Don't expect data on P2P networks to be private, judge rules

Defendants claimed that searching for files on their computers violated Fourth Amendment rights

There can be no expectation of privacy in data exposed to the Internet over a peer-to-peer file-sharing network, a federal judge in Vermont ruled in a case involving three individuals charged with possession of child pornography.

The three men had argued that police illegally gathered information from their computers using an automated P2P search tool and then used that information to obtain probable cause warrants for searching their computers. Each of the defendants was later charged with possession of child pornography based on evidence seized from their computers.

In a motion filed earlier this year, defendants Derek Thomas, Douglas Neale and Stephan Leikert asked the U.S. District Court for the District of Vermont to suppress the evidence, claiming it had been obtained illegally.

The defendants contended that the initial use of the automated P2P search tool to gather information on the contents of their computers, constituted a warrantless search of their systems. They maintained that police violated Fourth Amendment provisions against unreasonable search by looking at private files on each of their systems using the P2P search tool.

They also argued that several of the statements made by investigators to show probable cause for the search warrants were based on incorrect information.

In a 39-page ruling released Friday, District Court Judge Christina Reiss denied the motion to suppress and held that the defendants had essentially given up privacy claims by making the data publicly available on the Internet over a P2P network.

"The evidence overwhelmingly demonstrates that the only information accessed was made publicly available by the IP address or the software it was using," Reiss wrote. "Accordingly, either intentionally or inadvertently, through the use of peer-to-peer file sharing software, Defendants exposed to the public the information they now claim was private."

The ruling is similar to ones reached by other courts in disputes involving documents exposed on the Internet via peer-to-peer networks. Courts in the 11th Circuit, 10th Circuit and 8th Circuit have all held that there can be no expectation of privacy if the contents of a computer can be accessed freely over the public Internet via a file sharing network.

Law blog was the first to report the judge's ruling in the case.

Thomas, Neale and Leikert were arrested and indicted last year in a federal and state law enforcement operation named "Operation Greenwave," that targeted people who use peer-to-peer file sharing networks to distribute child pornography.

As part of the operation, investigators used a suite of software tools, collectively known as the Child Protection System, from privately held TLO LLC, to conduct automated searches for files containing images of child porn on P2P networks. The system allowed investigators to search multiple file-sharing networks using query terms commonly associated with such files.

When a computer on any of the networks responded with a query-hit message indicating it had a file matching the query term, the software recorded the IP address, hash values of the files, the actual file names, date and time of response and other details of the computer. The hit message identified files on a particular system that matched the query terms and were available for download by other users on the same P2P network.

The software allowed investigators to automate the process of sending out queries and receiving search results. It even allowed them to filter results in such a manner as to ensure that the only hits returned were from IP addresses within each investigator's jurisdiction.

The searches showed that computers belonging to the three defendants contained files with digital signatures that exactly matched files that were known to contain images depicting the exploitation of children. Investigators used this information to obtain the probable cause search warrants that eventually led to the arrest and indictments of the three individuals.

In rejecting the motion to suppress the evidence, Reiss noted that the automated search tool had not opened or downloaded any of the files on the defendants' computers. All the tool did was identify files that the defendants themselves had made publicly available for download on the Internet via a P2P network.

The fact that the tool used to conduct the search was proprietary or automated does not make a difference, the judge ruled. The same results would have ensued if investigators had conducted the searches manually.

"This software is designed to replace the searches that were previously done manually by law enforcement and the public. The software reports information that is discoverable by the general public using publicly available P2P software," the judge said. There was nothing in the evidence or the arguments presented by the defense to show that the tool had somehow accessed private files that were not meant for sharing, she said.

Pointing to previous rulings in similar cases, the judge noted that even if the defendants had meant to keep the files private, the fact that they were publicly accessible negated any expectations of privacy. "Defendants conveyed certain information to the public when they used peer-topeer file sharing software and made certain files available for sharing," she wrote.

This article, Don't expect data on P2P networks to be private, judge rules , was originally published at

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Networkingsecuritylegalprivacy

More about Topic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place