Judge In Child Porn Case Says FBI Must Turn Over Details On Its Hacking Tool

from the a-new-form-of-file-sharing dept

In California, the FBI is hoping to force Apple to write a hacking tool for it so it can access the contents of an iPhone. Further up the coast in Washington, the compelling force is moving in the opposite direction. The attorney representing a man swept up during the FBI's two-week stint as sysadmins for a child porn server has just had a motion granted that would force the agency to turn over details on the hacking tool it deployed.


The docket report Brad Heath screencapped shows a granted motion for discovery targeted at the FBI. Joseph Cox at Motherboard received confirmation from federal public defender Colin Fieman that the docket note indeed says what it appears to say.
On Wednesday, a judge ruled that defense lawyers in an FBI child pornography case must be provided with all of the code used to hack their client's computer.

When asked whether the code would include the exploit used to bypass the security features of the Tor Browser, Colin Fieman, a federal public defender working on the case, told Motherboard in an email, simply, “Everything.”

“The declaration from our code expert was quite specific and comprehensive, and the order encompasses everything he identified,” he continued.
While the defense will likely see the code -- provided the FBI can't argue its way out of disclosing its methods -- it's highly likely the general public won't have access to these details. The docket is littered with documents sealed at the request of the FBI. Fortunately, there are also a few motions by Michaud's lawyer to unseal documents, so there's still a small chance information on the FBI's NIT (Network Investigative Technique) will make its way in the public domain. If so, it will probably be heavily-redacted, but it should still provide a small peek into the FBI's hacking efforts.

Cox also points out that the FBI has already turned over some of its NIT code, but what the defense received was missing several key elements.
Since September, Michaud's lawyers have been trying to get access to the NIT code. It wasn't until January that Vlad Tsyrklevitch, the defense's consulted expert, received the discovery.

However, according to Tsyrklevitch, the code was apparently missing several parts. One of those was the section of the code ensuring that the identifier issued to Michaud's NIT-infection was truly unique, and another was the exploit itself used to break into his computer.
The only other new document of import in the case is a sworn declaration from Special Agent Daniel Alfin, which claims the FBI has already handed over everything it should have to.
The NIT computer instructions provided to the defense on January 11, 2016, comprise the only "payload" executed on Michaud's computer as part of the FBI investigation resulting in his arrest and indictment in this case. Accordingly, the defense has been given access to the only "payload" as that term is used by the defense in its Third Motion to Compel, accompanying Declaration.
But the declaration also notes the FBI has more information it could "share" with the defense.
The government has advised the defense that it is willing to make available for its review the two-way network data stream showing the data sent back-and-forth between Michaud's computer and the government-controlled computer as a result of the execution of the NIT.
It also points out that at no time did images travel from Michaud's computer to an FBI-owned computer or vice versa. Agent Alfin also avers that once the investigation concluded, the FBI no longer had access to Michaud's computer.

Considering the judge has already given the FBI a pass for running a child porn website for two weeks, it seems unlikely the court will find anything about the NIT to be the basis for tossing evidence. There may be some issues troubling the outer reaches of the Fourth Amendment, but courts have historically forgiven questionable law enforcement behavior that serves a "compelling public interest" -- and it's hard to find a more "compelling" interest than fighting child pornography.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: disclosure, fbi, hacking tool, tor, tor browser


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 19 Feb 2016 @ 8:41am

    No need...

    Just trust us that we found CP on this dood computer.

    There are just too many ways to sucker our dumb as a brick law enforcement officials. Anyone with a decent technical background could get CP on just about any machine.

    And sure it might not be too difficult to discover that there was foul play, but that would likely be after the target was thrown face down in their front yard with assault rifles shoved in their face as the FBI screams in at them and to their neighbors that they are pedophiles.

    Face it, we have fully become a guilty until proven innocent community and there is no coming back from that.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2016 @ 10:29am

      Re: No need...

      While I'm sure that plenty of sickos have been caught, I'm also 99% sure that CP charges are the new tax fraud charges. The white collar version of sprinkling a little bit of coke on them, if you will.

      link to this | view in chronology ]

  • icon
    TechDescartes (profile), 19 Feb 2016 @ 8:46am

    Anything's Possible

    While the defense will likely see the code -- provided the FBI can't argue its way out of disclosing its methods -- it's highly likely the general public won't have access to these details.
    LCR 5(g)(8): "A non-party seeking access to a sealed document may intervene in a case for the purpose of filing a motion to unseal the document." So it's possible. The likelihood of success is another matter...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 12:50pm

    not only are they creating fake terrorism plots but they are also running "fake" pedophile sharing sites.

    That is a not an agency in a democracy or free state that's what you would find in a tyranny or a dictatorship.

    link to this | view in chronology ]

    • identicon
      DanA, 20 Feb 2016 @ 12:30pm

      Re:

      I'm the first to complain about the FBI's manufactured terrorism plots but the problem in this case is the exact opposite. This was a very real site that from all reports was quite longstanding and the FBI distributed real CP from it to thousands of people for weeks.

      While the purpose served of acquiring the information on visitors might be a net good for society, it is extremely unsavory for them to be involved in distributing disturbing criminal material that isn't just going to get swept back up when the make arrests.

      link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 19 Feb 2016 @ 3:22pm

    Judge Clown

    Oh that's sooooo embarrassing! However will the FBI cope with exposure of their hacking tool. How will they respond?

    Oh, wait, I know: "That's a matter of National Security, Judge Clown."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 3:48pm

    Multiverse is real

    "However, according to Tsyrklevitch, the code was apparently missing several parts."

    What? They sent actual code? Where is the part where they claim copyright or national security and say they can't give the code to the defense?

    Anyone mind showing me the way to my universe? I thought it was just a strange Friday but I must have crossed over into this weird thing somehow last night.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 9:15pm

    I'm gonna go with javascript code embedded in the webpage delivering the "payload" to the pervert's computer.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.