OPINION AND ORDER

SUE E. MYERSCOUGH, District Judge.

This matter comes before the Court on Defendant Donald Dorosheff's Amended Motion to Suppress Evidence (d/e [21])1 (Motion). For the reasons set forth below, the motion is DENIED.

I. BACKGROUND

In his Motion, Defendant challenges the legality of the search of his residence, including his electronics, that led to law enforcement's recovery of images that form the basis of the charges in the Indictment in this case (d/e [1]). On March 20, 2017, the Court held a hearing on Defendant's Motion.

Defendant's Motion concerns two warrants: one issued on February 20, 2015, in the Eastern District of Virginia (hereinafter the "NIT warrant," described below), and the other issued on March 1, 2016, in this district (hereinafter the residence warrant). Defendant seeks to suppress evidence obtained during the search of his residence on several grounds. Defendant argues: (1) the residence warrant affidavit failed to set forth sufficient facts to establish probable cause; (2) the good faith exception did not apply because the residence warrant was facially deficient and the executing officer could not reasonably rely on it; (3) the residence warrant affidavit was based on evidence obtained during a search pursuant to the NIT warrant, whose affidavit also failed to set forth sufficient facts to establish probable cause; and (4) the NIT warrant violated Federal Rule of Criminal Procedure 41(b).

The charges in this case arise from an investigation of a website called Playpen, a global online forum through which registered users distributed and accessed child pornography. Government's Response to Defendant's Motion to Suppress Evidence (d/e [18]) at 2 (Government's Response). Playpen operated on the Tor network, which allows users to maintain anonymity by masking the user's actual Internet Protocol (IP) address by bouncing user communications around a network of relay computers called nodes.

In January 2015, the FBI seized the Playpen website and allowed it to continue to operate at a government facility in the Eastern District of Virginia from February 20, 2015 through March 4, 2015. The FBI obtained a warrant (the NIT warrant) from the Eastern District of Virginia to monitor the site users' communications and to deploy a Network Investigative Technique (NIT) on the site, in order to attempt to identify registered users.

Using the NIT, the FBI identified an IP address associated with Playpen user "Grite" and traced it to Defendant. On March 1, 2016, Judge Schanzle-Haskins issued a search warrant (the residence warrant) to FBI Special Agent David Harmon.

On March 3, 2016, agents executed the residence warrant at Defendant's home. The search yielded 1,114 images and 1 video of confirmed child pornography. Government's Response at 6. On October 5, 2016, a four-count indictment was filed against Defendant, charging him with two counts of Receiving Child Pornography in violation of 18 U.S.C. § 2252A(a)(2)(A) and (b)(1) and two counts of Possession of Child Pornography in violation of 18 U.S.C. § 2252A(a)(5)(B) and (b)(2). The indictment also asserted a forfeiture claim against Defendant for two laptops, five flash drives, and one media card.

II. LEGAL STANDARD

The Fourth Amendment to the Constitution guarantees the "right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures." U.S. Const. amend. IV. In the absence of certain circumstances that are not applicable in this case, it is a violation of the Fourth Amendment for a police officer to search a defendant's residence without a warrant. A court may issue a search warrant only upon a finding that there is probable cause to believe that a crime has been committed and that the person in question has committed that crime. See Maryland v. Pringle, 540 U.S. 366, 372-73 (2003).

An affidavit establishes probable cause when, based on the totality of the circumstances, the affidavit sets forth sufficient evidence that would cause a reasonable person to believe that a search will uncover evidence of criminal activity. United States v. Watzman, 486 F.3d 1004, 1007 (7th Cir. 2007). Officers have probable cause to conduct a search if "the known facts and circumstances are sufficient to warrant a man of reasonable prudence in the belief that contraband or evidence of a crime will be found." Ornelas v. United States, 517 U.S. 690, 696 (1996). "This common-sense, non-technical determination is based not on individual facts in isolation but on the totality of the circumstances known at the time a warrant is requested." United States v. Aljabari, 626 F.3d 940, 944 (7th Cir. 2010). Officers only need to have a "reasonable probability" of uncovering evidence of a crime, not an "absolute certainty" or a "preponderance of the evidence." Id. Probable cause "does not require direct evidence linking a crime to a particular place; reasonable inferences are permitted." Watzman, 486 F.3d at 1008 (internal quotation marks omitted).

III. ANALYSIS

A. The Affidavit Supporting the Residence Warrant Set Forth Sufficient Facts to Establish Probable Cause.

Special Agent Harmon sought the residence warrant after the NIT warrant led to the discovery that a user named "Grite" was accessing the Playpen site. Officers determined that Grite's IP address, obtained from the NIT, was operated by AT&T. In response to the Government's subpoena, AT&T revealed that the subscriber was Defendant, the service address was Defendant's home address, and Defendant had received service from AT&T since December 2012. The NIT program also determined that the computer's Host Name was Donald, which is Defendant's first name. Officers confirmed with building management at Defendant's address that Defendant had resided alone in the apartment for the last three years. These facts, set forth in the residence warrant affidavit, support a finding of probable cause.

1. The residence warrant was not based on stale information.

Defendant argues that the year-old information from the NIT on which the residence warrant affidavit is based is stale and accordingly does not support probable cause.

The staleness of an affidavit is determined on a case-by-case basis. United States v. Newsom, 402 F.3d 780 (7th Cir. 2005). The age of the information alleged to be stale must be considered in conjunction with the age of the rest of the information in the affidavit and the circumstances of the offense. Watzman, 486 F.3d at 1008 ("The age of information contained in an affidavit is only one factor a judge considers, and it is less important when the criminal activity in question is apparently continuous."); see also United States v. Carroll, 750 F.3d 700 (7th Cir. 2014) (five-year old information about sexual molestation by defendant in affidavit supporting a search warrant of defendant's home was not stale when coupled with recent information that defendant showed child pornography to victim); cf. Prideaux-Wentz, 543 F.3d at 958-59 (information in affidavit was stale when four years may have lapsed between defendant's last upload of child pornography and the application for the warrant and the dates on which defendant uploaded the images was not included in the affidavit even though Government easily could have obtained those dates).

In the child pornography context, the time at which information becomes stale is much later than in other criminal contexts. This is because viewers of child pornography tend to maintain their collections for long periods of time, due to the difficulty in obtaining images, the ability to trade them, and their personal value. Carroll, 750 F.3d at 704 ("we recognize that a staleness inquiry must be grounded in an understanding of both the behavior of child pornography collectors and modern technology."). The residence warrant affidavit at issue in this case included a description of this behavior in child pornography offenders. See Residence Warrant at 32-33.

Given the retention tendencies of viewers of child pornography, including the ongoing criminal activity of continuously holding and repeatedly viewing the images, the passage of one year from Defendant's access of child pornography in 2015 to the issuance of the residence warrant on March 1, 2016, is not critical. This interval was not so long as to dispel a reasonable belief that a search of Defendant's residence would uncover evidence of illegal activity.

Defendant argues that probable cause is undermined by the affidavit's failure to show that Defendant had exclusive control over the premises to be searched or that no other individual used his internet account. Defendant argues that there was a reasonable probability that someone else could have used Defendant's home or internet service to access child pornography.

Exclusive control of the premises or internet service is not required for probable cause. United States v. Featherly, No. 15-3854, 2017 WL 168859, at *2-3 (7th Cir. Jan. 17, 2017) (affidavit establishing that defendant's IP address was connected to an internet service account registered to defendant's name and address was sufficient to support probable cause even if IP address identified only a modem, not defendant's computer, such that another user could conceivably connect to the modem through an unsecured wireless network). "[A] finding of probable cause does not require direct evidence linking a crime to a particular place," let alone to an exclusively-controlled place. Prideaux-Wentz, 543 F.3d at 961 (affidavit established probable cause to search defendant's new home by showing that defendant owned a computer and maintained an internet account at new home).

Here, the Government established that Defendant lives alone by consulting with the management of Defendant's residence. Further, Defendant offers no evidence to suggest that any other individual had access to his residence, computer, or internet service at the time his IP address accessed Playpen. The connection between the IP address used to access the child pornography in this case and Defendant's name and address registered to the corresponding internet account was sufficient to support a finding of probable cause.

3. Even if the residence warrant was not based on probable cause, suppression is not warranted due to the good faith exception.

The Government argues that even if the residence warrant affidavit did not establish probable cause, the good faith exception applies. When a warrant is not supported by probable cause and the resultant search accordingly violates a defendant's constitutional rights, suppression is inappropriate where the executing officer reasonably relied on the warrant. Prideaux-Wentz, 543 F.3d at 959. The key question is whether the face of the warrant contains sufficient indicia of probable cause to render the officer's belief reasonable. Id. Such indicia may include descriptions of the images at issue, the relevant statutory provisions, expert opinion on the behavior of viewers of child pornography, and the officer's experience with pornography-related searches. Id. at 960. The degree of detail in such descriptions also affects the reasonableness of the officer's reliance. Id.

The good faith exception does not apply in cases where the issuing judge "wholly abandoned his judicial role" by failing to perform his "neutral and detached function" and instead acted "merely as a rubber stamp for the police." Id. at 959; see e.g., Lo-Ji Sales, Inc. v. New York, 442 U.S. 319, 326 (1979) (town justice who issued search warrant was not neutral and detached when he accompanied executing officers to the store to be searched, conducted a generalized search of store, and ordered certain items to be seized upon determining they were obscene). The exception also does not apply to cases involving officer misconduct, such as where an officer deliberately or recklessly makes a materially false statement or omission in the affidavit. United States v. Leon, 468 U.S. 897, 926 (1984).

The Court finds that the good faith exception applies to the residence warrant in this case even if it was not supported by probable cause. There is no evidence that the executing officer did not reasonably rely on the warrant. Nor is there any indication that Judge Schanzle-Haskins was anything but detached and neutral in issuing the warrant. Defendant has not alleged misconduct by any involved officer.

To the contrary, the affidavit may reasonably be read to support a finding of probable cause. The affidavit sets forth the purpose of the warrant, key definitions, an explanation of how the Playpen website and the Tor network operate, a summary of Playpen's illegal content, the investigation's identification of user "Grite," profile characteristics of those who view child pornography, and search methodology. Also attached are descriptions of the location to be searched and of the information to be seized. The breadth and depth of the information in the affidavit makes reasonable a probable cause finding.

B. The NIT Warrant Was Supported by Probable Cause.

Defendant also asserts that the NIT warrant also lacked probable cause. Because the residence warrant affidavit included information obtained from the NIT, Defendant suggests that the NIT warrant affidavit's alleged failure to establish probable cause stripped the residence warrant of its basis to support probable cause under the fruit of the poisonous tree doctrine. See United States v. Calandra, 414 U.S. 338, 348 (1974).

Several courts have found that the NIT warrant was supported by probable cause. See, e.g., United States v. Broy, No. 16-cr-10030, 2016 WL 5172853, *9 (I.L.C.D. Sept. 21, 2016); see Government's Response at 13-14. The affidavit supporting the NIT warrant described in detail the Playpen site, the TOR network, the NIT program, the offenses under investigation, and definitions of technical terms.

The affidavit described Playpen as a global online forum through which registered users distributed and accessed child pornography. The affidavit describes the site's contents including details about its forum structure, which was organized by type of sexual interest, gender, and age. The affidavit explained that images and videos on Playpen were highly categorized according to the victim's age and gender and the sexual content of the file.

The affidavit further explained that Playpen required users to register an account by creating a username and password. The affidavit noted the emphasis Playpen placed on anonymity in registration. Playpen told users not to register a real email address and that they should not post identifying information in their profile. Playpen further advised users to turn off their JavaScript and disable sending of the "refer" header. See NIT Warrant, (d/e [18-2]) at 19-20. The page also informed the user that the website "is not able to see your IP . . . ."

The affidavit also stated that Playpen operated on the Tor network, which allows users to maintain anonymity by masking the user's actual Internet Protocol (IP) address by bouncing user communications around a network of relay computers called nodes. To access the Tor network, a user must install Tor software by downloading either an add-on to their web browser or the free "Tor browser bundle."

The affidavit explained that Playpen operated as a "hidden service" website on the Tor network, which means the website's IP address is hidden and replaced with a Tor-based web address. The affidavit stated that a user cannot access a hidden service such as Playpen unless he or she knows the particular web address.

The affidavit further described how NIT would work, what it could do, and why it was useful. The affidavit stated that NIT could help FBI agents locate administrators and users of Playpen. NIT was an additional set of computer instructions that would be downloaded to a user's computer along with typical Playpen content that would be downloaded through normal operations of the site. The instructions would cause a user's computer to transmit the following specified information to a government-controlled computer: (1) the actual IP address of the user's computer; (2) a unique identifier to distinguish the data from that collected from other computers; (3) the identification of the computer's operating system; (4) data on whether NIT had already been delivered to the computer; (5) the computer's Host Name; (6) the computer's active operating system username; and (7) the computer's Media Access Control (MAC) address. The actual IP address could then be associated with an internet service provider (ISP) and a particular ISP customer, while the type of operating system, the Host Name, the active operating system username, and the MAC address helped to distinguish the user's computer from other computers located at the user's premises.

These facts set forth in the NIT warrant affidavit supported probable cause.

C. The NIT Warrant Violated Federal Rule of Criminal Procedure 41(b), but Suppression Is Not an Appropriate Remedy.

Defendant has not argued that the NIT warrant violates Fed. R. Crim. P. 41(b), which authorizes a magistrate judge to issue a warrant under five circumstances. The Government concedes that the NIT warrant likely violated Rule 41(b), and many of the courts that have addressed whether the NIT warrant violated Rule 41(b) found that the warrant did.

Rule 41(b)(1) authorizes a magistrate to issue a warrant to search a person or property in the magistrate's district. Although the NIT was deployed from the Eastern District of Virginia, the search it initiated took place in the user's computer, which could have been located in any district in the country. Furthermore, while the user can be said to have virtually entered the Eastern District of Virginia when he accessed Playpen, the data obtained from the user's computer did not virtually enter the Eastern District of Virginia merely upon the user's accessing Playpen. Rather, the data did not enter the Eastern District of Virginia until it was pulled from the user's computer by the NIT program. Because the data would not otherwise have accompanied the user to the Eastern District of Virginia when he accessed Playpen, the magistrate's authority under Rule 41(b)(1) does not support the NIT warrant.

Neither does Rule 41(b)(2) apply. Rule 41(b)(2) authorizes a magistrate to issue a warrant that will be executed outside the magistrate's district if the person or property to be searched is located within the district when the warrant is issued. This authority does not apply to the NIT warrant because the property to be searched, users' computers, were located across the United States when the warrant was issued. Rule 41(b)(2) granted the magistrate authority to issue a warrant to search the computers only of Playpen users whose computers were located in the Eastern District of Virginia.

Rule 41(b)(3) is limited to cases involving terrorism and Rule 41(b)(5) is restricted to the District of Columbia, therefore, these authorities do not apply here.

Finally, Rule 41(b)(4) authorizes a magistrate to issue a warrant to install a device to track the movement of a person or property. Because the NIT program initiates a search of computer data and does not track movement, Rule 41(b)(4) does not apply.

Therefore, none of the authorities granted to the magistrate judge in Rule 41(b) authorized the issuance of the NIT warrant. See roy, 2016 WL 5172853 at *7-8.

Despite the NIT warrant's Rule 41(b) violation, suppression of the evidence obtained as a result of the execution of the warrant is not warranted. Although technical or ministerial violations of Rule 41 do not give rise to suppression unless the defendant demonstrates that he suffered prejudice as a result of the violation, the NIT warrant violated a substantive provision of Rule 41. See United States v. Berkos, 543 F.3d 392, 397 (7th Cir. 2008) (Rule 41(b) is "a substantive provision"); United States v. Levin, 186 F.Supp.3d 26, 35 (D. Mass. 2016). Nonetheless, the good faith exception applies.

The good faith exception, which is most commonly applied to warrants lacking probable cause, also may apply to a warrant issued in violation of Rule 41(b). United States v. Leon established an exception to suppression of evidence obtained pursuant to a warrant lacking probable cause where the warrant was issued by a detached and neutral magistrate and the executing officer reasonably relied on the warrant's validity. 468 U.S. 897, 926 (1984). The exception supports the public's interest in admitting all relevant and reliable evidence and the policy of deterring police misconduct. See Nix v. Williams, 467 U.S. 431, 443 (1984) ("the interest of society in deterring unlawful police conduct and the public interest in having juries receive all probative evidence of a crime are properly balanced by putting the police in the same, and not a worse, position than they would have been in had no police error or misconduct occurred."). Suppression is inappropriate where reasonable minds could disagree as to whether the affidavit supported probable cause but the warrant was later invalidated.

In United States v. Master, the Sixth Circuit applied the good faith exception to a warrant issued without authority because it was issued by a retired judge. 614 F.3d 236 (6th Cir. 2010). There, the court abrogated its earlier holding in United States v. Scott, 260 F.3d 512 (6th Cir. 2001), that the good faith exception could not apply to a warrant that was void ab initio. The Master court found that such a rule was "no longer clearly consistent with current Supreme Court doctrine." Master, 614 F.3d at 242.

The good faith exception prevents suppression of evidence obtained pursuant to the NIT warrant. See United States v. Cazares-Olivas, 515 F.3d 726, 729 (7th Cir. 2008) ("violations of federal rules do not justify the exclusion of evidence that has been seized on the basis of probable cause."); United States v. Berkos, 543 F.3d 392, 396 (7th Cir. 2008) ("The remedy of allowing a defendant to go free based on a violation of Rule 41's requirements for obtaining a proper search warrant would be wildly out of proportion to the wrong.") (internal quotation marks omitted).

Courts that have reviewed the NIT warrant are split as to whether the issuing magistrate had authority under Rule 41(b). See, e.g., United States v. Darby, 190 F.Supp.3d 520 (E.D.Va. 2016) (finding the NIT warrant was authorized under Rule 41(b)(4)); compare United States v. Croghan, 209 F.Supp.3d 1080 (S.D.Iowa 2016) (finding the NIT warrant was not authorized under Rule 41(b)). This split suggests that reasonable minds may disagree as to whether the magistrate had authority to issue the warrant.

Further, because nothing before the Court indicates that the executing officers did not act in good faith reliance on the validity of the warrant or that they acted culpably or deliberately in violating Rule 41, suppression is not warranted because it would not deter police misconduct and it would remove relevant and reliable evidence from the public. United States v. Master, 614 F.3d 236 (6th Cir. 2010) ("The Supreme Court has effectively created a balancing test by requiring that in order for a court to suppress evidence following the finding of a Fourth Amendment violation, `the benefits of deterrence must outweigh the costs.'") (quoting Herring v. United States, 555 U.S. 135, 142 (2009)).

Nor does the Rule 41 violation indicate that the issuing judge was not "detached and neutral." There is no indication that the magistrate deliberately violated Rule 41, nor that the officers misled the magistrate in their application.

The Court therefore finds that suppression is inappropriate despite the NIT warrant's Rule 41(b) violation.

IV. CONCLUSION

Based on the evidence and arguments presented by the parties, the Court finds that neither of the warrants in this case lacked probable cause. Although this Court joins numerous others in finding that the NIT warrant was issued in violation of Rule 41(b), the Court finds that suppression is not an appropriate remedy for that violation. Defendant's Amended Motion to Suppress (d/e [21]) is accordingly DENIED.