In re: Under Seal
Filing
51
BRIEF by Appellee US in 13-4625, 13-4626 in electronic and paper format. Type of Brief: Response. Method of Filing Paper Copies: mail. Date Paper Copies Mailed, Dispatched, or Delivered to Court: 11/13/2013. [999238407] [13-4625, 13-4626] Andrew Peterson
IN THE
UNITED STATES COURT OF APPEALS
FOR THE FOURTH CIRCUIT
______________________
Nos. 13-4625(L); 13-4626
______________________
UNITED STATES OF AMERICA,
Plaintiff - Appellee,
v.
UNDER SEAL 1; UNDER SEAL 2,
Parties-In-Interest-Appellants.
________________________
Appeal from the United States District Court
for the Eastern District of Virginia at Alexandria
The Honorable Claude M. Hilton, Senior District Judge
________________________
BRIEF OF THE UNITED STATES
________________________
DANA J. BOENTE
ACTING United States Attorney
MICHAEL BEN’ARY
ANDREW PETERSON
JAMES L. TRUMP
United States Attorney’s Office
Eastern District of Virginia
2100 Jamieson Avenue
Alexandria, VA 22314
(703) 299-3700
MYTHILI RAMAN
ACTING ASSISTANT ATTORNEY
GENERAL, CRIMINAL DIVISION
NATHAN JUDISH
JOSH GOLDFOOT
BENJAMIN FITZPATRICK
BRANDON VAN GRACK
U.S. Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530
TABLE OF CONTENTS
Page
TABLE OF AUTHORITIES ................................................................................... iii
ISSUES PRESENTED ..............................................................................................1
STATEMENT OF THE CASE AND FACTS .......................................................... 1
SUMMARY OF ARGUMENT ..............................................................................11
ARGUMENT ...........................................................................................................13
I.
BECAUSE LAVABIT FORFEITED NEARLY ALL THE ARGUMENTS
IN ITS BRIEF BY FAILING TO RAISE THEM BELOW, THE
STANDARD OF REVIEW IS PLAIN ERROR AT BEST. .........................13
A.
B.
II.
Issues Not Before the Court ...............................................................13
The Standard of Review ......................................................................14
THE DISTRICT COURT PROPERLY ORDERED LAVABIT TO
DISCLOSE ITS ENCRYPTION KEYS PURSUANT TO THE PEN/TRAP
STATUTE......................................................................................................19
A.
B.
III.
Statutory Background .........................................................................20
The District Court Orders Demanding Lavabit’s Encryption
Keys Were Lawful, as This Information Was Necessary to the
Installation and Operation of the Pen/Trap Device. ............................23
THE SEARCH WARRANT ISSUED BY THE DISTRICT COURT
LAWFULLY COMPELLED LAVABIT TO PRODUCE ITS
ENCRYPTION KEYS TO THE GOVERNMENT ......................................30
A.
The Search Warrant Was Properly Issued Under The Stored
Communications Act. .........................................................................32
B.
The Warrant Did Not Impose an Unreasonable Burden
on Lavabit . ..........................................................................................37
IV.
THE FOURTH AMENDMENT DOES NOT PROHIBIT OBTAINING
ENCRYPTION KEYS FOR THE PURPOSE OF DECRYPTING
COMMUNICATIONS THAT THE GOVERNMENT IS LAWFULLY
AUTHORIZED TO COLLECT. ...................................................................42
CONCLUSION ........................................................................................................47
CERTIFICATE OF COMPLIANCE ......................................................................49
CERTIFICATE OF SERVICE ...............................................................................50
ii
TABLE OF AUTHORITIES
CASES
Agra Gill & Duffus, Inc. v. Benson, 920 F.2d 1173 (4th Cir. 1990) ...................... 18
Branzburg v. Hayes, 408 U.S. 665 (1972) ........................................................ 39-40
Clodfelter v. Republic of Sudan, 720 F.3d 199 (4th Cir. 2013) ...............................17
Dalia v. United States, 441 U.S. 238 (1979) .................................................... 45-46
Fla. Dep’t of Revenue v. Piccadilly Cafeterias, Inc., 554 U.S. 33 (2008) ............. 25
Guest v. Leis, 255 F.3d 325 (6th Cir. 2001) ........................................................... 45
Holland v. Big River Minerals Corp., 181 F.3d 597 (4th Cir. 1999) .....................14
Hormel v. Helvering, 312 U.S. 552, 556 (1941)......................................................32
In re Application, 416 F. Supp. 2d 13 (D.D.C. 2006) ............................................ 21
In re Application, 616 F.2d 1122 (9th Cir. 1980) ...................................................22
In re Application of the United States of America for an Order Pursuant to
18 U.S.C. § 2703(d), 707 F.3d 283 (4th Cir. 2013) ................................................33
In re Application of the U.S. for an Order Pursuant to 18 U.S.C. § 2703(d),
830 F. Supp. 2d 114 (E.D. Va. 2011) ......................................................................33
In re Applications, 509 F. Supp. 2d 76 (D. Mass. 2007) .........................................33
In re Grand Jury Subpoena, 646 F.3d 159 (4th Cir. 2011) .....................................15
In re Smartphone Geolocation Data Application, --- F. Supp. 2d ---,
(E.D.N.Y. May 1, 2013) ........................................................................................35
Messerschmidt v. Millender, 565 US ---, 126 S.Ct 1235, (2012) ...........................35
iii
Muth v. United States, 1 F.3d 246 (4th Cir. 1993) ..................................................16
Richards v. Wisconsin, 520 U.S. 385 (1997) ..........................................................47
Simmons v. Poe, 47 F.3d 1370 (4th Cir. 1995) ........................................................15
Sims v. Apfel, 530 U.S. 103 (2000) ..........................................................................32
Singleton v. Wulff, 428 U.S. 106 (1976) ............................................................14, 18
Smith v. Maryland, 442 U.S. 735 (1978) ................................................................45
United States v. Brack, 651 F.3d 388 (4th Cir. 2011) .............................................16
United States v. Forrester, 512 F.3d 500 (9th Cir. 2008) .......................... 21, 44-45
United States v. Grossman, 400 F.3d 212 (4th Cir. 2005) ..................................... 44
United States v. Grubbs, 547 U.S. 90 (2006) ........................................................ 46
United States v. Hambrick, 55 F. Supp. 2d 504 (W.D. Va. 1999) ......................... 45
United States v. Herrera-Contreras, 269 Fed. App’x 875, (11th Cir.
Mar. 12, 2008) ........................................................................................................ 44
United States v. Horn, 187 F.3d 781 (8th Cir. 1999) ............................................. 44
United States v. Huie, 593 F.2d 14 (5th Cir. 1979) ............................................... 45
United States v. King, 628 F.3d 693 (4th Cir. 2011) ............................................. 16
United States v. MacDonald, 641 F.3d 596 (4th Cir. 2011) ...................................17
United States v. New York Tel. Co., 434 U.S. 159 (1977) ..................................... 37
United States v. Olano, 507 U.S. 725 (1993) ........................................................ 16
United States v. One 1971 Mercedes Benz 2-Door Coupe, 542 F.2d 912
(4th Cir. 1976) ........................................................................................................ 16
iv
United States v. Otobo, 1993 WL 196053 (6th Cir. June 9, 1993) .........................44
United States v. Peagler, 847 F.2d 756 (11th Cir. 1988) ...................................... 44
United States v. Promise, 255 F.3d 150 (4th Cir. 2001) .........................................16
United States v. Ramos-Cruz, 667 F.3d 487 (4th Cir. 2012) ..................................19
United States v. Reid, 523 F.3d 310 (4th Cir. 2008) ................................................16
United States v. Rusher, 966 F.2d 868 (4th Cir. 1992) ...........................................15
United States v. Scarfo, 180 F. Supp. 2d 572 (D.N.J. 2001) .................................. 36
United States v. Simpson, No. 3:09-CR-249, 2011 WL 721912,
(N.D. Tex. Mar. 2, 2011) .........................................................................................36
United States v. Sutton, No. 5:08-CR-40, 2009 WL 481411
(M.D. Ga. Feb. 25, 2009) ....................................................................................... 36
United States v. Thompson, 495 F.2d 165 (D.C. 1974) ................................... 35, 44
United States v. Wellman, 663 F.2d 224 (4th Cir. 2011) .........................................15
United States v. Williams, 592 F.3d 511 (4th Cir. 2010) .........................................42
United States v. Williams, 974 F.2d 480 (4th Cir. 1992) .........................................18
Va. Dep’t of State Police v. Wash. Post, 386 F.3d 567 (4th Cir. 2004) .................. 47
Volvo Const. Equip. N. Am., Inc. v. CLM Equip. Co., 386 F.3d 581
(4th Cir. 2004) .............................................................................................. 15-16, 32
Warden v. Hayden, 387 U.S. 294 (1967) .................................................................35
Zurcher v. Stanford Daily, 436 U.S. 547 (1978) ...............................................34, 36
v
STATUTES AND RULES
18 U.S.C. § 2510 et seq............................................................................................45
18 U.S.C. § 2518 ......................................................................................................29
18 U.S.C. § 2701 et seq............................................................................................30
18 U.S.C. § 2703 et seq.....................................................................................passim
18 U.S.C. § 3121 ......................................................................................................45
18 U.S.C. § 3124 et seq.....................................................................................passim
18 U.S.C. § 3127 et seq................................................................................ 20-21, 26
47 U.S.C. § 1002 ......................................................................................................29
Electronic Communications Privacy Act of 1986 § 301, Pub. L. No 99-508,
100 Stat 1848 ..........................................................................................................22
Fed. R. Crim. P. 41(c) ..............................................................................................37
USA Patriot Act § 216, Pub. L. No. 107-56, 115 Stat 272 (2001) ..........................22
OTHER AUTHORITIES
American Heritage Dictionary of the English Language (3d ed. 1992) .......... 26-27
H.R. Rep. No. 103-827(I), at 24 (1994) ...................................................................29
http://lavabit.com (last accessed Nov. 7, 2013) .......................................................11
Orin Kerr, “Ex Ante Regulation of Computer Search and Seizure,”
96 Va. L. Rev. 1241, 1260-76 (2010) ......................................................................47
S. Rep. No. 99-541, at 10 (1986) .............................................................................22
S. Rep. No. 99-541, at 48 (1986) ........................................................................... 28
vi
S. Rep. No. 103-402, at 24 (1994) ...........................................................................29
U.S. Dep’t Justice, Searching and Seizing Computers and Obtaining
Electronic Evidence (3d ed. 2009) ...........................................................................36
Webster’s II New Riverside University Dictionary (1988) ....................................27
Webster’s Third New International Dictionary 1171 (1961) .................................26
vii
IN THE
UNITED STATES COURT OF APPEALS
FOR THE FOURTH CIRCUIT
______________________
Nos. 13-4625; 13-4626
______________________
UNITED STATES OF AMERICA,
Plaintiff - Appellee,
v.
UNDER SEAL 1; UNDER SEAL 2,
Parties-In-Interest-Appellants.
________________________
Appeal from the United States District Court
for the Eastern District of Virginia at Alexandria
The Honorable Claude M. Hilton, Senior District Judge
________________________
BRIEF OF THE UNITED STATES
________________________
ISSUES PRESENTED
By marketing “secure” services, may an electronic communications service
provider ignore (A) a statute compelling the provider to furnish “all” information
needed for the installation and operation of a pen register/trap-and-trace device,
and (B) a warrant issued by a neutral magistrate compelling the production of
information used to decrypt a user’s communications?
Was it plain error for a district court to use civil sanctions to compel the
production of information needed to decrypt communications that were the subject
of lawful court orders?
STATEMENT OF THE CASE AND FACTS
Lavabit LLC is an electronic communications service provider located in
Dallas, Texas (see http://lavabit.com/). Ladar Levison is its sole owner and
operator. Lavabit provides email services for its customers.
In June 2013, the Federal Bureau of Investigation determined that the target
of an ongoing investigation in the Eastern District of Virginia was using Lavabit’s
email service. On June 8, 2013, the FBI served a grand jury subpoena on Lavabit
through Ladar Levison for billing and subscriber information pertaining to the
target’s email account. J.A. 152-54. On June 10, 2013, the United States obtained
an order pursuant to 18 U.S.C. § 2703(d) directing Lavabit LLC to provide, within
ten days, additional records and information about the target’s email account. J.A.
1-4. Mr. Levison received that order on June 11, 2013. J.A. 15. Mr. Levison
responded by mail, which was not received by the government until June 27, 2013.
Id.
On June 28, 2013, the United States applied for and obtained a pen register
and trap and trace order (pen/trap order) for the target’s Lavabit email account.
J.A. 10-12. The pen/trap order, issued by the Honorable Theresa Buchanan,
United States Magistrate Judge for the Eastern District of Virginia, authorized the
government to (1) capture all “non-content” dialing, routing, addressing, and
signaling information sent to or from a specific account, and (2) record the date
and time of the initiation and receipt of such transmissions, to record the duration
of the transmissions, and record user log-in data from that specific account, all for
a period of sixty days. J.A. 10-11. The order further directed Lavabit to furnish
the FBI, “forthwith, all information, facilities, and technical assistance necessary to
accomplish the installation and use of the pen/trap device.” J.A. 11. The order
required that the government “take reasonable steps to ensure that the monitoring
equipment is not used to capture any” content-related information. Id. The
pen/trap order and accompanying application was sealed pursuant to 18 U.S.C.
§ 3123(d). Id.
On June 28, 2013, FBI special agents met Mr. Levison at his residence in
Dallas, Texas, and discussed with him the pen/trap order entered earlier that day.
2
J.A. 15. Mr. Levison told the agents that he would not comply with the pen/trap
order and wanted to speak to an attorney. Id. It was unclear to the agents whether
Mr. Levison would not comply with the order because it was too difficult,
technically not feasible, or simply not consistent with his business practice of
providing encrypted email service for his customers. Id.
Shortly thereafter on June 28, upon the motion of the government,
Magistrate Judge Buchanan issued an Order Compelling Compliance Forthwith.
J.A. 8-9. The magistrate judge directed Lavabit to comply with the pen/trap order
and, specifically, to provide the FBI with unencrypted data as well as any
information, facilities, or technical assistance needed to provide the FBI with
unencrypted data. Id. Finally, the order indicated that non-compliance would
subject Lavabit “to any penalty in the power of the Court, including the possibility
of criminal contempt of Court.” J.A. 9.
Despite this order, Lavabit did not comply. Between June 28 and July 9,
2013, the FBI made numerous attempts, without success, to speak with Mr.
Levison to discuss the pen/trap order. J.A. 16. On July 9, 2013, pursuant to the
government’s motion, the Honorable Claude M. Hilton, United States District
Judge for the Eastern District of Virginia, ordered Mr. Levison to appear before the
court on July 16, 2013, to show cause why Lavabit failed to comply with the
3
pen/trap and compliance orders and why the court should not hold Lavabit and Mr.
Levison in contempt. J.A. 21-22.
The following day, the government discussed by conference call the pen/trap
order and related issues with Mr. Levison and his attorney. 1 J.A. 33-34. Mr.
Levison’s concerns focused primarily on how the pen/trap device would be
installed on the Lavabit system, what data would be captured by the device, and
what data would be viewed and preserved by the government. Id. The FBI
explained to Mr. Levison that the pen/trap device could be installed with minimal
impact to the Lavabit system, and the agents told Mr. Levison that they would
meet with him when they were ready to install the device and discuss with him any
of the technical details regarding the installation and use of the device. As for the
data collected by the device, the agents assured Mr. Levison that the only data that
the agents would obtain and review is that which is stated in the order – i.e., user
log-in information and the date, time, and duration of the email transmissions for
the target account – and nothing more. Id. Mr. Levison appeared to acknowledge
that the successful installation and use of the pen/trap device would require access
to Lavabit’s server and the encryption keys used by Lavabit’s customers to encrypt
1
Mr. Levison was represented intermittently during the course of proceedings in
the district court.
4
their email communications. Mr. Levison did not indicate whether he would allow
the FBI to install the pen/trap device or provide the encryption keys. Id.
On July 11, 2013, the United States Attorney’s Office issued a subpoena for
Mr. Levison to testify before the grand jury in the Eastern District of Virginia on
July 16, 2013. J.A. 23-24. The grand jury subpoena also commanded Mr. Levison
to bring to the grand jury the Lavabit encryption keys and any other information
necessary to accomplish the installation and use of the pen/trap device pursuant to
the pen/trap order. Id. The FBI attempted to serve the subpoena on Mr. Levison at
his residence. After knocking on his door, FBI special agents witnessed Mr.
Levison leave the rear of his apartment, get in his car, and drive away. Later in the
evening, the FBI successfully served Mr. Levison with the subpoena. J.A. 82.
On July 13, 2013, Mr. Levison sent an email to the prosecutors stating, in
part:
In light of the conference call on July 10th and after subsequently
reviewing the requirements of the June 28th order I now believe it
would be possible to capture the required data ourselves and provide it
to the FBI. Specifically the information we’d collect is the login and
subsequent logout date and time, the IP address used to connect to the
subject email account and the following non-content headers (if
present) from any future emails sent or received using the subject
account. The headers I currently plan to collect are: To, Cc, From,
Date, Reply-To, Sender, Received, Return-Path, Apparently-To and
Alternate-Recipient. Note that additional header fields could be
captured if provided in advance of my implementation effort.
5
$2,000 in compensation would be required to cover the cost of the
development time and equipment necessary to implement my
solution. The data would then be collected manually and provided at
the conclusion of the 60 day period required by the Order. I may be
able to provide the collected data intermittently during the collection
period but only as my schedule allows. If the FBI would like to
receive the collected information more frequently I would require an
additional $1,500 in compensation. The additional money would be
needed to cover the costs associated with automating the log
collection from different servers and uploading it to an FBI server via
“scp” on a daily basis. The money would also cover the cost of adding
the process to our automated monitoring system so that I would
notified [sic] automatically if any problems appeared.
J.A. 83. Mr. Levison’s email again confirmed that Lavabit was capable of
providing the means for the FBI to install the pen/trap device and obtain the
requested information in an unencrypted form. The Assistant United States
Attorney replied to Mr. Levison’s email that same day, explaining that the proposal
was inadequate because, among other things, it did not provide for real-time
transmission of results and it was not clear that Mr. Levison’s request for money
constituted the “reasonable expenses” authorized by the statute. Id.
On July 16, 2013, the district judge issued a search warrant to Lavabit for
(1) “[a]ll information necessary to decrypt communications sent to or from the
[target email account], including encryption keys and SSL keys” and (2) “[a]ll
information necessary to decrypt data stored in or otherwise associated” with the
targeted Lavabit account. J.A. 25-29. A non-disclosure order issued pursuant to
18 U.S.C. § 2705(b) accompanied the warrant. J.A. 32. The search warrant and
6
accompanying materials were further sealed by the court pursuant to a Local Rule
49(B). J.A. 31.
Mr. Levison, without counsel, appeared as directed before the district court
on July 16, 2013. Mr. Levison made an oral motion to unseal the proceedings and
related filings. J.A. 40. The government objected, and the district court denied
Mr. Levison’s motion. J.A. 30. Mr. Levison subsequently indicated to the court
that he would permit the FBI to place a pen/trap device on his server. J.A. 48. The
government requested that the district court further order Mr. Levison to provide
his encryption or Secure Sockets Layer (SSL) keys, explaining that placing a
pen/trap device on Lavabit’s server would only provide encrypted information and
would not yield the information required under the pen/trap order. The
government noted that Lavabit was also required to provide the SSL keys pursuant
to the search warrant and grand jury subpoena. J.A. 33-37. The court determined
that the government’s request for the SSL keys was premature because Mr.
Levison had offered to place the pen/trap device on his server and the court’s order
for a show cause hearing was based on the failure to comply with the pen/trap
order. J.A. 44-46. Accordingly, the court scheduled a hearing for July 26, 2013, to
determine whether Lavabit was in compliance with the pen/trap order after a
pen/trap device was installed. J.A. 51.
7
On July 25, 2013, Mr. Levison, through counsel, filed two motions – a
Motion for Unsealing of Sealed Court Records and a Motion to Quash Subpoena
and Search Warrant. J.A. 54-65, 66-75. In these motions, Mr. Levison confirmed
that providing the SSL keys to the government would provide the data required
under the pen/trap order in an unencrypted form. J.A. 59, 72. Lavabit refused,
however, to provide the encryption keys. To provide the government with
sufficient time to respond to the newly filed motions, the hearing was rescheduled
for August 1, 2013.
Prior to the August 1 hearing, and after discussions with Mr. Levison, the
FBI installed a pen/trap device to capture the information sought by the pen/trap
order. Without the encryption keys, however, the pen register was not able to
identify and capture data related to all of the emails sent to and from the target
account as well as other information authorized for collection under the pen/trap
order. See J.A. 105, 131.
At the hearing on August 1, 2013, the district court denied both of Lavabit’s
motions and directed Lavabit to provide the government with the encryption keys
necessary for the operation of the pen/trap order by 5 p.m. on August 2, 2013. J.A.
118-19.
8
At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the
FBI a printout of what he represented to be the SSL keys 2 needed to operate the
pen/trap device. This printout, in what appears to be 4-point type, consists of 11
columns of largely illegible characters. J.A. 125-30.
At approximately 3:30 p.m. EDT (2:30 p.m. CDT), an Assistant United
States Attorney contacted counsel for Lavabit and Mr. Levison and informed him
that the hard copy format for receipt of the encryption keys was unworkable, and
the government would need the keys produced in electronic format. Id. Lavabit’s
counsel responded by email at 6:50 p.m. EDT stating that Mr. Levison “thinks” he
can have an electronic version of the keys produced by Monday, August 5, 2013.
Id.
On August 4, 2013, the Assistant United States Attorney sent an email to
counsel for Lavabit and Mr. Levison stating that the government expected to
receive an electronic version of the encryption keys by 10:00 a.m. CDT on
Monday, August 5, 2013. Id. The email indicated that the keys were to be
produced in PEM format, an industry standard file format for representing SSL
2
Throughout this brief, the government will refer to “SSL keys.” Based on the
government’s knowledge, Lavabit had a separate SSL key for different applicationlayer protocols offered by the service, but the key was the same for every user of
each particular protocol. Because any particular user might use every protocol
offered by Lavabit, all of the SSL keys were necessary to decrypt one particular
user’s communications.
9
keys. The email further stated that the preferred medium for receipt of these keys
would be a CD hand-delivered to the Dallas office of the FBI, a location with
which Mr. Levison was familiar. Id. The Assistant United States Attorney
informed counsel for Lavabit LLC and Mr. Levison that the government would
seek an order imposing sanctions if Mr. Levison did not produce the encryption
keys in electronic format by Monday morning. Id.
The government did not receive the electronic keys as requested. J.A. 122.
Because Lavabit had only produced unusable information as of the August 2
deadline, the government then moved for sanctions. The government’s request for
sanctions explained what had transpired since the court’s order directing the
production of the keys, including Lavabit’s production of incomprehensible
information and failure to provide the information in a usable electronic format.
The government requested that Lavabit and Mr. Levison be directed to produce the
encryption keys in electronic format by noon (CDT) on August 5, 2013, and for
sanctions in the amount of $5000 per day beginning August 5, 2013, and
continuing each day in the same amount, until Lavabit and Mr. Levison complied
with the district court’s orders. J.A. 120-31.
On August 5, 2013, the district court, adopting the reasons stated in the
government’s motion, granted the motion for sanctions and imposed a fine of
$5000 per day on both Mr. Levison and Lavabit, beginning August 5, 2013, until
10
the encryption keys were produced in electronic format. J.A. 132-33. It is this
order Lavabit and Mr. Levison now appeal. 3
On August 7, 2013, at approximately 11:00 a.m. CDT, Mr. Levison left at
the FBI’s office in Dallas, Texas, a disk containing the encryption keys necessary
to obtain the data sought by the pen/trap order.
That same day, Mr. Levison shut down Lavabit’s operations, including its
email service. In a statement posted on his web page, and subsequently in
numerous interviews with the media, Mr. Levison alerted all of Lavabit’s users,
including the target of the investigation, that Lavabit was engaged in litigation with
the government and that, rather than comply with the court’s orders, he decided to
shut down his business. See http://lavabit.com (last accessed Nov. 7, 2013).
SUMMARY OF ARGUMENT
Lavabit appeals a contempt order from the district court. But instead of
attempting to justify Lavabit’s contemptuous conduct, Lavabit instead launches a
host of new challenges to the underlying orders. Almost none of these challenges
were presented to the district court. Lavabit forfeited these new arguments, and
this Court should not consider them.
3
Lavabit also filed a notice of appeal regarding the district court’s order denying
Lavabit’s motion to unseal the record in this matter. As the district court later
unsealed substantial portions of the record and Lavabit raises no arguments
regarding sealing in its brief, any challenge to the sealing order is forfeited.
11
Moreover, the pen/trap order and the search warrant issued by the district
court were plainly lawful. The information used by Lavabit to encrypt
communications on its systems, what has been referred to as SSL or encryption
keys, was both necessary to the installation and operation of a lawfully ordered pen
register/trap and trace device as well as subject to disclosure pursuant to 18 U.S.C.
§ 2703. As such, it was within the district court’s power to compel the production
of those keys. Just as a business cannot prevent the execution of a search warrant
by locking its front gate, an electronic communications service provider cannot
thwart court-ordered electronic surveillance by refusing to provide necessary
information about its systems. That other information not subject to the warrant
was encrypted using the same set of keys is irrelevant; the only user data the court
permitted the government to obtain was the data described in the pen/trap order
and the search warrant. All other data would be filtered electronically, without
reaching any human eye. Finally, Lavabit’s belief that the orders here compelled a
disclosure that was inconsistent with Lavabit’s “business model” makes no
difference. Marketing a business as “secure” does not give one license to ignore a
District Court of the United States.
12
ARGUMENT
I.
BECAUSE LAVABIT FORFEITED NEARLY ALL THE
ARGUMENTS IN ITS BRIEF BY FAILING TO RAISE THEM
BELOW, THE STANDARD OF REVIEW IS PLAIN ERROR AT
BEST.
A.
Issues Not Before the Court
Below, Lavabit challenged a grand jury subpoena (which was later
withdrawn) and a search warrant that both commanded Lavabit to produce its
encryption keys. Initially, though Lavabit discusses at length the propriety of the
government’s use of a grand jury subpoena to obtain encryption keys, the grand
jury subpoena is not before the Court. As Lavabit’s brief before the district court
noted in a footnote, the subpoena was withdrawn. J.A. 67. Mr. Levison never
appeared before the grand jury, and the district court’s August 1 order does not list
the grand jury subpoena as a basis for the compelled production of the encryption
keys. J.A. 118-19. Because it was Mr. Levison’s failure to comply with the
August 1 order that formed the basis of the district court’s sanctions order, see J.A.
132-33, Mr. Levison’s failure to comply with the withdrawn subpoena was not a
basis for the district court’s contempt finding. Thus, the validity of the subpoena is
not on appeal.
Second, the statutory validity of neither the June 28 pen/trap order nor the
search warrant should be considered on appeal. Lavabit made no argument
13
regarding the pen/trap order or the pen/trap statute before the district court. In fact,
Lavabit never asked the district court to quash the pen/trap order. Because the
contempt order was based on Lavabit’s failure to comply with both the pen/trap
order and the warrant, J.A. 119 & 132, Lavabit’s failure to challenge the pen/trap
order below is sufficient, standing alone, to support the sanctions imposed by the
district court.
Third, though Lavabit did ask to quash the search warrant, Lavabit argued
before the district court that the search warrant failed to meet the standards for
court orders under 18 U.S.C. § 2703(d) (which refers to the standards for issuing
an order described in 18 U.S.C. § 2703(c)(1)(C)), but never mentioned the warrant
provisions of the Stored Communications Act, see 18 U.S.C. § 2703(c)(1)(A). “It
is the general rule, of course, that a federal appellate court does not consider an
issue not passed upon below.” Singleton v. Wulff, 428 U.S. 106, 120 (1976);
Holland v. Big River Minerals Corp., 181 F.3d 597, 605 (4th Cir. 1999).
B.
The Standard of Review
In its pleading before the district court, Lavabit made three arguments:
(1) the search warrant was a general warrant because it did not sufficiently limit an
investigating officer’s discretion to view other users’ information, J.A. 67; (2) the
subpoena and warrant sought information that was not material to the
14
government’s investigation, J.A. 70; and (3) compliance with the subpoena was
unduly burdensome, J.A. 71.
Lavabit’s first two claims were attacks on the warrant under the Fourth
Amendment and 18 U.S.C. § 2703(d) (which was not the basis for the warrant).
The review of legal issues involved in those determinations is de novo, but the
district court’s factual determinations are reviewed under a “highly deferential”
standard of review, Simmons v. Poe, 47 F.3d 1370, 1378 (4th Cir. 1995), and may
be overturned only if clearly erroneous, see United States v. Rusher, 966 F.2d 868,
873 (4th Cir. 1992). See also United States v. Wellman, 663 F.2d 224, 228 (4th
Cir. 2011) (“[A] judicial officer’s determination of probable cause customarily is
accorded ‘great deference’ by reviewing courts.”). The district court’s rejection of
Lavabit’s argument that production of its encryption keys would be unduly
burdensome is only reviewable as an abuse of discretion. See In re Grand Jury
Subpoena, 646 F.3d 159, 164 (4th Cir. 2011).
These standards only apply where a litigant has preserved such claims by
raising them before the district court. Yet Lavabit’s appellate brief contains
numerous arguments Lavabit failed to raise before the court below. In the Fourth
Circuit, claims not raised below are forfeited unless the party raising them can
identify one of two exceptional circumstances: (1) plain error, or (2) a
fundamental miscarriage of justice. See Volvo Const. Equip. N. Am., Inc. v. CLM
15
Equip. Co., 386 F.3d 581, 603 (4th Cir. 2004); Muth v. United States, 1 F.3d 246,
250 (4th Cir. 1993); see also United States v. One 1971 Mercedes Benz 2-Door
Coupe, 542 F.2d 912, 914 (4th Cir. 1976) (noting issues not presented to the
district court may only be considered on appeal in “exceptional circumstances”).
Neither is present here.
Lavabit’s newly raised arguments do not identify any error committed by the
district court, let alone plain error. To commit plain error, a court must commit
error that is “obvious or clear” under current law. See United States v. Brack, 651
F.3d 388, 392 (4th Cir. 2011); see also United States v. Olano, 507 U.S. 725, 73132 (1993) (defining plain error for the purposes of Federal Rule of Criminal
Procedure 52(b)). Lavabit itself has stated that the issues raised in its brief are
issues “of first impression.” Lavabit Br. at 30. When an issue has never been
raised before by anyone in any court, it is not an “obvious” or “clear” violation of
an existing legal rule. “An error is clear or obvious ‘when settled law of the
Supreme Court or this circuit establishes that an error has occurred.’” United
States v. Reid, 523 F.3d 310, 316 (4th Cir. 2008) (quoting United States v.
Promise, 255 F.3d 150, 160 (4th Cir. 2001) (en banc)). See also United States v.
King, 628 F.3d 693, 700 (4th Cir. 2011) (“An error qualifies as ‘plain’ only if it
contravenes ‘the settled law of the Supreme Court or this circuit.’”).
16
Moreover, it was not error for the district court to ignore legal theories that
Lavabit did not raise when enforcing the pen/trap order and search warrant. To
identify error at all, Lavabit must show that the district court’s failure to sua sponte
consider the issues Lavabit has only now come around to litigating was error. But
courts generally ignore issues not raised by parties in litigation. Though courts
sometimes raise issues sua sponte, the choice (unless the issue is jurisdictional) is
discretionary. See, e.g., Clodfelter v. Republic of Sudan, 720 F.3d 199, 207-08 (4th
Cir. 2013) (noting that decision to consider res judicata defense not raised by a
party is discretionary). Where, as here, a court acts within its lawful discretion, it
does not commit error, and certainly not error that is plain.
Neither the issuance of the pen/trap order and search warrant nor the
sanctioning of Lavabit constituted a “fundamental miscarriage of justice.” A
fundamental miscarriage of justice is normally reserved for extreme situations,
such as the wrongful conviction of an innocent person. See United States v.
MacDonald, 641 F.3d 596, 610 (4th Cir. 2011). Indeed, the government has found
no reported case where a court’s enforcement of its own lawful orders was
considered a “fundamental miscarriage of justice.” Nor would any miscarriage of
justice result from the court’s refusal to consider Lavabit’s forfeited claims.
Because Lavabit has now complied with the warrant and disclosed the keys, the
only practical issue at stake in this appeal is Lavabit and Mr. Levison’s liability for
17
the $5000 per day assessment imposed by the district court. As Lavabit has
identified no exceptional circumstances justifying this Court’s consideration of its
newly raised legal arguments, the Court should reject them. See Agra Gill &
Duffus, Inc. v. Benson, 920 F.2d 1173, 1176 (4th Cir. 1990).
Lavabit’s reliance on facts outside the record to support its new claims is an
additional reason to reject them. The primary rationale of the rule against litigating
issues first on appeal is that parties must be able to present evidence to support
their arguments before the district court. See Singleton, 428 U.S. at 120 (noting
that refusal to review arguments not previously raised is “essential in order that
parties may have the opportunity to offer all the evidence they believe relevant to
the issues.” (internal quotation marks and citation omitted)). Lavabit’s newly
raised arguments are fact-intensive: For instance, as part of its argument that the
search warrant was not lawful, Lavabit argues that “Lavabit’s private keys are not
connected with criminal activity in the slightest.” Lavabit Br. 22. That is a factual
assertion unsupported by the record. Lavabit also now challenges whether there
was sufficient probable cause to support the warrant. Id. at 22. Whether there are
sufficient facts to determine probable cause is by definition a fact-specific inquiry.
See United States v. Williams, 974 F.2d 480, 481 (4th Cir. 1992). Courts should be
especially cautious to rule on weighty matters where they lack the benefit of a
completely developed record or the consideration of the judge below. See United
18
States v. Ramos-Cruz, 667 F.3d 487, 500 (4th Cir. 2012) (declining to consider
new evidence for the first time on appeal). Thus, this Court should decline to
review Lavabit’s forfeited statutory and constitutional claims, and limit appellate
review to those claims raised below.
II.
THE DISTRICT COURT PROPERLY ORDERED LAVABIT TO
DISCLOSE ITS ENCRYPTION KEYS PURSUANT TO THE
PEN/TRAP STATUTE.
Lavabit never moved in the district court to quash the pen/trap order, and
never argued the government lacked statutory authority for that order; thus, these
arguments were forfeited.
Nonetheless, the Pen Register and Trap and Trace Device statute, 18 U.S.C.
§§ 3121-3127 (“Pen/Trap statute”) authorized the court orders requiring Lavabit to
disclose its encryption keys. Those orders were proper because the Pen/Trap
statute mandates that providers assist with installation and use of a pen/trap device
when such assistance is directed by a court. See 18 U.S.C. § 3124. Section 3124
contains separate assistance provisions for pen registers and trap and trace devices.
See 18 U.S.C. § 3124(a) (pen registers); 18 U.S.C. § 3124(b) (trap and trace
devices). Lavabit incorrectly asserts that these two provisions set forth “identical
standard[s]” and argues, for the first time on appeal, that the provisions only
require assistance with “installation” of a pen/trap device. Lavabit Br. at 14. But
Lavabit has fundamentally misread the statute. Both provisions support the district
19
court orders requiring Lavabit to disclose its encryption keys, and what is more the
assistance provision for trap and trace devices is even broader than the assistance
provision for pen registers. In particular, the pen-register provision of § 3124(a)
requires assistance with “installation” of a pen register, while the trap-and-tracedevice provision of § 3124(b) requires assistance “including installation and
operation” of the device. 18 U.S.C. § 3124. This statutory language is fatal to
Lavabit’s argument that the district court lacked statutory authority to compel
Lavabit to disclose its keys.
A.
Statutory Background
The Pen/Trap statute provides two related mechanisms for law enforcement
to obtain non-content information regarding a user’s communications: pen
registers and trap and trace devices. A “pen register” is defined as “a device or
process which records or decodes dialing, routing, addressing, or signaling
information transmitted by an instrument or facility from which a wire or
electronic communication is transmitted … .” 18 U.S.C. § 3127(3).4 A “trap and
trace device” is “a device or process which captures the incoming electronic or
other impulses which identify the originating number or other dialing, routing,
4
This definition further excludes contents of communications and devices or
processes used for billing or cost accounting.
20
addressing, and signaling information reasonably likely to identify the source of a
wire or electronic communication … .” 18 U.S.C. § 3127(4).5
Based on these definitions, the Pen/Trap statute “unambiguously
authorize[s] the use of pen registers and trap and trace devices on e-mail accounts.”
In re Application, 416 F. Supp. 2d 13, 14 (D.D.C. 2006); see also United States v.
Forrester, 512 F.3d 500, 509-11 (9th Cir. 2008) (rejecting Fourth Amendment
challenge to pen register on email and Internet activity). For example, a trap and
trace device on a web-based email account (such as the targeted Lavabit account in
this case) captures the Internet Protocol addresses from which a user accesses his
email account6 and the “from” information on email sent to the account, because
this information helps identify the source of communications to the account. A
pen register on a web-based email account captures the “to” information on email
sent from the account, because “to” information is addressing information
transmitted by the provider. Thus, when the United States obtained a pen/trap
order on the targeted Lavabit email account, it obtained authority to use both a pen
register and a trap and trace device.
5
This definition further excludes contents of communications.
6
This IP address information can be particularly valuable to law enforcement in
locating a fugitive. If law enforcement can discover in real-time the IP address
used by a fugitive, it may be able to locate and apprehend the fugitive.
21
The Pen/Trap statute mandates that providers assist with installation and use
of both a pen register and a trap and trace device when such assistance is directed
by a court. See 18 U.S.C. § 3124(a) & (b). Although both provisions have broad
scope, the trap-and-trace provision is broader than the pen register provision. 7 In
particular, the trap-and-trace assistance provision states that, upon the request of an
officer authorized to receive the results of a trap and trace device, a service
provider:
shall install such device forthwith on the appropriate line or other
facility and shall furnish such investigative or law enforcement officer
all additional information, facilities and technical assistance
including installation and operation of the device unobtrusively and
with a minimum of interference with the services that the person so
ordered by the court accords the party with respect to whom the
7
The distinction between the assistance requirements for pen registers and trap and
trace devices has historical roots. When the Pen/Trap statute was enacted in 1986,
pen/traps were implemented only on telephones. See Electronic Communications
Privacy Act of 1986 § 301, Pub. L. No 99-508, 100 Stat 1848 (creating the
Pen/Trap statute and defining “pen register” using telephone-specific language);
S. Rep. No. 99-541, at 10 (1986). At that time, providers had to do more work to
implement a trap and trace device than a pen register. See In re Application, 616
F.2d 1122, 1127 (9th Cir. 1980) (“In the case of the pen register, the device may be
physically operated by law enforcement officers after limited assistance from the
telephone company … . Tracing through ESS facilities, on the other hand, because
it is entirely automated, must be activated by the programing of a computer by a
technician of the telephone company.”). When the definitions of “pen register”
and “trap and trace device” were broadened to reach Internet communications in
2001, the assistance provisions of § 3124 remained unchanged. USA Patriot Act
§ 216, Pub. L. No. 107-56, 115 Stat 272 (2001). Regardless, given the broad
statutory definitions of “pen register” and “trap and trace device,” both assistance
provisions require providers to assist with the implementation of pen/trap orders on
the Internet.
22
installation and use is to take place, if such installation and assistance
is directed by a court order as provided in § 3123(b)(2) of this title.
18 U.S.C. § 3124(b) (emphasis added). The pen-register assistance provision
section provides that upon request of a law enforcement agency authorized to use a
pen register, a service provider:
shall furnish such investigative or law enforcement officer forthwith
all information, facilities, and technical assistance necessary to
accomplish the installation of the pen register unobtrusively and with
a minimum of interference with the services that the person so ordered
by the court accords the party with respect to whom the installation
and use is to take place, if such assistance is directed by a court order
as provided in § 3123(b)(2) of this title.
18 U.S.C. § 3124(a) (emphasis added).
B.
The District Court Orders Demanding Lavabit’s
Encryption Keys Were Lawful, as This Information Was
Necessary to the Installation and Operation of the
Pen/Trap Device.
When the government obtained a pen/trap order on the targeted Lavabit
account, the issuing judge ordered Lavabit to assist with “installation and use” of
the pen/trap device, and the court subsequently issued two additional orders
requiring assistance from Lavabit, including disclosure of its encryption keys. J.A.
8-9, 11-12, 118-19. Both the pen-register assistance provision of § 3124(a) and the
trap-and trace-device assistance provision of § 3124(b) supported these orders.
Under the plain language of § 3124(b), the district court properly ordered
Lavabit to provide its encryption keys to the United States: A provider must
23
furnish “all additional information, facilities and technical assistance including
installation and operation” of the trap-and-trace device. 18 U.S.C. § 3124(b)
(emphasis added). Lavabit’s encryption keys were information essential to the
device’s “installation and operation.” Lavabit had not programmed its system to
produce pen/trap information in response to a court order, and so Lavabit could not
implement the order on its own without taking the time to write the necessary code.
The government could implement the pen/trap device with its hardware and
software, but that device needed Lavabit’s encryption keys to function effectively.
J.A. 131. Thus, under § 3124(b), the court properly ordered Lavabit to disclose its
encryption keys, as the keys were “information” necessary for installation and
operation of the device.
Lavabit mistakenly asserts that the Pen/Trap statute “requires only that a
company provide the government with technical assistance in the installation of a
pen/trap device; providing encryption keys does not aid in the device’s installation
at all, but rather in its use.” Lavabit Br. at 11, 14-15 (emphasis in original). In
fact, the actual language of § 3124(b) requires assistance with “all additional
information … including installation and operation” (emphasis added). Thus, to
the extent Lavabit argues that § 3124(b) is limited to the installation of a trap-andtrace device, Lavabit is wrong. Because § 3124(b) mandates assistance with
24
installation and operation, the court properly ordered Lavabit to disclose its
encryption keys.
Lavabit further argues that the statute only requires assistance with installing
a device unobtrusively, rather than effectively. Lavabit Br. at 14-15. Not only
would this interpretation make a mockery of the Pen/Trap statute’s assistance
provisions, but it is also inconsistent with the language of § 3124(b). Section
3124(b) requires a provider to furnish assistance “including installation and
operation of the device unobtrusively and with a minimum of interference with the
services” (emphasis added). Under this language, the provider’s assistance is not
limited to installation and operation, though it certainly includes those functions.
This broad interpretation of the § 3124(b) assistance requirement is further
supported by the heading of § 3124 itself: “Assistance in installation and use of a
pen register or a trap and trace device” (emphasis added). See Fla. Dep’t of
Revenue v. Piccadilly Cafeterias, Inc., 554 U.S. 33, 47 (2008) (stating that a
section heading is a “tool[] available for the resolution of a doubt about the
meaning of a statute”). Moreover, to install and operate the device unobtrusively,
it must be installed and operated effectively. Thus, the court’s order to Lavabit to
disclose its keys was proper.
The pen-register assistance provision of § 3124(a) also justified the district
court’s order. That provision requires a provider to furnish “forthwith all
25
information, facilities, and technical assistance necessary to accomplish the
installation of the pen register.” Lavabit’s encryption keys were information
necessary to accomplish the installation of the pen register. A pen register is by
definition a device or process that “records or decodes dialing, routing, addressing,
or signaling information.” 18 U.S.C. § 3127(3) (emphasis added). Without
Lavabit’s encryption keys, the government would be unable to decode the
addressing information of communications of the targeted account. Indeed,
without Lavabit’s encryption keys, the pen register device would be unable to
identify communications from the targeted account. A device that cannot decode
dialing, routing, addressing, or signaling information is simply not a pen register;
thus, without Lavabit’s encryption keys, no pen register could be installed on the
targeted account at all.
Lavabit, without citing a single source, interprets “installation” of a pen
register to end when the device is set in position; it argues that a provider “might”
be required “to tell the government which cables carry the relevant
communications, so that the government can attach the device correctly.” Lavabit
Br. at 14. But the definition of “installation” is not so limited. See, e.g., Webster’s
Third New International Dictionary 1171 (1961) (defining “installation” as “the
setting up or placing in position for service or use”); American Heritage Dictionary
of the English Language (3d ed. 1992) (defining “install” as “to set in position and
26
connect or adjust for use”); Webster’s II New Riverside University Dictionary
(1988) (defining “install” as “to set in position or adjust for use”). Without
Lavabit’s encryption keys, the pen register on the targeted account could never be
adjusted for use, so it would not be installed.
The logical extension of Lavabit’s narrow interpretation of “installation”
would allow a company to thwart any pen/trap order. Under Lavabit’s
interpretation of “installation,” a landlord, custodian, or service provider would
exhaust the duty to assist in “installation” by merely telling an officer the location
of a telephone wire. The person would be under no obligation to unlock the front
door or permit access to the telephone wiring closet or to identify the type of
system or hardware used to transmit the relevant communications. Such a narrow
interpretation of “installation” would make installing a pen/trap device impossible,
even in the pre-Internet age. Thus, the district court properly ordered Lavabit to
disclose its encryption keys under § 3124(a).
Lavabit asserts that interpreting § 3124 to require it to disclose its keys is
inconsistent with congressional intent, but its assertion is based on neither statutory
text nor legislative history. See Lavabit Br. at 16-17 (“It is unthinkable that
Congress would have given the government the authority to seize keys[.]”).
Indeed, Lavabit cites no evidence from the statute or its legislative history in
support of its novel position that providers must assist in the placement of pen/trap
27
devices but nothing else. To the contrary, when Congress enacted § 3124, it
explained that a provider would be required to provide assistance “necessary to
effectuate the pen register order.” S. Rep. No. 99-541, at 48 (1986). It would be
truly odd that Congress, when enacting a statute for the purpose of codifying
government surveillance of electronic communications, intended to deny the
government the authority to obtain information to which a provider has access
merely because the information is encrypted during the transmission between a
user and the provider.
Lavabit also argues that the language in the statute requiring installation be
“unobtrusive” limits the assistance the communications provider must offer to the
government, such that only assistance that is unobtrusive may be provided.
Lavabit Br. at 14-15. 8 This argument makes no sense. A pen/trap device that does
not function may well be “unobtrusive,” but providers are not allowed to limit their
assistance to helping the government install ineffective devices. Moreover, the
statute anticipates that it may be impossible to install a device with no interference
at all. Both §§ 3124(a) and (b) state that a provider must provide assistance to
accomplish the installation of a pen/trap device “unobtrusively and with a
8
In the summary of argument, Lavabit states that the compelled production of the
keys was obtrusive in that it disrupted Lavabit’s service. Lavabit Br. at 11. That is
not the argument made in the substance of the brief. That argument is also wrong
– the production of the keys and the use of the pen/trap device would have been
entirely invisible to Lavabit’s customers.
28
minimum of interference … .” Thus, there is no basis to conclude that the language
in the Pen/Trap statute designed to avoid tipping off targets of lawful criminal
investigation prohibits the orders issued by the district court here.
Lavabit claims that requiring the disclosure of its keys was “a truly dramatic
act,” Lavabit Br. at 16, but providers can avoid disclosing their encryption keys
simply by configuring their systems to implement pen/trap orders without
government assistance. The record demonstrates that Lavabit could easily have
done so: Lavabit stated that it could add code to implement the pen/trap order in
twenty to forty hours. J.A. 112. Yet Lavabit chose not to do so, even during the
five-week period between Lavabit’s receipt of the pen/trap order and its shutdown.
Lavabit was entitled to design its system as it pleased.9 But having refused to add
code to implement a lawful pen/trap order, Lavabit could not then refuse to
cooperate with the government in implementing the order. In essence, Lavabit is
9
The Communications Assistance for Law Enforcement Act (“CALEA”), 47
U.S.C. § 1002, does not apply to Lavabit, but the provider assistance obligations of
the Pen/Trap statute are independent of CALEA. Moreover, when Congress
enacted CALEA, it understood that existing provider-assistance provisions
required a provider like Lavabit to decrypt communications. Both the House and
Senate reports for CALEA stated that “telecommunications carriers have no
responsibility to decrypt encrypted communications that are the subject of courtordered wiretaps, unless the carrier provided the encryption and can decrypt
it.” H.R. Rep. No. 103-827(I), at 24 (1994); S. Rep. No. 103-402, at 24 (1994)
(emphasis added). These reports explained that this obligation to decrypt was
based on the Wiretap Act’s provider assistance provision, 18 U.S.C.
§ 2518(4). See id. That provision is similar to the assistance provisions in § 3124
of the Pen/Trap statute.
29
claiming that private businesses have the authority to nullify the Pen/Trap statute
simply by offering SSL encryption services that any service provider can purchase
for a modest sum.
Lavabit also misstates the significance of key disclosure on communications
to and from other Lavabit accounts. The pen/trap order only authorized access to
the targeted account. Had the government been able to implement the pen/trap
order effectively, that order, as well as other statutes such as the Wiretap Act and
the Pen/Trap statute, would have prevented access to other Lavabit users’ accounts
using the encryption key. As the government stated to the district court, “[a]ll
we’re going to look at and all we’re going to keep is what is called for under the
pen register order.” J.A. 114. The district court properly ordered Lavabit to
disclose its encryption keys under the Pen/Trap statute, and Lavabit’s challenge to
the district court orders should be rejected.
III. THE SEARCH WARRANT ISSUED BY THE DISTRICT COURT
LAWFULLY COMPELLED LAVABIT TO PRODUCE ITS
ENCRYPTION KEYS TO THE GOVERNMENT.
Lavabit argues for the first time on appeal that the Stored Communications
Act (“SCA”), 18 U.S.C. § 2701 et seq, does not authorize a district court to issue a
search warrant for private encryption keys. Even if it were not forfeited, this
argument is both beside the point and incorrect. Lavabit’s argument is beside the
point because, even if the warrant were invalid, the pen/trap order independently
30
required Lavabit to produce the encryption keys. 10 As argued above, Lavabit never
asked the district court to quash the pen/trap order and the pen/trap order lawfully
commands Lavabit to produce information identical to that described in the search
warrant. Lavabit’s argument is incorrect because the search warrant is valid. The
SCA authorizes the government to obtain a warrant compelling disclosure of
“information pertaining to a subscriber,” 18 U.S.C. § 2703(c), and the keys
specified in the warrant fall within that category.
A.
The Search Warrant Was Properly Issued Under The
Stored Communications Act.
In the event the Court reaches Lavabit’s forfeited SCA claim, the Court
should reject it. Contrary to Lavabit’s contention, the SCA authorizes the
government to obtain a warrant compelling disclosure of information – such as the
key at issue here – as long as it “pertain[s] to a subscriber to or customer of” the
electronic communication service by obtaining a warrant under the Federal Rules
of Criminal Procedure or a “court order for such disclosure under subsection (d) of
this section.” 18 U.S.C. § 2703(c)(1)(A) and (B).
10
Lavabit complains of a “flurry” of orders, Lavabit Br. at 28, and argues that the
government’s decision to issue the warrant was a concession that the pen/trap order
by itself was inadequate, id. at 17. It was no such thing. As the record reflects, the
government supplemented its pen/trap order with additional process only after
Lavabit refused to obey prior court orders. This attempt to resolve the dispute and
move forward with the investigation without requiring additional court intervention
was not a concession.
31
Here, the government obtained a warrant. The warrant described the
“property to be searched” as “information associated with [redacted] that is stored
at premises controlled by Lavabit, LLC.” J.A. 26. The warrant described the
“particular things to be seized” in relevant part as:
a.
All information necessary to decrypt communications sent to or
from the Lavabit e-mail account [redacted] including encryption keys
and SSL keys;
b.
All information necessary to decrypt data stored in or otherwise
associated with the Lavabit account [redacted]
J.A. 27.
Lavabit argues that this information “do[es] not ‘pertain[] to a subscriber.’”
Lavabit Br. at 19. Whether the information described in the warrant pertains to a
subscriber is a fact-intensive question. The result of Lavabit’s failure to raise the
issue below is that neither party had the opportunity to present evidence about
whether the affidavit supported the warrant or established statutory authority to
issue the warrant. Volvo, 386 F.3d at 603; see also Sims v. Apfel, 530 U.S. 103,
109 (2000) (requiring arguments to be presented first to the district court is
“essential in order that litigants may not be surprised on appeal by final decision
there of issues upon which they have had no opportunity to introduce evidence.”
(quoting Hormel v. Helvering, 312 U.S. 552, 556 (1941))).
Nonetheless, Lavabit appears to argue that a key could never, under any
circumstances, pertain to a subscriber. This argument is wrong. Lavabit argues
32
that the keys are “known to the company alone.” Lavabit Br. at 19. But the statute
authorizes the government to seek information that “pertains” to a customer, even
if that information is not known to the customer. For instance, the statute
authorizes the production of a list of Internet Protocol addresses that the subscriber
used to connect to the service—information that the subscriber might not know.
See In re Application of the U.S. for an Order Pursuant to 18 U.S.C. § 2703(d),
830 F. Supp. 2d 114, 120 (E.D. Va. 2011) (“A human user may not know the
specific IP address assigned to his network connection …”). See also In re
Applications, 509 F. Supp. 2d 76, 79-80 (D. Mass. 2007) (holding that historical
cell tower data pertains to a subscriber). Lavabit also argues that the keys “are not
specific to any given customer.” Lavabit Br. at 19. But the statute describes
information that “pertain[s] to a subscriber to or customer,” not information that is
“specific” to a “given” subscriber or customer. For example, § 2703(c) permits the
government to acquire “telephone connection records,” 18 U.S.C. § 2703(c)(2)(C),
which will often contain telephone numbers of other customers and subscribers,
and thus not be “specific” to one “given” subscriber or customer.
Finally, Lavabit relies on this Court’s decision in In re Application of the
United States of America for an Order Pursuant to 18 U.S.C. § 2703(d), 707 F.3d
283, 287 (4th Cir. 2013) (cited in Lavabit’s Brief as United States v. Appelbaum),
in arguing that § 2703(c) is limited to information about the subscriber, such as his
33
“name, address, length of subscription, and other like data.” Lavabit Br. at 19. But
the scope of § 2703 was not before this Court in that case. Even so, when this
Court described the breadth of the statute, the Court made clear that its list of
records subject to § 2703 was illustrative, not exhaustive. Id. at 287 (“To obtain
records of stored electronic communications, such as a subscriber’s name, address,
length of subscription, and other like data….”) (emphasis added). More to the
point, the decision in In re Application emphasized that the SCA was designed to
“protect legitimate law enforcement needs” by “providing an avenue for law
enforcement entities to compel a provider of electronic communication services to
disclose the contents and records of electronic communications.” Id. That design
would be utterly frustrated if the statute were construed not to authorize warrants –
despite a finding of probable cause by a neutral magistrate – to obtain information
necessary to decrypt the relevant contents and records.
The search warrant was also lawfully issued under the Fourth Amendment
because it sought to obtain property involved in crime. Lavabit argues that under
the Fourth Amendment a search warrant may be used to obtain only the “fruits,
instrumentalities, or evidence of crime,” Lavabit Br. at 22, and that the private key
did not fall into those categories, id. at 22-23 (citing Zurcher v. Stanford Daily, 436
U.S. 547, 554, 558 (1978)). But Zurcher did not hold that “fruits,
instrumentalities, or evidence of a crime” are the only permissible objects of a
34
search warrant. For instance, in Warden v. Hayden, the Supreme Court explained
that “probable cause must be examined in terms of cause to believe that the
evidence sought will aid in a particular apprehension or conviction.” 387 U.S. 294,
Application, --- F. Supp. 2d ---, 2013 WL 5583711, at *3 (E.D.N.Y. May 1, 2013)
307 (1967) (emphasis added). See also In re Smartphone Geolocation Data
(holding that a warrant may issue for “information that reasonably could facilitate
capture of the defendant”). Thus, so long as the government can demonstrate
probable cause to believe that the compelled production of an encryption key will
aid in the apprehension of a suspect or a conviction, the compelled production of
an encryption key does not violate the Fourth Amendment. See, e.g., United States
v. Thompson, 495 F.2d 165, 169 (D.C. 1974) (holding apartment keys were
lawfully seized as instrumentalities of narcotics distribution); cf. Messerschmidt v.
Millender, 565 US ---, 126 S.Ct 1235, 1248 (2012) (rejecting argument that gang
paraphernalia was not “evidence of crime” because such paraphernalia may
establish motive, provide the foundation for additional charges, or be relevant to
the impeachment of a witness at trial).
Regardless, as with Lavabit’s SCA argument, Lavabit did not raise the issue
of whether there was probable cause to support the warrant before the district court
and that argument is therefore forfeited. To the extent that Lavabit is now arguing
that a private key can never be the subject of a search warrant because such a key
35
is not “fruits, instrumentalities, or evidence of crime,” Lavabit Br. at 22, Lavabit is
wrong. Magistrate judges routinely issue warrants that permit officers to copy
encryption keys that permit the examination of other data that is seized as
evidence. See United States v. Scarfo, 180 F. Supp. 2d 572, 574 (D.N.J. 2001)
(two warrants authorized installation of keystroke loggers “in order to decipher the
passphrase to the encrypted file, thereby gaining entry to the file”); United States v.
Sutton, No. 5:08-CR-40, 2009 WL 481411, at *2 (M.D. Ga. Feb. 25, 2009)
(warrant authorizing seizure of “encryption codes” that were “required to access
computer programs or data”); United States v. Simpson, No. 3:09-CR-249, 2011
WL 721912, at *2 (N.D. Tex. Mar. 2, 2011) (warrant authorized seizure of
encryption devices and passwords); U.S. Dep’t Justice, Searching and Seizing
Computers and Obtaining Electronic Evidence (3d ed. 2009) at 249 (suggesting
warrant language that would permit the seizure of “encryption keys, and other
access devices that may be necessary to access” a seized hard drive). An
encryption key could easily be used to encrypt a criminal communication, to
encrypt evidence of a crime, or to encrypt the fruits of a crime. And a warrant may
name any premises where such things are found — even if the premises are owned
by someone other than the suspect or a private business such as Lavabit. See
Zurcher, 436 U.S. at 554.
36
B.
The Warrant Did Not Impose an Unreasonable Burden on
Lavabit.
Lavabit argues that, even if valid, the search warrant was invalid because it
imposed an undue burden on Lavabit. Lavabit Br. at 19-20. But the § 2703(d)
“undue burden” standard only applies to “court orders” issued pursuant to 18
U.S.C. § 2703(c)(1)(B), not to search warrants issued pursuant to Federal Rule of
Criminal Procedure 41 and 18 U.S.C. § 2703(c)(1)(A). However, as amicus
American Civil Liberties Union correctly argues, “the Supreme Court has held that
the courts may not impose unreasonable burdens in ordering third parties to assist
in government investigations.” ACLU Br. at 4 (citing United States v. N.Y. Tel.
Co., 434 U.S. 159, 171 (1977)). The Supreme Court in New York Telephone
upheld a court order requiring a service provider to assist with implementation of a
pen register. The Supreme Court held that the order was not unduly burdensome
because it “provided that the Company be fully reimbursed at prevailing rates, and
compliance with it required minimal effort on the part of the Company and no
disruption to its operations.” Id. at 175. Even if Lavabit’s erroneous invocation of
the § 2703(d) standard was recast as a constitutional “unreasonable burden” claim,
under that precedent the claim would fail.
Both the government and the district court upheld the obligation not to
impose an undue burden on Lavabit. Lavabit argues that the subpoena and search
warrant put Lavabit to “an existential crisis,” denying Lavabit the ability to “exist
37
as an honest company,” and giving it no choice but to cease operations. Lavabit
Br. at 29. But Lavabit’s own privacy policy stated that Lavabit was willing to
comply with court orders, so there was no dishonesty in complying with the orders
of the district court. J.A. at 91. And Lavabit never warned the district court that its
orders put Lavabit to an “existential crisis.” In its Motion to Quash, Lavabit did
not argue that it would have to cease operations if the district court denied its
motion. At most, Lavabit asserted its business “could be destroyed if it is required
to produce” the key, J.A. at 71-72, though Lavabit intimated the coup de grâce
would come from loss of customer trust, rather than be self-inflicted within days of
the district court’s decision.
Instead, Lavabit’s arguments to the district court identified a different, less
burdensome way to comply with the district court’s orders. As alternative relief,
Lavabit asked the district court that it “be given an opportunity to revoke the
current encryption key and reissue a new encryption key,” and be compensated for
the expense of doing so. J.A. 73. In other words, Lavabit did not, when it filed its
motion, assess the burden as being so great that Lavabit would have to go out of
business immediately. Rather, Lavabit sensibly proposed that, should it lose the
motion it quash, it would turn over its key, and then obtain a new private key once
the court-ordered pen/trap was complete. Doing so would have restored Lavabit to
exactly the position it was in before it received any order from the government:
38
Lavabit, alone, would have the only copy of Lavabit’s private key. The
Government, in response, agreed that “once court-ordered surveillance is complete,
Lavabit will be free to change its SSL keys,” pointed out that a new private key
might cost $100, and suggested that Lavabit would be entitled to compensation for
that expense. J.A. 91.
Nothing in the search warrant required Lavabit to shut down. Nor was
Lavabit ever under an obligation to “intentionally defraud its users about the
security of the system.” Lavabit Br. at 19. A provider does not defraud its users
by both promising security and complying with lawful court orders. Lavabit
publicly advised its users that Lavabit would comply with valid legal process. J.A.
91. Users who expected otherwise were not defrauded; at worst, they had the
unreasonable belief that Lavabit was entitled to ignore court orders.
Lavabit argues that the warrant was unreasonable because it interfered with
Lavabit’s “business model,” Br. at 12, but the Fourth Amendment does not provide
special protection for business models based on a refusal to cooperate with lawful
criminal investigations. For example, a bank that refused to comply with lawful
subpoenas could no doubt build a lucrative business from customers seeking to
avoid governmental scrutiny. The Fourth Amendment, however, does not protect a
business model that conflicts with “the longstanding principle that the public has a
right to every man’s evidence.” Branzburg v. Hayes, 408 U.S. 665, 688 (1972)
39
(internal quotation marks and ellipses omitted). Lawful process that disrupts such
a business model does not impose an unreasonable burden.
Finally, Lavabit also argues that the burdens imposed on it were
unreasonable because Lavabit offered to implement the pen/trap itself, with its own
software, making it unnecessary for the government to obtain the private key.
Lavabit Br. at 8, 20. To be sure, in most cases, when government agents serve a
provider with a pen/trap order, they are happy to let the provider use its own
equipment and software to implement the order. Lavabit also had that option on
June 28, the day it was served with the pen/trap order. But Lavabit did not
implement its own pen/trap. Eight days later, on July 6, Lavabit still had not
implemented its own pen/trap, giving the government’s agent the non-sequitur
reply that “we don’t record this data.” J.A. 81. Twelve days after receiving the
pen/trap order, Lavabit participated in a conference call with the government, and
had consulted with counsel, but otherwise had done nothing to implement the
pen/trap. J.A. 82. The next day, FBI agents attempted to serve Lavabit’s
proprietor, Mr. Levison, with a subpoena, but, after knocking on his door,
witnessed him exit his apartment, get in his car, and drive away. J.A. 82.
The “offer” to implement the pen/trap finally came on July 13, 2013, fifteen
days after service of the pen/trap order. That offer fell well short of what the court
had ordered Lavabit to do: For an advance payment of $2000, Lavabit offered to
40
provide all of the data “at the conclusion of the 60 day period.” Levison offered to
provide the data “intermittently during the collection period but only as my
schedule allows.” If the government wanted more frequent production, Lavabit
demanded a flat figure of $1500. J.A. 83. Thus, fifteen days after receiving the
order, Lavabit revealed it had not even begun to comply, and only offered to
produce data intermittently at best. At the August 1 hearing, thirty-four days after
the pen/trap order had been served, Lavabit’s counsel represented that Lavabit’s
work on implementing its own pen/trap still had not begun. J.A. 112. Counsel
offered that once Lavabit began work on writing the necessary computer code, it
would take “a week to a week and a half” before it would be ready, “although I
would be willing to talk to my client to see if we can get that expedited.” J.A. 112.
It was not error for the district court to order production of Lavabit’s private
keys despite this “offer.” The offer came after almost a quarter of the allotted time
for the pen/trap order had evaporated, perhaps along with crucial investigative
opportunities. Lavabit requested compensation without offering any basis to
evaluate whether that compensation was reasonable, in exchange for doing less
than what the pen/trap order required. Lavabit made this offer just three days after
its proprietor avoided agents attempting to serve process. Thirty-four days into the
order, Lavabit still had done no work to implement its own solution, and Lavabit’s
counsel conceded that the proposed pace of work was not “expedited.” From all
41
this, the district court was entitled to conclude that Lavabit was either incapable of
implementing its own pen/trap, or simply unwilling.
IV.
THE FOURTH AMENDMENT DOES NOT PROHIBIT
OBTAINING ENCRYPTION KEYS FOR THE PURPOSE OF
DECRYPTING COMMUNICATIONS THAT THE
GOVERNMENT IS LAWFULLY AUTHORIZED TO COLLECT.
Lavabit’s final argument is that the requirement to produce the encryption
keys violated the Fourth Amendment because, with the keys, the government
would have the ability (though not the authority) to review other Lavabit users’
data. Lavabit’s argument, in essence, is that since it would be theoretically
possible for the government to use Lavabit’s encryption keys to decrypt and read
the contents of electronic communications of all of Lavabit’s users, any warrant
requiring Lavabit to disclose the encryption keys is unreasonable under the Fourth
Amendment. This argument is wrong.
First, there is no doubt that the warrant was sufficiently particular. “The
particularity requirement is fulfilled when the warrant identifies the items to be
seized by their relation to designated crimes and when the description of the items
leaves nothing to the discretion of the officer executing the warrant.” United States
v. Williams, 592 F.3d 511, 519 (4th Cir. 2010). The warrant’s specification easily
met that standard: it asked for information necessary to decrypt the
communications of one Lavabit user. When Lavabit finally complied with the
warrant, it had no difficulty identifying the exact data called for by the warrant.
42
The warrant, then, was not defective for describing the data to be produced in a
vague, broad fashion.
Second, the search warrant did not authorize “rummag[ing]” through the
communications of all Lavabit users. Lavabit Br. at 21-24, 27. Nor, for that
matter, did the government “propos[e] to examine the correspondence of all of
Lavabit’s customers,” id. at 12, seek to “gain unfettered access to all—all—of the
data,” id. at 21, or to “expose and search through the content and non-content data
of all [Lavabit] users,” id. at 26. Lavabit conflates information that would actually
be seen by a human investigator with data that would momentarily pass through
the pen/trap device’s memory before a computer forever discarded it. Id. at 27.
The only user data the government was permitted to see was the data described in
the pen/trap order and the search warrant; all other data would be filtered out,
electronically, without reaching any human eye. If certain data did not pertain to
the one identified user, the government could not read it; if there were encryption
keys used to encrypt information other than that particular account, the government
could not use them.
Lavabit’s use of a single lock to secure all its users communications does not
mean the government’s procurement of Lavabit’s key for the purpose of inspecting
one user’s communications is overbroad. Lavabit used a single set of keys to
encrypt all users’ communications. Lavabit Br. at 4. Lavabit’s analogy – that the
43
government demanded the master key to every room in a hotel when it had
authority to search only a single room – is based on a false premise. In Lavabit’s
analogy, there is a unique key to the room the government sought to search. Here,
no such unique key existed – there was only a master key. That does not invalidate
a lawful warrant to obtain such a key, physical or digital; indeed, the taking of keys
pursuant to a lawful search for the purpose of opening other locked items is both
well-established and routine. See, e.g., United States v. Herrera-Contreras, 269
Fed. App’x 875, 2008 WL 656242, at *1 (11th Cir. Mar. 12, 2008) (holding that
key seized during a lawful arrest could be used to unlock a closet in the course of
executing a warrant); United States v. Grossman, 400 F.3d 212, 216-18 (4th Cir.
2005) (discussing seizure of a criminal suspect’s keys as part of an effort to search
various residences); United States v. Horn, 187 F.3d 781, 787-88 (8th Cir. 1999)
(holding that warrant authorizing seizure of “any and all … keys … showing
access to, or control of” a residence was not unconstitutionally overbroad); United
States v. Otobo, 1993 WL 196053, at *3 (6th Cir. June 9, 1993) (per curiam)
(unpublished); United States v. Peagler, 847 F.2d 756, 756 (11th Cir. 1988) (per
curiam); Thompson, 495 F.2d at 169 (holding apartment keys were lawfully seized
as instrumentalities of narcotics distribution). 11
11
Nor would the use of a pen/trap device to electronically scan traffic on Lavabit’s
network constitute an unconstitutional search or seizure. The use of a pen register
device on an email account is not a search. See Forrester, 512 F.3d at 509.
44
Third, Lavabit’s parade of hypotheticals regarding other possible unlawful
actions the government might take with the fruits of a lawfully executed search
warrant should not invalidate a warrant issued by a neutral magistrate based on
probable cause. Statutes, such as the Wiretap Act, 18 U.S.C. § 2510 et seq., and
the Pen/Trap statute itself, 18 U.S.C. § 3121, strictly regulate the government’s
ability to conduct electronic surveillance. Were a government officer to do as
Lavabit fears and “rummage” through other users’ communications without
authorization, that would be a crime. Conjecture that the government will execute
a search warrant illegally is not grounds to invalidate a warrant. See Dalia v.
United States, 441 U.S. 238, 257 (1979) (“Nothing in the language of the
Constitution or in this Court’s decisions interpreting that language suggests that …
Federal courts have refused to apply Fourth Amendment protection to envelope
information. In United States v. Huie, the United States Court of Appeals for the
Fifth Circuit held that United States Postal Service customers had no reasonable
expectation to privacy in information placed on the outside of mailing envelopes.
593 F.2d 14, 15 (5th Cir. 1979). Applying the same rationale, the Supreme Court
held that telephone users had no reasonable expectation of privacy in dialed
telephone numbers, since dialing a telephone to connect a call reveals those
numbers to the telephone service provider. See Smith v. Maryland, 442 U.S. 735,
742-44 (1978)(“Given a pen register’s limited capabilities, therefore, petitioner’s
argument that its installation and use constituted a ‘search’ necessarily rests upon a
claim that he had a ‘legitimate expectation of privacy’ regarding the numbers he
dialed on his phone. This claim must be rejected.”). Several courts have used the
same analysis in holding that non-content information disclosed to Internet service
providers should not be afforded Fourth Amendment protections. See, e.g.,
Forrester, 512 F.3d at 509-13; Guest v. Leis, 255 F.3d 325, 335-36 (6th Cir. 2001);
United States v. Hambrick, 55 F. Supp. 2d 504, 508-09 (W.D. Va. 1999), aff’d, 225
F.2d 656 (4th Cir. August 3, 2000).
45
search warrants also must include a specification of the precise manner in which
they are to be executed.”); see also United States v. Grubbs, 547 U.S. 90, 97-98
(2006) (noting that Fourth Amendment’s particularity requirement is limited to
places to be searched and things to be seized). Lavabit’s claim is even more
speculative than the Defendant’s claim rejected by the Supreme Court in Dalia. In
Dalia, the Supreme Court rejected the argument that a warrant must contain
restrictions on the manner of its execution to be consistent with the Fourth
Amendment. Id. at 259. Lavabit’s claim is that, regardless of how the actual
search is conducted, to comply with the Fourth Amendment a warrant must also
contain other, unidentified restrictions on future anticipated government action.
Taken to its logical extension, Lavabit’s argument could be used to
invalidate any investigative action taken by the government. Rogue agents might
abuse any pen/trap device, for example, to illegally and surreptitiously collect data
related to phone numbers or email accounts not listed in the authorizing order. The
authority granted by a warrant to search a specific physical location for specific
evidence could be exceeded by executing government agents. A law enforcement
officer could use a search warrant to lawfully seize a weapon and later use the
weapon in a crime. The possibilities are only limited by the imagination. Courts
do not and should not invalidate warrants based on speculation; rather, whether a
particular government act violates the Fourth Amendment requires actual facts –
46
not just the possibility for harm. See Richards v. Wisconsin, 520 U.S. 385, 395-96
(1997); see also Orin Kerr, “Ex Ante Regulation of Computer Search and Seizure,”
96 Va. L. Rev. 1241, 1260-76 (2010) (discussing Supreme Court disapproval for
evaluation of search warrants based on hypothetical government action). Here,
where Lavabit’s only claims of government overreaching are based on conjecture
that federal agents will commit crimes, Lavabit’s Fourth Amendment challenges to
the search warrant and pen/trap order should be denied.
CONCLUSION
The United States has a compelling interest in the investigation and
prosecution of crime. See Va. Dep’t of State Police v. Wash. Post, 386 F.3d 567,
578 (4th Cir. 2004). Congress has passed numerous statutes, including the Stored
Communications Act and the Pen/Trap statute, which further that interest by
authorizing the collection of certain information from providers of electronic
communication. Congress has ensured investigations stay true to those statutes by
providing oversight by the courts. Here, Lavabit claims the right to ignore those
courts and thwart such investigations simply by offering for sale, to the general
public, encrypted email. Because there is no reason to treat a business that offers
47
encrypted email services differently from any other business, this Court should
affirm the district court’s order for sanctions.
Respectfully submitted,
DANA J. BOENTE
ACTING United States Attorney
MICHAEL BEN’ARY
ANDREW PETERSON
JAMES L. TRUMP
United States Attorney’s Office
Eastern District of Virginia
2100 Jamieson Avenue
Alexandria, VA 22314
(703) 299-3700
MYTHILI RAMAN
ACTING ASSISTANT ATTORNEY
GENERAL, CRIMINAL DIVISION
NATHAN JUDISH
JOSH GOLDFOOT
BENJAMIN FITZPATRICK
BRANDON VAN GRACK
U.S. Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530
/s/ Andrew Peterson
ANDREW PETERSON
ASSISTANT UNITED STATES ATTORNEY
United States Attorney’s Office
Eastern District of Virginia
2100 Jamieson Avenue
Alexandria, VA 22314
(703) 299-3700
48
CERTIFICATE OF COMPLIANCE
Pursuant to this Court’s order dated, I hereby certify that that this brief
contains 11,685 words (excluding the parts of the brief exempted by Rule
32(a)(7)(B)(iii)) and has been prepared in a proportionally spaced, 14-point
typeface using Microsoft Word 2010.
/s/ Andrew Peterson
Andrew Peterson
49
CERTIFICATE OF SERVICE
I hereby certify that on November 12, 2013, I filed the foregoing Brief of the
United States of America with the Clerk of the Court using the CM/ECF system,
which will send a Notice of Electronic Filing to the following registered users:
Jesse Ryan Binnall
Email: jbinnall@bblawonline.com
Bronley & Binnall, PLLC
10387 Main Street
Fairfax, VA 22030-0000
Marcia C. Hofmann
Email: marcia@marciahofmann.com
Law Office of Marcia Hofmann
25 Taylor Street
San Francisco, CA 94102
Laurin Howard Mills
Email: laurin.mills@leclairryan.com
Leclair Ryan, PC
2318 Mill Road
Alexandria, VA 22314-0000
Ian James Samuel
Email: isamuel@jonesday.com
290 West 12th Street
New York, NY 10014
David Alan Warrington, Esq.
Email: david.warrington@leclairryan.com
Leclair Ryan, PC
Suite 1100
2318 Mill Road
Alexandria, VA 22314-0000
/s/ Andrew Peterson
Andrew Peterson
50
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?