United States District Court, E.D. Wisconsin
Stadmueller, United States District Judge.
the Court is Defendant Marcus A. Owens'
(“Owens”) objection to Magistrate Judge David E.
Jones' order of November 4, 2016, denying his motion to
compel discovery regarding the “Network Investigative
Technique” (“NIT”) employed by the
government in this case. For the reasons stated below,
Magistrate Jones' ruling will be affirmed in its
2014, the FBI began investigating Playpen, a website used to
advertise and distribute child pornography. (Docket #78 at
2). The website was accessible to Internet users through a
“Tor” browser, which masks the user's
Internet Protocol (“IP”) address and, as a
result, his identity. Id. The FBI apprehended the
administrator of the Playpen site in early 2015 and
thereafter allowed Playpen to continue operating on a server
located in a government facility in the Eastern District of
February 20, 2015, a United States magistrate judge sitting
in the Eastern District of Virginia issued a warrant
authorizing the government to deploy an NIT on that server.
Id. at 2-3. The NIT was able to function because it
exploited a vulnerability in the Tor browser through which it
could access activating computers. Id. at 6. In
addition to the normal content the end user downloaded from
the Playpen site, the NIT downloaded additional instructions
onto the end user's computer. Id. at 3. For
purposes of the NIT warrant, the end user's computer was
dubbed the “activating computer.” Id.
After downloading the additional instructions, the activating
computer would transmit certain content-neutral identifying
information to the government-controlled server. Id.
The NIT was deployed each time a user logged onto Playpen
while it was under government control, which lasted from
February 20 to March 4, 2015. Id. According to the
government, the NIT did not reveal any information other than
the identifying data listed in the warrant and it did not
deny the user access to any data on or functionality of his
operating Playpen in conjunction with the NIT, the FBI
identified Owens as a Playpen user. Id. Law
enforcement officers subsequently obtained a warrant to
search Owens' home. Id. Upon executing the
warrant, officers recovered an external hard drive that
contained numerous images and videos of suspected child
pornography. Id. at 4. Owens agreed to speak with
law enforcement and he admitted accessing certain websites
that contained images of child pornography. Id.
Based on the evidence seized from the residence and his
statement to law enforcement, Owens was arrested pursuant to
a criminal complaint that charged him with receiving and
possessing child pornography. (Docket #1). On March 1, 2016,
a grand jury returned an indictment against Owens, charging
him with one count of knowingly receiving child pornography,
in violation of 18 U.S.C. § 2252A(a)(2), and one count
of knowingly possessing matter that contained images of child
pornography, in violation of 18 U.S.C. § 2252A(a)(5).
Motion to Compel
March 24, 2016, Owens wrote a letter to the government
requesting that it produce “a complete copy of the code
used for the NIT.” (Docket #76-3). The government
agreed to produce only a portion of the NIT's source
code. Thereafter, Owens retained Matthew Miller (“Dr.
Miller”), an assistant professor of computer science
and information technology at the University of Nebraska at
Kearney, to analyze the portion of the NIT code the
government produced. (Docket #78 at 4-5). Dr. Miller opined
that he needed to evaluate additional portions of the NIT
that the government had not produced. (Docket #76-1). The
government agreed to produce some additional information but
again stopped short of producing everything Owens requested.
(Docket #68). Owens filed a motion to compel the entire NIT
source code on November 1, 2016. (Docket #76).
NIT, according to Owens, has four discrete components: (1)
tracking server software used to generate and track the
information extracted from activating computers; (2) exploit
software used to take advantage of a software flaw in the Tor
browser; (3) payload software that ran on the activating
computers to extract information and report that information
back to the government server; and (4) collection server
software that stored the extracted information on the
government server. (Docket #62 at 2). To date, the government
has produced the tracking server software and the payload
software. Id. at 4. Owens still seeks the exploit
software, a “human-readable” form of the payload
software, and the collection server software. Id.
litigating the matter before Magistrate Jones, Owens offered
two rationales for his need to discover these additional
pieces of the NIT source code. First, Owens suspects that the
NIT “may have extracted more information from his
computer than the warrant permitted.” Id. at
5. Second, Owens contends that “the NIT's exploit
component may have altered [his] computer, potentially
creating an ongoing vulnerability for attack by a third
party-that is, it may have allowed a third party to use the
computer and store information on it, including the illegal
material now being attributed to him.” Id.
initial matter, the government argued that it had produced
what it believed to be the entire source code for the
NIT-that is, the additional instructions the NIT downloaded
on the activating computers in addition to Playpen's
usual content. (Docket #70-2 ¶ 5). On top of that, the
government has made Owens' computer available to him and
produced the two-way data stream showing what information
went into Owens' computer and what information was sent
back to the government-hosted computer server. Id.
¶ 15; (Docket #78 at 8). According to the government,
Dr. Miller has analyzed the data stream and has confirmed
that this information matches the NIT results. (Docket #78 at
8); (Docket #76-1 ¶ 2).
says the government, even if the NIT could be separated into
components as Owens requests, it should not be required to
produce those components. First, there is no
“human-readable” form of the payload software,
and second, the exploit and collection server software are
immaterial to Owens' defense and are subject to the law
enforcement privilege. Id. On this second point, the
government viewed Owens' rationales for the materiality
of the software as mere supposition, unsupported by any
evidence that the government actually extracted more
information from his computer than authorized or left his
computer open to third-party attack. Id. at 8-9.