FBI Sends Computer Information Collected By Its Hacking Tools In Unencrypted Form Over The Open Internet
from the the-(fraying)-ends-justify-the-(sloppy)-means dept
The FBI doesn't want to talk about its secret malware, but with over 100 child porn prosecutions tied to it, it's had to discuss at least a few aspects of its Network Investigative Technique (NIT).
In yet another prosecution -- this one actually taking place in Virginia for a change -- the FBI is once again struggling to withhold details of its NIT from the defense. Suppression of the evidence likely isn't an option, as the warrant it obtained in Virginia was actually deployed in Virginia. I'm sure the FBI is as surprised as anybody by this fortuitous coincidence. But the defendant still wants access to more information, as he is looking to challenge the evidence the FBI collected with its Tor-defeating exploit.
The defendant, Edward Matish, has questions about the chain of custody. FBI Special agent Daniel Alfin, who has testified in other Playpen/NIT cases inadvertently admits there could be problems here, considering the FBI does nothing to protect the information it collects from suspect's computers from being intercepted or altered. (h/t Chris Soghoian)
I have read the Defendant's reply to the Government's Response to the Motion to Compel dated May 23,2016. In the motion, Matish asserts that there are chain of custody problems caused by the fact that the NIT transmitted data "unencrypted over the traditional internet". This assertion is further supported by the declaration of Matthew Miller who states "the IP address relayed to the FBI was unencrypted and subject to attack by hackers" Miller Dec.
So, the NIT the FBI says is so secret it won't discuss it even if facing contempt orders apparently sends back info over the open internet. Agent Alfin plows past this admission, calling the defense expert "wrong" while refusing to discuss the possibility that unencrypted transmissions could be altered.
He is wrong. In fact, the network data stream that has been made available for defense review would be of no evidentiary value had it been transmitted in an encrypted format. Because the data is not encrypted, Matish can analyze the data stream and confirm that the data collected by the government is within the scope of the search warrant that authorized the use of the NIT. Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed.
This is absurd. If Alfin is to be believed, any communications/data sent utilizing end-to-end encryption would be nothing but useless, scrambled gibberish to recipients. The FBI didn't encrypt these transmissions because it probably didn't seem worth the effort… at least not at the time. The FBI could have encrypted the transmissions and delivered the decrypted results to defendants for them to examine. I'm sure it wishes it had done this, now that it's being challenged in court.
This is one more example of the FBI's overconfidence getting in the way of its better judgment. These were supposed to be open-and-shut child porn prosecutions -- a repeat of its mostly under-the-radar use of the same tools and tactics in 2012. But they aren't. They're being challenged and the FBI is going from courtroom to courtroom, putting out fires. And all that scrambling is leading to half-assed explanations like this, which raises serious questions about the FBI's investigative "techniques."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: daniel alfin, doj, edward matish, encryption, fbi, going dark, hacking, malware, nit, playpen
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The FBI is Leading By Example
Encryption is causing everything to "go dark".
The FBI is leading by example, showing you how to send (someone else's) personal and private information over the internet without the need to use encryption.
Note to all Banking and Commerce sites: please follow the FBI's lead!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If data is encrypted, nobody can read it. Unless they are the holder of a magical Golden Key™ made from genuine Unicorn Horn and sprinkled with magic Pixle Dust.
Ordinary decryption keys won't work on encrypted data. Thus a magical golden key is needed. And the FBI needs it now! Because terrorists. Oh, wait. Wrong TLA. Because pedophiles!
This seems perfectly consistent with the FBI's talking points.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
How about any computer system?
When others can display any photo they want on our computer whether it be an advertisement or inappropriate types of photos, how can we continue to be held responsible?
Our data travels unprotected, our computers are wide open to dozens of companies and government agencies and thousands of hackers to run their bots, yet we get held responsible for every piece of data on them.
There is a point where courts will have to say we can no longer be held responsible any more than if someone placed an inappropriate childs photo under the wiper of your car in a mall parking lot. It may be attached to something you own, but you have no way to stop it from being done to you and no knowledge of who did it.
[ link to this | view in chronology ]
Re: How about any computer system?
[ link to this | view in chronology ]
Re: Re: How about any computer system?
I would suspect people are going to snap soon and they wont be from other countries or the go to "enemy" religion. It really is a shame just how much damage a crooked few in charge can cause and how they can make entire organizations look bad. I knew people growing up who were fbi agents and maybe a was wearing rose colored glasses at the time, but they truly didnt seem to be as slimy as they are now days.
[ link to this | view in chronology ]
Re: Re: Re: How about any computer system?
[ link to this | view in chronology ]
Re: How about any computer system?
great points, thank you for that...
[ link to this | view in chronology ]
It is a dark day indeed when I feel that the wrongs of the FBI are automatically greater than those of some guy committing thought crimes (I hope that is the actual extent).
[ link to this | view in chronology ]
Naive
I do..
The idea that the NET should be unencrypted..
The net should NOT require people to PROTECT themselves..
That Bots, and Malware, should not be around..
That Everyone and every corp should be truthful and Honest.
ANYONE want to run around, in real life, with his ID, and CC exposed to ANYONE??
WOW, lets just publish all the SS#, with names and addresses..
[ link to this | view in chronology ]
I wonder
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Does this suggest that the NIT they used required this data to be transmitted in the open so that they could intercept it at another point?
[ link to this | view in chronology ]
"Just how dumb do you think I am?"
Yeah, even without a lot of knowledge in the field of encryption I'm pretty sure I still know more than him. The only way encryption would make the data useless would be if the FBI lacked the keys to decrypt it on the other side, and given it was their malware sending it somehow I'm not seeing that as a real possibility.
Encryption means the data isn't likely to be intercepted by a third-party and read/changed, making the 'chain of custody' secure, while non-encryption lacks those protections, and the chain of custody is extremely suspect as a result.
I can only guess that he's hoping that the judge is technically incompetent to such a degree that even if the defense gets someone to point out how utterly wrong his argument is here that he'll still accept the FBI's version over the defense's.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
FBI replies
[ link to this | view in chronology ]
[ link to this | view in chronology ]