Opinion
Case No. CR415-134
10-30-2015
UNITED STATES OF AMERICA v. GERALD MICHAEL ORTEGA
REPORT AND RECOMMENDATION
Defendant, charged with the receipt and possession of child pornography, has moved to suppress all evidence seized from his residence and personal computer pursuant to a search warrant issued by a magistrate judge for Effingham County, Georgia, as well as all statements he made to law enforcement thereafter. Doc. 29. He contends that a state detective illegally obtained the information central to the probable cause basis for the search warrant, and thus that the search violated his "Fourth Amendment right to the privacy of his confidential information." Id. at 3.
I. BACKGROUND
During the month of June 2015, Effingham County Sherriff's Deputy Joe Heath investigated child pornography via "peer-to-peer" computer networks. Doc. 30-1 at 4. On June 15, 2015 he applied for a warrant to search 15 Walnut Way Rincon, Georgia 31326, and seize images of and electronic equipment used to download child pornography. Doc. 30-1 at 8-10. The affidavit supporting the warrant application stated that, on June 8, 2015, Comcast Cable replied to a subpoena from Heath and revealed defendant as the subscriber for IP address 98.244.162.133 from April 21, 2015 - June 8, 2015. Id. at 5.
On June 14, 2015, Heath observed a computer operating at 98.244.162.133 offering for download "at least one image file" that he had seen in previous investigations and that he believed "contain[ed] child pornography." Id. at 4. He unsuccessfully tried to download the suspect file after connecting to the remote host computer at 98.244.162.133, but was able to obtain the file's unique "MD5 hash value," which matched the value of a child pornography file he downloaded in a previous investigation. Id. He reviewed that investigation's digital file, found that it matched the hash value of the file 98.244.162.133 offered, and so was "able to confirm it to be" child pornography. Id. at 4-5.
"Hash values," including MD5s, are "unique alphanumeric representations" of data, "a sort of fingerprint or digital DNA." United States v. Crist, 627 F. Supp. 2d 575, 578 (M.D. Pa. 2008). If the hash values of two files match, the images contained within match, too. Id.; see also United States v. Cobb, 479 F. App'x 210, 211 (11th Cir. 2012) (observing that SHA-1 values -- alphanumeric data representations functionally identical to MD5 hash values -- "can act like a fingerprint.").
Agents of the Southeast Georgia Child Exploitation Task Force executed the warrant at Ortega's Rincon home on June 16, 2015. They seized a computer, on which they located images and videos of child pornography. Defendant's indictment followed less than a month later. Doc. 1 (filed July 8, 2015).
II. ANALYSIS
In his initial motion, defendant argued that the subpoena Heath used to obtain the subscriber information for 98.244.162.133 violated the Electronic Communications Privacy Act (ECPA), and defendant's Fourth Amendment rights. See doc. 29 at 3. At the October 6, 2015 evidentiary hearing, he argued that the subpoena violated state subpoena law and the ECPA, and thus the Fourth Amendment. Now, in supplemental briefing, defendant additionally argues that Heath "knowingly and intentionally made a false statement" in his warrant affidavit by listing defendant's residence as the search location when nothing connected his computer with 98.244.162.133 on June 14, 2015. Doc. 37 at 5.
Defendant's supplemental jeremiad also asserts that: (1) he had a reasonable expectation of privacy in his subscriber information, IP address, peer-to-peer shared files, and MD5 hash values that the warrant violated, and (2) the task force conducted a "federal search" that failed to comply with Fed. R. Crim. P. 41. Doc. 37 at 6-8, 21. Both arguments fail.
"Every federal court to address this issue has held that subscriber information provided to an Internet Provider is not protected by the Fourth Amendment's privacy expectation." United States v. Perrine, 518 F.3d 1196, 1204 (10th Cir. 2008) (collecting cases); United States v. Wheelock, 772 F.3d 825, 82829 (8th Cir. 2014) (Fourth Amendment did not prohibit Comcast from conveying subscriber information to government authorities, as defendant had no reasonable expectation of privacy in the information he revealed to a third party); United States v. Cray, 673 F. Supp. 2d 1368, 1375 (S.D. Ga. 2009) (defendant had no legitimate privacy interest in subscriber information he furnished to his Internet provider).
Indeed, it is unclear whether even the contents of emails stored on an Internet Service Provider's ("ISP") servers are entitled to Fourth Amendment protection. Rehberg v. Paulk, 611 F.3d 828, 84347 (11th Cir. 2010) (defendant law enforcement officials were entitled to qualified immunity on § 1983 claim that they violated plaintiff's constitutional rights by issuing a subpoena to his ISP and obtaining emails sent from his personal computer, as the law was not clearly established that plaintiff had a reasonable expectation of privacy in the contents of emails sent voluntarily over the global Internet and stored on a thirdparty ISP's server). The same is true for hash values, IP addresses, and digital files, all of which are informational bits made publically available by peertopeer filesharing programs. See United States v. Norman, 448 F. App'x 895, 897 (11th Cir. 2011) (no objectively reasonable expectation of privacy in files shared via peertopeer programs); United States v. Westley, 2014 WL 3545071 at * 3 (S.D. Ga. July 14, 2014) (same).
Defendant's Rule 41 argument meets the same fate. "Rule 41 governs searches that are 'federal in execution.'" United States v. Brown, 569 F. App'x 759, 762 (11th Cir. 2014). But the rule only applies to federal warrants issued by state judges when "requested by federal agents." Id. at 763. Deputy Heath, a state sheriff's deputy, requested the warrant here, and Rule 41 therefore does not apply.
A. Legality of the Comcast Subpoena
At the suppression hearing, defendant argued that (1) Heath failed to comply with a state statute governing the issuance of subpoenas, and thus also the ECPA, and (2) the subpoena failed to qualify under the ECPA as a "court order" issued by a "court of competent jurisdiction" since it was signed only by a magistrate, not superior court, judge. Defendant contends that without the "unlawfully-obtained" information from Comcast regarding the physical location of the IP address under investigation, the search warrant affidavit fails to establish probable cause for the search of his residence. Doc. 29 at 3.
Defendant cites O.C.G.A. § 35-3-4.1, which authorizes certain officials of the Georgia Bureau of Investigation to issue an administrative subpoena seeking basic subscriber information (but not the contents of communications) for any computer used in furtherance of child pornography or other offenses against minors. But rather than using an administrative subpoena, Heath sought and obtained a subpoena from the Effingham County Superior Court. Although that subpoena was signed only by a magistrate judge and does not reference any statutory provision as authority for its issuance, Comcast nevertheless divulged the subscriber information sought. Doc. 37 at 22.
Internet providers must furnish basic subscriber information in response to, among other things, an administrative subpoena "authorized by a Federal or State statute." 18 U.S.C. § 2703(c)(2)(F).
The ECPA allows governmental entities to require disclosure of subscriber information in five situations. One of those is pursuant to a court order, see 18 U.S.C. § 2703(c)(B), issued by a "court of competent jurisdiction," § 2703(d), which includes state courts with "general criminal jurisdiction" authorized by state law to issue search warrants. See § 2711(3)(B). Because only superior courts in Georgia satisfy those criteria, defendant argues the Comcast subpoena is invalid.
A defendant made a similar argument recently in United States v. Torres, 2015 WL 179075 at * 3 (S.D. Ga. Jan. 14, 2015). Rejecting it, this Court reasoned that:
the unstated but implicit assumption that the judicially-crafted exclusionary rule -- designed to remedy violations of a defendant's constitutional rights -- applies to information gained in violation of state statutory provisions pertaining to the issuance of subpoenas [undergirds defendant's arguments]. But as the Eighth Circuit recently held, a law enforcement officer's failure to comply with a state statute authorizing an administrative subpoena for subscriber information of an IP address used to distribute child pornography 'would not warrant suppression of the evidence gained because federal courts in a federal prosecution do not suppress evidence that is seized by state officers in violation of state law, so long as the search complied with the Fourth Amendment.' Wheelock, 772 F.3d at 830; see also 1 WAYNE R. LAFAVE, Search and Seizure § 1.5(c) at 228-30 (5th ed 2012) ('if either federal or state officers conduct a search that is illegal under the law of the state where undertaken, the fruits thereof are not constitutionally barred from evidence in the federal courts.'). Because the acquisition of the subscriber information from Comcast violated none of defendant's Fourth Amendment rights, the agents' alleged noncompliance with the technical requirements of the Georgia subpoena statutes does not warrant the application of the exclusionary rule.Id. (footnote omitted, emphasis in original). The same is true for any violation of the ECPA - it cannot give rise to suppression.
That is not only a constitutionally compelled conclusion. The ECPA provides a civil action for damages as the exclusive remedy "for non-constitutional violations of this chapter." 18 U.S.C. § 2708. See also Cray, 673 F. Supp. 2d at 1376 (the violation of a federal statute will not result in the suppression unless the statute itself specifies exclusion as a remedy). --------
B. The Warrant Affidavit's Factual Accuracy
The Comcast subpoena (and thus the information Comcast provided in response), defendant points out, only asked for subscriber information for 98.244.162.133 from April 21, 2015 to June 8, 2015. Heath's warrant affidavit, on the other hand, states that he observed a computer at 98.244.162.133 offering child pornography on June 14, 2015. Doc. 30-1 at 4. Because Comcast uses "dynamically assigned" IP addresses (doc. 30-1 at 13) -- i.e., a subscriber's IP address changes periodically -- defendant contends that date discrepancy means Heath knew nothing about what subscriber attached to 98.244.162.133 on June 14, 2015, six days beyond the Comcast subpoena's temporal reach. Doc. 37 at 5-6. That, says Ortega, vitiates probable cause and invalidates the warrant. Id.
Actually, responds the government, on or before June 7, 2015 Heath saw a computer connected to 98.244.162.133 offer files he believed to be child pornography, which led him to seek the Comcast subpoena. Doc. 38 at 4-5. The government concedes that Heath's warrant affidavit omits that fact, but it insists that the omission does not negate probable cause. See Franks v. Delaware, 438 U.S. 154 (1978) (false statements in a warrant affidavit must be made intentionally or with a reckless disregard for the truth and the false (or omitted) statement must be essential to a finding of probable cause). Looking within the four corners of the warrant, including the temporal gap, the government contends that 98.244.162.133 remained sufficiently connected with defendant's physical address on June 14, 2015 to support the warrant's issuance. Doc. 38 at 6-8.
"Probable cause to support a search warrant exists when the totality of the circumstances allow a conclusion that there is a fair probability of finding contraband or evidence at a particular location." United States v. Brundidge, 170 F.3d 1350, 1352 (11th Cir. 1999). It "is a fluid concept -- turning on the assessment of probabilities in particular factual contexts." Illinois v. Gates, 462 U.S. 213, 232 (1983); see also Brinegar v. United States, 338 U.S. 160, 176 (1949) ("In dealing with probable cause . . . as the very name implies, we deal with probabilities. These are not technical; they are the factual and practical considerations of everyday life on which reasonable and prudent men, not legal technicians, act."). A magistrate's assessment of those probabilities "should be paid great deference by reviewing courts," who, consequently, "should not invalidate . . . warrant[s] by interpreting affidavit[s] in a hypertechnical, rather than a commonsense, manner." Gates, 462 U.S. at 236.
Heath's affidavit shows that on June 7, 2015, he determined that Comcast owned IP address 98.244.162.133. Doc. 30-1 at 5. That same day, he subpoenaed Comcast's subscriber records for 98.244.162.133 for April 21, 2015 - June 8, 2015. Id. Comcast informed him that defendant, at his Rincon address, was the subscriber for 98.244.162.133 on those dates. Id. at 13.
On June 14, 2015, Heath connected to a peer-to-peer network and observed 98.244.162.133 offer a file for download whose name he recognized from prior investigations as child porn. Id. at 4. Geographic mapping of that IP address indicated a Rincon, Georgia location for the computer. Id. Heath tried to download the file but could not despite connecting directly to the computer at 98.244.162.133. Id. Still, he was able to ascertain the hash value of the file and, after comparing it to a previous investigation's confirmed child porn, found the hash values matched. Id. Finally, after confirming that defendant's address as of June 15, 2015 remained the Rincon address that Comcast provided, Heath described the contents of the file whose hash value 98.244.162.133 offered for download in order to establish that it in fact was child porn. Id. at 5-6.
As the government correctly notes, defendant's argument boils down to "whether it is reasonably likely that the IP address assigned to Ortega by Comcast as of June 8 was still so assigned on June 14." Doc. 38 at 6. To that end, Comcast IP addresses, as Comcast itself disclosed in its subpoena response, are "[d]ynamically [a]ssigned." Doc. 30-1 at 13. That means they change periodically. How periodically matters, because a significant part of Heath's probable cause showing (to secure the search warrant) hinges on the IP address's connection to Ortega's computer.
Defendant attached a 2007 study to his supplemental brief that indicates "the Comcast IP block is relatively static; over 70% observed IPs did not change user within the entire month." Doc. 37-1 at 21. More recently, a witness testified in a Third Circuit case that Comcast's "lease period" for IP addresses is approximately 6-8 days. United States v. Vosburgh, 602 F.3d 512, 523 (3d Cir. 2010). Regardless of whose favor that information cuts, the warrant and affidavit contain none of it. What they do show, however, is that a computer at defendant's Rincon, Georgia home address was assigned IP address 98.244.162.133 from April 21, 2015 - June 8, 2015, and that a mere six days later a computer in Rincon using the same IP address offered child pornography for download.
Commonsense -- the fuel for the probable cause analysis engine, see Gates, 462 U.S. at 236 -- when applied to that set of facts, supports the conclusion that law enforcement would likely find a computer at defendant's home address that contained child pornography. Nothing in the record suggests the IP address assigned to defendant's Comcast account changed between June 8 and June 14. And given the likelihood (small) that, out of all Comcast's subscribers, another Rincon, Georgia Comcast customer was assigned 98.244.162.133 sometime between those two dates, the affidavit is sufficient to establish a reasonable probability that a search would reveal child pornography at defendant's home.
The search of defendant's residence and computer was conducted pursuant to a lawful warrant, and defendant has thus shown no basis for the excision of the subscriber information from the search warrant affidavit. And because defendant's statements to law enforcement during and after the execution of the warrant were not the tainted fruit of an illegal search, those statements are admissible at his trial. Defendant's motion to suppress is without merit and should be DENIED.
SO REPORTED AND RECOMMENDED, this 30th day of October, 2015.
/s/_________
UNITED STATES MAGISTRATE JUDGE
SOUTHERN DISTRICT OF GEORGIA