Black Hat or White Hat? Government Hacking in the Operation Pacifier Investigation Leads to Legal Chaos in Courts Throughout the Country

Attorneys and judges in Federal District Courts throughout the country are grappling with the myriad of complex legal, factual, and ethical dilemmas raised by the government’s use of a computer hacking device as part of its extraordinary “Operation Pacifier” investigation. This investigation focused on illegal activity taking place on the so-called “Dark Net” or “TOR” network. “TOR” stands for “The Onion Router,” which is a volunteer-operated network of servers that use encryption technology to mask the identifying information of those who access the internet through the TOR network. TOR functions by first directing users to a participating server, which encrypts the user’s identifying information; most-notably their IP address. The user is then relayed through a series of TOR servers, each of which re-encrypts their information. At the end of this virtual journey, what appears when the user actually accesses the internet is the last server they were channeled through. Thus, the “onion” router refers to the layers of encryption involved in using TOR.

The TOR network operates openly, is publicly-available, and supported by a wide array of institutions and individuals. It is seen by its acolytes as a valuable resource that enables the free-sharing of information by those whose safety and security would be at risk should their on-line activities be known to others, such as political dissidents living under repressive political regimes. The TOR network also enables on-line criminal activity, however, and law enforcement has struggled to confront and capture those who exploit the anonymity it provides for criminal means.

In an effort to overcome the law-enforcement obstacles posed by the TOR Network, in February of 2015 the FBI obtained a so-called “NIT Warrant,” which stands for “Network Investigative Technique.” This warrant, issued in the Eastern District of Virginia, exploited a computer virus that enabled investigators to circumvent the anonymity of the TOR Network in a rather ingenious – albeit somewhat legally dubious – way.

Via a tip from a foreign intelligence agency, the FBI managed to physically seize a server operating a notorious TOR-based website. Rather than shut the website down, however, the government transported the server to the Eastern District of Virginia and continued operating the website for several weeks in an effort to identify and ultimately prosecute many of the site’s visitors. The NIT Warrant authorized the government to employ a computer virus that tagged-along with the information being transferred from the elicit website they were controlling back down the path of the otherwise-encrypted TOR Network and into the user’s computer. The virus would then, unbeknownst to the user, transmit their actual identifying information directly from their computer to a government-controlled server in the District of Maryland. This information would then be shared with local law enforcement, who would obtain a warrant for the targeted user wherever they happened to reside.

The fundamental problem with the NIT warrant is that it authorized searches of properties – the computers of the targeted users – located outside the geographic region within which the Federal Magistrate Judge who issued the warrant had jurisdictional authority. The authority of Magistrate Judges to issue warrants is vested in Federal Rule of Criminal Procedure 41, which has been deemed by some outdated and unable to account for the investigative techniques necessary to fight modern, internet-based criminal activity. Recent amendments to Rule 41 have been proposed that would specifically authorize warrants such as the NIT Warrant. These amendments have raised alarms with internet privacy watchdogs and others who fear they would grant the government overly-expansive authority to monitor Americans’ on-line activities.

The government’s use of the NIT warrant has resulted in scores of prosecutions around the country and many more are expected in the future. Cedrone & Mancano is currently defending one such prosecution. As motions to suppress, evidentiary motions, and motions to dismiss have been litigated around the country, there have been wildly disparate rulings from United States District Courts granting and denying these motions for a variety of reasons. These District Court rulings are just now being litigated in the Federal Circuit Courts of Appeal. It seems likely that the legality of the NIT Warrant and the prosecutions derived from its use will ultimately be resolved by the Supreme Court.