Monday, April 9, 2012

Ninth Circuit remands case involving CP found on an unsecured wireless network

This is the first of a four-part series from Cybercrime Review on the Ninth Circuit's Ahrndt decision and the important legal issues concerning wireless networks.

In United States v. Ahrndt, 2012 U.S. App. LEXIS 6976 (9th Cir. 2012), the Ninth Circuit reversed and remanded the denial of Ahrndt's motion to suppress evidence obtained from his unsecured wireless network. The court found the record was missing important facts necessary to reach the conclusion that Ahrndt had no reasonable expectation of privacy in files shared on his wireless network. The court identified several questions that should be addressed on remand.

Ahrndt's neighbor's computer allegedly connected to his unsecured wireless network without her permission. She then opened iTunes and saw that someone on the network was sharing media files - some of which appeared to be child pornography. She contacted law enforcement, and they asked her to show them the images (she had not opened them in her private search but did so at the officer's request). A search warrant was then obtained for police to access the network so as to ascertain the IP address. They were then able to track the account to Ahrndt, and a second warrant was obtained to search his home. At trial, Ahrndt argued for suppression of all evidence, suggesting the initial viewing violated the Fourth Amendment, and evidence found later was fruit of the poisonous tree.

The issue, as determined by the trial court, was "whether the Fourth Amendment provides a reasonable, subjective expectation of privacy in the contents of a shared iTunes library on a personal computer connected to an unsecured home wireless network." United States v. Ahrndt, 2010 U.S. Dist. LEXIS 7821 (D. Or. 2010).

Ahrndt "argued that a wireless network should be given no less protection than a hardwired network under the Fourth Amendment," but the court found that "different communications hardware and technologies carry different reasonable expectations of privacy. As an example, the Eighth Circuit has held that wireless phones are distinct from wired phones in terms of privacy. The court then found that wireless phones and wireless networks should be treated equally because "they transmit data over radio waves." The judge concluded:
As a result of the ease and frequency with which people use others' wireless networks, I conclude that society recognizes a lower expectation of privacy in information broadcast via an unsecured wireless network router than in information transmitted through a hardwired network or password-protected network. Society's recognition of a lower expectation of privacy in unsecured wireless networks, however, does not alone eliminate defendant's right to privacy under the Fourth Amendment. In order to hold that defendant had no right to privacy, it is also necessary to find that society would not recognize as reasonable an expectation of privacy in the contents of a shared iTunes library available for streaming on an unsecured wireless network.
The court then found that no reasonable expectation of privacy existed in the shared iTunes files. The government argued that the sharing was similar to peer-to-peer file sharing, but Ahrndt said it was akin to "having a conversation behind a closed, but unlocked door." The trial court disagreed, finding that
[w]hen a person shares files on LimeWire, it is like leaving one's documents in a box marked "free" on a busy city street. When a person shares files on iTunes over an unsecured wireless network, it is like leaving one's documents in a box marked "take a look" at the end of a cul-de-sac. I conclude that iTunes' lesser reach and limit on file distribution does not render it unlike LimeWire in terms of its user's reasonable expectation of privacy.
An argument that the iTunes files were protected under the ECPA was also struck down "because the wireless network and iTunes software were configured so that the general public could access them."

Finally, Ahrndt had no subjective expectation of privacy because he should have been aware that his wireless network was unsecured and his iTunes files were shared. He worked for Hewlett-Packard, had "an intermediate level of computer knowledge," and should have known how to protect his network or turn off iTunes sharing.

The questions identified by the Ninth Circuit to be answered on remand are:
• As a technical matter, is sharing files over a wireless network accurately characterized as a "broadcast" of the contents of those files, such that JH's computer simply intercepted Ahrndt's images outside Ahrndt's home? Or, alternatively, did the act of connecting to Ahrndt's network, accessing his library and opening the image involve sending wireless signals into Ahrndt's home to communicate with his router and computer? 
• Did Ahrndt intentionally enable sharing of his files over his wireless network? If not, did he know or should he have known that others could access his files by connecting to his wireless network? 
• Was the image in "Dad's LimeWire Tunes" library that JH and McCullough opened accessible over the Internet by Limewire users at the time JH and McCullough accessed the files, or at any time prior? 
Please visit Cybercrime Review for more coverage of the Ahrndt decision in the coming days as we discuss the legal arguments, the technological issues, and other peculiarities with this decision.

1 comments:

  1. Windows XP error 1068 crops up when you are running a remote connectivity feature within your operating system. Here are some software solutions online like Herstel Computer, draadloos en wifi, Netwerk Installeren and Reparatie PC.
    While this might seem like a big problem, it's actually quite easy to fix if you follow the instructions given in this quick tutorial.

    ReplyDelete