Defendant Vasily Gorshkov by and through his undersigned counsel moves this court for an order suppressing all computer data together with all derivative fruits therefrom seized by federal agents pursuant to a search warrant/supporting affidavit(s) dated on/about December 1, 2000 in case # 00-587 M (hereinafter FBI S/A SCHULER’S “Aff”), (incorporating a search warrant application in case # 00-562 dated on/about November 13, 2000), or seized otherwise from two computers located in Russia known as “tech.net.ru” and “freebsd.tech.net.ru”. We hereinafter identify the subject computers as “tech.net.ru”. As the defense at this point does not know what information was taken from what computer our motion is intended to cover all stored data on computer files that was downloaded from the subject computers seized and searched by the government agents pursuant to the aforesaid warrants and otherwise and which the government intends to use at the trial herein.

This motion is based upon the record and file herein, the affidavit of Kenneth E. Kanev filed herewith and the following memorandum of authorities. The aforementioned search warrant applications and warrants are submitted herewith under separate cover.

Factual Background

Around June, 2000 the FBI set up Invita, a “sting” computer security company in Seattle. On/about November 10, 2000 the defendant along with then co-defendant Alexy Ivanov flew from Russia to SeaTac. Thereafter they met with undercover FBI at the Invita office located in Seattle. During said meeting and at the behest of the FBI defendant Gorshkov used an FBI IBM Thinkpad computer (“IBM”) ostensibly to demonstrate his computer hacking and computer security skills and to access his computer system, “tech.net.ru”, in Russia. After the meeting and demonstration both defendants were arrested.

Following the defendants arrest, without this defendant’s knowledge or consent the FBI searched and seized the IBM all key strokes made by the defendant while he used it by means of a “sniffer” program which allowed the FBI to track and store. The FBI thereby obtained the defendant’s computer user name and password that he had used to access the Russian computer. The sniffer told them that defendant used a “telnet” program to connect with his hardware (computer) in Russia named “tech.net.ru”. (Defendant was then allegedly, and at all times relevant hereto, the systems manager of tech.net.ru). (SCHULER Aff @, hereinafter page 3/¶ 6/line 16-18). In said alleged capacity defendant had authority and control over others who had been afforded access by means of their own private passwords and through user id’s that were assigned to them.

While using the IBM, the defendant keyed into the Russian computer, and the sniffer surreptitiously copied without the defendant’s knowledge or consent his assigned user id (“kvakin”) and his chosen user password (“cfvlevfq”). Armed with this information the FBI logged onto the subject computer(s) located in Russian (Aff@4/10/19-24).

Based on alleged exigent circumstances—the possibility that a confederate of the defendant could destroy the files in the Russian computer—(Aff 5/11/6-16; 7/19/10-23), the FBI decided to download and, (because of their size), compress the file contents of the subject computer(s). This was allegedly done without reading same until after a search warrant was obtained. FBI downloading and the copying/compressing of the downloaded data onto CD disk format took until November 21. The warrant was applied for and obtained on December 1, 2000.

The FBI also allegedly obtained the consent of former co-defendant Alexy Ivanov to access a Toshiba computer (that he brought to the sting meeting)(Aff 6/17). The affidavit is silent as to any consent that it may have been obtained from Ivanov to access the subject computer(s) and so we assume none was given.

Argument

The defendant had an expectation of privacy in his user name, his password, and the contents of the Russian computer over which he had control.

In Rakas v. Illinois, 349 U.S. 128 (1978) the court stated that Katz v. United States, held that “capacity to claim the protection of the Fourth Amendment depends not upon a property right in the invaded place but upon whether the person who claims a protection of the Amendment has a legitimate expectation of privacy in the invaded place.” Rakas v. Illinois, 349 U.S. at 143 citing Katz v. United States, 389 U.S. at 353. See also, 3 W. LaFave, Search and Seizure, §8.3(f) at 259-60 (2d Ed. 1987)(courts may honor claims to privacy where a defendant has taken special steps to protect his personal effects from the scrutiny of others and where others may lack ready access). Rakas (at 143-144, 144 n.12) reiterated the Katz (at 361, Harlan, J., concurring) two part test that a defendant must meet to establish an expectation of privacy: the person must have an actual subjective expectation of privacy and that expectation is one that society is prepared to recognize as reasonable.

Here, given the fact that the only way to access the Russian computer was with a private, individualized user name and password, the first prong of the test is unquestionably met. Here too the court need not go any further than the indictment charging conspiracy to violate 18 U.S.C. §1030 (the National Information Infrastructure Protection Act of 1996) to understand that internet privacy is a reasonable concern of society. Similarly, Congress’ intention to protect at least e-mail privacy over the internet as evidenced by enactment of the Electronic Communications Privacy Act (1986)(18 U.S.C. §2701 et seq.)(see, Steve Jackson Games, Inc. v. U.S. Secret Service, 816 F. Supp. 423 (W.D. Tex. 1993)) supports this notion. Even the Privacy Protection Act (1980)(42 U.S.C. § 2000aa et seq.), which was not prompted by, nor directed specifically to the internet, evidences Congress’ heightened First Amendment and privacy concerns. Consequently the second prong of the Katz test is also clearly met.

Here, the privacy protection the defendant thought he had employed by use of his user name and password sufficiently marked his (and other co-authorized users’) data as “private” and forbade access by the unauthorized to the computer’s information. In essence it “locked” the container (the computer) and the undercover FBI were not given no authority to use the “key” to the container that their sniffer seized. See, United States v. David, infra. Even an undercover participant must scrupulously adhere to the scope of a defendant’s explicit invitation to join a criminal enterprise. United States v. Aguilar, 883 F.2d 662, 705 (9th Cir. 1989).

The FBI should have sought a search warrant before they down loaded information data from the Russian computers.

In United States v. David, 756 F. Supp. 1385, 1389-92 (D. Nev. 1991) the court faced the threshold issues involved here in a similar context. The court reasoned that the government agent’s learning a computer password was like picking up a key to a locked container. When the defendant withdrew consent to give more information from the computer, it was the agent’s act of looking inside the computer—whether locked or unlocked—that triggered the requirement of a warrant.

There, during a cooperation session with Customs and DEA, while in their custody, the defendant accessed his computer book information by means of his password. An agent looked over his shoulder to get the password. The defendant did not consent to share all the contents of the book with the agents. First finding no reasonable expectation of privacy to the computer screen, the court found no search or seizure even when the agent picked up the book as he did not interfere with the defendant’s possessory interest in the book. Then the David court found an exigent circumstances seizure when the defendant deleted some information which prompted the agent to grab the book. This act interfered with defendant’s possession and the defendant had a reasonable expectation that its remaining contents would remain private. The court found seizure and search (rejecting an implied consent argument premised on defendant being in a cooperation mode with the government) when the agent later accessed the book using the password to gain entry. The court at that point rejected application of the exigent circumstances exception to the search warrant requirement given abatement of the exigencies and finding that the agent had time and should therefore have obtained a warrant. Id. at 1392.

Turning to the instant case, here the agents’ conduct in using the sniffer to locate (i.e. arguably, electronically seize) the user name/password was more invasive than a glance over the shoulder in David. No facts here suggest an implied consent by the defendant to share his password with the FBI. Nor does the fact that defendant “left behind” his user name/password for the sniffer to detect suggest any such implied consent. Compare, United States v. Simons, 206 F.3d 392 (4th Cir. 2000)(defendant as a condition of employment was aware of written policy of internet audit and inspection by employer and therefore lacked reasonable expectation of privacy in hard drive); United States v. Carey, 172 F.3d 1268 (10th Cir. 1999)(defendant’s consent to search house for drugs and paraphernalia held not to extend to search of computer files containing pornography and thereby allow a general exploratory search well beyond the limits of later obtained warrant).

The FBI erroneously premised its warrantless search on exigent circumstances.

In David the defendant was seen destroying information that, as noted above, the court recognized as exigent. Here, it is the alleged potential destruction by confederates that prompted the immediate start to the download. At that point the FBI clearly started its search without court authorization. It is unreasonable to then conclude exigent circumstances were presented. Both defendants had just arrived in the USA and were half-way around the world and 20+ hours travel time from where they started and potential confederates. Under such circumstances it is unreasonable to believe that confederates might think the computer data was in imminent danger of falling into United States police hands and that they stood by waiting to destroy the contents of the computer if they did not hear from the defendant and/or Ivanov within minutes or seconds from when the sting meeting ended. See,United States v. Tovar-Rico, 61 F.3d 1529, 1539 (11th Cir. 1995)(police belief that others inside residence would destroy evidence not reasonable where those inside were unaware of police activity). See, e.g., Nelson v. City of Irvine, 143 F.3d 1196, 1207 (9th Cir. 1998)(police belief unreasonable where defendant consented to breath test rather than blood draw); United States v. Templeman, 938 F.2d 122, 124 (8th Cir. 1991)(police belief unreasonable where no indication defendant was about to destroy package and police had time to get warrant); compare, United States v. Edmo, 140 F.3d 1289, 1292 (9th Cir. 1998)(police belief reasonable where drug level in urine would quickly dissipate if police waited for warrant).

In short, at least a telephonic search warrant could have and should have been sought prior to FBI sniffing out the user name/password and downloading. Moreover, the extended time it ultimately took the FBI to download without any interference by potential confederates, at least retrospectively, suggests an absence of exigent circumstances.

The search warrants’ authorization to search for Attachment A information was overbroad and in violation of the Fourth Amendment as it authorized a general exploratory search.

The downloaded information in compressed format consists of 595 megabytes and fills five CD-ROM disks (Aff 9/27/21-23). The defense is advised that the FBI is still (six weeks post arrest) analyzing the data. We expect it will take days for us to conduct our own review. The Fourth Amendment requires particularity and safeguards the individual’s privacy interest against wide ranging exploratory searches. Maryland v. Garrison, 480 U.S. 79, 84 (1987) (holding at 87, validity of search pursuant to warrant turns on the objective reasonableness of the officers’ failure to realize the overbreadth of the warrant); see, Andresen v. Maryland, 427 U.S. 463, 480 (1976). When, as here, business records are sought the warrant must be as particular as the information available will allow. Andresen at 480 & n10 (warrant authorizing seizure of long laundry list of records sufficiently particular given circumstances of complex nature of real estate scheme being investigated); compare, United States v. Kow, 58 F.3d 423,427 (9th Cir. 1995)(warrant authorization for 14 types of business documents held overbroad where it failed to limit documents within each type and specifically allege crimes to which documents pertained). Here, too much was left to the discretion of the searching agents to determine what fell within the scope of the warrant and officers are left to interpret the statutes and their applicability. Suppression lies where no substantial part of the warrant is sufficiently particularized. Kow, supra. at 428. DATED this 28th day of December, 2010.