Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Jean

United States District Court, W.D. Arkansas, Fayetteville Division

November 16, 2016




         Now pending before the Court is Defendant Anthony Allen Jean's Motion to Compel (Doc. 28) and supporting expert-witness declarations, filed on June 10, 2016. The Government filed an under-seal Response in Opposition to the Motion (Doc. 30) on June 21, 2016. The Government's Response was also supported by expert declarations, as well as certain emails and letters that the parties had exchanged regarding this discovery dispute. The parties previously entered into an agreed Protective Order (Doc. 26) regarding the handling of certain material the Government had deemed confidential, and this discovery dispute arose after the Protective Order was in place.

         Prior to filing the Motion to Compel, Mr. Jean had filed a Motion to Suppress (Doc. 19) on March 21, 2016. The Court elected to take up the suppression issue first, holding an evidentiary hearing on June 23, 2016. The Motion to Suppress was denied in a Memorandum Opinion and Order (Doc. 40) filed on September 13, 2016. The Court then scheduled an evidentiary hearing on the Motion to Compel, and invited the parties to submit supplementary briefing if they so desired, particularly if their positions had changed in the intervening months due to new evidence produced by the Government, or due to new case law impacting any of the issues raised in the Motion. Mr. Jean declined to file a supplementary brief and informed the Court that the Government had not surrendered any new evidence. The Government filed a Supplemental Response to the Motion to Compel (Doc. 41), pointing the Court to two opinions from the Eastern District of Virginia, regarding similar discovery issues arising from the same FBI sting operation that led to Mr. Jean's arrest.

         The Court held an evidentiary hearing on the Motion to Compel on October 11, 2016, and Mr. Jean called expert witness Dr. Matthew Miller to testify via videoconference, while the Government called expert witness Special Agent Daniel Alfin to testify in person. Both witnesses were subject to cross-examination by counsel, and the Court made its own inquiries of the witnesses, as well. Both sides were also given the opportunity to present oral argument to the Court at the close of the hearing. The Court took the matter under advisement, stating that it would first endeavor to decide the issue of whether the requested discovery was material to the defense, and then, if necessary, consider whether the Government's assertion of the law enforcement privilege with respect to certain discovery would apply to outweigh Mr. Jean's need for the evidence.

         On October 19, 2016, the Court issued a text-only Order, explaining that it required further development of the record as to the Government's assertion of the law enforcement privilege. The Court then directed the Government to prepare and submit for in camera review a confidential brief, supported by affidavits and any other evidence the Government deemed relevant, on the subject of the privilege. In a separate email to the parties, the Court advised Mr. Jean's counsel that he was welcome to submit a supplemental brief on the law enforcement privilege, if he so desired. On November 19, 2016, the Court received and reviewed a confidential and classified affidavit from the Government setting forth a factual basis in support of its assertion of the law enforcement privilege, and also received and reviewed Mr. Jean's Supplementary Brief on the privilege (Doc. 46).

         The Court now finds that the above issues are ripe for decision. For the reasons explained herein, the Court GRANTS IN PART AND DENIES IN PART the Motion to Compel (Doc. 28).

         I. BACKGROUND

         The Court previously set forth a detailed recitation of the background facts surrounding this case in its Memorandum Opinion and Order on Mr. Jean's Motion to Suppress. See Doc. 40. The Court therefore incorporates those background facts by reference, and highlights below a few salient details about the case to provide context for the Court's rulings.

         Mr. Jean's arrest and indictment proceeded from the FBI's development of specialized electronic investigative technology that was intended to identify the registered users of a child pornography website known as "Playpen." Playpen operated as a hidden service on the TOR network. This network could be accessed by anyone who downloaded the TOR browser, which in turn allowed users to mask their true Internet Protocol ("IP") addresses so that they could search the web in complete anonymity. Because the Playpen website was located on the TOR network, and users of the website had masked their true IP addresses, law enforcement lacked the means to identify those individuals who were actively downloading and distributing child pornography on Playpen. The FBI developed certain computer code, which it dubbed a "Network Investigative Technique" ("NIT"), that would surreptitiously deploy when a Playpen user would log into the website using a username and password, and begin downloading an image of child pornography. The NIT would then cause the user's computer to send back to the FBI certain content-neutral identifying information, including the computer's type of operating system, the computer's host name and operating system username, the computer's media access control address, and a unique identifier generated by the NIT. The user's return of this "packet" of information was sent to the Government's computer over the regular internet-which had the intended side effect of revealing the user's true IP address, because IP addresses are attached to every packet of information exchanged over the regular internet. With the user's true IP address came the FBI's ability to determine the actual identity and location of the suspected Playpen user. The FBI's NIT was able to do all this by first exploiting a defective window, i.e., a non-publicly-known vulnerability, ______.

         Mr. Jean agrees the Government already provided certain NIT related information in discovery. First, the Government provided the operating instructions that were sent to Mr. Jean's computer at the time he allegedly began downloading child pornography from the Playpen website. During the hearing, the parties and their witnesses sometimes referred to these operating instructions as the "payload, " whereas at other times, they referred to the instructions as "the NIT." Second, the Government produced the raw data that was received by the FBI from Mr. Jean's computer and internet modem. This data was also referred to during the hearing as the "two-way data stream" between the FBI's computer and Mr. Jean's computer, or the "PCAP data." Third, the Government disclosed the particular images that were downloaded by a Playpen user called "regalbegal"-whom the Government contends is Mr. Jean. Fourth, the Government made available the contents of Mr. Jean's seized computer, which the Government asserts contains contraband evidence of child pornography that was seized pursuant to the residential search warrant executed at Mr. Jean's residence.

         Although acknowledging the production of all this evidence, Mr. Jean argues there are still other pieces of evidence in the Government's possession that are material to Mr. Jean's defense and should be provided in discovery. The first piece of evidence is the computer code that the FBI used to generate the "unique identifier" that was used to link Mr. Jean's computer to the user who accessed and downloaded images from the Playpen website with the regalbegal username. This unique identifier is an algorithm, or sequence of numbers, that the FBI created and later associated with regalbegal's Playpen account. During the hearing on the Motion to Compel, the Court asked whether the Government would consider voluntarily providing the unique-identifier code to Mr. Jean's expert, Dr. Miller, subject to a protective order drafted by the parties and submitted to the Court for approval. The Government agreed to this compromise, and an agreed protective order concerning this production was entered under seal. See Doc. 43. Accordingly, the Court GRANTS IN PART the Motion to Compel as to Mr. Jean's request for the unique-identifier code, subject to the protective order, which limits disclosure of this information to Dr. Miller and Mr. Jean's current attorneys of record who are employed by the Office of the Federal Public Defender.

         Next, Mr. Jean requests the NIT, or "payload" data, in a more readable source-code format, ratherthan the assembly-code format that the Government provided.[1] Agent Alfin testified during the hearing that the NIT code was never written in source-code language, but was instead written directly in assembly-code language. Upon questioning by the Court at the conclusion of the hearing, Mr. Jean's counsel confirmed that he was now satisfied that this particular issue had been resolved, in light of Agent Alfin's testimony. See Doc. 44, p. 109. Accordingly, the Court FINDS AS MOOT Mr. Jean's request for a source-code version of the NIT instructions.

         Mr. Jean's third and final request[2] is for the Government to disclose the source code for the "exploit, " a piece of software that the Government used to electronically bypass TOR's encryption safeguards. Mr. Jean argues that having the code for the exploit would allow him to understand the means and methods by which the FBI was able to take advantage of a vulnerability ___ which in turn allowed the NIT's instructions to be executed on Mr. Jean's computer. In layman's terms, the TOR browser's encryption and anonymity features can be analogized to a lock, and the exploit software to a lock-pick.

         The Government refuses to surrender the exploit code for two reasons. First, it argues the exploit code is not material to the defense under Federal Rule of Criminal Procedure 16(a)(1)(E)(i). According to the Government, discovery of the exploit code, i.e., knowing howihe lock was picked, is not relevant or useful to understanding how the NIT code obtained identifying information from Mr. Jean's computer, norwould such knowledge assist or diminish a defense based on third-party hacking. Second, the Government argues that even if the exploit code were found to be material, it should not be disclosed because such disclosure would be subject ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.