The US Department of Justice has a battle on its hands, as dozens of lawyers question evidence the FBI obtained using hacking techniques across a string of ongoing cases.
In 2015, the FBI used a piece of malware to identify suspected visitors of a dark web child pornography site. Now, nearly 30 legal teams across the country have pushed to get all evidence thrown out of court, and many attorneys have decided to pool their efforts in a "national working group."
The cases revolve around Operation Pacifier, in which the FBI briefly assumed control of the "Playpen" website. The agency hacked computers all across the world—including over one thousand in the US—based on one warrant that has become legally contentious.
In the wake of the operation, many defendants quickly pleaded guilty, likely because of the wall of evidence presented before them: The FBI's malware grabbed a suspect's IP address, MAC address, and other identifying system information when they visited specific child pornography-related threads.
"The more that we coordinate and we can get our arguments and pleadings out for other people to use … the better the overall legal products are going to be"
But some lawyers have successfully argued that all the evidence should be suppressed. In others instances, the government's case has fallen apart after the FBI would not hand over the full code for its malware, even when the judge said the defense had a right to see it. Even suspects who have already had guilty pleas accepted are now successfully having them withdrawn.
One lawyer who has successfully battled the Justice Department is Colin Fieman, a federal public defender in the Western District of Washington, who represents defendants in several related cases. He now heads an ad-hoc group of attorneys all working on Operation Pacifier proceedings.
"The idea of trying to find other cases and coordinate with them was fairly early on," Fieman told Motherboard in a phone call.
The group—now made up of over 70 attorneys, according to Fieman—has a Dropbox-like system for sharing material, and a lively Google discussion group. They inform each other of developments, exchange legal documents, and basically help each other out with their cases.
Fieman said he and his team had a huge learning curve when they started working on Operation Pacifier cases back in June 2015.
"The more that we coordinate and we can get our arguments and pleadings out for other people to use, and get feedback from them, the better the overall legal products are going to be," he said.
Across the country, two main defense strategies have emerged. One is attempting to obtain the full malware code from the Department of Justice, with teams arguing that they need to verify the FBI did not go beyond the scope of its warrant. In one of Fieman's cases, the government refused to provide the code under any circumstances. In response, a judge threw out all evidence in the case.
"I've kind of been disappointed with the tangents that various judges have gone off on to try and uphold these warrants"
A second tactic is to explicitly ask the judge to suppress all evidence, for example by arguing that the warrant used by the FBI was fundamentally flawed. The Electronic Frontier Foundation (EFF) has stated that the warrant was unconstitutional, and others have pointed out the homepage of Playpen didn't match what was written down in the warrant. Another argument is that the judge who issued the warrant did not have the authority to green-light searches outside of her own district.
That approach worked for attorney J W Carney, Jr., who was the first to have a motion for suppression granted.
"Following publication of that decision, we received numerous calls from defense council across the country for a copy of our motion and memorandum, which we provided to anyone upon request," Carney told Motherboard in a phone call. Just last week, Carney said he was invited to present to the National Association of Criminal Defense Lawyers on his successful motion.
At least 29 defense teams have now filed a motion to suppress, including in Pennsylvania, Massachusetts, Ohio, Wisconsin, and Louisiana. The majority remain ongoing or are being considered by a judge, but at the time of writing, at least two have been successful.
Out of that set, however, nine have been denied. In part, success relies on legal precedent in the district, and on the judge overseeing the case.
"There is no judge shopping in the federal court," Carney said. Indeed, a few judges who are seemingly unfamiliar with the sophisticated technological issues playing out in these cases have passed some eyebrow-raising rulings, such as suggesting that suspects do not have a reasonable expectation of privacy over their own computer, in their own home.
"I've kind of been disappointed with the tangents that various judges have gone off on to try and uphold these warrants," Fieman, the lawyer leading the national group of attorneys, said.
Peter Carr, a spokesperson from the Department of Justice, declined to comment for this story, but told Motherboard in an email, "We have publicly identified that at least 137 cases have been filed in federal court as a result of this investigation."
"It's fair to say that every single competent criminal defense lawyer is pursuing suppression of the evidence," Carney said.
The Hacks We Can't See is Motherboard's theme week dedicated to the future of security and the hacks no one's talking about. Follow along here.