The FBI Doesn't Want To Share Details On The Exploit It Deployed While Running A Child Porn Site
from the we'll-let-you-know-what-you-can-'discover' dept
The FBI will not be talking about the Network Investigative Technique (NIT) it used to obtain information about anonymous visitors to the child porn site it seized and ran for two weeks while the NIT did its work. A recently-filed declaration (uploaded by USA Today's Brad Heath and pointed out by the ACLU's Chris Soghoian) by the FBI tells the court the defense will learn nothing from being provided details on the NIT's inner workings, especially since the agency isn't willing to turn these details over to Jay Michaud's lawyers.
As Special Agent Daniel Alfin explains it, the defense's tech expert has misrepresented the NIT's form and function to the court.
I have also reviewed the declaration of Mr. Tsyrklevich, the defense expert, dated January 13, 2016 and noted a number of statements that are inaccurate and/or require clarification. I will address several of these in great detail below but will begin by noting one overarching misconception in that declaration. Specifically, Tsyrklevich attempts to redefine the NIT as something containing multiple components. The NIT, however, consists of a single component -- that is, the computer instructions delivered to the defendant's computer after he logged into Playpen that sent specific information obtained from his computer back to the FBI.This is hardly surprising, considering the tech expert hasn't had an opportunity to examine the FBI's software. But because the defense is wrong about the NIT, the FBI argues it shouldn't be allowed to figure out how wrong it is -- or figure out what it may have gotten right by examining other evidence.
Tsyrklevich claims that he requires access to the government's "exploit" to determine if the government "executed additional functions outside the scope of the NIT warrant." He is wrong. Discovery of the "exploit" would do nothing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud's computer, not what it did once deployed.This is the FBI playing games with words, albeit words perhaps poorly chosen by Michaud's lawyer. The FBI is claiming the only "exploit" was the delivery of the NIT payload, but not the payload itself. Michaud would like access to details on the latter (the payload), but the FBI is claiming the defense expert is only seeking details on the former.
Continuing in that vein, the FBI agent says additional info on the exploit would do nothing to help determine whether the NIT exceeded the scope of the warrant because all the "exploit" did was allow the FBI to access information about Michaud's computer. It's circular reasoning that allows the FBI to skirt questions about the information it pulled from the computers it attached itself to while running the Playpen website.
The FBI's declaration then goes even further, stating that all the information Michaud's lawyer needs can be found in the information the agency has already handed over. The FBI doesn't want to discuss its "server component" (where information exchanged with suspects' computers was stored). Agent Alfin claims the defense can verify the legitimacy of the FBI's claims about data supposedly originating from Michaud's computer by comparing the information already handed to it by the agency with what will presumably be another copy of the same information previously handed to it by the agency.
Specifically, the government has offered to provide a copy of the data stream sent by Michaud's computer to the government as a result of the execution of the NIT. Tsyrklevich can compare the information sent to the government by the NIT to the information provided in discovery to verify that what the government recorded from Michaud's computer is in fact what was sent by Michaud's computer.And how will Michaud know this new copy of the information isn't just a reprint of the old copy? Well, apparently because the FBI agent says it's totally legit.
I have reviewed that data stream and, as explained below, confirmed that the information sent by Michaud's computer as a result of the NIT matches the information that is stored on the government's servers.Feel better?
The FBI obviously isn't going to hand over information on its means and methods without a fight, making its NITs just another tech component it won't talk about in court. It has managed to keep discussions of Stingrays out of court for several years and now it's doing everything it can to protect more recently-discovered innovations -- even if it means cutting defendants and judges out of the loop.The FBI could hand these details over to the defense and judges without having to hand them over to the general public (via in camera presentations, sealed submissions or the use of redactions) but it would rather keep even those components of the justice system in the dark.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fbi, jay michaud, nit
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Ultimatum time it would seem
Every judge should operate off of the above idea, because once you start to allow secret evidence or evidence where the defense is not allowed to check to make sure it was acquired legally the purpose of a court goes from justice to convictions.
I rather doubt the prosecution would allow 'secret' evidence being presented by the defense to demonstrate their client's innocence, evidence that the prosecution can neither check or challenge, and in turn the prosecution shouldn't be allowed to present such evidence either. If they really want to keep a particular trick or technique secret then they can request that it be filed under seal, but not allowing the defense to examine it at all shouldn't be acceptable in the slightest, and should result in the evidence in question being barred from being used in the case.
[ link to this | view in thread ]
Picky picky
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
One explanation comes to mind:
Welcome to Cardassia!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Devolving from the land of the free into a police state?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
https://www.freetalklive.com/news/free-talk-live-studios-were-raided
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
I'm more concerned about the UPloaders. Did any get caught in this scheme? Unlike prostitution a significant number of the "models" are NOT participating of their own free will.
[ link to this | view in thread ]
We should be calling encryption "Digital Rights Management." Which it is, of course; it's only a matter of who manages the rights to the encrypted data.
That way, powerful people who have declared jihad against encryption would be declaring jihad against DRM.
[ link to this | view in thread ]
Defendant has the right to face their accuser
[ link to this | view in thread ]
Do the ends justify the means?
[ link to this | view in thread ]
Re: Re:
The up-loaders were probably government agents.
[ link to this | view in thread ]
FBI: Just trust us...
[ link to this | view in thread ]
Re: Do the ends justify the means?
Especially as the FBI has rules (or at least they did at one time) that say that when someone is accused of having child porn on their computer, an image copy of the hard drive can't be given to an independent expert hired by the defendant, because doing so would risk the images/videos being further distributed. The data can only be examined by an expert in a secure FBI facility under the watchful eye of FBI agents.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Just look to the actions.
[ link to this | view in thread ]
The users in question had to create an account and/or login to Playpen (which lets not forget had graphic child pornography all over). When said users connected the FBI's NIT backtraced and loaded into their systems (so no, a VPN wouldn't matter here, there is no "mistaken ID"). In the case of Free Talk Live, it would mean one (or more) of their members was accessing the site from their offices.
Really, people seem to wildly underestimate just how soul shreddingly hard it is to catch these guys. Law enforcement has been struggling for years with stuff like this, you can read a bit about it in the book One Child at a Time: Inside the Police Hunt to Rescue Children from Online Predators (it tries to end on a positive note, but the reality is anything but). Finding these sites in the first place can be extremely difficult, then there's trying to track the users who use VPN's, mobile servers, and anonymizing tools. If the sites taken down, they scatter to the wind and make new sites.
Playpen had been up for less than a year and had already been hitting 100k users in 15 days (the time the FBI kept it running), and these aren't just people trading pictures like baseball cards, were talking manufacturer's, how-to guides, "enthusiasts", etc. Now keep in mind that Playpen was just one site out of thousands, hiding in a miriad of different ways all over the deep web, dark net, and any other shadowed crack you can think of. The FBI and law enforcement aren't going to say anything about it for the same reason Apple doesn't want people thinking too hard about the security flaws in their iPhones, because their afraid that if people find out just how screwed they are they'll go nuts.
I understand and agree with the need to "show your homework" in order for the case to be properly prosecuted, but this issue isn't going to go away any time soon and its something were all going to have to have a serious talk about eventually.
[ link to this | view in thread ]
Re:
Remember that these activities which we hold as being so bad and destructive of lives were considered socially acceptable in times past. In many areas of the world today, it is still considered acceptable.
If you want to stamp out such activities (which you cannot ever do completely), you don't then actively promote these activity on the pretence of catching and prosecuting others involved. You find other methods of dealing with it. If you cannot find other methods, you still don't any justification to actively promoting such activity.
[ link to this | view in thread ]
Re: Re:
I also understand that regardless of whatever justifications may be given, running that site wasn't right and that there should be consequences. But to be fair they didn't make the site (this time anyway), nor did they approach others or do any direct (or indirect) advertising or coercion. Its far from perfect and I doubt they consider it right either, but the notion that if you can't find a solution you should just sit on your hands and watch is emotionally and realistically absurd. Do you know what the average burnout rate for Child Exploitation officers is?
3 years: [Emotional Impact on Officers Investigating Child Exploitation].
You can't comb through terabytes of infants/toddlers being violently raped and tortured day after day and not have any kind of emotional impact, not take it personally that its not somehow your fault and responsibility, that if only there was some way, some clue, that could lead you to them you wouldn't have to watch their next R rated birthday party.
Taking that in context, they may rationalize their actions as the lesser of two evils. Do they shut the site down and keep people from distributing those nightmarish images of abuse past and present? Or do they keep it running for a little while in the hopes of reaching some of the children still actively being abused for "fresh" content? It's a Kobayashi Maru.
[ link to this | view in thread ]
Re: Re: Re:
This instinct to protect our offspring is not very high, we are quite happy as a society to ensure that a women can terminate a pregnancy as she wishes. I am not making a judgement here, just stating a simple fact. This instinct is not strong. What we call "twisted" in one age, can be completely socially acceptable in another. Unless there is an absolute standard by which to measure these things, then relativism requires that no judgements be made as all ways of life are equally acceptable.
Nothing to be fair about, they were wrong. It shouldn't have happened in the first place. They are as culpable as those they are prosecuting. But, they will not face any lasting consequences, will they?
In these days, why, oh, why would they personally comb through this garbage? Yes, there are consequences with working in law enforcement. However, many of these consequences are created by the LEO's themselves. Who will actively trust a LEO with anything because they "know" that the LEO will turn on them for being cooperative, this includes the victims? Treat it like blackberry or brambles. You can try an poison it, but the most effective means is to just destroy it wholesale. Mow it, burn it, rip it out and burn it. This could probably be a good use of NSA resources to seek out and destroy all such sites.
Automated pattern matching algorithms can be used to match up images, without a single person having to actively look through them all. But to continue running a site on the off-chance that they may, perhaps, might possibly find a child to set free while more are being enslaved is the sheerest of stupidities.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
I can see the argument for eschewing practicality over idealism, which is often an unfortunate but necessary reality. But that doesn't mean that the ideal should still not be pursued, even in those other parts of the world.
True, instinct is a bit of a catchall phrase encompassing a variety of impulses that can hardly be considered an absolute. Perhaps a more accurate definition would be contextual and emotional logic. A woman who becomes pregnant through rape logically may not want the child because of the constant emotional reminder and association with a deeply traumatic experience it would present (basically PTSD on speed dial), but even in our society the topic of abortion is still hotly debated (one of the reasons politicions do not want to talk about it is because of the shit show it causes). But as a matter of practicality, any faetus that cannot survive outside of its host (less than 5 months) is grudgingly accepted by most.
I'm familiar with the histories of Rome, and its fairly safe to assume that the children (and slaves) in question did not enjoy said lifestyle. As with all such power dynamics it calls into question the definition of "acceptable", acceptable for the minority in power? Yes. Acceptable for the majority subject to their whims? No. Its not uncommon for people to favor practicality over idealism in oppressive situations, which leads to them favoring the more familiar (abusive) system over unknown freedom (stockholm syndrome), a dynamic we can see in play even today in places like Syria up to the Arab Spring uprising (and its tragic results). If such an abusive culture was acceptable in Syria all along for all those involved, surely the uprising wouldn't have happened?
Curious, first you talk of the mercurial nature of moral relativism, then discuss the moral absolutism as to their culpability and lack of any justification for their actions? I'm to assume perhaps that we are talking in the context of our own societal values and subjective views. And no, I'm doubtful they'll be held accountable by government or law enforcement in the manner we expect either, but the public majority holding them accountable is a different matter.
It is required by law to catalog all material obtained in an investigation, both for cataloging into digital databases for future reference and for building cases to effectively and accurately show the scope of the crime in its entirety, as well as to separate cases of possesion and manufacture. Pattern Matching also will not help determine the whereabouts of the victim's or their abusers, something that can only be (currently) done manually through forsensic analysis in an attempt to isolate with whom, or where such events took place. They do infact use Pattern Matching algorithm's however (provided by the likes of Microsoft), but such software can be known for degree's of mismatches and inaccuracies. In order to ensure a complete match either they need to search only for existing hashes of cataloged images (which they need to comb through for those that don't match and add them), or use a general pattern matching algorithm and comb through all the results manually for mismatches.
If they make a deal to allow a perpetrator to walk it corrodes the publics trust in them as they may very well be putting others at future risk as a result, and the public in general expects some form of punishment for such behavior (or vigilantism may occur). If they don't make/honor deals, then nobody will trust them anyway. This can be especially difficult if their faced with a victim who is themselves an abuser. How we approach and deal with such abuse is one of the things that requires re-evaluation, its not enough to simply throw them in a dark cell and call it a day, as emotionally satisfying as that may be. As horrifying as it is, such abuse isn't (typically) murder and would benefit from a far greater level of psychological treatment and analysis. As to whether the public would accept that is a different question.
Automated pattern matching isn't 100% accurate unless your using a pre-vetted database which can otherwise result in collateral damage (assuming the target in question has been cataloged), and not all sites/databases are online 100% of the time. You can see the results of that kind of thinking with software piracy, it boils down to a game of whack a mole where sites are put up faster than the time it takes to find and take them down, let alone prosecute them. Then you get into obfustication, where they alter their content to bypass filters and pattern recognition software, or the use of Steganography to encrypt and embed images and files into other media compounding the possibility of collateral damage and increasing the difficulty of revealing them. The NSA aren't wizards anymore than Apple are, and these groups are running some very sophisticated redundant networks in a variety of form's. Not only that but their budgets and manpower are also many times greater than that of law enforcement and aren't hindered by legalities.
No, they should never have run that site. But it may speak in part to the emotional and logisticial strain and desperation they endure that they would even think something like that would be anywhere near acceptable. Its that strain I think that needs to be included in the wider discussion, as technology and fear from terrorism has grown over the years both the public and government have passively assumed law enforcement can maintain the peace with no thought as to whether they (or anyone) can handle the burden of that task.
[ link to this | view in thread ]
Re: Re: Re: Re:
Either way, thank you, at least, for taking the time to talk. I Hope you have a good day.
[ link to this | view in thread ]
Child porn-collecting FBI partner on track to dodge jail
[ link to this | view in thread ]
Judge: FBI-tied child porn collector 'not a danger' to school [was Re: Child porn-collecting FBI partner on track to dodge jail]
[ link to this | view in thread ]
Seattle FBI chief weighs in on sentencing of child pornography offender [was: Re: Judge: FBI-tied child porn collector 'not a danger' to school]
[ link to this | view in thread ]