Judge Orders FBI To Turn Over Information On How Many People Around The World It Snagged With Its Playpen NIT

from the malware-whereabouts dept

This might be big, depending on how much of this information is passed on to the general public, rather than delivered ex parte or under seal. Joseph Cox of Vice/Motherboard was the first to snag this ruling [PDF] by a Washington district court judge ordering the FBI to turn over tons of info about the NIT it deployed in the Playpen child porn investigation.

As we're already aware, the NIT was deployed by the FBI in Virginia but obtained identifying information about Tor-cloaked site visitors not just all over this country, but all over the world. The motion to compel discovery asked for several details about the NIT and its deployment and most of them have been granted.

Here's the full list (with additional commentary):

1. All records related to the Government’s review and approval of Operation Pacifier.

The Court has taken this discovery request under advisement. An order is soon forthcoming.

2. Copies of any reports made to the National Center for Missing and Exploited Children (NCMEC) regarding child pornography posted on the Playpen web site.

Defendants’ motions are granted.

3. Copies of any notifications that were sent to victims by the Government for obtaining restitution related to images that were posted on, or distributed from, the Playpen web site.

Defendants’ motions are granted.

4. The number of new images and videos (i.e. content not previously identified by NCMEC) that was posted on the site between February 20, 2015 and March 5, 2015.

Defendants’ motions are granted.

(This information -- whether or not actually useful in suppression motions -- should at least provide some insight into how much additional child porn made its way to site visitors as a result of the FBI's decision to seize [and act as administrators of] the server, rather than shut it down. Information obtained in other court cases suggests the FBI not only acted as hosts during the NIT deployment, but actually made the site faster and more responsive.)

5. The names of all agents, contractors or other personnel who assisted with relocating, maintaining and operating Playpen while it was under Government control.

Defendants’ motions are granted.

6. Copies of all notes, emails, reports, postings, etc. related to the maintenance, administration and operation of Playpen between February 20, 2015 and March 5, 2015.

Defendants’ motions are granted.

(Again, this info could confirm whether or not the FBI improved the child porn site's performance during its two-week turn as administrators, as well as provide additional insight into how much child porn distribution was aided and abetted by the agency.)

7. Copies of all legal memoranda, emails and other documents related to the legality of the FBI’s operation of Playpen (and the distribution of child pornography by the Government), including requests for agency/departmental approvals of the undercover operation of Playpen and any communications with Main Justice or the Office of General Counsel at the FBI.

The Court has taken this discovery request under advisement. An order is soon forthcoming.

(This would be the government's legal rationale for running a child porn site rather than shutting it down. Chances are this will remain under seal and is probably FOIA-proof, as most legal guidance documents are.)

8. Copies of all correspondence, referrals and other records indicating whether the exploit used in the Playpen operation has been submitted by the FBI or any other agency to the White House’s Vulnerability Equities Process (VEP) and what, if any, decision was made by the VEP.

The Court has taken this discovery request under advisement. An order is soon forthcoming.

(Little is known about the government's actual handling of the VEP. On one hand, we have public statements which pay lip service to not screwing US companies by hoarding vulnerabilities. On the other hand, we have the exact opposite in practice.)

9. Copies of invoices and other documents for the hosting facility/facilities where the Government operated the Playpen server, the server from which the Government delivered the NIT malware and the server that NIT targets sent their identifying information back to, including documents revealing whether the Government informed the hosting provider(s) that child pornography would be stored in their facility or transmitted over their networks.

Defendants’ motions are granted. To the extent that the Playpen hosting provider was the Government, not a private party, it appears there may not be much discovery responsive to this request.

(There may be nothing here. Or there could be third party hosts involved who were never informed about their participation in the FBI's sting operation. If so, fun times ahead for the US government.)

10. The number of Playpen-related investigations that have been initiated but did not result in criminal charges, beyond the approximately 200 cases now pending across the country.

Defendants’ motions are granted.

(Another can of worms the FBI would probably like to remain closed. According to the government's own arguments in these cases, users would have connected to the site for a single purpose: to engage in criminal activity. A lack of charges would be a surprise and somewhat undermine the government's assertions about the criminal intent of visitors to the site.)

11. The total number of IP addresses and MAC IDs that were seized during the time the FBI was operating Playpen, over and above those related to these approximately 200 pending cases.

Defendants’ motions are granted.

12. The number of IP addresses and MAC IDs obtained during the investigation from foreign computers and the countries in which this data was obtained.

Defendants’ motions are granted.

(These are the potential goldmine. This will show how far-flung the FBI's net actually was, as well as provide more ammo for suppression motions predicated on Rule 41 jurisdictional limitations. The FBI is well aware it can't perform searches outside the jurisdiction covered by the warrant, but it chose to do so anyway. So far, its evidence has mostly held up, thanks to courts deciding suppression isn't the correct remedy, or crediting the FBI for unearned "good faith." The FBI and DOJ are pushing for changes to Rule 41 that eliminate the jurisdictional limits, so it's disingenuous for the agency to claim its agents acted in good faith when securing the warrant.)

This now becomes the Playpen case to watch, even if most of this information is likely to remain in the hands of defense lawyers only. Dismissal and suppression motions will contain references to the content of these documents, however, which will shed more light on the FBI's NIT deployment and its child porn site administration.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, eavesdropping, fbi, malware, nit, playpen, rule 41, warrants


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    TheResidentSkeptic (profile), 24 Oct 2016 @ 1:35pm

    Standard 2-step process

    1) Judge Orders FBI
    2) FBI Ignores Order

    Business as usual...

    link to this | view in thread ]

  2. icon
    Norahc (profile), 24 Oct 2016 @ 1:58pm

    Re: Standard 2-step process

    3) DOJ appeals the order
    4) FBI ignores order anyway

    More business as usual

    link to this | view in thread ]

  3. icon
    Padpaw (profile), 24 Oct 2016 @ 2:18pm

    They have refused to comply with court orders before. There is no accountability to penalize them if they do it again.

    Why exactly would anyone expect a terrorist organization like the FBI to be honest and respect what they are ordered to do this time compared to any other.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 24 Oct 2016 @ 2:25pm

    We need to catch more criminals...

    Well lets drum up some more crime!

    I no longer accept that people are guilty as charged. The DA will shock the fuck out of 'suspects' with charges to the point where they either plead guilty or face a full frontal onslaught of government corruption ruining their life even further!

    We don't even consider that someone might be guilty, we just need the "last mite".

    link to this | view in thread ]

  5. identicon
    Quiet Lurcker, 24 Oct 2016 @ 4:31pm

    >>> 7. Copies of all legal memoranda, emails and other documents related to the legality of the FBI’s operation of Playpen (and the distribution of child pornography by the Government), including requests for agency/departmental approvals of the undercover operation of Playpen and any communications with Main Justice or the Office of General Counsel at the FBI.

    The Court has taken this discovery request under advisement. An order is soon forthcoming.

    (This would be the government's legal rationale for running a child porn site rather than shutting it down. Chances are this will remain under seal and is probably FOIA-proof, as most legal guidance documents are.)

    link to this | view in thread ]

  6. icon
    Padpaw (profile), 24 Oct 2016 @ 5:24pm

    Re:

    Makes me wonder how much of those pedo pictures ended up saved to private folders among the FBI

    link to this | view in thread ]

  7. identicon
    Techanon, 24 Oct 2016 @ 8:15pm

    Re: Re: Standard 2-step process

    5) Court decides to punish FBI for ignoring the order by retracting the "good faith" benefit.
    6) Evidence gets suppressed.
    7) Case is lost or dismissed for lack of evidence.

    Business as usual?

    link to this | view in thread ]

  8. icon
    Norahc (profile), 24 Oct 2016 @ 9:04pm

    Re: Re: Re: Standard 2-step process

    More likely scenario is if they don't get the rulings they want, the DOJ will dismiss the charges to avoid setting an adverse precedent while complaining loudly and frequently that the laws need to be changed to keep child molesters and terrorists from getting away with it.

    link to this | view in thread ]

  9. icon
    That Anonymous Coward (profile), 24 Oct 2016 @ 10:10pm

    Re: Re:

    well they needed to get the new content they posted from somewhere...

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 25 Oct 2016 @ 1:01am

    Re: We need to catch more criminals...

    If you're of the belief that everyone's a criminal, then you just make laws that ensure such. The provlems start when your enforcement agency decides it just doesn't need to play by the rules.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 25 Oct 2016 @ 5:57am

    FBI,CIA, a couple of dinosaurs from another era. We have the NSA today. Bring them all under one roof Then quit breaking the law and using the excuse that we broke the law in order to enforce the law. Justice is blind, not deaf and dumb.

    link to this | view in thread ]

  12. identicon
    TDR, 25 Oct 2016 @ 8:02am

    The real question

    What I want to knoww is how many politicians and high-ranking military officers went to the site and who they are . That would be interesting to see.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 25 Oct 2016 @ 3:28pm

    Re: The real question

    Exactly

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 26 Oct 2016 @ 5:24pm

    Re: Standard 2-step process

    FBI's motto is "Fidelity, Bravery, Integrity".

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.