The dark web is a mysterious place that is open to nefarious and illicit human behavior. In an April 2017 Stanford Law Review article titled Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web, Boston University Law Professor Ahmed Ghappour said, “The dark web is a private global computer network that enables users to conduct anonymous transactions without revealing any trace of their location.”


Anonymity can be accomplished through The Onion Router (“Tor”) network which is a continuous component of the dark web that permits users to conceal their internet protocol (“IP”) addresses while accessing the internet. Originally created by the U.S. Naval Research Laboratory, Tor is used by individuals such as lawyers, journalists, military personnel, and activists, and by groups such as corporations and governments, concerned about digital privacy.


Tor is thus a favorite with individuals engaged in illegal activity, including individuals accessing child pornography.


IP Addresses Help Feds ID Users


In a February 21, 2018 decision, the Third Circuit Court of Appeals said, “An IP address is a unique identifier assigned by an internet service provider to computer having access to the internet, including computer servers that host websites. Websites that the computer visits can log the computer’s IP address, creating a digital record of activity on each website.”


And that’s where Tor becomes a valuable tool for those pursuing child pornography because, as the appeals court pointed out, it “prevents websites from registering a computer’s actual IP address by sending user communications through a network of relay computers called ‘nodes’ up until those communications reach the website. Numerous intermediary computers stand between the accessing computer and the website, and the website can log the IP address of only the ‘exit node,’ which is the final computer in the sequence.”


Playpen Attracts Thousands of Users Looking for Illegal Porn


A global website called the Playpen both advertises and distributes child pornography. The Third Circuit reported that Playpen has roughly 95,000 posts with over 9,000 forum topics related exclusively to child pornography that attracts more than 150,000 users.


One of those users in 2015 was a Pennsylvania resident named Gabriel Werdene.


The Third Circuit reported that in December 2014 a foreign law enforcement agency reported to the FBI that Playpen was being hosted by a computer server in North Carolina. The FBI responded to the tip by identifying Playpen’s administrator, who resided in Florida, and placing him under arrest. By periodically changing the website’s address, that administrator facilitated messages between its users while instructing them how to avoid law enforcement detection.


FBI Takes Over Playpen to ID Users

The FBI then seized the server in North Carolina and moved it to a government facility in Virginia where the agency assumed “administrative control” of Playpen while the agency’s technical support people tried to “circumvent Tor and identify Playpen users.” The FBI accomplished this objective with its own malware known as “Network Investigative Technique” (“NIT”). NIT allowed the agency to identify Playpen users around the world by accessing their computers for seven pieces of “discrete information”:


  1. An IP address;
  2. A unique identifier to distinguish the data from that of other computers;
  3. The type of operating system;
  4. Information about whether the NIT had already been delivered;
  5. A Host name;
  6. An active operating system username; and
  7. A Media Access Control address.


All this data was transmitted back to that government facility in Virginia. The FBI was confident that it could use this data “to identify users’ premises and distinguish their computers from other computers located within their proximity.”


And this is where a constitutional sticky-wicket developed in the investigative process.


Search Warrants and Modern Technology


The FBI sought, and secured, a search warrant from a federal magistrate sitting in Virginia allowing the agency to deploy NIT to all “activating computers.” The search warrant, the appeals court noted, defined an activating computer as the computer of “any user or administrator who logs into [Playpen] by creating a username and password.


In effect, the Third Circuit observed, “this single warrant authorized the FBI to retrieve identifying information from computers across the United States, and from all around the world.”


Feds Arrest “thepervert”


This Virginia-issued warrant led the FBI to the doorstep of Gabriel Werdene in Bensalem, Pennsylvania. During the last month of the warrant’s life, the FBI developed information that Werdene was logged onto Playpen for ten hours during which time he made six postings about child pornography and shared links under the username “thepervert.”


The FBI then used the Virginia warrant information to obtain a search warrant in Pennsylvania from a federal magistrate to search Werdene’s residence. That search discovered one USB drive and one DVD containing child pornography. That led to Werdene’s indictment in September 2015 in Pennsylvania for possession of child pornography.


Motion to Suppress Raises Jurisdictional Defect of Warrant


Werdene promptly filed a motion to suppress the warrant under Rule 41(b) of the Federal Rules of Criminal Procedure which, at the time, did not allow the federal magistrate to issue a warrant authorizing searches outside of the jurisdiction in which the warrant was issued. The Pennsylvania federal district court denied the motion in May 2016. The following month Werdene pled guilty to the charge against him, preserving his right to appeal the denial of his suppression motion. The district court accepted the plea arrangement and sentenced Werdene to 24 months in prison followed by five years of supervised release and a $1500.00 restitution order.


Werdene’s appeal to the Third Circuit raised two constitutional issues: 1) whether the NIT warrant violated Rule 41(b) to the level of a Fourth Amendment violation; and 2) whether the good-faith exception to the exclusionary rule applied in this context.


The Third Circuit’s February 21 decision held that the NIT warrant violated the Fourth Amendment, but no constitutional harm was done because the FBI acted in good faith when executing the warrant. The court’s ruling drew immediate attention throughout the nation’s legal community, including from the American Bar Association. The day after the Third Circuit issued its ruling the ABA explained the four components of the ruling:


“First, the Third Circuit determined that the NIT warrant violated Rule 41(b). Rule 41(b)(4) provides that a magistrate judge may ‘issue a warrant to install within the district a tracking device …’ The FBI did not believe the NIT was a ‘tracking device’ at the time it sought the warrant because the FBI did not submit an application for a tracking warrant – rather it applied for a standard search warrant; the explicit purpose of the FBI’s warrant was not to track movement – as would be required under Rule 41(b)(4) – but to obtain information from activating computers; and the NIT was not ‘installed’ within the Eastern District of Virginia, but instead on Werdene’s computer, which was physically located in Pennsylvania. Accordingly, the Third Circuit held that the FBI the NIT was not a tracking device under Rule 41(b)(4), and therefore the NIT warrant violated the Rule.


“Second, the Third Circuit decided that the NIT warrant’s Rule 41(b) violation rose to the level of a Fourth Amendment violation so suppression would be governed by the exclusionary rule standards generally applicable to Fourth Amendment violations. The Third Circuit determined that the magistrate judge, by lacking jurisdiction to issue the search warrant, not only exceeded her authority under Rule 41(b), as then drafted, but also under the Federal Magistrates Act. As a result, the Third Circuit held that the warrant was void ab initio, which elevated the magnitude of the Rule 41(b) infraction from a technical one to a Fourth Amendment violation.


“Third, the Third Circuit decided, as an issue of first impression, that the good faith exception to the exclusionary rule applies when a warrant is void ab initio due to the magistrate judge lacking

Jurisdiction to issue it. The Court considered the purpose of the exclusionary rule: to deter government violations of the Fourth Amendment and applied a cost-benefit analysis, balancing the ‘deterrence benefits of suppression’ against its substantial social costs. It held that the good faith exception applies to warrants that are void ab initio because ‘the issuing magistrate’s lack of authority has no impact on police misconduct, if the officers mistakenly, but inadvertently, presented the warrant to an innocent magistrate.’


“Fourth, the Third Circuit determined that the good faith exception did not preclude the suppression in this case, which did not fit into the four scenarios in which reliance on a warrant is unreasonable: (1) the magistrate issued the warrant in reliance on a deliberately or recklessly false affidavit; (2) the magistrate abandoned his judicial role and failed to perform his neutral and detached function; (3) the warrant was based on an affidavit so lacking in indicia of probable cause as to render official belief in its existence entirely unreasonable; or (4) the warrant was so factually deficient that it failed to particularize the place to be searched or the things to be seized. The Third Circuit noted that, here, the magistrate judge committed the Rule 41(b) error, not the FBI agents who reasonably relied on the NIT warrant. The exclusionary rule ‘applies only where it result[s] in appreciable deterrence,’ thus, even though Rule 41(b) did not authorize the magistrate judge to issue the NIT warrant, future law enforcement officers could apply for and obtain such a warrant pursuant to the new Rule 41(b)(6), which subsequently went into effect to authorize NIT-like warrants. Accordingly, the Court determined that a similar Rule 41(b) violation is unlikely to recur and suppression here would have no deterrent effect. The Third Circuit thus affirmed on alternative grounds the District Court’s decision to deny Werdene’s suppression motion.”


Altogether, the FBI ran the “Playpen sting” for thirteen days, and it resulted in the arrests of 350 Americans and 580 foreign nationals. It also led to the website’s administrator, Michael Fluckiger, receiving a 20-year federal prison sentence.


New Rules 41(b) Addresses Modern Tech


The new Rule 41(b) now specifically authorizes a federal magistrate “to issue warrants to search computers or seize electronic information outside their district if the location of the computer or information has been concealed through technological means.”


The dark web is no longer a haven of anonymity.