This week the federal government decided it was more important to keep the secrets of how it traced people looking at child pornography rather than prosecuting them. In United States v. Jay Michaud, regarding the largest known government hacking campaign in domestic law enforcement history, the government is refusing to go ahead with the prosecution.
There is a sort of secret internet out there called the Tor network, created in large part by the federal government and designed for one purpose — to ensure that one could post and send, and receive and view information anonymously. Tor was developed initially by the United States Naval Research Laboratory, and later by DARPA, a Department of Defense agency responsible for the development of high-tech projects. There have also been significant sponsors of Tor from outside government including contributions from Google, Human Rights Watch, and especially the Electronic Frontier Foundation.
Tor was released to the public in 2003. Its users go online via a regular internet connection, but use specialized software to access the Tor world where they could then (if it worked) exchange information anonymously. From the Tor project website:
Tor’s users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content.
Hammers can be used to construct valuable and useful things, but can also be used for vandalism and murder. The Tor tool is the same, and while it was used for noble and neutral purposes, it was also used as a means to exchange child pornography.
To catch the people who were displaying and viewing these images, the FBI gained access to a Tor site called Playpen and took it over. Instead of shutting down the repository of child pornography, they kept it open for business and even made it better — from the user’s perspective. Peter Adolf, an assistant federal defender who represents an accused administrator of the site, had this to say about the government’s tenure in controlling the website:
As a result, the number of visitors to Playpen while it was under Government control [increased] from an average of 11,000 weekly visitors to approximately 50,000 per week. During those two weeks, the website’s membership grew by over 30 percent, the number of unique weekly visitors to the site more than quadrupled, and approximately 200 videos, 9,000 images, and 13,000 links to child pornography were posted on the site.
The Bureau kept the site open and well run because it was installing malware on the computers of the site’s visitors. It did so to at least 8,000 computers in over 120 countries (the legality of all this is still highly questionable, as they did so with a single search warrant). That malware was designed to make the computers of the site visitors send a secret message to the FBI over the regular internet, a message that would give the Bureau all sorts of identifying information it could use to make an arrest.
Now they are running into a problem with some of the prosecutions resulting from the investigation. Some courts are requiring that they divulge the methods by which they planted the malware to find out which real-life computers and users the visitors were. As reported by ars Technica, “[l]ast year, US District Judge Robert Bryan ordered the government to hand over the [malware] source code in Michaud. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending.”
This week the prosecution gave up on the case for now, with the U.S. attorney asking the judge to dismiss the case without prejudice. That “without prejudice” phrase is key because, if granted, it means they are free to re-file the case at any time they please. If it were to be dismissed with prejudice, that means the court forbids the government from bringing those same charges again. From the motion:
The government must now choose between disclosure of classified information and dismissal of its indictment. Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery.