Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

U.S. v. PEREZ

March 5, 2003

UNITED STATES OF AMERICA,
v.
HARVEY PEREZ, DEFENDANT.



The opinion of the court was delivered by: Chin, District Judge.

OPINION

This case presents difficult questions concerning the Fourth Amendment and the internet. On the one hand, child pornography and the sexual abuse of children are crimes that have been fueled by the internet, as those who would exploit children have sought to take advantage of the internet's vast and largely anonymous distribution and communications network. On the other hand, when law enforcement gathers information about the activity of individuals on the internet, the potential for unreasonable intrusions into the home — the chief concern of the drafters of the Fourth Amendment — is great. This case demonstrates the tension that can exist: the Government argues, in essence, that it had probable cause to search the homes and seize the computers of thousands of individuals merely because they entered their e-mail addresses into a website where images of child pornography were available, even without any proof that the individuals uploaded, downloaded or discussed the images, or otherwise participated in the website.

Defendant Harvey Perez is charged in a one-count indictment with violating 18 U.S.C. § 2252A(a)(5)(B) by unlawfully and knowingly possessing materials containing images of child pornography transmitted in interstate commerce. The Government also seeks the forfeiture of certain of Perez's computer equipment. This case arises out of Operation Candyman, an undercover FBI investigation into a group that allegedly traded pornographic images of children over the internet.

Perez moves to suppress certain evidence obtained as the result of the execution of a search warrant at his home. For the reasons that follow, the motion is granted and the evidence is suppressed.

STATEMENT OF THE CASE

A. The Warrant

On March 6, 2002, federal law enforcement agents executed a search warrant at Perez's home. They seized a computer, numerous compact discs and floppy discs, computer drives, a scanner, two cameras, and a piece of paper listing various websites. (Perez Aff. ¶ 2; Armenta Aff. Ex. C (FRI property receipts)). The agents also interviewed Perez; he "admitted to visiting child pornography sites" on the internet. (Armenta Aff. Ex. D (FBI 302); see Perez Aff. ¶ 3).

B. The Affidavit

The search warrant was issued by Magistrate Judge James C. Francis IV on the basis of a 32-page affidavit executed by Special Agent Austin P. Berglas of the FBI on March 1, 2002. (Armenta Aff. Ex. E). The affidavit requested authorization to search nine residences in Manhattan, the Bronx, Riverdale, West Point, Wappingers Falls, Tarrytown, and the village of Florida, New York. (Id. ¶¶ 2, 5). One of these residences was Perez's home. The agent represented that probable cause existed to believe that the nine residences contained evidence of violations of 18 U.S.C. § 2252 and 2252A, which make it a crime to knowingly transport, transmit, or receive child pornography in interstate or foreign commerce by any means, including computer. (Id. ¶ 2).

The affidavit provided a lengthy description of how the internet and computers are used — in general terms — to distribute child pornography. (Id. ¶ 7). It also described an undercover investigation by the FBI into the "Candyman Egroup." (Id. ¶ 8).

The affidavit provided little detail on the Candyman Egroup. It explained that the Candyman website displayed the following message:

This group is for People who love kids. You can post any type of messages you like too or any type of pics and vids you like too.
(Id. ¶ 8(b)). The affidavit did not represent or assert that the sole or principal purpose of the Candyman Egroup was to engage in unlawful conduct. It represented that the group had 3,397 members. (Id. ¶ 8(h)).

The affidavit explained that to become a member of the website an undercover FBI agent was required to send an e-mail message to the group's moderator requesting permission to join; no fee was required. (Id. ¶ 8(b)-(c)). The affidavit detailed how, after receiving confirmation of membership via e-mail, the undercover agent was able to download, from the Candyman website, approximately 100 images and video clips of "prepubescent minors engaged in sexual activities," "the genitalia of nude minors," and "child erotica." (Id. ¶¶ 8(a), (e)). Of these, the majority of the images and video clips fell into the first category. (Id. ¶ 8(e)). In addition, the affidavit reported that the undercover FBI agent received some 498 e-mails from the Candyman Egroup, of which approximately 105 had attachments containing child pornography and another 183 had attachments containing "child erotica images." (Id. ¶ 8(f)).*fn1

The affidavit explained that the Candyman Egroup website had several features, including a "Files" section that permitted members to post images and videos for other members to download. It also disclosed that the Candyman site offered a "Polls" feature that permitted members to answer survey questions; a "Links" feature that permitted members to post links to other websites; and a "Chat" section that permitted members to engage in "real time conversations with each other." (Id. ¶ 8(d)).

The affidavit represented that all new members were immediately added to the Candyman Egroup's mailing list, and it asserted the following:

Every Candyman Egroup member on the Candyman Egroup e-mail list auto matically received every e-mail message and file transmitted to the Candyman Egroup by any Candyman Egroup member. Therefore, when individuals transmitted child pornography to the Candyman Egroup, those images auto matically were transmitted to every Candyman Egroup member.
(Id. ¶ 8(d) (emphasis added)). These representations were critical because they advised the magistrate judge that all Candyman members automatically received all emails and that therefore all Candyman members must have received e-mails that contained images of child pornography.

C. The Government Acknowledges Error

On August 12, 2002, the Government wrote defense counsel and advised that the above-quoted sentences from paragraph 8(d) of the affidavit were not accurate. (Id. Ex. F). The Government advised that in fact Candyman members had three email delivery options: (1) receipt of all emails; (2) receipt of only a daily digest of e-mails; and (3) "no e-mail receipt at all." (Id. at 1). A member who selected the no e-mail option would not receive any e-mails from the Candyman Egroup, its moderator, or its members. (Id.). Hence, it was not correct that every Candyman member received every e-mail from the group.

In its letter, the Government sought to explain the error. It explained that the representation that all members received all e-mails "was based on the hands-on experience of FBI Supervisory Special Agent. Geoffrey Binney as an undercover member of the Candyman Egroup." (Id.). Binney, who has since left the FBI for the private practice of law, was the lead undercover agent in the investigation. He joined the Candyman Egroup in an undercover capacity on January 2, 2001. The Government wrote in its letter:

In his experience as a member, SSA Binney was never given an option for how to receive e-mail. After sending an e-mail requesting to become a member of the Egroup, he began receiving all email traffic automatically.
(Id. at 1-2 (footnote omitted)). The Government also represented that an employee of Yahoo! Inc. ("Yahoo"), Lauren Guarnieri, had confirmed Binney's understanding that upon joining the group members started receiving e-mail automatically. (Id. at 2).

On January 2, 2003, the Government sent Perez a second letter acknowledging further error: the Government stated that paragraph 8(c), which represented that the undercover agent "was required to send an e-mail" to join the Candyman Egroup and did so, was also inaccurate. The letter forwarded logs from Yahoo and two FBI reports.

D. The Hearing

Perez moved to suppress the physical evidence seized and statements obtained as a result of the execution of the search warrant. I conducted an evidentiary hearing on January 15, 2003 and heard additional testimony and argument on February 19, 2003. Binney and another FBI agent, Special Agent Kristen Sheldon, testified for the Government. Based on the evidence presented, I make the following findings of fact:

1. The Candyman Egroup

The Candyman Egroup operated from December 2000 until February 6, 2001, when it was shut down. (GX 1; McGoff Stip. ¶ 5).*fn2 It was initially operated by a company called eGroups, Inc. ("eGroups"). Yahoo acquired eGroups in August 2000 but did not begin converting the eGroups sites to its own product, "Yahoo! Groups," until late January 2001. (McGoff Stip. ¶ 3).

The main page of the Candyman website (as it existed shortly after Binney joined the Candyman Egroup) announced that "[t]his group is for People who love kids," and it told members that they could "post any type of messages" or "any type of pics and vids." (GX 1; see 1/15/03 Tr. at 15; Armenta Aff. Ex. E 8(b)). An additional description was given in the middle of the page: "Category: Top: Adult: Image Galleries: Transgender: Members."

A number of hyperlinks appeared near the top of the left side of the page, including, as the first link, "Subscribe." The other links listed were: "Messages," "Post," "Files," "Polls," "Links," and "Chat." In the lower half of the middle of the page, certain addresses were given, including: "Subscribe: TheCandyman-subscribe@egroups.com." At the top of the right side of the page, under "Membership," were the hyperlinks "Modify" and "Unsubscribe." In the middle of the page on the right side, under "Options," the following appeared: "Not listed in directory," "Open membership," "Unmoderated," "Anyone can post," "Archives for members only," and "Email attachments are permitted." (GX 1).

Hence, a first-time visitor to the site in January 2001 certainly would have had some idea that the site provided access to child pornography. Although the page did not refer explicitly to child pornography or child erotica, it described the category as "Adult," "Image Galleries," and "Transgender." (GX 1). It also told visitors that the group was "for People who love kids" and advised that "any type of pics or vids" could be posted.

On the other hand, the page also offered links or tabs to several features that had the appearance of being — and actually were — text-based, in whole or in part. The "Chat" feature permitted members to engage in on-line text-based conversation. (1/15/03 Tr. at 80-82). The "Polls" feature let members take part in polls or surveys. (Id. at 23; GX 8). These two features were exclusively text-based. Other options were text-based in part but also permitted access to images. The "Links" option provided links to other sites, where images could be found. The "Messages" option permitted members to access messages, to which images could be attached. The "Files" option permitted members to access files for downloading. (1/15/03 Tr. at 23, 80-81; GXs 6, 7, 8). Members could actively participate in the group, or they could merely "lurk" — they could participate "passively" by reading what others had written without "talking" or answering the polls themselves. (1/15/03 Tr. at 81). Members could read through the chat sessions and see the results of polls without actually participating in them, and this would not be illegal activity. (Id. at 8182). The first page did not show any images.

To view the contents of the website beyond the first page, a visitor to the site would have to subscribe first. (Id. at 76, 78-79). One could subscribe merely by entering an e-mail address and no fee was charged. (Id. at 79-80).

During the time that Binney was a member, i.e., from January 2, 2001 through February 6, 2001 (when the site was shut down (id. at 27)), he received 498 e-mails, all the e-mails transmitted from the Candyman Egroup during that period. Most of the e-mails were "text based in nature." (Id. at 30). Of the 498 e-mails, only a little more than 100 had files attached. (Id. at 26). Of those, most were "child erotica" — pictures of "naked children" — but they were not "child pornography." (Id. at 26, 30). The remaining files — "a substantial number" of the 100 — were "child pornographic" in nature. (Id. at 26). Hence, only a small portion of the 498 e-mails of the period (less than 10%) actually transmitted child pornography.*fn3

The Candyman Egroup had approximately 3,400 members at one point and perhaps as many as 6,300 subscribers. (Armenta Aff. Ex. F at 2 n. 2; GX 11; see also 1/15/03 Tr. at 35, 118). Some individuals subscribed and then later unsubscribed. (1/15/03 Tr. at 145).

2. E-Mail Delivery Options

A prospective member of an Egroup run by eGroups (including the Candyman Egroup) could subscribe in one of three ways: (1) via the website by clicking on the "subscribe" button on the particular group's website; (2) via e-mail by sending an email to the "subscribe address" listed on the front page of the particular group's website; or (3) via e-mail by sending an email to the moderator at an address listed on the group's website. (Hull Stip. ¶¶ 3, 4, 5).

A subscriber who joined via the website was automatically presented with three options for the delivery of e-mail. By clicking on the "subscribe" button, he would be sent to a page that gave him three options: (1) he could have individual e-mail messages sent to his personal e-mail address (selected as the default choice); (2) he could have a daily digest of messages (described on the site's text as "many e-mails in one message") sent to his personal email address; or (3) he could receive no email messages at all (described as "Don't send me email, I'll read the messages at the Web site"). At the bottom of the page was a "join" button. (Id. ¶ 3 & Ex. A).

A subscriber who joined via e-mail to the "subscribe" address would be automatically "signed up" after responding to a confirmation request, if the group was an "open group" (as was the Candyman group (GX 1)). A subscriber who joined via email to the moderator was not automatically signed up; rather, the moderator could choose to subscribe the individual, deny or ignore the request, or send a further invitation. For both e-mail subscription methods, no e-mail delivery options were provided; rather, the default setting was that the new member would start receiving all e-mails. A member could change to a different e-mail option by clicking on the "modify" button on the first page of the website. (Hull Stip. ¶¶ 3, 4, 5, 6).

3. Binney Joins

When he joined the Candyman Egroup on January 2, 2001, Binney had been with the FBI for eight years, all in the Houston division. He had spent two years on the "Innocent Images" project, primarily working undercover on-line to investigate individuals who were seeking to meet children for unlawful purposes. (1/15/03 Tr. at 2-6). Binney believed that the FBI was spending "an awful lot of time on-line," and that the effort was not "as productive" as it could have been. (Id. at 8-9). In addition, he wanted to target individuals who were seeking to exploit younger children, i.e., children who were too young to go on-line themselves. (Id. at 9). In the fall of 2000, Binney began to look for an opportunity for an on-line, undercover child pornography investigation, and this effort eventually led to Candyman. (Id. at 11).

Binney learned of the Candyman Egroup through a link in an on-line newsletter called "Lolitanews.com." Subscribers to the Lolitanews on-line newsletter apparently did not trade images but only engaged in "chatting" and posting of links, and Binney believed this was "constitutionally protected" activity. (Id. at 12, 82, 85).

After subscribing, Binney began exploring the Candyman site. He found that the site "contained a place where child pornography pictures and videos[ ] could be stored and for the users to download [them]." (Id. at 21). At some point, Binney clicked on the "modify" button, but nothing happened. (Id. at 26-27).

As the Yahoo logs show, Binney subscribed to Candyman via the website. The logs show:

gobannon@usa.net, Jan 02 2001 12:53 PM, Subscribed, gobannon@usa.net, via web from 24.162.50.185.
The parties agree that this log entry related to the Candyman website and "gobannon@usa.net" was Binney's undercover email address. (McGoff Stip. ¶ 4 & Ex. A; Hull Stip. ¶¶ 7, 8). Hence, Binney must have been presented with the three delivery options, and I find that, in fact, he was presented with the delivery options. (See 1/15/03 Tr. at 48 (Binney conceding that "it's at least probable that I joined via the web instead of the e-mail"); id. at 49).

Two other facts support this conclusion. First, Binney does not have a record of sending an e-mail to join. He testified that he normally would have printed and saved any e-mails he sent in an undercover operation such as this. Yet, he did not have a copy of any e-mail that he sent to subscribe to the Candyman Egroup. Likewise, he did not prepare a 302 or other written record of sending such an email. (1/15/03 Tr. at 64 65).

Second, the FBI itself reached the same conclusion. The Cyber Division of the FBI conducted an investigation, reviewed the Yahoo/eGroups records and other materials, and issued two reports, both dated December 12, 2002, on the issue of how Binney joined the Candyman Egroup. In one report, the FBI concluded: "[W]e have no information to dispute [Yahoo's] claim that . . . Binney must have subscribed via the website, and that he must have been presented with email delivery options." (DX B at 6).

The other report detailed how the FBI, with the assistance of Yahoo personnel, reviewed the source code for the eGroups.com website — the version that was, according to Yahoo, in effect at the time Binney joined. The agents were shown "a more detailed version of the log data than what was previously provided." (DX A at 3). The report continued:

Specifically, the log data was shown with one additional piece of information: the filename of the source code file that generated the log entry. This pointed specifically to a file "subscribe.c," which was used by the web site to present email delivery options to the user, and then to confirm the user's selection. . . . The log entry is generated only as a result of clicking on a button (the text of the button can vary, based on context) on the subscribe page, and the subscribe page always provides email options.
(Id. (emphasis added)). The report found that "it must be concluded based on the log data that Mr. Binney must have been presented with email delivery options." (Id. at 4).

4. Indications of the Existence of Delivery Options

First, as discussed above, Binney actually joined via the website and thus he was actually presented with the page that gave him ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.