Could The DOJ Be Violating SESTA/FOSTA?

from the quite-possible dept

Last week, Gizmodo's Dell Cameron has a great report on how the DOJ's Amber Alert site was configured so stupidly that it could be used to redirect people to any website (this was also true of weather.gov and the National Oceanic and Atmospheric Administration). And it was being used. To redirect people to hardcore porn. Basically, the sites were designed such that just by knowing the right URL and adding a new URL to the end, it would redirect to those sites. Porn sites used this for a couple of reasons: first, since they'd now be getting referrals from high ranking sites, it can help their Google ranking. Second, because the primary URL would come from a trusted source again, it would help their Google ranking. And, finally, the links may look much more legit to people doing searches (though that would be more true of scam sites than porn sites).

Redirect scripts like this used to be fairly common, but they died off long ago. Except in the federal government. From Cameron's article:

“This is like the 1990s called and wants its vulnerable redirect script back,” said Adriel Desautels, founder of the penetration testing firm Netragard.

But, here's the thing: does this mean that the DOJ (and the NOAA) could be violating SESTA/FOSTA? It's possible! And that just goes to show how poorly drafted the law is. Remember, under the law, it is now illegal to "participate in a venture" that "knowingly" is "assisting, supporting, or facilitating" a violation of sex trafficking laws. So, if someone were to create a DOJ Amber Alert redirect to a sex trafficking website (or just an escort site, since people keep insisting those serve little purpose other than sex trafficking) would the DOJ be in violation?

The obvious response is that the DOJ isn't "knowingly" doing this. But... is that true? As Cameron's article notes, every time you hit one of those Amber Alert redirects, the DOJ gives you a nice little parting message:

Is that enough to "knowingly" participate? Maybe. I would bet that if non-governmental websites popped up similar messages, SESTA/FOSTA supporters would argue it's proof of knowledge. After all, Rep. Cathy McMorris Rodgers claimied that merely "turning a blind eye" was enough to prove "knowledge." And here, clearly, the DOJ must be logging those exit pages. Is it ignoring them? Is that turning a blind eye? Does that count as knowledge?

Maybe it's a stretch, but the fact that the language of the bill even makes this a possibility just demonstrates how poorly drafted the bill is, and shame on all the politicians who refused to step up and fix it.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, fosta, intermediary liability, porn, prostitution, redirects, sesta, trafficking, unintended consequences


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Apr 2018 @ 9:43am

    Violating SESTA/FOSTA

    Even if they were in violation, would they not be immune? After all they are full of prosecutors with absolute immunity.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 9:47am

      Re: Violating SESTA/FOSTA

      Immunity from logic and reason maybe.

      link to this | view in chronology ]

    • icon
      JoeCool (profile), 25 Apr 2018 @ 11:08am

      Re: Violating SESTA/FOSTA

      We already know the FBI/DOJ run actual CP sites. They were in violation of exploitation laws long before FOSTA/SESTA. If they didn't prosecute themselves for running an actual CP site, they certainly aren't going to prosecute themselves for redirect links.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 9:47am

    How else can USG folks get to watch porn at the office?

    As the FBI says, we have to study it, so that we can stamp it out.

    "The Internet is for porn" -- DARPA

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 9:50am

    Maybe it's a stretch

    Maybe. But that's why a good bill is worded to narrowly define what is and isn't in violation so we don't wind up in these gray areas

    ::checks notes::

    TWO WEEKS AFTER IT WAS SIGNED INTO LAW.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 10:01am

    And by posting an image with the site TD could be violating SESTA/FOSTA (if that site facilitates sex trafficking).

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 10:17am

      Re:

      And, by commenting on the article, you're also "participating in the venture."

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2018 @ 10:27am

        Re: Re:

        Wouldn't this mean that any attempts to prosecute would involve the prosecution in the venture as well?

        By extension, someone had better let Kevin Bacon know that he's violating SESTA/FOSTA.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2018 @ 10:40am

        Re: Re:

        That might be true if the comment promoted the site but it doesn't mention anything that can be perceived as promotion.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 11:15am

      Re:

      Rest assured you are in violation of multiple laws every second of your life and you are probably not even aware of it, so add another one to the long list. You can be arrested for violating laws that do not exist, and yet I am supposed to get upset about this one? Why?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 10:08am

    to "participate in a venture" that "knowingly" is "assisting, supporting, or facilitating" a violation of sex trafficking laws

    I seem to recall there were serious concerns about the binding of the words. In particular, does the law bind as follows:

    • To participate in a venture
    • That the venture knowingly is assisting, ...

    If structured as such, then the "knowingly" qualifier only applies to whether the venture knows it is doing those things, but not to whether the defendant knew (or even reasonably should have known) that the venture was doing those things. Put another way, suppose a bus driver operates a public bus (that is, open to anyone who pays the fare). Suppose one of the riders is a criminal, such that the criminal is aware of his crime (but no one else on the bus is aware). With the bindings above, the bus driver is participating in the venture (moving people about the city) and some of those people are knowingly committing crimes, so - the bus driver is "participat[ing] in a venture" (driving the bus, collecting fares) that "knowingly" (the criminal knows what he did) is "assisting, supporting, or facilitating" a violation of some law (because the criminal cannot commit his crimes without the bus transporting him around the city). We generally agree that if a reasonable person (in this case, the bus driver) had no reason to suspect his unknowing involvement in the crime, then he should not be charged, but that's not how the law seems to be written here.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 25 Apr 2018 @ 10:39am

      Re:

      Technology sets up even worse examples:

      A month ago it was reported that the Bitcoin blockchain contained child abuse imagery, making it potentially unlawful in many countries. Someone could add sex trafficking website links to the blockchain, making those storing copies or transmitting of it illegal under SESTA/FOSTA.

      In your example the bus driver isn't "knowingly" participating. But once the word is out about illegal links in the blockchain, all those who don't erase their Bitcoin are "knowingly" participating.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 10:41am

      Re:

      If the bug has been reported to them, it "knows" enough to meet the definition.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 10:24am

    SESTA takes its' evil toll...

    I appreciate that every single comment prior to this one was made anonymously. Is this evidence of the climate of fear that this legislation was designed to create?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 10:55am

      Re: SESTA takes its' evil toll...

      You don't get it, commenter are safe, its the web site owner who will be held liable.

      Making third parties responsible is the way to end all crime.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2018 @ 11:17am

        Re: Re: SESTA takes its' evil toll...

        But it is the commenter that they are after, can not let anyone disparage our great leader(s).

        link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 25 Apr 2018 @ 11:18am

    Irony in process

    I am having an enjoyable fantasy where the DoJ and NOAA get prosecuted and the law is found to be unconstitutional. That is, at least for government websites. The sex sites that did the hack are all found guilty.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 11:18am

    This page gives a list of the attacks hackers can use. It says "don't do this," just to make sure the hackers feel challenged. Honestly, isn't there anybody at the tiller over there?
    https://www.weather.gov/disclaimer

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 25 Apr 2018 @ 11:37am

    "Could The DOJ Be Violating SESTA/FOSTA?" -- NO, M_snick!

    LOL. This all you've got?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 11:56am

      Re: "Could The DOJ Be Violating SESTA/FOSTA?" -- NO, M_snick!

      If it is all he's got, it's a good and valid point.

      Unlike you.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 6:03pm

      Re: "Could The DOJ Be Violating SESTA/FOSTA?" -- NO, M_snick!

      Yes, this is actually the only post on this subject on all of Techdirt. You've got him.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2018 @ 9:22pm

      Re:

      Yes, according to SESTA/FOSTA, unlike what your authoritarian loveboner would have you believe.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2018 @ 12:13pm

    Seriously doubt it

    There's plenty of plausible ways the people at DOJ IT would never know without being informed first. First of all, they may not even be logging redirects. You can scoff all you want, but once you're off their servers they may not log where the redirect went. Logging isn't monolithic. Administrators choose what level of information collection they want. Too much and you end up with a lot of useless chaff. Not enough and you could miss something like this.

    Second, most people don't read raw log files line by line. There's too much information there for trafficked websites like this. Administrators will be looking for certain known patterns when they filter logs which could miss things like this because no one is looking. You can't just assume that because it's potentially in the logs that it's automatically going to be noticed. You have to be looking for it.

    As for the law itself, politicians name laws like this exactly so they can nail opposition next election cycle. You think any politician in our society is going to want to have ads run against them that decry them for "supporting prostitution", "exploitation of women", "not opposing sex and human trafficking", "not protecting our children from sexual predators", and any other resonant issues that's bound to stir up Average Law Abiding Joe? Average Law Abiding Joe doesn't know, and probably doesn't care, that the law was badly written, all he's going to see is that their Congressman didn't stand up against sexual deviancy and loose morals. He won't care till he gets caught in the gears and by then it's too late.

    link to this | view in chronology ]

    • identicon
      Michael, 25 Apr 2018 @ 12:45pm

      Re: Seriously doubt it

      "First of all, they may not even be logging redirects."
      Since they have a "good bye" page, this is less likely and actually not fully a redirect issue anymore. Their page listed the URL and courts have found liability in linking.

      "most people don't read raw log files line by line"
      That is not necessarily important for the "knowledge" standards. It is still up in the air as to whether or not "could have known" , "should have known", or "knew" fits the definition. There is a lot of risk in these as they tend to encourage not logging and making it impossible to know, and that is the point. Laws that make it safer to not retain laws make it harder for law enforcement to work with sites that have bad actors using them.

      "politicians name laws like this exactly so they can nail opposition next election cycle"
      While I am no fan of US politicians, that is a broad statement that is almost certainly, overwhelmingly false. Most US laws are written with good intentions. Some have bad side-effects. It really is unlikely that these laws were written with as much political motivation as you seem to be attributing.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2018 @ 1:27pm

        Re: Re: Seriously doubt it

        Most US laws are written with good intentions.

        Considering that the MPAA and RIAA got behind this law, and they would love to see all content on the Internet approved before publication, I doubt that good intentions come into it. Third party liability is a way of forcing third parties to control the use of their websites, and this law is a big step in that direction.

        link to this | view in chronology ]

  • icon
    That One Guy (profile), 25 Apr 2018 @ 1:58pm

    It gets better

    It's worth remembering that one of the big problematic aspects of the law is that it's retroactive, so if one of the sites they linked to qualified then they'd be on the hook, even if they currently aren't linking to said site.

    Of course this assumes that the DOJ would ever prosecute... ah yes, 'the DOJ', so I doubt anyone in the agency is losing any sleep over the possibility.

    link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 25 Apr 2018 @ 4:34pm

      Re: It gets better

      I suspect the 'Wayback Machine' is going to have a lot of government traffic, at least for any site they may have some animosity for.

      link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 25 Apr 2018 @ 10:56pm

      Prosecutory Discretion

      id est selective enforcement. It works like this:

      1. Pass laws criminalizing actions everyone is guilty of.

      2. Appoint prosecutors who only prosecute bad people (rather than good people who might have broken a law accidental-like.)

      3. Bypass the rule of law!

      link to this | view in chronology ]

  • icon
    ECA (profile), 25 Apr 2018 @ 6:32pm

    lmao..

    I love the concept of Security..
    And those responsible for it, DONT USE ANY..

    A site, setup and NEVER UPDATED...
    WHO is supposed to be responsible??
    Those Internet/Tech Czars that we keep firing?? WHY?? Because they tell our GOV., that they need to spend abit of money to FIX SHIT..

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.