It was a single warrant, issued in the Eastern District of the US state of Virginia, but the FBI used it to justify the worldwide hacking of computers to identify tens of thousands of people who wandered into its honeypot: a dark web site called Playpen that was dedicated to child sex abuse.
In a closely watched, potentially pivotal case, a judge has said that the warrant was unconstitutional. He’s recommending that reams of evidence collected under the warrant be considered inadmissible in hundreds of criminal cases against Tor users suspected of trafficking in child abuse imagery on Playpen.
The Bureau infamously ran Playpen for 13 days, from February 20 to March 4 2014, serving up illegal child abuse imagery with the blessings of a US court and the resources of the US government.
According to court documents in a related case, the FBI used a so-called network investigative technique (NIT) – what’s also known as police malware – to force a total of more than 8,000 computers that visited Playpen to cough up their IP addresses, MAC addresses; open ports; lists of running programs; operating system types, versions and serial numbers; preferred browsers and versions; registered owners and registered company names; current logged-in user names; and their last-visited URL.
It was a massive haul of evidence, and it led to the arrests of nearly 900 people worldwide.
As is becoming ever more clear as cases wind their way through the courts, it was a fishing expedition, with the FBI using the warrant to find suspects to identify. That’s not how warrants are supposed to work. Rather, they’re supposed to be issued with a specific scope, with a specific target, and whatever government agency requested the warrant is supposed to investigate based on what the warrant turns up.
Now, the pigeons are coming home to roost. Or, rather, it’s possible that the chickens may be able to fly the coop.
As the Star Tribune reports, the most recent Playpen case concerns that of Terry Lee Carlson, a 47-year-old from Minnesota, who was arrested following the FBI’s so-called Operation Pacifier.
A federal magistrate judge in Minneapolis, Minnesota, has recommended that evidence seized in Carlson’s home – including 20 storage drives – be suppressed. There’s no way that the Eastern Virginia magistrate judge who issued the NIT warrant had jurisdiction to have it span the entire planet, US Magistrate Judge Franklin Noel wrote in a decision filed at the end of March.
Noel quoted District Judge Robert J Bryan, who in an earlier, related case noted that the FBI didn’t just hack into 120 countries and territories outside the US – it also hacked into a “satellite provider”, meaning that “now we are into outer space as well”.
From Noel’s decision:
Stated differently, the Government claims legal authority from this single warrant, issued in the Eastern District of Virginia, to hack thousands of computers in 120 countries and to install malicious software for the purpose of investigating and searching the private property of uncounted individuals whose identities and crimes were unknown to the Government before launching this massive worldwide search.
Even if the government could legally explain the use of the warrant, the evidence would still be inadmissible, given that the data collected by the NIT wasn’t covered under the warrant in the first place, he wrote:
This Court is aware of no lawful way for the Government to deploy this investigative technique. Assuming without deciding that some way could be devised to use the technology employed here, the Court concludes that the Government, by using the NIT malware to collect data from Carlson’s activating computer conducted an unlawful search that was not supported by a lawful warrant.
Noel had little good to say about the FBI’s use of malware and its decision to keep Playpen up and running for two weeks after it had arrested the site’s creator:
The purpose and flagrancy of the FBI’s misconduct in attempting to obtain the NIT warrant and deploying the NIT malware is truly staggering.
In order to identify Playpen users, the FBI operated a copied version of a dark web, child pornography website for two weeks. During that period, countless images and video content depicting child pornography were globally downloaded and distributed via the Playpen.
In essence, the FBI facilitated the victimization of minor children and furthered the commission of a more serious crime – the distribution of child pornography to primarily identify offenders committing less serious crimes: viewing and receipt of child pornography.
As the Star Tribune tells it, the opinion is the first by a Minnesota jurist among more than 50 challenges to cases tied to Operation Pacifier. The district’s chief judge, John Tunheim, will decide in coming weeks whether to adopt Noel’s ruling.
Maybe it’s the first time in Minnesota, but it isn’t the first time a judge has tossed evidence spawned by Operation Pacifier: in May 2016, a US federal judge excluded all evidence in a child abuse case that was acquired by the FBI through the NIT exploit.
From the get-go, this case has raised conflicting impulses: on one hand, we want to give the FBI a pat on the back for a job well done when it comes to catching people involved in child abuse. On the other hand, Judge Noel is right: it wasn’t a job well done. By far exceeding the terms of the search warrant, the investigators themselves trampled on the Fourth Amendment.
It’s simply not OK to break the law in order to catch criminals.
The Star-Tribune quoted Mark Rumold, senior staff attorney at the nonprofit Electronic Frontier Foundation (EFF):
We have appropriate and time-tested Fourth Amendment limits… Unfortunately in this case, the FBI did not do that – they just threw caution to the wind and got the broadest authority that they could conceive of. It’s going to have consequences down the line.
Those consequences, specifically, are that child abusers could well go unpunished. What a tragic waste of time, technology and investigative talent.
computationalerr
This list is what needs hacked and released. Let the people be the judge and jury. Shame them and stone them.
Mike
And don’t forget to add Donald Trump to the list before you leak it.
Disclaimer: Don’t add him, but the fact you initially thought I was serious is why this plan won’t work. Far too many people hate someone enough to add them, and you can’t identify which one is the fake because it won’t be Donald Trump, it’ll be their partner’s ex.
Bryan
Encouraging news for privacy, albeit discouraging for exploited children. No easy answer that I can conceive. Child porn should absolutely be addressed, and I get why the FBI did it. Hearts in the right places, but ends didn’t (in fact can’t in this case) justify the means.
AB
The website at issue was set up as a members only forum which bounced users IP so as to avoid detection. The 150,000 members had to receive the registration via another member. In other words, the folks using it were there solely for the purpose of seeing, downloading, or uploading child porn. In my opinion, that makes their privacy concerns invalid.
AB
Article fails to mention the many other federal case rulings that have upheld the NIT warrant. United States vs. Anzalone in Massachusetts, Werdene in Pennsylvania, Acevedo-Lemus in California, Jean in Arkansas, Sullivan in Ohio…plus many more. Even the states that held the warrant was void are still finding exceptions in order to preserve the evidence and deny defense motions to suppress such as United States vs. Ammons in Kentucky, Kahler in Michigan, Perdue in Texas, Taylor in Alabama…
Nobody_Holme
Reasonable response would really be to discipline the FBI person responsible for the whole damn mess, clearly state that any future instances the evidence will be suppressed, and then chuck those this evidence shows are guilty in jail. Sadly, that’s not how a precedent based legal system works.
It would just be nice for once for someone’s f****p not to let guilty people go free.