From Casetext: Smarter Legal Research

United States v. Stepus

UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS
Mar 12, 2018
Case No. 3:15-cr-30028-MGM-1 (D. Mass. Mar. 12, 2018)

Opinion

Case No. 3:15-cr-30028-MGM-1

03-12-2018

UNITED STATES OF AMERICA, Plaintiff v. VICTOR STEPUS, Defendant


MEMORANDUM AND ORDER REGARDING DEFENDANT'S MOTION FOR ADDITIONAL DISCOVERY MATERIALS
(Dkt. No. 160)

I. Background

Defendant Victor Stepus' ("Defendant") arrest and subsequent indictment for child pornography related charges arose from a wide-ranging investigation conducted by the Federal Bureau of Investigation ("FBI") of a child pornography website called "Playpen." See United States v. Levin, 874 F.3d 316, 318, 320 (1st Cir. 2017). The Playpen website was only accessible through the "Tor" internet network, which, along with similar networks, is known as the Dark Web. See id. at 319. Users access the Tor network by downloading the Tor software. See id. "By masking its users' actual IP addresses — which could otherwise be used to identify users — that software offers its users much greater anonymity than do conventional web browsers." Id.

The FBI seized control of the Playpen website pursuant to a warrant in February 2015. See id. at 320. Thereafter, they ran the Playpen website in the Eastern District of Virginia for approximately two weeks. See id. at 320. A warrant issued by a magistrate judge in that district "permitted the FBI to install the [Network Investigative Technique ("NIT") software] on its server that hosted Playpen, and thereby to obtain information from '[t]he activating computers [which] are those of any user or administrator who logs into [Playpen] by entering a username and password.' The warrant authorized the FBI to obtain seven items of information . . . [including] the activating computer's actual IP address." Id. at 318, 320.

Using the NIT software, the FBI collected hundreds of IP addresses from users of the Playpen website, including an address associated with Defendant's computer located at his home in Chicopee, Massachusetts. See id. at 320; United States v. Gaver, Case No. 3:16-cr-88, 2017 WL 1134814, at *1 (S.D. Ohio Mar. 27, 2017); United States v. Stepus, Criminal Case No. 15-30028-MGM, 2016 WL 6518427, at *1 (D. Mass. Oct. 28, 2016). After obtaining a warrant from the undersigned, FBI agents searched Defendant's home on August 21, 2015 and seized four computers and numerous digital DVDs that Defendant indicated contained child pornography (Dkt. No. 1 at 3, 5). See Stepus, 2016 WL 6518427, at *1. During an audio-recorded interview with the FBI, Defendant admitted that he had used his home computer to access and download child pornography during the past several years (Dkt. No. 1 at 4). Defendant was subsequently indicted by a Grand Jury for the United States District Court for the District of Massachusetts and charged with three counts of receipt of material involving the sexual exploitation of minors, in violation of 18 U.S.C. § 2252(a)(2), and one count of possession of material involving the sexual exploitation of minors, in violation of 18 U.S.C. § 2252(a)(4)(B) (Dkt. No. 15).

On September 26, 2017, Defendant moved to compel the government to produce "the actual [NIT] source code written by [g]overnment programmers to create the exploit and the payload, as well as a description of the process used by the exploit to deliver and use the payload on a given computer" (Dkt. No. 160). The United States of America ("the government") opposed Defendant's motion (Dkt. No. 165) and Defendant responded (Dkt. No. 168-1). After hearing from the parties on February 9, 2018, the court DENIES Defendant's motion for the reasons that follow.

II. Discussion

A. Legal Standard

Defendant cites Federal Rule of Criminal Procedure 16(a)(1)(E) in support of his Motion for Additional Discovery Materials. Rule 16(a)(1)(E) states:

[u]pon a defendant's request, the government must permit the defendant to inspect and to copy or photograph books, papers, documents, data, photographs, tangible objects, buildings or places, or copies or portions of any of these items, if the item is within the government's possession, custody, or control and: (i) the item is material to preparing the defense . . . .
Fed. R. Crim. P. 16(a)(1)(E). "The defendant, as the moving party, bears the burden of showing materiality." United States v. Goris, 876 F.3d 40, 44 (1st Cir. 2017). The First Circuit recently stated that "a showing of materiality requires 'some indication' that pretrial disclosure of the information sought 'would have enabled the defendant significantly to alter the quantum of proof in his favor.'" Id. at 45 (quoting United States v. Ross, 511 F.2d 757, 763 (5th Cir. 1975)).

B. The Requested Information is not Material.

Defendant relies on another Playpen case, United States v. Tippens, No. 3:16-cr-05110-RJB, No. 2:15-cr-00387-RJB, No. 2:15-cr-00274-RJB, 2016 U.S. Dist. LEXIS 184174 (W.D. Wa. Nov. 30, 2016), to support his request. In Tippens, the government utilized the same NIT as was used in the present case and "offered to stipulate for trial purposes that an exploit can make changes to security settings that would allow a third party to run commands on a computer without the computer user's knowledge." Tippens, 2016 U.S. Dist. LEXIS 184174, at *10. Defendant avers that changes allegedly resulting from deployment of the NIT could have allowed a third party to "access, modify and store information on the Defendant's computer without leaving traces of their actions" (Dkt. No. 168-1 at 1-2).

Although the government made the offer to stipulate, ultimately no stipulation was reached. Tippens, 2016 U.S. Dist. LEXIS 184174, at *10.

Defendant offers the affidavit of his computer expert, Robert Young, to buttress his request (Dkt. No. 168-3). Young states that access to the government's exploit source code is necessary to "determine whether or not the Exploit altered any security settings, or whether or not the Exploit took steps to ensure the actions it took would not leave the Defendant's computer more vulnerable, and whether or not the Government itself did more than just force the Defendant's computer to run the NIT" (Dkt. No. 168-3 at ¶8).

The government responds that Defendant has not met his burden to demonstrate materiality because he has not made a "showing of how the 'exploit' would be relevant to any issue at trial or could lead to any useful evidence for the defense" (Dkt. No. 165 at 4). To support its argument that "the NIT computer code already provided by the government meets any need the defendant might reasonably articulate," the government submitted the Declaration of FBI Special Agent Dan Alfin, who states that the packet capture ("PCAP") data provided to Defendant as discovery "allows . . . [D]efendant to reconstruct the exchange and see exactly what information was transmitted from [Defendant's] computer to the government computer" (Dkt. No. 165-1 at ¶ 11). Responding to Defendant's contention that the exploit may have left the defendant's computer vulnerable to a third party, Alfin states that "[t]he exploit process did not make any changes to the defendant's computer" (id. at ¶ 9). For the following reasons, the government's position is persuasive.

First, Defendant has failed to demonstrate the likelihood that the exploit compromised the security of his computer. Despite having the opportunity to examine Defendant's computer, to examine portions of the NIT code, and to test the effect of the NIT on Defendant's computer, so far as appears from the record, Defendant's expert either has not taken these steps, or these steps have not produced any results that would support Defendant's theory. Defendant submits no evidence that the security features of his computer were altered and that it was later hacked. Instead, he relies on mere speculation to support his claim that his computer was vulnerable to a third party. See Goris, 876 F.3d at 45 ("If . . . a defendant's discovery request is grounded in a speculative theory, a district court's decision to deny the request is not an abuse of discretion.").

Second, the government cites cases involving the Playpen investigation in which other courts have denied similar discovery requests, finding that the defendants failed to show that the requested information would be material to their defense (Dkt. No. 165 at 7-8). See, e.g., United States v. Ammons, CRIMINAL ACTION NO. 16-CR-011-TBR-DW, 2017 U.S. Dist. LEXIS 82030, at *3-4 (W.D. Ky. May 30, 2017) (finding requested information immaterial); Gaver, 2017 WL 1134814, at *3-4 (same); United States v. Owens, Case No. 16-CR-38-JPS, 2016 WL 7351270, at *6 (E.D. Wis. Dec. 19, 2016) (same); United States v. McLamb, 220 F. Supp. 3d 663, 675-76 (E.D. Va. 2016), aff'd, 880 F.3d 685 (4th Cir. 2018) (same); United States v. Jean, Case No. 5:15-CR-50087-001, 2016 WL 6886871, at *7 (W.D. Ark. Nov. 22, 2016) (same); United States v. Darby, CRIMINAL NO. 2:16cr036, 2016 U.S. Dist. LEXIS 178175, at *15-17 (E.D. Va. Aug. 12, 2016) (same). But see Tippens, 2016 U.S. Dist. LEXIS 184174, at *39 (applying Classified Information Procedures Act ("CIPA"), finding requested information material, but denying motion to compel because defendants failed to show it would be "relevant and helpful" to their defense); United States v. Michaud, Case No. 3:15-cr-05351-RJB, at 1 (W.D. Wash. May 25, 2016) (stating orally on the record that the full source code was material as "central to the case," and suppressing all evidence derived from the NIT). The vast majority of courts that have considered discovery requests like Defendant's have found that the Playpen defendants failed to show that the information sought was material to their defense.

The full text of the oral opinion in Michaud explaining the court's reasoning was submitted as part of a Motion to Compel in United States v. Owens, and is available in the Owens docket. See Owens, 2016 WL 7351270, at *4 (Dkt. No. 76-4 at 17-22).

Finally, the possibility that the material found on Defendant's computer had an origin other than through Defendant's actions is further diminished by the presence of numerous DVDs containing child pornography found in Defendant's home (Dkt. No. 1 at 6 ¶ 15). Defendant's allegation that other individuals might have hacked into his computer and planted child pornography subsequent to the government placing the NIT code could explain, if believed, the presence of child pornography on the computer. However, it would not explain Defendant's access of the Playpen site, his admissions during an interview with a government agent, or the presence of DVDs that he stated contained child pornography and that were recovered from his home during the execution of the search warrant.

C. The Requested Information is Subject to a Qualified Law Enforcement Privilege

Even if the NIT source code were material to the defense, which it is not, there is an alternative ground for denying Defendant's Motion for Additional Discovery Materials. The requested information is subject to a qualified law enforcement privilege, as its disclosure would be harmful to the public interest. Courts in other Playpen cases have widely held that the Defendant's need for the requested information "is greatly outweighed by the government's need to keep it secret." Gaver, 2017 WL 1134814, at *4. See, e.g., Tippens, 2016 U.S. Dist. LEXIS 184174, at *30-31 (finding remaining NIT code subject to state secrets privilege after in camera hearing); Jean, 2016 WL 6886871, at *7 (finding requested information subject to Qualified Law Enforcement Privilege after reviewing a confidential government affidavit in camera); Darby, 2016 U.S. Dist. LEXIS 178175, at *17 (finding, after reviewing a confidential government brief, that the exploit code is protected by the law enforcement privilege).

The government has offered to present evidence in support of its privilege claim through an ex parte and in camera evidentiary hearing (Dkt. No. 165 at 8-9). In view of the number of courts which have examined the government's information and held that the requested information is subject to a qualified law enforcement privilege, and considering that Defendant has not put forth any credible argument that the information is material to his defense, an evidentiary hearing in this case is not necessary. A showing by the government of the technical details supporting its privilege claim would not further assist the court. See United States v. Matish, 193 F. Supp. 3d 585, 599-600 (E.D. Va. 2016) (finding in camera inspection of the exploit unnecessary since defendants offered no evidence showing how the information would be helpful to the defense).

IV. Conclusion

For the foregoing reasons, Defendant's motion for additional discovery materials (Dkt. No. 160) is DENIED

It is so ordered. Dated: March 12, 2018

/s/ Katherine A. Robertson

KATHERINE A. ROBERTSON

UNITED STATES MAGISTRATE JUDGE


Summaries of

United States v. Stepus

UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS
Mar 12, 2018
Case No. 3:15-cr-30028-MGM-1 (D. Mass. Mar. 12, 2018)
Case details for

United States v. Stepus

Case Details

Full title:UNITED STATES OF AMERICA, Plaintiff v. VICTOR STEPUS, Defendant

Court:UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS

Date published: Mar 12, 2018

Citations

Case No. 3:15-cr-30028-MGM-1 (D. Mass. Mar. 12, 2018)