Judge In Child Porn Case Says FBI Must Turn Over Details On Its Hacking Tool
from the a-new-form-of-file-sharing dept
In California, the FBI is hoping to force Apple to write a hacking tool for it so it can access the contents of an iPhone. Further up the coast in Washington, the compelling force is moving in the opposite direction. The attorney representing a man swept up during the FBI's two-week stint as sysadmins for a child porn server has just had a motion granted that would force the agency to turn over details on the hacking tool it deployed.
A judge has ordered the FBI to reveal the complete code for its Tor exploit to defense lawyers in a child porn case. pic.twitter.com/AZ8QYgGwKe
— Brad Heath (@bradheath) February 17, 2016
The docket report Brad Heath screencapped shows a granted motion for discovery targeted at the FBI. Joseph Cox at Motherboard received confirmation from federal public defender Colin Fieman that the docket note indeed says what it appears to say.
On Wednesday, a judge ruled that defense lawyers in an FBI child pornography case must be provided with all of the code used to hack their client's computer.While the defense will likely see the code -- provided the FBI can't argue its way out of disclosing its methods -- it's highly likely the general public won't have access to these details. The docket is littered with documents sealed at the request of the FBI. Fortunately, there are also a few motions by Michaud's lawyer to unseal documents, so there's still a small chance information on the FBI's NIT (Network Investigative Technique) will make its way in the public domain. If so, it will probably be heavily-redacted, but it should still provide a small peek into the FBI's hacking efforts.
When asked whether the code would include the exploit used to bypass the security features of the Tor Browser, Colin Fieman, a federal public defender working on the case, told Motherboard in an email, simply, “Everything.”
“The declaration from our code expert was quite specific and comprehensive, and the order encompasses everything he identified,” he continued.
Cox also points out that the FBI has already turned over some of its NIT code, but what the defense received was missing several key elements.
Since September, Michaud's lawyers have been trying to get access to the NIT code. It wasn't until January that Vlad Tsyrklevitch, the defense's consulted expert, received the discovery.The only other new document of import in the case is a sworn declaration from Special Agent Daniel Alfin, which claims the FBI has already handed over everything it should have to.
However, according to Tsyrklevitch, the code was apparently missing several parts. One of those was the section of the code ensuring that the identifier issued to Michaud's NIT-infection was truly unique, and another was the exploit itself used to break into his computer.
The NIT computer instructions provided to the defense on January 11, 2016, comprise the only "payload" executed on Michaud's computer as part of the FBI investigation resulting in his arrest and indictment in this case. Accordingly, the defense has been given access to the only "payload" as that term is used by the defense in its Third Motion to Compel, accompanying Declaration.But the declaration also notes the FBI has more information it could "share" with the defense.
The government has advised the defense that it is willing to make available for its review the two-way network data stream showing the data sent back-and-forth between Michaud's computer and the government-controlled computer as a result of the execution of the NIT.It also points out that at no time did images travel from Michaud's computer to an FBI-owned computer or vice versa. Agent Alfin also avers that once the investigation concluded, the FBI no longer had access to Michaud's computer.
Considering the judge has already given the FBI a pass for running a child porn website for two weeks, it seems unlikely the court will find anything about the NIT to be the basis for tossing evidence. There may be some issues troubling the outer reaches of the Fourth Amendment, but courts have historically forgiven questionable law enforcement behavior that serves a "compelling public interest" -- and it's hard to find a more "compelling" interest than fighting child pornography.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: disclosure, fbi, hacking tool, tor, tor browser
Reader Comments
Subscribe: RSS
View by: Time | Thread
No need...
There are just too many ways to sucker our dumb as a brick law enforcement officials. Anyone with a decent technical background could get CP on just about any machine.
And sure it might not be too difficult to discover that there was foul play, but that would likely be after the target was thrown face down in their front yard with assault rifles shoved in their face as the FBI screams in at them and to their neighbors that they are pedophiles.
Face it, we have fully become a guilty until proven innocent community and there is no coming back from that.
[ link to this | view in thread ]
Anything's Possible
[ link to this | view in thread ]
Re: No need...
[ link to this | view in thread ]
That is a not an agency in a democracy or free state that's what you would find in a tyranny or a dictatorship.
[ link to this | view in thread ]
Judge Clown
Oh, wait, I know: "That's a matter of National Security, Judge Clown."
[ link to this | view in thread ]
Multiverse is real
What? They sent actual code? Where is the part where they claim copyright or national security and say they can't give the code to the defense?
Anyone mind showing me the way to my universe? I thought it was just a strange Friday but I must have crossed over into this weird thing somehow last night.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
While the purpose served of acquiring the information on visitors might be a net good for society, it is extremely unsavory for them to be involved in distributing disturbing criminal material that isn't just going to get swept back up when the make arrests.
[ link to this | view in thread ]