Breaking: In important Fourth Amendment case (Ahrndt), federal district judge GRANTS motion to suppress

We previously wrote about United States v. Ahrndt in a series of posts, after the 9th Circuit remanded the case for further consideration of the defendant's motion to suppress. Yesterday, a federal district court in Oregon granted Ahrndt's motion to suppress evidence (CP) from his iTunes library obtained by his neighbor (and later law enforcement) through an unsecured wireless network. This is a very important development, and we will get further into it in another series of posts.

Here is what we wrote, before:

Ninth Circuit remands case involving CP found on an unsecured wireless network - Jeffrey

Examination of the technology involved in Ahrndt - Jeffrey

Ahrndt considerations on remand and cordless ≠ WiFi - Justin

Arhndt's reference to Jones, and what Jones means in the context of wireless networks - Justin

Read More

District court finds no duty owed to copyright holders for unsecured wireless network owners

In AF Holdings, LLC v. Doe, No. C 12-2049 (N.D. Cal. 2012), the court held that a person owes no duty in securing their wireless network to a copyright holder whose works are illegally downloaded over the network.

AF Holdings claimed that Doe illegally downloaded their copyrighted video using an unsecured wireless network belong to Hatfield, Doe's co-defendant. Because Hatfield failed to secure his wireless network, AF Holdings sued him for negligence, arguing he "had a 'duty to secure his Internet connection,' and that he 'breached that duty by failing to secure his Internet connection.'"

The district court held that Hatfield had no duty to AF Holdings.

AF Holdings has not articulated any basis for imposing on Hatfield a legal duty to prevent the infringement of AF Holdings' copyrighted works, and the court is aware of none. Hatfield is not alleged to have any special relationship with AF Holdings that would give rise to a duty to protect AF Holdings' copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril. 

The allegations in the complaint are general assertions that in failing to take action to "secure" access to his Internet connection, Hatfield failed to protect AF Holdings from harm. Thus, the complaint plainly alleges that Hatfield's supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.

The court also found that the claim is preempted under the Copyright Act.

Read More

Federal court addresses applicability of Wiretap Act to wireless network packet sniffing, holds data is "publicly available"

An Illinois federal district court recently analyzed the Wiretap Act as it applies to packet sniffing and held that "the interception of communications sent over unencrypted Wi-Fi networks" does not violate the statute. In re Innovatio IP Ventures, LLC Patent Litigation, No. 11 C 9308 (N.D. Ill. 2012).

The plaintiff, Innovatio IP Ventures, LLC, brought suit against multiple companies for various patent infringement claims concerning the use of wireless Internet technology in the defendants' businesses (such a hotels and coffee shops). Innovatio sent technicians to defendants' businesses in order to collect information about the infringement. The packets they intercepted contained data about the network as well as "e-mails, pictures, videos, passwords, financial information, private documents" and other data transmitted by network users. Innovatio sought a preliminary ruling on the admissibility of the data.

After a discussion of how packets are transmitted in a wireless network and the meaning of the word "intercept" in the Wiretap Act, the court determined that the proper "question is not ... whether the networks are "readily available to the general public," but instead whether the network is configured in such a way so that the electronic communications sent over the network are readily available." The Wiretap Act provides an exception if the communications are publicly available (18 U.S.C. § 2511(g)(i)). The court concluded that the communications themselves are readily available because they are "open to such interference from anyone with the right equipment" - equipment available for a couple hundred dollars and the right open source software.

The court concluded:

Any tension between that conclusion and the public's expectation of privacy is the product of the law's constant struggle to keep up with changing technology. Five or ten years ago, sniffing technology might have been more difficult to obtain, and the court's conclusion might have been different. But it is not the court's job to update the law to provide protection for consumers against ever changing technology. Only Congress, after balancing any competing policy interests, can play that role.... Unless and until Congress chooses to amend the Wiretap Act, the interception of communications sent over unencrypted Wi-Fi networks is permissible.

An argument had also been made that the interception violated Pen Registers and Trap and Trace, but the court found that the argument was not properly briefed and declined to apply the statute. Thus, the court found the evidence to be admissible.

Read More

Arhndt's reference to Jones, and what Jones means in the context of wireless networks

This is the final post of a four-part series from Cybercrime Review on the Ninth Circuit's Ahrndt decision and the important legal issues concerning wireless networks.

The most interesting portion of the 9th Circuit’s Ahrndt decision may be this line: “[t]he court should also evaluate whether a search occurred in light of Jones, 132 S. Ct. 945, decided after the district court’s original ruling.” Notably, this is the second to last line in the decision but is the most intriguing and ripe for analysis. First, it raises the question of whether that line was thrown in as an afterthought, to acknowledge Jones as possibly pertinent, but ultimately punting the issue back to the district court to delay addressing Jones at this juncture. (The probable answer to this question is “yes”). Second, and more importantly, it is unclear whether this line is subsumed in the court’s discussion of a person’s reasonable expectation of privacy (which is directly above it and pervades the text) or is an independent statement made as part of the overall decision’s conclusion. I will elaborate on the former possibility first, and then address the latter possibility second.

If the Ahrndt decision’s reference to Jones implicates a person’s reasonable expectation of privacy, then the court cannot be referring to Justice Scalia’s majority opinion in Jones, which is not rooted in the Katz line of cases, but in 18th century trespass. This is fascinating because it would be explicit recognition by a federal circuit of Justice Alito and Sotomayor’s concurring opinions (which resolve Jones within Katz) as having precedential force. Let me restate the implication just to be clear: a federal circuit is asking, on remand, that a district court analyze a factual situation involving no obvious (or typical) physical trespass, in light of Jones – a case which held a search occurred because of a physical trespass concomitant with the intention of obtaining information. Simply put, Justice Sotomayor’s words are crystalline here:

Nonetheless, as Justice Alito notes, physical intrusion is now unnecessary to many forms of surveillance. . . . In cases of electronic or other novel modes of surveillance that do not depend upon a physical invasion on property, the majority opinion's trespassory test may provide little guidance. But ‘[s]ituations involving merely the transmission of electronic signals without trespass would remain subject to Katz analysis.’ . . . As Justice Alito incisively observes, the same technological advances that have made possible nontrespassory surveillance techniques will also affect the Katz test by shaping the evolution of societal privacy expectations.

While Scalia did not shoot down Katz, but merely supplemented Fourth Amendment jurisprudence with yet another test, it should be noted that Jones is already causing confusion in the lower courts.

Should the Ninth Circuit's reference to Jones implicate trespass, as portrayed by Justice Scalia in Jones, it would be a sea change in jurisprudence in this area. The key underpinnings of essentially all reservations of privacy post-Katz (involving non-trespassory/property invasions) have been examined through a different looking glass – the reasonable expectation of privacy. For example, Amy Peikoff stated “[Justice] Stewart, like Brandeis and Douglas before him, want[ed] to disengage the notion of a Fourth Amendment ‘search’ from any remnant of the trespass doctrine. He, too, want[ed] to keep as many options open as possible, with respect to what does or does not constitute a search.” If the Ninth Circuit is invoking Jones to examine the current situation, based on property notions, we are either taking a step back, or taking a step far to the side. See my earlier post on WiFi as physical trespass as evidence of this side-step.

Read More

Examination of the technology involved in Ahrndt

This is the second of a four-part series from Cybercrime Review on the Ninth Circuit's Ahrndt decision and the important legal issues concerning wireless networks.

Understanding the technology involved in the Ahrndt decision is essential. As I've covered in previous posts (here), the case involved a neighbor's use of Ahrndt's unsecured wireless network. She didn't have permission to use it, but she could freely connect because of her proximity to his router. Once connected, she opened iTunes, noticed Ahrndt was sharing media files, and connected to his computer when she noticed some files appeared to be child pornography.

Wireless Networks

Thus, the first technology issue is the unsecured wireless network. The court emphasized that Ahrndt had no subjective expectation of privacy because of his knowledge of computers and employment with Hewlett Packard. Though this may be less applicable to him, setting up a secured wireless network is not the easiest task. It requires understanding how to enter the IP address into a browser and choosing between a variety of security options, knowledge that isn't common even among frequent computer users. The subjective expectation aside, the Ahrndt trial court would have found that no objective expectation of privacy existed because no security was enabled on the network.

Click the image for a larger view.

iTunes Sharing

The sharing of files in iTunes is the second issue. The feature allows iTunes users to share their media files with others on the same network. Each computer sharing files is listed within the iTunes program (shown in the image to the left). Users simply click on the computer name and can begin to browse that user's iTunes library. Once connected, the user can play music and watch videos (depending on the settings). They cannot, however, download those files to their computer. It's a use-only license. The feature, now called "Home Sharing," enables users to connect from other computers, iPods, iPhones, and iPads on the network.

Since Apple added the feature to the iTunes application, it has required users to enable the share feature. They must enter the program settings and select "Share my library on my local network" (shown in the images to the right). Users can then restrict the types of files that are shared and even require a password for accessing their media library.

What was Ahrndt thinking?

It's very likely that Ahrndt didn't realize he was sharing child pornography with his neighbors. Assuming it wasn't intentional, what are the possibilities for explaining this?

• Wireless routers' signals have various strengths and can be picked up across varying distances. Perhaps he did not realize the signal would go as far as his neighbor's home (his had a 400 foot range, and the neighbor lived 150 feet away).
• It's very possible that he did not enable the sharing. If he had not done so, there would have been no way of knowing without often checking the settings to ensure it was disabled.
• Ignorance is another option. He may not have thought a neighbor would attempt to connect. He might have actually used the iTunes share feature to connect it to his iPod. And, yes, he worked for HP, but that doesn't mean he is an expert about wireless routers and Apple software.

Whatever he might have been thinking, he was obviously wrong in thinking it.

Read More

Ninth Circuit remands case involving CP found on an unsecured wireless network

This is the first of a four-part series from Cybercrime Review on the Ninth Circuit's Ahrndt decision and the important legal issues concerning wireless networks.

In United States v. Ahrndt, 2012 U.S. App. LEXIS 6976 (9th Cir. 2012), the Ninth Circuit reversed and remanded the denial of Ahrndt's motion to suppress evidence obtained from his unsecured wireless network. The court found the record was missing important facts necessary to reach the conclusion that Ahrndt had no reasonable expectation of privacy in files shared on his wireless network. The court identified several questions that should be addressed on remand.

Ahrndt's neighbor's computer allegedly connected to his unsecured wireless network without her permission. She then opened iTunes and saw that someone on the network was sharing media files - some of which appeared to be child pornography. She contacted law enforcement, and they asked her to show them the images (she had not opened them in her private search but did so at the officer's request). A search warrant was then obtained for police to access the network so as to ascertain the IP address. They were then able to track the account to Ahrndt, and a second warrant was obtained to search his home. At trial, Ahrndt argued for suppression of all evidence, suggesting the initial viewing violated the Fourth Amendment, and evidence found later was fruit of the poisonous tree.

The issue, as determined by the trial court, was "whether the Fourth Amendment provides a reasonable, subjective expectation of privacy in the contents of a shared iTunes library on a personal computer connected to an unsecured home wireless network." United States v. Ahrndt, 2010 U.S. Dist. LEXIS 7821 (D. Or. 2010).

Ahrndt "argued that a wireless network should be given no less protection than a hardwired network under the Fourth Amendment," but the court found that "different communications hardware and technologies carry different reasonable expectations of privacy. As an example, the Eighth Circuit has held that wireless phones are distinct from wired phones in terms of privacy. The court then found that wireless phones and wireless networks should be treated equally because "they transmit data over radio waves." The judge concluded:

As a result of the ease and frequency with which people use others' wireless networks, I conclude that society recognizes a lower expectation of privacy in information broadcast via an unsecured wireless network router than in information transmitted through a hardwired network or password-protected network. Society's recognition of a lower expectation of privacy in unsecured wireless networks, however, does not alone eliminate defendant's right to privacy under the Fourth Amendment. In order to hold that defendant had no right to privacy, it is also necessary to find that society would not recognize as reasonable an expectation of privacy in the contents of a shared iTunes library available for streaming on an unsecured wireless network.

The court then found that no reasonable expectation of privacy existed in the shared iTunes files. The government argued that the sharing was similar to peer-to-peer file sharing, but Ahrndt said it was akin to "having a conversation behind a closed, but unlocked door." The trial court disagreed, finding that

[w]hen a person shares files on LimeWire, it is like leaving one's documents in a box marked "free" on a busy city street. When a person shares files on iTunes over an unsecured wireless network, it is like leaving one's documents in a box marked "take a look" at the end of a cul-de-sac. I conclude that iTunes' lesser reach and limit on file distribution does not render it unlike LimeWire in terms of its user's reasonable expectation of privacy.

An argument that the iTunes files were protected under the ECPA was also struck down "because the wireless network and iTunes software were configured so that the general public could access them."

Finally, Ahrndt had no subjective expectation of privacy because he should have been aware that his wireless network was unsecured and his iTunes files were shared. He worked for Hewlett-Packard, had "an intermediate level of computer knowledge," and should have known how to protect his network or turn off iTunes sharing.

The questions identified by the Ninth Circuit to be answered on remand are:

• As a technical matter, is sharing files over a wireless network accurately characterized as a "broadcast" of the contents of those files, such that JH's computer simply intercepted Ahrndt's images outside Ahrndt's home? Or, alternatively, did the act of connecting to Ahrndt's network, accessing his library and opening the image involve sending wireless signals into Ahrndt's home to communicate with his router and computer? 

• Did Ahrndt intentionally enable sharing of his files over his wireless network? If not, did he know or should he have known that others could access his files by connecting to his wireless network? 

• Was the image in "Dad's LimeWire Tunes" library that JH and McCullough opened accessible over the Internet by Limewire users at the time JH and McCullough accessed the files, or at any time prior? 

Please visit Cybercrime Review for more coverage of the Ahrndt decision in the coming days as we discuss the legal arguments, the technological issues, and other peculiarities with this decision.

Read More