that the third GUID belonged to Pirosko.
In June 2012, Sexton sought and secured a search warrant for material at a hotel room in Wooster, Ohio where Pirosko was staying. The ensuing search and seizure of Pirosko’s computer and a USB drive discovered numerous files containing child pornography on a shared folder of his LimeZilla account. Pirosko was subsequently indicted on two counts of receiving and distributing child pornography. He entered a conditional guilty plea knowing that the U.S. Sentencing Guidelines recommended a sentencing range between 262 and 327 months. The district court imposed the statutory maximum: 240 months.
Prior to the guilty plea, Pirosko’s attorneys filed a motion to compel discovery, requesting that the district court “order that the government disclose the law enforcement tools and records used … to search Mr. Pirosko’s computer equipment.” In support of this motion, counsel submitted a letter from the computer analysis company Interhack which stated that an “[a]nalysis of the tools used by investigators to create records can determine whether law enforcement manipulated data on the subject computer, the error rates in records used, or whether the GUID in question at a particular time is connected to a particular installation of LimeZilla.”
The district court denied the motion, citing the sensitive nature of ShareazaLE and Pirosko’s lack of “demonstrated need” to examine the law enforcement tool. Defense counsel then filed a motion to suppress, arguing that Pirosko’s Fourth Amendment rights were violated because the search warrant was obtained through “unreliable and unsupported information.” The district also denied this motion, setting up Pirosko’s conditional guilty plea that he be allowed to appeal the denial of the two motions.
On May 21, 2015, the Sixth Circuit Court denied Pirosko’s appeal. The first, and most essential, question the appeals court had to decide was whether, as the Government argued, ShareazaLE is a “sensitive law enforcement software protected … by qualified privilege.” This required the court to weigh the Government’s qualified privilege concerns against the needs cited by Pirosko given to him by Interhack. The appeals court noted that Pirosko had cited several cases where defendants were purportedly granted access to the “government’s software.” One of those cases was the 2012 decision by the Ninth Circuit Court of Appeals in United States v. Budziak. The Sixth Circuit had this to say about those cases:
“[Pirosko’s] reliance on these cases is not well taken. In its opinion denying Pirosko’s motion to compel, the district court pointed to a number of reasons why this case was not simply a reiteration of Budziak. Budziak, for instance, had filed motions to compel. In support of his first two motions to compel, Budziak presented evidence suggesting that the FBI may have only downloaded fragments of child pornography files from his ‘incomplete’ folder, making it “more likely” that he did not knowingly distribute any complete child pornography files … In support of his third motion to compel, Budziak submitted evidence suggesting that the FBI agents could have used the EP2P software to override his sharing settings.’ Pirosko has failed to produce any evidence, simply alleging that he might have found such evidence had he been given access to the government’s programs.”
While the Sixth Circuit upheld the district court’s finding that the Government’s interests in preserving the qualified privilege of ShareazaLE outweighed Pirosko’s speculative need to show law enforcement misconduct, the appeals court added: “To be clear, this conclusion should not be read as giving the government a blank check to operate its file-sharing detection software sans scrutiny. As a general rule, it is important that the government’s investigative methods be reliable, both for individual defendants like Pirosko and for the public at large. Still, we think it is important for the defendant to produce some evidence of government wrongdoing…”
Pirosko strongly suggests that defense attorneys in these cases should research and investigate law enforcements tools like ShareazaLE to determine if they have been employed. Given the large scope and devastating consequences of recently disclosed misconduct in the FBI’s forensics labs, motions to compel and/or suppress like those filed in the Pirosko case should be filed in all P2P child pornography cases.
History of Junk Science and Bad Testimony
For decades the FBI had convinced the general public, state law enforcement agencies, and particularly the courts with the perception that it could solve any and all crimes through the science of forensics. Criminal defense attorneys suspected all along, and have now become convinced, that dog sniff evidence, ballistics matching, fingerprint analysis, bite mark matching, and fiber analysis are, for the most part, nothing more than what has become known as “junk science.” The agency’s file-sharing detection software may soon fall into the same category.
On April 18, 2015, the Washington Post disclosed that the FBI’s Laboratory’s hair comparison unit between 1980 and 2000 offered testimony slanted to favor the prosecution. Reporter Stephen S. HSU wrote that 26 of the unit’s 28 examiners gave testimony that favored federal and state prosecutors in 95 percent of the 268 trials, according to the National Association of Criminal Defense Lawyers (NACDL) and the Innocence Project—both of whom are assisting the Government in the largest-ever post-conviction review questioning forensic evidence.
Thirty-two of the trials involved death penalty defendants—fourteen of whom either were executed or died in prison. How many of those defendants were innocent?
We don’t know but what we do now is what Paul Neufield, co-founder of the Innocence Project, said about the FBI’s heralded hair analysis unit: “The FBI’s three-decade use of microscopic hair analysis to incriminate defendants was a complete disaster.”
The Post has for some time reported that flawed forensic hair evidence could be responsible for hundreds of rape, murder, and other violent crime convictions since the 1970s. While there were no accepted scientific standards for forensic analysis, the Post reported that the overwhelming majority of FBI hair scientists used as “expert” witnesses by prosecutors invariably testified “to the certainty of ‘matches’ of crime-scene hairs to defendants, backing their claims by citing incomplete or misleading statistics drawn from their case work.”
Put simply, these so-called “highly qualified” experts assumed the guilt of the defendants they testified against and, thus, had no professional or moral qualms about giving flawed evidence that unquestionably led to the convictions of dozens, if not hundreds, of innocent people. All of the FBI’s forensic units consider themselves members of the prosecution team—not impartial and independent experts called upon to provide honest and professional scientific testimony in criminal trials. So flawed was their testimony that in one case in which human hair was identified, the hair actually belonged to a dog.
“What we were finding was that the examiners,” said NACDL executive director Norman Reimer in Associations Now, wouldn’t just simply say that there was a microscopic similarity [in hair evidence], but they would go beyond that and say it was a 100 percent match, essentially misleading the jury into concluding that the evidence had a certain value that it didn’t actually have.”
Thus, it can reasonably be argued that given the FBI’s misconduct in its forensics departments, defendants in P2P cases should not be forced to overcome insurmountable obstacles to demonstrate law enforcement misconduct in the use of their file-sharing detection tools in order to obtain discovery.