United States District Court, W.D. Arkansas, Fayetteville Division
MEMORANDUM OPINION AND ORDER
TIMOTHY L. BROOKS UNITED DISTRICT JUDGE
pending before the Court is Defendant Anthony Allen
Jean's Motion to Compel (Doc. 28) and supporting
expert-witness declarations, filed on June 10, 2016. The
Government filed an under-seal Response in Opposition to the
Motion (Doc. 30) on June 21, 2016. The Government's
Response was also supported by expert declarations, as well
as certain emails and letters that the parties had exchanged
regarding this discovery dispute. The parties previously
entered into an agreed Protective Order (Doc. 26) regarding
the handling of certain material the Government had deemed
confidential, and this discovery dispute arose after the
Protective Order was in place.
to filing the Motion to Compel, Mr. Jean had filed a Motion
to Suppress (Doc. 19) on March 21, 2016. The Court elected to
take up the suppression issue first, holding an evidentiary
hearing on June 23, 2016. The Motion to Suppress was denied
in a Memorandum Opinion and Order (Doc. 40) filed on
September 13, 2016. The Court then scheduled an evidentiary
hearing on the Motion to Compel, and invited the parties to
submit supplementary briefing if they so desired,
particularly if their positions had changed in the
intervening months due to new evidence produced by the
Government, or due to new case law impacting any of the
issues raised in the Motion. Mr. Jean declined to file a
supplementary brief and informed the Court that the
Government had not surrendered any new evidence. The
Government filed a Supplemental Response to the Motion to
Compel (Doc. 41), pointing the Court to two opinions from the
Eastern District of Virginia, regarding similar discovery
issues arising from the same FBI sting operation that led to
Mr. Jean's arrest.
Court held an evidentiary hearing on the Motion to Compel on
October 11, 2016, and Mr. Jean called expert witness Dr.
Matthew Miller to testify via videoconference, while the
Government called expert witness Special Agent Daniel Alfin
to testify in person. Both witnesses were subject to
cross-examination by counsel, and the Court made its own
inquiries of the witnesses, as well. Both sides were also
given the opportunity to present oral argument to the Court
at the close of the hearing. The Court took the matter under
advisement, stating that it would first endeavor to decide
the issue of whether the requested discovery was material to
the defense, and then, if necessary, consider whether the
Government's assertion of the law enforcement privilege
with respect to certain discovery would apply to outweigh Mr.
Jean's need for the evidence.
October 19, 2016, the Court issued a text-only Order,
explaining that it required further development of the record
as to the Government's assertion of the law enforcement
privilege. The Court then directed the Government to prepare
and submit for in camera review a confidential
brief, supported by affidavits and any other evidence the
Government deemed relevant, on the subject of the privilege.
In a separate email to the parties, the Court advised Mr.
Jean's counsel that he was welcome to submit a
supplemental brief on the law enforcement privilege, if he so
desired. On November 19, 2016, the Court received and
reviewed a confidential and classified affidavit from the
Government setting forth a factual basis in support of its
assertion of the law enforcement privilege, and also received
and reviewed Mr. Jean's Supplementary Brief on the
privilege (Doc. 46).
Court now finds that the above issues are ripe for decision.
For the reasons explained herein, the Court GRANTS IN PART
AND DENIES IN PART the Motion to Compel (Doc. 28).
Court previously set forth a detailed recitation of the
background facts surrounding this case in its Memorandum
Opinion and Order on Mr. Jean's Motion to Suppress.
See Doc. 40. The Court therefore incorporates those
background facts by reference, and highlights below a few
salient details about the case to provide context for the
Jean's arrest and indictment proceeded from the FBI's
development of specialized electronic investigative
technology that was intended to identify the registered users
of a child pornography website known as "Playpen."
Playpen operated as a hidden service on the TOR network. This
network could be accessed by anyone who downloaded the TOR
browser, which in turn allowed users to mask their true
Internet Protocol ("IP") addresses so that they
could search the web in complete anonymity. Because the
Playpen website was located on the TOR network, and users of
the website had masked their true IP addresses, law
enforcement lacked the means to identify those individuals
who were actively downloading and distributing child
pornography on Playpen. The FBI developed certain computer
code, which it dubbed a "Network Investigative
Technique" ("NIT"), that would surreptitiously
deploy when a Playpen user would log into the website using a
username and password, and begin downloading an image of
child pornography. The NIT would then cause the user's
computer to send back to the FBI certain content-neutral
identifying information, including the computer's type of
operating system, the computer's host name and operating
system username, the computer's media access control
address, and a unique identifier generated by the NIT. The
user's return of this "packet" of information
was sent to the Government's computer over the regular
internet-which had the intended side effect of revealing the
user's true IP address, because IP addresses are attached
to every packet of information exchanged over the regular
internet. With the user's true IP address came the
FBI's ability to determine the actual identity and
location of the suspected Playpen user. The FBI's NIT was
able to do all this by first exploiting a defective window,
i.e., a non-publicly-known vulnerability, ______.
Jean agrees the Government already provided certain NIT
related information in discovery. First, the Government
provided the operating instructions that were sent to Mr.
Jean's computer at the time he allegedly began
downloading child pornography from the Playpen website.
During the hearing, the parties and their witnesses sometimes
referred to these operating instructions as the
"payload, " whereas at other times, they referred
to the instructions as "the NIT." Second, the
Government produced the raw data that was received by the FBI
from Mr. Jean's computer and internet modem. This data
was also referred to during the hearing as the "two-way
data stream" between the FBI's computer and Mr.
Jean's computer, or the "PCAP data." Third, the
Government disclosed the particular images that were
downloaded by a Playpen user called
"regalbegal"-whom the Government contends is Mr.
Jean. Fourth, the Government made available the contents of
Mr. Jean's seized computer, which the Government asserts
contains contraband evidence of child pornography that was
seized pursuant to the residential search warrant executed at
Mr. Jean's residence.
acknowledging the production of all this evidence, Mr. Jean
argues there are still other pieces of evidence in the
Government's possession that are material to Mr.
Jean's defense and should be provided in discovery. The
first piece of evidence is the computer code that the FBI
used to generate the "unique identifier" that was
used to link Mr. Jean's computer to the user who accessed
and downloaded images from the Playpen website with the
regalbegal username. This unique identifier is an algorithm,
or sequence of numbers, that the FBI created and later
associated with regalbegal's Playpen account. During the
hearing on the Motion to Compel, the Court asked whether the
Government would consider voluntarily providing the
unique-identifier code to Mr. Jean's expert, Dr. Miller,
subject to a protective order drafted by the parties and
submitted to the Court for approval. The Government agreed to
this compromise, and an agreed protective order concerning
this production was entered under seal. See Doc. 43.
Accordingly, the Court GRANTS IN PART the Motion to Compel as
to Mr. Jean's request for the unique-identifier code,
subject to the protective order, which limits disclosure of
this information to Dr. Miller and Mr. Jean's current
attorneys of record who are employed by the Office of the
Federal Public Defender.
Mr. Jean requests the NIT, or "payload" data, in a
more readable source-code format, ratherthan the
assembly-code format that the Government
provided. Agent Alfin testified during the hearing
that the NIT code was never written in source-code language,
but was instead written directly in assembly-code language.
Upon questioning by the Court at the conclusion of the
hearing, Mr. Jean's counsel confirmed that he was now
satisfied that this particular issue had been resolved, in
light of Agent Alfin's testimony. See Doc. 44, p. 109.
Accordingly, the Court FINDS AS MOOT Mr. Jean's request
for a source-code version of the NIT instructions.
Jean's third and final request is for the Government to
disclose the source code for the "exploit, " a
piece of software that the Government used to electronically
bypass TOR's encryption safeguards. Mr. Jean argues that
having the code for the exploit would allow him to understand
the means and methods by which the FBI was able to take
advantage of a vulnerability ___ which in turn allowed the
NIT's instructions to be executed on Mr. Jean's
computer. In layman's terms, the TOR browser's
encryption and anonymity features can be analogized to a
lock, and the exploit software to a lock-pick.
Government refuses to surrender the exploit code for two
reasons. First, it argues the exploit code is not material to
the defense under Federal Rule of Criminal Procedure
16(a)(1)(E)(i). According to the Government, discovery of the
exploit code, i.e., knowing howihe lock was
picked, is not relevant or useful to understanding how the
NIT code obtained identifying information from Mr. Jean's
computer, norwould such knowledge assist or diminish a
defense based on third-party hacking. Second, the Government
argues that even if the exploit code were found to be
material, it should not be disclosed because such disclosure
would be subject ...