*1 Pending before the Court is Defendant Alakom-Zed Crayne Pobre's motion to suppress physical evidence (ECF No. 46) pursuant to a warrant issued on August 13, 2018, executed on Pobre's computers and hard drives. ECF No. 47-1. Pobre is charged with a single count of Possession of Child Pornography in violation of 18 U.S.C. § 2252A(a)(5)(B) and (b)(2), stemming from images found on his home computer system pursuant to execution of a search warrant. ECF Nos. 1; 47-2. The probable cause supporting the issuance of the warrant arose from law enforcement's surveillance of Freenet, a peer-to-peer file sharing network designed to allow users to share content anonymously. ECF Nos. 47-2; 68 at 24.

On August 17, 2020, Pobre moved to suppress all physical evidence recovered from the search.[1] ECF No. 46. The Court held an evidentiary hearing on October 8 and 19, 2021. ECF Nos. 66, 69. After the October hearings, the Court announced that it would first address whether Pobre possessed a reasonable expectation of privacy in his presence on the Freenet, thus triggering any Fourth Amendment protections. ECF No. 69. If the Court answered in the affirmative, the parties essentially did not dispute that the manner in which law enforcement seized the evidence would amount to a Fourth Amendment violation, requiring suppression of the evidence gathered from Freenet. If the Court answered in the negative, however, the facts as averred in the warrant affidavit would not be excised, and the matter would next proceed to argument on whether the affidavit as written provided sufficient probable cause to support the warrant and whether a Franks hearing is warranted. On December 2, 2021, the Court heard oral argument solely on the expectation-of-privacy question. ECF No. 76.

For the reasons discussed below, the Court concludes that Pobre did not maintain a reasonable expectation of privacy in his interactions on the Freenet. Thus, the evidence derived from law enforcement's surveillance of Freenet and included within the search warrant affidavit was not obtained in violation of the Fourth Amendment.

I. Background

The Court finds the following facts from the testimony and evidence presented at the suppression hearing.

A. Freenet

Freenet is an open source publicly available software network specifically designed to mask users’ online identities. ECF No. 68 at 24–25. Generally, peer-to-peer networks allow users to exchange content with other users who are connected to the same file-sharing software. Id. at 24–25. Such content requests can be traced to an “International Protocol” or an “IP address,” a unique numeric identifier linked to a particular computer, device, or system. ECF No. 47-2 at 3. Any particular search for content, therefore, is automatically associated with the IP address for the requesting computer. See id.

*2 Freenet, however, configures and stores the content in such a way that no single computer can be said to “possess” any given file, thus making it difficult to associate any one file with one IP address. ECF No. 73-2 at 2. The Freenet software requires each computer, or “node,” to donate a portion of hard drive space to the Freenet network. ECF No. 68 at 37–38. The Freenet software next links the nodes to each other, which are known as “peers,” and then breaks up each uploaded file into encrypted pieces, or “blocks.” ECF Nos. 73-2 at 1–2; 57-1 at 1–2. The blocks are then scattered throughout the Freenet nodes. ECF No. 73-2 at 2. Freenet next creates a “manifest key” which indexes all blocks associated with each file. Each manifest key typically includes a short description of the file, allowing the user to identify which manifest key will correspond to the desired file. ECF No. 73-2 at 2–3.

Any Freenet node can request a file by clicking on the manifest key. Id.; ECF Nos. 68 at 64–65; 57-1 at 3. From the manifest key, the Freenet software reconstructs the file by first requesting from its immediate, or “first-level” peer-nodes any blocks corresponding to the manifest key. ECF No. 68 at 58–67. If a first-level peer possesses any of the blocks stored in its drive, the software forwards the block to the requesting node. If the first level peer does not have any blocks, that peer forwards the request to its first level peers, which are the “second level peers” of the original requesting node. Id. This process continues until all the requested blocks are found and returned to the original requestor to reconstruct a complete file, or until a fixed number of peer levels have been contacted. Id.

The number of times a request is sent from one peer level to another is known as the “hops-to-live” count. ECF No. 68 at 105–06. In Freenet, the maximum default hops-to-live count is 18, meaning that after a block request has gone through 18 peer levels without returning the desired block, the block request fails, the process ends, and the requester node will not be able to retrieve the file. Id.; ECF Nos. 80 at 58–62; 73-2 at 4. To protect a node's anonymity, Freenet randomizes the maximum default hops-to-live count for every file request to either 17 or 18. ECF No. 73-2 at 4. Absent this randomization, anytime a request results in a hops-to-live count of 18, the original requestor of the file could be more easily identified. Id.

Freenet also provides a range of privacy protections for its users. At installation, a Freenet user must select either darknet or opennet mode. ECF Nos. 73-2 at 4; 68 at 29–36. A node which operates in “darknet” opts only to connect with other peers that the user specifically selects. ECF No. 68 at 29–30. By contrast, a node operating in the opennet will randomly connect to other nodes on Freenet as selected by the software. Id. at 32. Accordingly, Freenet warns users at installation—in a conspicuously displayed disclaimer banner—that choosing opennet mode makes it “quite easy for others to discover your identity.” ECF No. 68 at 34. This is because nodes that connect in opennet can obtain the IP addresses of its first level peers and other related information such as how long the node has been connected to Freenet, how many peers are connected to the node, and the geographic location of the node. Id. at 90–92; see also ECF Nos. 68 at 34–36; 73-2 at 4 (multiple warnings of diminished privacy in opennet mode). Freenet also permits users to “customize” their privacy settings. ECF No. 68 at 30.

B. Law Enforcement's Use of Freenet

Because Freenet is a publicly available “open source” software, it is accessible to all comers, including undercover law enforcement officers. ECF No. 73-2 at 1–2. Since 2007, state and federal investigating agencies have infiltrated Freenet in an undercover capacity to catch users trading in child sexual assault material (“CSAM”). ECF No. 73-2 at 1. Academics have assisted this effort. Specifically, a team of computer scientists, headed by Dr. Brian Levine at the University of Massachusetts at Amherst, have worked closely with law enforcement to facilitate access to Freenet. ECF No. 68 at 22–23, 75–77. This team has created a software program called “Freenet Roundup,” that allows law enforcement to access Freenet as any other user node would, and then passively record in real time all information communicated through the law enforcement node (“LEN”). ECF No. 68 at 22–23, 75–77, 194.

*3 To use Freenet Roundup, a law enforcement officer first downloads the Freenet software on a police computer. ECF Nos. 68 at 193–96; 47-2. Next, she creates a LEN by choosing to operate Freenet in “opennet” mode and donating hard-drive space to the Freenet system. Id.; ECF No. 73-2 at 5.[2] The LEN then operates like any other Freenet node, connecting to other first level peer nodes and facilitating the transmission of block requests. Freenet Roundup next records the IP addresses of the LEN's first-level peer nodes, and all block requests made by and through those nodes. ECF Nos. 68 at 91–92; 57-1 at 4. Freenet Roundup, in turn, transmits the block request information to a server in Pennsylvania maintained by the Internet Crimes Against Children Task Force (“ICAC”), a national network of federal, state, and local law enforcement dedicated to responding to internet crimes against children. ECF Nos. 80 at 50–51; 68 at 193– 96; see also Internet Crimes Against Children Task Force Program (ICAC), https://www.icactaskforce.org/ (last visited Apr. 13, 2022). The ICAC server hosts a database of all blocks and corresponding hash values[3] for over 150,000 files of known CSAM, amassed from previous law enforcement investigations and prosecutions since 2007. ECF No. 73-2 at 1,5.

The block requests communicated to ICAC are then compared to the unique hash values of known CSAM in the database. Id. If the hash values of the block requests do not match any of the CSAM files in the database, the block request file is discarded, and the investigation ends. Id. If the hash values do match, Freenet Roundup next implements a computer algorithm created by Dr. Levine's team to ascertain whether any of the LEN's first-level peers had requested the suspected CSAM file. ECF Nos. 57-1 at 4; 73-2 at 5. The algorithm uses that which the LEN has passively recorded—the peer-node IP addresses, the block requests, and the number of hops-to-live—and extrapolates whether the particular peer node that transmitted the request to the LEN is the original requester of the file. ECF Nos. 68 at 88–89; 57-1 at 5. Dr. Levine explained the basic principle animating the algorithm as follows:

ECF No. 57-1 at 4–5.

Thus, the algorithm ascertains with over 98% probability whether the identified block request came from an original requesting node. ECF Nos. 68 at 80; 57-1 at 12.[4] Further, because all Freenet nodes can access the IP addresses of its first level peers, the software can identify that address linked to the likely requester node. From there, ICAC notifies the law enforcement officer operating the LEN that a first-level peer using a particular IP address has likely requested CSAM. ECF No. 68 at 100–04, 200–02. Local law enforcement next performs a confirmatory check using the algorithm, and independently views the suspected CSAM files to confirm that they are indeed child pornography. Id. Using this method, if law enforcement identifies a particular node (through its IP address) as the original requester for three or more files of suspected CSAM, it will next issue a subpoena to learn the user of the computer associated with the IP address identified. Id. at 195–99.

C. Officer Mills’ Investigation and Execution of Search Warrant

Officer Cory Mills operated one such LEN on Freenet in opennet mode and connected to other nodes. ECF No. 68 at 200–05. Relevant to this case, the LEN recorded block requests of suspected CSAM communicated by the LEN's first-level peer. Id. The LEN next transmitted these requests to ICAC and learned they matched known CSAM. Id. Further, the investigation used the algorithm to determine that the same peer node was more likely than not the original requester of the suspected CSAM. Id. Officer Mills next issued a subpoena to learn that the IP address was registered to a Verizon Fios Business account at 13504 Briarcroft Court in Laurel, Maryland. Further investigation by Officer Mills revealed the account was linked to Pobre. ECF No. 47-2 at 10–11.

*4 Based on this, Officer Mills applied for a warrant to search Pobre's home and computer systems. Id. at 226–27. In the warrant affidavit, Mills summarized that the Freenet LEN had received requests from the target computer for CSAM. See ECF No. 47-2. The search ultimately uncovered multiple videos of CSAM. Pobre was later arrested and charged with a single count of possession of child pornography.

II. Analysis

Before reaching the validity of the search warrant executed on Pobre's residence and computers, the Court must decide whether evidence included in the warrant affidavit was itself constitutionally obtained. Accordingly, the Court first turns to whether Mills’ operation of the LEN to identify the IP address associated with Pobre's computer as the requester of CSAM itself constitutes a “search” protected by the Fourth Amendment.

The Fourth Amendment to the United States Constitution protects persons from warrantless searches and seizures as to any place for which the person maintains a reasonable expectation of privacy. Katz v. United States, 389 U.S. 347, 351 (1967); see also U.S. Const. amend. IV. A search occurs under the Fourth Amendment “when the government violates a subjective expectation of privacy that society recognizes as reasonable.” Kyllo v. United States, 533 U.S. 27, 33 (2001). Ordinarily a party cannot claim any expectation of privacy for information he voluntarily discloses to third parties.Smith v. Maryland, 442 U.S. 735, 743 (1979). This is so because “by revealing his affairs to another,” the individual “takes the risk...that the information will be conveyed by that person to the Government.” United States v. Miller, 425 U.S. 435, 443 (1976); see also Katz, 389 U.S. at 351 (“[w]hat a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.”). Thus, under the well-established “third party doctrine,” information a person shares with or exposes to a third party does not involve a privacy right “that society is prepared to recognize as reasonable.” Smith, 442 U.S. at 743 (internal quotation marks and citation omitted) (no expectation of privacy in phone numbers dialed because the information is voluntarily shared with telephone company); see Miller, 425 U.S. at 443 (no legitimate expectation of privacy in bank records “even if the information is revealed on the assumption that it will be used only for a limited purpose” by the bank only).

Pobre principally contends that his mere use of Freenet, as a file sharing platform specifically aimed at anonymizing its users, alone manifests a reasonable expectation of privacy protected by the Fourth Amendment. ECF No. 47 at 9. The Government, in response, rightly points out that Pobre elected to use Freenet in opennet mode, and so he knew in advance that the IP address and block requests would be shared with many “virtual” strangers. ECF No. 68 at 34 (open-net mode on Freenet makes it “quite easy” to ascertain your identity.); see also id. (“users seeking an advanced level of security should opt to operate in darknet mode”); ECF No. 68 at 30.

The Court agrees with the Government. Pobre's file requests were “the equivalent of loudly asking for something in a room full of strangers.” See United States v. Sigouin, 494 F. Supp. 3d 1252, 1262–64 (S.D. Fla. 2019); see also United States v. Dickerman, No. 4:16-CR-00258-HEA-NAB-1, 2017 WL 11485604, at *12 (E.D. Mo. Sept. 26, 2017) (no expectation of privacy when defendant “knowingly downloaded an application that networked his computer with those of complete strangers for the purpose of sharing files”), report and recommendation adopted by 2018 WL10228437 (E.D Mo. Apr. 27, 2018), aff'd 954 F.3d 1060 (8th Cir. 2020); United States v. Matish, 193 F. Supp. 3d 585, 615 (E.D. Va. 2016) (despite subjective expectation of privacy, no objectively reasonable expectation of privacy in activity on anonymous network). The relevant block requests for CSAM, in short, were voluntarily disclosed within the Freenet community, and so the Court cannot conclude that Pobre manifested any reasonable expectation of privacy simply because he joined Freenet.

*5 Pobre, in response, contends that the unique nature of law enforcement's infiltration of Freenet amounts to the same informational dragnet that the Supreme Court in United States v. Carpenter found deserving of Fourth Amendment protection. 138 S. Ct. 2206, 2217 (2018). Pobre more particularly argues that LENs, using Freenet Roundup, amount to “near universal surveillance,” of the Freenet community such that it achieves “100% penetration of the Freenet user network.” ECF No. 74 at 13–14. But even if the Court accepts as true that law enforcement achieved such “universal surveillance” of Freenet, this does not accord Pobre a reasonable expectation of privacy in his Freenet activities akin to Carpenter.

In Carpenter, the Supreme Court held that warrantless gathering of geo-location data obtained from wireless cell-phone carriers pursuant to the Stored Communications Act amounts to a warrantless search in violation of the Fourth Amendment. Id. at 2212. The Court concluded that even though such location data had technically been shared with the third-party carriers, this disclosure is different because it reveals the “whole of [a person's] physical movements,” which collectively “hold[s] for many Americans the ‘privacies of life.’ ” Id. at 2210 (quoting Riley v. California, 573 U.S. 373, 402 (2014)); see also id. at 2217 (“As with GPS information, the time stamped data provides an intimate window into a person's life, revealing not only his particular movements, but through them, his ‘familial, political, professional, religious, and sexual associations.’ ”). Thus, the Court declined to extend the third-party doctrine to the warrantless gathering of geo-location data.

In doing so, however, the Court emphasized that its decision is “narrow” and limited to the unique “phenomenon” of cell phone technology, precisely because it amounted to wholesale disclosure of universal location information performed “automatically” by just powering up the phone. Id. at 2216–2220. Freenet, by contrast, harbors no similar features. It is not a ubiquitous part of everyday life as is a cell phone; it is instead an esoteric file-sharing platform. Nor does Freenet's operation amass a “trail of location data.” Carpenter, 138 S. Ct. at 2220. At best, it discloses one such data point: the IP address of the user node. This hardly represents the kind of comprehensive location information contemplated as a protected privacy interest in Carpenter.

Likewise, and despite Pobre's insistence, Leaders of a Beautiful Struggle, 2 F.4th 330 (4th Cir. 2021), does not expand the principles announced in Carpenter. The technology at issue in Leaders—a comprehensive aerial surveillance program—allowed the Baltimore City police department to track the collective movements city goers twelve hours a day. Id. at 334. Law enforcement would next cull the massive geolocation footage to identify suspects associated with criminal activity. Id. In holding that the surveillance system amounted to a Fourth Amendment violation, the Court emphasized that “the touchstone in Carpenter was...[to] address[ ] ‘a person's expectation of privacy in [their] physical movements.” Id. at 340. Thus, as in Carpenter, Leaders concluded that because the drones captured the “whole” of the individuals’ “physical movements,” it amounted to an invasion of that individual's reasonable expectation of privacy triggering Fourth Amendment protection. Beautiful Struggle, 2 F.4th at 346 (“Because the AIR program enables police to deduce from the whole of individual's movements, we hold that accessing its data is a search.”). In this regard, Leaders is on all fours with Carpenter, reaching only law enforcement's use of technology that amasses a detailed and continuous compendium of a person's constant physical movements.

*6 The law enforcement “infiltration” of Freenet bears none of these hallmarks. The technology gathers nothing more than the block requests of neighboring nodes to ascertain if any of the peer nodes requested files of suspected CSAM. And although a user-node's request for certain content may, in the end, shed some light on that person's predilections, the technology hardly provides an “intimate window into a person's life” contemplated in Carpenter and Leaders. See Carpenter, 138 S. Ct. at 2217; Leaders, 2 F.4th at 346; cf. United States v. Soybel, 13 F.4th 584, 590–92 (7th Cir. 2021) (declining to extend Carpenter to pen register logging IP addresses of all sites visited by defendant); United States v. Trader, 981 F.3d 961, 967 (11th Cir. 2020) (declining to extend Carpenter to IP address and email address); United States v. Contreras, 905 F.3d 853, 857 (5th Cir. 2018) (declining to extend Carpenter to logging of IP address in website's records because “[t]hey had no bearing on any person's day-to-day movement”).[5]

As a variation on this theme, Pobre next contends that Freenet Roundup and ICAC amounts to the kind of “enhanced technology,” that triggers Fourth Amendment protection because law enforcement gathers evidence “that could not otherwise...[be]obtained without physical intrusion into a constitutionally protected area.” Kyllo, 533 U.S. 27, 34 (2001) (internal quotation marks and citation omitted); see also Jardines v. United States, 569 U.S. 1 (2013); Jones v. United States, 565 U.S. 400 (2012). ECF No. 47 at 5–7. Not so. Freenet Roundup simply facilitates membership into Freenet and records the file requests that the LEN receives. Law enforcement, therefore, does not obtain information that would have been “unknowable without physical intrusion.” See Kyllo, 533 U.S. at 40 (emphasis added); Jardines, 569 U.S. at 11 (“One virtue of the Fourth Amendment's property-rights baseline is that it keeps easy cases easy. That the officers learned what they learned only by physically intruding on Jardines’ property to gather evidence is enough to establish that a search occurred.”); Jones, 565 U.S. at 407 n.3 (“Where, as here, the Government obtains information by physically intruding on a constitutionally protected area, such a search has undoubtedly occurred.”).

Rather, the more apt analogy is that the LEN, using Freenet Roundup, acts like an undercover officer crashing a public meeting. Cf. United States v. Broy, 209 F. Supp. 3d 1045, 1052 (C.D. Ill. 2016) (finding network investigative technique designed to enter defendant's computer and harvest information a search); United States v. Darby, 190 F. Supp. 3d 520, 530 (E.D. Va. 2016) (government use of network investigative technique a search when code was placed on defendant's computer and designed to transmit information to law enforcement without defendant's knowledge); United States v. Adams, No. 6:16-cr-11-Orl-40GJK, 2016 WL 4212079, at *4 (M.D. Fla. Aug. 10, 2016) (no expectation of privacy in IP address shared on peer-to-peer network but finding search occurred when law enforcement employed software designed to enter defendant's computer and gather information). The LEN poses as a Freenet member operating in opennet mode and records that which is communicated in the virtual space. Cf. Dickerman, 2017 WL 11485604, at *12 (finding defendant's activity on Freenet not protected under Kyllo, Jones, or Jardines). From this, the Court cannot conclude that the technology did anything more than receive that which Pobre and others willingly shared in Freenet.

*7 In sum, Pobre has not convinced this Court that his Freenet activities are protected by the Fourth Amendment. The LEN captures only that information which Pobre has willingly disclosed to third parties in opennet mode. Nor is there anything particularly sophisticated about law enforcement's software—it simply permits the law enforcement node access to information otherwise available to others in the Freenet space. In that regard, Freenet Roundup bears little resemblance to the enhanced surveillance methods which, by virtue of the technological advantages bestowed on law enforcement, constitute an invasion of a person's reasonable expectation of privacy. Thus, the information obtained from the LEN in this case is not subject to Fourth Amendment protections.

III. Conclusion

For the foregoing reasons, the Court finds that no Fourth Amendment search occurred. A recorded status conference is scheduled for April 29, 2022, at 10:00 a.m. Instructions will be emailed to the parties.

4/15/2022 /S/

Date Paula Xinis United States District Judge