The Silk Road, Hacking, and the 4th Amendment
This week I will be talking about the arrest and prosecution of Ross Ulbricht. Ulbricht was convicted for being the Dread Pirate Roberts which was the online persona of the owner and manager of the Silk Road, a black market website. The FBI, through its investigation of The Silk Road, used methods of investigation that could very well have been a violation of Ulbricht’s 4th Amendment rights. The evidence was admitted anyways. In this blog post I will be discussing why that happened and what I think should have been done about it.
You may ask, “Drew, how could evidence that you believe is a Fourth Amendment violation get admitted?” The answer, it’s complicated. The official reason the evidence got in was a technicality. As covered by Andy Greenberg, the Government did not have to prove that they did not violate Ulbricht’s rights because he never claimed to have an ownership interest in the server that was discovered to be hosting the Silk Road. To understand this, you may need a little more background on the story.
The defense team made the strategic decision to deny that Ulbricht was the Dread Pirate Roberts, the persona in charge of the Silk Road. To achieve this end and to make sure Ulbricht was not open to impeachment on cross examination, the defense team decided to not claim any knowledge much less ownership in the server or electronically stored information held on it. With this decision, regardless of the strength of the defense’s motion to suppress (and we will get to this next), there was no way to claim a violation of Ulbricht’s rights.
The motion to suppress filed by the defense(the first portion of the file) was very impressive. They built a very strong case for a violation of Ulbricht’s rights. It mainly boiled down to an argument that almost all the evidence collected against Ulbricht was fruit of the poisonous tree. The case that the government presented was based on the server that was previously mentioned found in Iceland. How exactly did they find this server? It is not exactly clear and, as previously stated, because of defense strategy it did not have to be disclosed. The server in question would seem to have been impossible to find. The Silk Road was a website on the darknet and could only be accessed through the TOR browser. The only payment method accepted on the Silk Road was bitcoin which is a crypto currency that is also supposed to be untraceable. The way that these two emerging technologies were used in tandem should have made the server basically invisible, but the FBI found it and copied all of its file AND used it to infiltrate Ulbricht’s criminal enterprise.
The defense’s argument basically claimed that the FBI hacked the server somehow to collect the evidence that originally pointed to Ulbricht. They then used that evidence, allegedly illegally obtained, to get new warrants and close in on Ulbricht. This would seem to be a violation of the Fourth Amendment no matter how you look at it. Here’s where it gets tricky for me, I do not know what the government could have done to stop the Silk Road. It is a completely new type of criminality. It is blatant and operating in the public space, where drugs dealers used to not be able act, and yet it was basically untraceable. The market place allowed for the sale and purchase of weapons of almost any variety, drugs, and even fake government documents including passports, IDs, and Social Security cards. This is definitely a national security threat especially in today’s world with terrorist groups attempting to attack innocent civilians in any place possible. So, while I agree that the government should not be breaking the rules as it appears they did in this investigation, I also do not think that they had any other options in this case.
In their response the government laid out their arguments for a lack of fourth amendment violation. They make interesting arguments for why they do not believe that they violated Ulbricht’s rights Including the fact that they turned the information about the presence of the server over to Iceland and let their own courts settle how to seize the server. This process would allow them to not have to worry about the violating the Fourth Amendment, but it still begs the question of how they possibly knew of the server in the first place?
Finally, it has recently come out that the FBI may have paid Carnegie Mellon to break the TOR browser encryption. This would be an interesting end around on the Fourth Amendment again because it would be a private entity breaking the law not the government. As a strong advocate for a free and open internet, I do not know how I feel about this either. This is especially true when it was not broken only to see criminals, but actually any and every person on the Tor browser.
I clearly do not know what we should do to fix a situation with such blatant almost mocking criminality in the future. I also do not know if Ulbricht’s conviction will stand. I currently am leaning towards the feeling that it will be overturned. Either way I am excited to see what you guys think about this problem and read the solutions you can come up with as well.
Criminal Law in the Virtual Context 
This is a super-tricky issue and such a hard thing to take a stand on, so I don’t envy Drew’s task on having to write a paper on it.
The reasoning seems very sound as far as Ulbricht not being able to claim his Forth Amendment rights were violated when he won’t even claim ownership, but my question is hasn’t someone’s Forth Amendment right been violated regardless? If so, how should that effect admissibility?
It definitely does not seem totally above board if the government was paying Carnegie-Melon to do its dirty work with TOR networks as and end-around the Forth Amendment, but I am kind of with Drew in that I just cannot bring myself to feel too much sympathy for those negatively affected. Even though in my comment to Alex’s post a couple weeks ago I kind of defended some of Ulbricht’s reasoning behind the online drug dealing, the fact is, the dark net enables and facilitates so many other dangerous activities and is so unique, that I am not going to get too upset with the government here. If this was really the only way it could crack down on something that might enable child pornography in any way, then it is probably worth just doing whatever it takes to stop it rather than waiting for what could be an extended period of time for technology to develop a better way to track the dark net. (http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects).
I’ll try to do my best to dig into the government for what they did, or didn’t do, in this case (though, I do find Ulbricht clearly guilty of criminal activity and find his self-justifications to be base).
As I understand it thus far, there are two arguments involved in this case that are problematic. The first is that due to Ulbricht’s defense claiming that he did not own the server, his 4th Amend rights are thus non-existent and it hence does not matter what methods the government used in either finding its location, or accessing its files. The second is that even if there were any 4th Amend violations, it was not the government which had so violated them, rather Carnegie-Melon.
Regarding the first, I do find it a bit unsettling that it’s almost clear cut, “Well you didn’t own that server, so we could get into it all we wanted and there’s nothing the Constitution can do for you. Sorry kid.” Though not a pure analogous situation, in fact it may be a bad one, it makes me wonder what sort of argument could be made if there the owner of a car and their friend went for a drive, and the owner stopped at a market it, running in for a while with the friend waiting in the car. Since the owner is not there and it is only the friend whom has no ownership rights be searched? [I know this isn’t a strong argument, but I’m just using it to attempt getting a point across.]
For the second, this is what I find more concerning. How is it that the government can attempt to weasel its way out of a violation, if there is one, by claiming that it was not them but the private entity which engaged in the criminal activity to obtain whatever information? What about a private entity acting on behalf of the government, with such a level of government authority, as to be viewable as the government itself? Though it is tort law, can’t the government in some way be found vicariously liable through the actions of its agents, contractors, w.e. Wouldn’t Carnegie-Melon, in this instance, be held as some sort of independent quasi-agent of the government. Regardless if there was independent research originally going on at the school that the government sought to reap the benefits of. The moment that the information became directed for a specific use, it ought have sufficiently connected the government to whatever process was used in obtaining the information.
My overall feeling with all of this is simply that, whatever responses this particular case may invoke, it is important to remember not only what the government has done with its power, but what it might do with it in the future. Every single time government gets a hold of a new ability or semblance of power over a new area, it flexes that muscle to an extent no one ever thought it would before.
As a human being, I firmly advocate the use of any means necessary to bring down the criminals who run dark sites like Silk Road, Onion net, etc. But as a lawyer, I have to take the opposite approach. While I love the end goal that was achieved, I cannot support the abrogation of someone’s constitutional rights to achieve that end. The law is but one of many fields where the ends cannot be allowed to justify the means.
I know that the government gets around Constitutional rights all the time; Guantanamo Bay is just one in a long string of examples of this (the Patriot Act being another). When people are scared, they are willing to sign away their rights or privileges to have someone come in and protect them. (See https://www.youtube.com/watch?v=cp069Y_P-9M ). But as lawyers, it’s part of our job (and our oath) to uphold the Constitution of the United States ( http://www.floridabar.org/tfb/TFBProfess.nsf/basic+view/04E9EB581538255A85256B2F006CCD7D?OpenDocument ). We are the first line of defense in ensuring that even the worst criminals in the world, like murderers, terrorists, and traffickers get the trial that they deserve.
I dislike everything about what Ross Ulbricht did with the Silk Road. The human suffering that he helped facilitate is incalculable. But even then, he deserves a fair trial, with evidence that was not illegally obtained (even if by a quasi-government agent, Carnegie-Mellon) and with lawyers who ensure that his rights are upheld. Though it kills me inside to say it, I hope that the case is reversed, and Ross gets a new, properly conducted trial.
Sidebar: If the government paid Carnegie-Mellon to break Tor’s encryption, why not just assume control of the program they used and use it themselves? By involving Carnegie beyond the development of the software it becomes fairly clear that they were expressly trying to circumvent violating Ulbricht’s 4th Amendment rights, which for lack of a better word, is shady as hell.
This was a very interesting read. I have been listening to Drew go through his analysis of this topic for the last couple weeks and agree that it is a very tricky question. It was definitely a catch-22 in deciding whether or not to claim the server. I saw in one of the articles that had Ulbricht claimed the server in a pre-trial motion, the judge would have allowed that claim not to be used against him in the trial. The only way it could have was if he took the stand and that seems fair.
I am just concerned with the whole scenario. Ulbricht was clearly breaking the law and flaunting that he was doing so, however I think the way the government went about locating the server was wrong. Especially paying Carnegie-Melon to do the hacking for them. The whole thing just seems wrong to me. However I am in agreement with the other commenters that I am not too upset with what the government did because the Silk Road needed to be shut down. I think this topic is important because we can’t just allow the government to do whatever they want all the time just to take down a criminal. There have to be some boundaries so I think the appeal of this case is going to be very important.
I am fascinated with the alleged connection between the government and academia. Without speculating on who did what, I take issue with the extended attack on Tor’s network from January – July 2014.
If it was research, it loses its status as research when it became a proxy for privacy invasion without obtaining informed consent from the research participants. I think (and I hope) these deanonymyzation attacks were performed in the name of academic research and then somehow law enforcement got involved at the request of the researchers. Any other way is just unacceptable.
I wonder if the FISA Court was involved in any of this. There are exceptions to 4th Amendment warrant requirement if it is in the interest of national security. This is known as the “special needs” exception and applies to anyone suspected of being involved in cyber attacks, terrorism, or espionage.
Perhaps Carnegie Mellon was suspected of being involved in cyber attacks and the government used warrantless search to get to them. In other words, the government itself being on Tor was perhaps a victim of the attack and then they got to thinking that they need to meet the attackers because if the attackers could deanonymize the government then they had what the government wanted. And then, when they traced the attackers they ended up at Carnegie Mellon. Instead of getting busted (I’m not sure what for, but I do trust there is some law on the books against that type of cyber attack), maybe carnegie mellon offered to “share” the research results. Win – Win for all.
We can all assume what we want but it seems safe to say the government did not perform this attack. If that’s the case then the government should have disposed of the fruits of the defective search as there was no terrorism just “research”. I am all in favor of the government casting a really wide net when it comes to keeping us safe, but the line needs to be drawn there. Information related to other activities that may be illegal should not be maintained or acted upon by the government if it is unrelated to the security interest of our nation.
Just as many professions such as the legal, medical, and accounting professions adhere to model rules of ethical conduct, we should expect our government to adhere to similar standards. The task is to protect the public, not police and babysit every transaction so as to maximize criminal conduct.
As for Ulbricht’s case, I think the catch-22 of claiming an ownership interest in the server from Iceland is not consistent with the spirit of the 5th amendment. In my opinion, I think Ulbricht was prejudiced because of how he chose to defend himself. I think the denial of the motion to suppress goes more to being prejudiced for defense theory rather than being defective for failing to claim an ownership interest in criminal evidence. The government had years invested in this case (which also reeks of 4th amendment violation — if it takes years to make an arrest then how justified are the warrants, even if lawfully obtained) and just could not afford to lose this case.
Thanks for our last blog post, Drew, and I look forward to discussing more on Wednesday! I can’t believe how quickly the semester has flown by.
Interesting topic. I am very interested in the fact that the FBI may have paid Carnegie Mellon researches to assist in the attack on Tor. I would think that if the researchers were directed by the FBI to execute the attack, then that would be a privacy violation. Maybe if the researchers acted on their own without FBI involvement and later handed over information to the FBI, that would be ok. However, because it’s also alleged that the university was paid, I don’t think the FBI could claim that.
Though I agree with Drew that this is a violation of privacy, I echo other commenters’ sentiment that it’s hard to feel bad for Ulbricht. I wonder if it would have been better for him to claim ownership of the server in a pretrial statement. (http://www.wired.com/2014/10/silk-road-judge-technicality/). The judge seemed to think that was an option, but I wonder if the motion to suppress have been denied anyway.
Interest post, Drew. This is honestly such a crazy thing that we will never have the answer to. It’s interesting that the court did not take a stronger stance on enforcing the arguments of Ulbricht’s team. I agree with the premise that they made strong arguments because that is exactly what the 4th amendment is supposed to protect. On the other hand, I’m not sure I believe that the “there was no other way” argument should’ve held up in court. The idea that the gov’t paid the school to break the law for them does not make the evidence any more legal than if they did it themselves. If that’s true, Ulbricht’s team could have a claim against CM too. You bring up a good point of what the government might do with the power they exercised in this case. We’ve talked a lot about privacy and individual freedoms in class and, though Ulbricht is a big time criminal, those are the things we are entitled to as Americans. Although this is a new, unique type of crime, the government should still be held to follow the rules. The argument could be made that the right result was achieved, but I am a believer in process over results.
Very interesting topic! I can finally say I understand a little bit more about the silk road.
I thought this was an interesting case. For Ulbricht to make a Fourth Amendment claim he would have to have a subjective expectation of privacy that is objectively reasonable and even if you could claim that privacy to an internet site is objectively reasonable to make a subjective claim, he would have to claim the site as his. Claiming the site as his would be an admission of guilt and the State would win anyways.
Should the State be allowed to trap you into admitting you are guilty of a crime just so you can prove that the State obtained illegal evidence? However, in that case could you plead the fifth? Also, would the State have to have a second trial in that case or would the judge have to find you guilty in the first trial?
Normally the Fourth Amendment right doesn’t apply to a search by an individual, but the fact that the FBI paid Carnegie Mellon would most likely make him a state actor, in which case the Fourth Amendment would apply and Ulbricht would be in the same situation that he is in now.
Look forward to Wednesday’s discussion!
If this class has taught me anything, it’s that the Internet is a crazy, place with endless possibilities for criminals and our classmates and colleagues are going to have to figure out a way to constitutionally police and protect this free space. Drew’s post is very interesting to me because the topic of my paper also touches on Fourth Amendment issues. I’m writing about Fourth Amendment protections relating to social media content used in criminal proceedings. My main argument is that there should be a reasonable expectation of privacy because that expectation, as discussed in Katz, is one that attaches to a person not a physical space. If Ulbricht reasonably believed he had a reasonable expectation of privacy, then the search seems unconstitutional. However, that argument is a real stretch considering that the server information was considered property and his admission and belief would prove his guilt. EN1
A previous comment talked about the FISA Court and its potential involvement in this case. As I understand the law now, if the government claims its investigation’s purpose was for national security reasons, the search and any investigation likely will be constitutional. The FISA Court has way too much power, and if the government relies on the FISA Court’s proceedings and procedures, it likely will be able to do whatever it wants.
I think Ulbricht had no chance to win his argument based on how it was framed. Looking forward to our class discussion this week.
EN1: http://www.slate.com/articles/business/moneybox/2014/10/silk_road_ross_ulbricht_argues_against_feds_on_fourth_amendment_hacking.html
Thanks Drew for our last post and it certainly gives us food for thought. The Silk Road case would be a great Criminal Procedure exam question as it provides so many moving parts to think about.
The Supreme Court established the rules for standing years ago. All defense lawyers know the defendant must claim an interest in what was seized. You can do so in order to make the suppression motion. Whatever you admit during that process is not admissible at trial, unless of course you take the stand and lie. I don’t see this as rejecting the motion on a technicality although I do understand why a lay person would think so. We may not like the standing rules, but for the moment, that’s the law.
The more difficult issue to me rests on how did the government get to the servers in Iceland. It may be difficult to trace things that happen on the darknet, but with enough time and money, government can find what they want. Bitcoins are not supposed to be traceable, but human activity is traceable. We find people who violate the law because eventually they make a mistake. When the government takes down someone using Bitcoin improperly or even stealing Bitcoin, it is normally because the person makes a mistake and leaves a trace. Sometimes we find them when government acts illegally, but i isn’t always that. In order to determine whether a fourth amendment violation occurred we really do need to know how the servers were identified. If the servers were identified legally, then we leave it to the courts in Iceland to determine whether the seized information can be released. We would look to the principles of comparative criminal procedure. You see how I can get those plugs in for international law!
I actually should have pointed out that the allegation regarding Carnegie Mellon’s work on Tor came about as a result of the bust of Silk Road 2.0. It’s an interesting question though. Was Carnegie-Mellon acting as an agent for the government when it hacked thereby suggesting the hack was illegal or were they just a research institution who received a grant from the U.S. government as well as from others, in which case the hack may not be illegal. Private individuals and institutions do not normally have to comply with fourth amendment restrictions. The government does use private institutions and individuals all the time to get info for them. You know this from criminal procedure as well.
I am not sure what the courts will do with the Ulbricht appeal on the fourth issue. The district court was right on the standing issue. Maybe we will have to wait for another case, Silk Road 2.0 maybe, to get a cleaner attack on the alleged governmental misconduct. Looking forward to seeing you in class and continuing this discussion.
I still don’t completely understand why Ulbricht claiming that he did not own an interest in the server allowed the government to avoid the 4th amendment claim. I thought it would just matter for how the evidence was gathered and the defense didn’t matter.
At the same time I think it was necessary to bring down the criminals on silk road. I think most people are happy with the result just not how it was achieved. I am just worried that this will set a precedent for the government to take a step further next time when violating constitutional rights.