Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Eldred

United States Court of Appeals, Second Circuit

August 5, 2019

United States of America Appellee,
Robert Clay Eldred Defendant-Appellant.

          Argued: October 24, 2018

         Defendant-Appellant Robert Clay Eldred ("Eldred") was indicted on June 23, 2016 for knowingly accessing child pornography. He moved to suppress evidence collected with the use of a government search program, the Network Investigative Technique ("NIT"), which aided in the identification of his computer despite his use of anonymizing software, saying the warrant that authorized use of the NIT was invalid. His motion was denied, and he pled guilty while reserving his right to appeal the district court's decision to deny suppression. We agree with the district court that, regardless whether the warrant violated Federal Rule of Criminal Procedure 41(b) and the Federal Magistrates Act, 28 U.S.C. § 636, and whether such violations are also violative of the Fourth Amendment, law enforcement officers acted in good faith in applying for and carrying out the warrant. Accordingly, the judgment of the district court is AFFIRMED.

          For Appellee: Barbara A. Masterson (Gregory L. Waples, on the brief), Assistant United States Attorneys, for Christina E. Nolan, United States Attorney for the District of Vermont, Burlington, Vermont.

          For Defendant-Appellant: Barclay T. Johnson (David L. McColgin, on the brief), Assistant Federal Public Defenders, for Michael L. Desautels, Federal Public Defender for the District of Vermont, Burlington, Vermont.

          Before: Livingston, Chin, Circuit Judges, and Crotty, District Judge. [*]


         This case arises from one of the many prosecutions following the investigation by the Federal Bureau of Investigation ("FBI") into Playpen, a child pornography site located on the dark web. The FBI infiltrated the website and discovered the identities of many registered users by deploying a search program, the Network Investigative Technique ("NIT"), which allowed the FBI to circumvent the anonymizing features of the dark web and collect computer- related identifying information, including internet protocol ("IP") addresses, from the computers of these Playpen users. Defendant-Appellant Robert Clay Eldred ("Eldred"), whose information was collected by the NIT, moved to suppress evidence gathered by the program, arguing that the warrant authorizing it was invalid. This motion was denied. Like the nine other circuits to have considered the question thus far, we conclude that Eldred's claim is without merit: even assuming, arguendo, that the NIT warrant violated the Fourth Amendment, law enforcement officers acted in good faith and suppression is not warranted. We therefore AFFIRM the judgment of the district court.


         I. Factual Background[1]

         Playpen operated on the "The Onion Router" (better known as "Tor"), an "anonymizing network" that allows users who have downloaded the Tor software to access websites without revealing their IP addresses or other identifying information by routing their internet traffic through numerous relay computers located around the world before such traffic arrives at a desired web location. These relay computers, which are owned by volunteers who donate their bandwidth to Tor, are known as "nodes." Because of this indirect routing, when someone-for example, a law enforcement officer-attempts to view a Tor user's IP address in order to identify the user's computer and ascertain its whereabouts, the IP address displayed is actually that of the Tor "exit node," i.e., the last computer through which the user's traffic was relayed, rather than the actual address of the Tor user. Tor was originally developed and deployed by the U.S. Naval Research Laboratory to protect government communications, but it is now used by the public at large.

         Certain websites on Tor, called "hidden services," are available only to Tor users on the Tor network. Instead of a typical web address, these hidden services are assigned a randomly generated list of characters ending with the suffix ".onion." Law enforcement cannot determine the location of computers hosting these hidden services using traditional IP lookup techniques. As these websites are not indexed on the traditional Internet, they also don't appear in searches run using traditional search engines-a Tor user must know the web address in order to access a hidden service. Playpen was one such website.

         When a Tor user typed Playpen's ".onion" address into Tor and arrived at the site's homepage for the first time, he was required to register with a username and password in order to enter the site. By clicking on the "register an account" hyperlink, new users accessed a Playpen message instructing them that: (1) while "[t]he software we use for this forum requires that new users enter an email address . . . the forum operators do NOT want you to enter a real address"; (2) users should refrain from posting any information that could be used to identify them; and (3) that "it is impossible for the staff or the owners of this forum to confirm the true identity of users . . . ." Joint Appendix ("J.A.") 47. After successfully registering, users could access a variety of child pornography, including images and videos indexed according to victim age, gender, and type of sexual activity depicted, as well as content related to child pornography. Although several of the site's forums involved general information and rules regarding the site, Playpen as a whole was "dedicated to the advertisement and distribution of child pornography," id. at 43, and included forums in which users exchanged information about obtaining child pornography and engaging in child sexual abuse. In addition to images and discussions, Playpen also contained a private message feature. Available historical data suggests that Playpen had over 1, 500 unique users a day and over 150, 000 registered users.

         The FBI began investigating Playpen in September 2014. In January 2015, FBI agents obtained a search warrant allowing the FBI to seize a copy of the server hosting Playpen, which it installed on a server at a government facility in Virginia. On February 19, 2015, the FBI executed a court-authorized search on the Naples, Florida home of the suspected administrator of the Playpen site. At that point the FBI was able to assume administrative control of Playpen. However, because of the anonymizing features of the Tor network, even with control of the website, the FBI could not identify other administrators or site users.

         For this reason, the FBI had developed the NIT, computer code which was added to the digital content of the copy of the Playpen website residing on the government server in Virginia. Once the NIT was deployed, whenever Tor users accessed Playpen and downloaded content so as to display it on their computers, that content was augmented with a set of computer instructions that traveled with it, through Tor's network of relay computers, until coming to rest on the computer of the Playpen user. When the NIT reached the Playpen user's computer, the attached instructions executed, causing the user's computer to transmit identifying information back to the government server in Virginia, including, inter alia, an IP address, the type of operating system employed by the computer and an active operating system username, and information regarding whether the NIT had previously been delivered.

         On February 20, 2015, in the Eastern District of Virginia, where the government server then hosting Playpen was located, Magistrate Judge Theresa Carroll Buchanan issued a warrant to deploy the NIT (the "NIT warrant"). An attachment to the warrant listed the "[p]lace to be [s]earched" as "activating computers," i.e., "those of any user or administrator who logs into the [Playpen website] by entering a username and password." J.A. 32. The NIT would collect from all "activating computers," wherever located, their actual IP addresses, as well as other specified pieces of information. While doing so, the NIT would not deny the users any functionality on their computers, or collect any additional, unrelated information. The listed information could then be used to identify the Playpen user's true identity and location. Acting under authority of the NIT warrant, the FBI operated Playpen for about two weeks, from February 20 until March 4, 2015, from the server in the Eastern District of Virginia.

         On March 4, 2015, a Playpen user identified only by the username "robertecach" entered the site and thereafter spent over an hour accessing three separate posts that contained images of prepubescent girls involved in genital exposure, oral sex, and penetration by what appeared to be an adult male penis. Through the use of the NIT, the FBI learned the IP address associated with "robertecach," as well as the fact that the computer name for the device that accessed the site was "Robert." Agents traced the IP address to an address in East Montpelier, Vermont. Further investigation revealed that the house located at that address comprised two residences, one in the basement. An FBI agent thereafter interviewed the owners, who listed Eldred among previous tenants of the basement unit and confirmed that he shared the house's wireless connection with them.

         FBI agents visited Eldred's subsequent residence in Northfield, Vermont on March 15, 2016, but found Eldred away at work. His girlfriend, Holly Belanger, and Eldred's adult son were both present and spoke with the agents. Belanger confirmed that she and Eldred had lived at the address in East Montpelier in March 2015, and that Eldred still used the same laptop he had used at that time. She said that he had previously used the username "robertecache1" and that his laptop was password-protected, while Eldred's son said that Eldred had used the email address "," and that Eldred would not allow others to use his laptop. Agents called Eldred, who refused to consent to a search of his laptop but agreed to meet with agents the following day. The agents then seized the laptop. After meeting with Eldred, who admitted he had used "robertecach" as a previous email account and had lived in the East Montpelier basement apartment, the agents applied for and received a warrant from Magistrate Judge John M. Conroy in the United States District of Vermont to search the laptop. The search revealed 116 files relating to child pornography, including images of penile-vaginal intercourse, penetration with objects, and oral sex.

         II. ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.