United States v. Soybel, No. 19-1936 (7th Cir. 2021)Annotate this Case
Grainger, the victim of cyberattacks against its computer systems, isolated the source of the intrusions to a single internet protocol (IP) address, coming from a high-rise apartment building where disgruntled former employee Soybel lived. Grainger reported the attacks to the FBI, which obtained a court order under the Pen Register Act, 18 U.S.C. 3121, authorizing the installation of pen registers and “trap and trace” devices to monitor internet traffic in and out of the building generally and Soybel’s unit specifically. The pen registers were instrumental in confirming that Soybel unlawfully accessed Grainger’s system. The district court denied Soybel’s motion to suppress the pen-register evidence.
The Seventh Circuit affirmed Soybel’s convictions under the Computer Fraud and Abuse Act. The use of a pen register to identify IP addresses visited by a criminal suspect is not a Fourth Amendment “search” that requires a warrant. IP pen registers are analogous in all material respects to the telephone pen registers that the Supreme Court upheld against a Fourth Amendment challenge in 1979. The connection between Soybel’s IP address and external IP addresses was routed through a third party, an internet service provider. Soybel has no expectation of privacy in the captured routing information. The court distinguished historical cell-site location information, which implicates unique privacy interests that are absent here. The IP pen register had no ability to track Soybel’s past movements.