6th Circuit declines to extend Warshak reasoning to P2P

In a recent unpublished opinion, the Sixth Circuit held that its 2010 opinion in Warshak should not be extended to provide a reasonable expectation of privacy for users sharing files over Limewire. United States v. Conner, No. 12-3210 (6th Cir. 2013).

The defendant was convicted of receipt and possession of child pornography after law enforcement tracked the sharing of child pornography images on Limewire to him. A sheriff's deputy had searched for file names associated with child pornography, and found the defendant's IP address sharing them over the peer-to-peer (P2P) network.

On appeal, the defendant argued that the Sixth Circuit's decision in United States v. Warshak made the "search" of his computer a violation of the Fourth Amendment. In Warshak, the Sixth held that it was a violation of the Fourth Amendment for the government to compel Warshak's ISP to produce his emails without obtaining a search warrant with a showing of probable cause. The e-mails were obtained under the Stored Communications Act, which the Sixth Circuit therefore declared unconstitutional as it relates to this issue.

As for the search conducted on Limewire in the present case, however, the Sixth didn't buy the defendant's argument. The issue was whether P2P sharing "is different in kind from e-mail," and the court decided it was:

Unlike these forms of communication, in which third parties have incidental access to the content of messages, computer programs like LimeWire are expressly designed to make files on a computer available for download by the public, including law enforcement. Peer-to-peer software users are not mere intermediaries, but the intended recipients of these files.

The defendant attempted to argue that he did not know the files would be publicly available, but the court also found that the record proved otherwise. He had made multiple attempts to keep the files private, but the court held that the failure only showed he was "ineffective at keeping [them] ... from being detected" and not that "he was unaware of a risk of being discovered."

Read More

Court strikes down Louisiana law banning social networking use by sex offenders

A federal court struck down a Lousisiana law that forbade certain sex offenders from accessing social networking websites after finding the statute to be "substantially overbroad." Doe v. Jindal, 2012 U.S. Dist. LEXIS 19841 (M.D. La. 2012).

In 2011, Louisiana enacted a law titled "Unlawful use or access of social media" that made it illegal for registered sex offenders whose victim was a minor to use social networking, chat rooms, or peer-to-peer networking. However, if the offender obtains permission from their probation or parole officer, access to these sites would be allowed.

The plaintiffs argued that the law is overbroad and would have the effect of banning news websites, YouTube, Gmail, LinkedIn, USAJOBS, and others because they allow for communication through "comments and content forwarding." The state countered, arguing that the plaintiffs do not have standing because they have yet to seek permission to use the sites.

The court found that because of the self-censorship required of the plaintiffs, it has had a chilling effect on their First Amendment rights. The statute does not specify how permission will be granted or how offenders no longer under supervision will obtain permission, creating jurisdictional issues. While there is a "legitimate interest in protecting children from sex offenders online," the statute is "substantially overbroad" and unconstitutional.

Read More

Torrent sites in frenzy, Google launching cloud storage, OneShar.es provides encrypted messages

Here are a few stories from the tech world:

• In the wake of the Megaupload seizure, many file sharing websites are deciding to get out of the business. BTJunkie recently closed voluntarily. Just in case something happens, one Pirate Bay user has collected all of the contents on that website into one .zip file so that users can access the 1.5 million+ torrents in case of a shutdown.
• Google is planning to launch a free cloud storage service within weeks. The size limit is unknown, but more storage can be purchased for a price. After the upcoming privacy policy changes, it will be interesting to see if Google reserves the right to show ads relevant to our stored files.
• A new service called OneShar.es allows users to send an encrypted message. Suppose you need to e-mail your credit card number to someone, but you're afraid they will forget to delete the e-mail. Create a message on OneShare.es, send them the link, and the message is automatically deleted after the URL is opened.

Read More

Porn companies seek revenge for illegal downloads

In Digital Sin, Inc. v. Doe, 2012 U.S. Dist. LEXIS 10803 (S.D.N.Y. 2012), the court held that the plaintiff may subpoena customer records for certain IP addresses that illegally downloaded - in whole or in part - a video titled "My Little Panties #2." The process is as follows:

• Once the ISP receives the subpoena, they have 60 days to serve the customers.
• Customers will have 60 days from service to contest the subpoena or request anonymous litigation.
• After 60 days, the ISP may release information to the plaintiff unless a customer has moved to quash or modify the subpoena.

Thus, the court has issued a limited protective order, allowing the parties to be heard before their information is revealed to the plaintiff.

RELATED CASE: The Electronic Frontier Foundation has filed an amicus brief in a different set of litigation involving illegal downloads by 1,495 individuals of pornography. The D.C. federal judge ordered that in order to make a motion to remain anonymous, defendants must reveal their identities. Yes - to remain anonymous, they must give up their anonymity. The EFF argues that this ruling will force defendants to either settle or suffer public embarrassment. The suit is part of litigation filed by Hard Drive Productions, Inc., and others have been filed in states across the country, including California, Virginia, and Illinois.

Read More

The Pirate Bay to abandon torrents, provide magnet links

The Pirate Bay, a popular torrent website, will stop providing users with torrents next month. Instead, they will only offer users magnet links.

For some time now, P2P users had to download a torrent in order to then download their content of choice (be it legal or not-quite-so legal). The torrent file contained metadata about the intended download that allowed the software to connect to other users with the file. This metadata includes the file's name, size, and hash value (well, a hash list actually, but that's a little technical).

Magnet links simplify that process. Instead of downloading a file, you simply paste a link into your P2P software that looks something like this:

magnet:?xt=urn:btih:53ed9b326a28b5aa3a395e8b137eda6331406be3&dn=Audiopeel+Landscape+3D+art+1440x768+Desktop+Wallpaper&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80

The blue highlighted text is the hash value, yellow is the file name, and red is a series of URLs that the software uses to find the file.

This change may not mean a whole lot for you. Courts are just now beginning to refer to torrents in opinions, but they still do not seem very comfortable with the idea. Magnet links may help them out a little.

Some argue that this swap may provide a little legal protection for websites like The Pirate Bay, who are often accused of enabling illegal downloads. However, though they are no longer hosting torrent files, they are still hosting the link which still has to be downloaded (by opening the page).

Read More

11th Circuit vacates sentence, finds swapping CP on P2P network not per se "for valuable consideration"

The Eleventh Circuit has vacated and remanded a sentence that included a five-level enhancement because it found the defendant had not received "a non-pecuniary thing of value" in exchange for sharing child pornography on a peer-to-peer network. United States v. Spriggs, 666 F.3d 1284 (11th Cir. 2012).

The defendant pled guilty to receipt of child pornography, and a five-level enhancement was applied "for distribution of illicit images for the receipt, or expectation of receipt, of a non-pecuniary thing of value" at sentencing.

The court first examined whether a distribution took place. The defendant was using the Shareaza P2P software to download child pornography. Law enforcement had attempted to download files from the defendant, but were unsuccessful. There was also no proof that anyone else downloaded files from him, but because they were located in the shared folder, such proof was not necessary to show distribution.

However, the court did not find that "a non-pecuniary thing of value" was received or expected. The Eighth Circuit has determined that because possessors of child pornography often swap files on P2P networks, no proof is necessary to show it actually happened in order to apply this enhancement. United States v. Stultz, 575 F.3d 834, 849 (8th Cir. 2009). Here, the Eleventh Circuit disagreed - because files on P2P are free and downloads are not "conducted for 'valuable consideration,'" a transaction over the network is insufficient.

Without evidence that Spriggs and another user conditioned their decisions to share their illicit image collections on a return promise to share files, we cannot conclude there was a transaction under which Spriggs expected to receive more pornography.

The district court had also justified the enhancement because a user may receive faster download speeds when sharing files, but because there was insufficient proof, the argument was struck down.

RELATED CASE: Just days after Spriggs, the Eleventh Circuit decided an almost identical case in the same way - United States v. Vadnais, 667 F.3d 1206 (11th Cir. 2012).

Read More

Site tracks torrent users by IP address, allows database search

A new website has file sharers terrified. Somewhat. Maybe. Not really.

The website, www.youhavedownloaded.com, tracks torrent downloads against the downloader's IP address. A visit to the website will automatically display files downloaded using your current IP address. You can also do a search for a specific IP, torrent, or filename.

This Minnesota IP address downloaded
two episodes of the new tv show, New Girl.

Of course, if you have a dynamic IP assigned by your ISP, it may come back with files downloaded by others. The website claims to be able to track about 20% of downloaders, and the database contains about 52 million users. Read about IP addresses here.

The purpose of the site is to encourage users to improve their security by the use of VPNs, proxy servers, or seedboxes. For more information about these topics, read an earlier post here.

Read More

Tech Watch: New privacy add-ons and services

There are always new browser add-ons or other services being introduced to provide more privacy and security while online. Though I have never tried any of these (and also do not endorse them or guarantee how well they work), the concepts may be helpful for us to understand how they might be used.

• A service called BTGuard allows BitTorrent users to download files from the file sharing network with anonymity. The service "gives you a[n] anonymous IP address and encrypts your downloads" for $6.95 per month. Or, upgrade to a virtual private network (VPN) for $9.95 and have all of your Internet activity anonymized.
• Seedboxes have become popular in the P2P world because it provides great privacy to file sharers. All uploads and downloads are handled through an overseas server. Users may connect to the server through FTP or HTTP to find the files they set the server to download. One of the more popular services, ExtremeSeed, has services starting at $20 per month.
• Just to clarify, this means that instead of someone showing up in America as downloading illegal files, their files would show up in Luxembourg, for example. They would then enter an FTP site to download their files.
• Several browser extensions allow users to set certain domains or topics to automatically load in the browser's private browsing feature. Ghost Incognito for Chrome is preset to do this with all .xxx domains.

Have you heard of a notable extensions or privacy apps recently or do you have a question about how they work? Send an e-mail to .

Read More

Plans to manually cancel CP downloads did not negate intentional distribution

The defendant in a recent Third Circuit case argued he should have been given a two-level sentencing enhancement, rather than a five-level, because he did not intentionally distribute child pornography. He admitted to configuring his file sharing program to share images of child pornography, but he claimed that he planned to "intervene and manually [] cancel each attempted upload." Unfortunately for him, at least one image was downloaded by another user.

This argument was rejected because he could have configured the program not to share the files or he could have just not opened the program. The case is United States v. Corbett, 453 Fed. Appx. 226 (3rd Cir. 2011).

Read More

1st Circuit handles issues of required knowledge and jurisdiction in CP case

In United States v. Salva-Morales, 660 F.3d 72 (2011), released today by the First Circuit, the court analyzed two important issues: (1) whether a defendant must have actual knowledge of child pornography and (2) how to prove interstate or foreign commerce. A total of 176 images of child pornography were found on the defendant's two computers.

Salva-Morales did not testify, but several witnesses claimed he was not the sole user of the computer. A fornesics examine testified that "one hard drive indicated that twenty-two different users had saved files to it and that it was impossible to tell conclusively from the forensic data on the drives who had saved the pornographic files." The government, however, presented evidence to show that he was often alone in his business when the files were accessed. The court acknowledged that the evidence in this case was not as strong as is typically, but the case was nonetheless sufficient.

The question that the court struggled with was jurisdiction. According to statute, "The matter containing the visual depiction described above has either to have been (1) “mailed, or ... shipped or transported in interstate or foreign commerce,” or (2) “produced using materials which have been mailed or so shipped or transported, by any means including by computer....” 18 U.S.C. § 2252(a)(4). There was no great evidence to prove the files were transmitted through the Internet, though Kazaa was installed in the computer. The court noted "that the defendant need not know of the nexus so long as it exists."

The interesting argument in the case came from the government's backup argument on jurisdiction. Because the hard drives containing the images were both manufactured in Singapore, they suggested that copying images to them or from one to the other satisfied the transportation in foreign commerce requirement. The court acknowledged this argument, but refused to rule on it because the jurisdictional issue had already been decided.

Read More