Published on:

Big Changes to a Little-Known Rule: Rule 41(b) and the Unlawful Search that Paved Its Way

In December 2016, a federal policy-making body known as the Judicial Conference of the United States made it much easier for federal law enforcement to hack into private computers and mine personal data regardless of the computer’s location. It did this simply by changing Rule 41 of the Federal Rules of Criminal Procedure. The Supreme Court approved the changes in April 2016, and Congress recently declined to take steps to block or delay the changes. That means that the changes have now gone into effect, and law enforcement now will have a much easier time obtaining warrants to search computers—and possibly also have an easier time surviving constitutional challenges to those warrants.

What is Rule 41, And What Did the Change Do?

Federal Rule of Criminal Procedure 41 governs procedures related to search warrants and seizures. It governs what law enforcement must do in order to obtain and then execute a search warrant; what a magistrate judge must do to issue a warrant; and what a person must do to move for the return of property or suppression of evidence unlawfully obtained.

The rule change applies to Rule 41(b), which limits where federal law enforcement or attorneys can seek a warrant. Traditionally, they have only been able to obtain warrants from a magistrate judge who is located in the district where the person or property to be searched is located, or where the crime or activities related to the crime occurred. The rule prevents forum shopping, and makes sure that the person who makes the decision about whether to issue the warrant has some authority over either the alleged offense, or the person or place to be searched. In other words, the rule stops law enforcement officers from going to a magistrate judge in Oklahoma or Oregon to get a warrant for a search relevant only to Massachusetts.

The new Rule 41(b) carves out a big exception for warrants aimed at electronic data. Now, under Rule 41(b)(6), a magistrate judge can issue a warrant that allows law enforcement to remotely access computers (and other devices) and to seize information stored on those computers, regardless of where the computers are physically located. As long as the computer’s user has used technology to hide the computer’s location, a federal magistrate judge located anywhere in the United States can issue a warrant that allows law enforcement to remotely access that computer—usually by using spyware or malware to invade the computer—and to pull information from the computer. This includes IP address information that provides law enforcement with information about the computer’s physical location. The new rule is not limited to gathering IP address information, though; under the rule, authorities can obtain warrants for any data from the targeted devices, as long as the device’s user anonymized its web usage in some capacity.

What the Changes Will Look Like: Looking Backwards to the Playpen Search

A simple way to see what the changed rule might look like in practice is to look at the Playpen search that federal law enforcement carried out in early February 2015. The warrant search violated Rule 41(b) as it was then written, but may well be within the scope of the newly revised rule.

In December 2014, federal law enforcement in Virginia received a tip that enabled them to find and take control of a child pornography website called “Playpen.” The website was operated in such a way that it shielded the operator and users from sharing or learning one another’s IP addresses. Law enforcement sought a warrant to plant malware on any computer that visited the Playpen website, and to use that malware to collect data from the infected computers. U.S. law enforcement call this process a “network investigative technique,” or NIT. The warrant application did not inform the magistrate judge that the true scope of the search was unknown, and instead incorrectly indicated that the search and information seizure would be limited to devices located in Virginia. The magistrate judge issued the warrant, and law enforcement executed it. For several weeks, the U.S. government continued to host Playpen and to infect with malware any user who logged into a specific area of the website. The malware allowed the government to obtain the IP addresses directly off the infected computers.

Thousands of computers located throughout the world were targeted by the search, and law enforcement eventually prosecuted hundreds of people for violating child pornography laws. The search fell far afield of Rule 41(b) as it was then written, and many defendants have sought to suppress the evidence obtained during the search on grounds related to the scope of the rule as well as on constitutional grounds,[1] with varying degrees of success. The newly effective rule 41(b) suggests that defendants seeking to suppress evidence obtained from similar searches in the future may have a more difficult time proving the unreasonableness of the search.

Challenging the Amendment

Eventually, there will be Fourth Amendment challenges to searches carried out under the new Rule 41(b). But these challenges take time; in the meantime, thousands of people are likely to be targeted for searches and seizures that take place before the question becomes settled law. And there remains the possibility that courts will determine that these searches are, in fact, lawful under the Fourth Amendment, which will in turn raise new, troubling questions about law enforcement, technology, and our Constitution’s ability to limit the government’s use of intrusive technology against private individuals.

[1] Because of the scope of the warrant, the challenges have been brought in a number of different jurisdictions, which have taken varied approaches to the questions raised. Typically, if a search violates both Rule 41 and the Fourth Amendment, then the evidence obtained from the search can be suppressed. But if the search only violates Rule 41 but does not violate the Fourth Amendment, then in most jurisdictions it will be suppressed only in limited circumstances. Different jurisdictions react differently to violations of Rule 41, and in particular have reached different conclusions about the constitutionality and legality of the Playpen searches.

Badges

Contact Information