Could The DOJ Be Violating SESTA/FOSTA?
from the quite-possible dept
Last week, Gizmodo's Dell Cameron has a great report on how the DOJ's Amber Alert site was configured so stupidly that it could be used to redirect people to any website (this was also true of weather.gov and the National Oceanic and Atmospheric Administration). And it was being used. To redirect people to hardcore porn. Basically, the sites were designed such that just by knowing the right URL and adding a new URL to the end, it would redirect to those sites. Porn sites used this for a couple of reasons: first, since they'd now be getting referrals from high ranking sites, it can help their Google ranking. Second, because the primary URL would come from a trusted source again, it would help their Google ranking. And, finally, the links may look much more legit to people doing searches (though that would be more true of scam sites than porn sites).
Redirect scripts like this used to be fairly common, but they died off long ago. Except in the federal government. From Cameron's article:
“This is like the 1990s called and wants its vulnerable redirect script back,” said Adriel Desautels, founder of the penetration testing firm Netragard.
But, here's the thing: does this mean that the DOJ (and the NOAA) could be violating SESTA/FOSTA? It's possible! And that just goes to show how poorly drafted the law is. Remember, under the law, it is now illegal to "participate in a venture" that "knowingly" is "assisting, supporting, or facilitating" a violation of sex trafficking laws. So, if someone were to create a DOJ Amber Alert redirect to a sex trafficking website (or just an escort site, since people keep insisting those serve little purpose other than sex trafficking) would the DOJ be in violation?
The obvious response is that the DOJ isn't "knowingly" doing this. But... is that true? As Cameron's article notes, every time you hit one of those Amber Alert redirects, the DOJ gives you a nice little parting message:
Is that enough to "knowingly" participate? Maybe. I would bet that if non-governmental websites popped up similar messages, SESTA/FOSTA supporters would argue it's proof of knowledge. After all, Rep. Cathy McMorris Rodgers claimied that merely "turning a blind eye" was enough to prove "knowledge." And here, clearly, the DOJ must be logging those exit pages. Is it ignoring them? Is that turning a blind eye? Does that count as knowledge?
Maybe it's a stretch, but the fact that the language of the bill even makes this a possibility just demonstrates how poorly drafted the bill is, and shame on all the politicians who refused to step up and fix it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, fosta, intermediary liability, porn, prostitution, redirects, sesta, trafficking, unintended consequences
Reader Comments
Subscribe: RSS
View by: Time | Thread
Violating SESTA/FOSTA
[ link to this | view in chronology ]
Re: Violating SESTA/FOSTA
[ link to this | view in chronology ]
Re: Violating SESTA/FOSTA
[ link to this | view in chronology ]
How else can USG folks get to watch porn at the office?
"The Internet is for porn" -- DARPA
[ link to this | view in chronology ]
Maybe. But that's why a good bill is worded to narrowly define what is and isn't in violation so we don't wind up in these gray areas
::checks notes::
TWO WEEKS AFTER IT WAS SIGNED INTO LAW.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
By extension, someone had better let Kevin Bacon know that he's violating SESTA/FOSTA.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I seem to recall there were serious concerns about the binding of the words. In particular, does the law bind as follows:
If structured as such, then the "knowingly" qualifier only applies to whether the venture knows it is doing those things, but not to whether the defendant knew (or even reasonably should have known) that the venture was doing those things. Put another way, suppose a bus driver operates a public bus (that is, open to anyone who pays the fare). Suppose one of the riders is a criminal, such that the criminal is aware of his crime (but no one else on the bus is aware). With the bindings above, the bus driver is participating in the venture (moving people about the city) and some of those people are knowingly committing crimes, so - the bus driver is "participat[ing] in a venture" (driving the bus, collecting fares) that "knowingly" (the criminal knows what he did) is "assisting, supporting, or facilitating" a violation of some law (because the criminal cannot commit his crimes without the bus transporting him around the city). We generally agree that if a reasonable person (in this case, the bus driver) had no reason to suspect his unknowing involvement in the crime, then he should not be charged, but that's not how the law seems to be written here.
[ link to this | view in chronology ]
Re:
Technology sets up even worse examples:
A month ago it was reported that the Bitcoin blockchain contained child abuse imagery, making it potentially unlawful in many countries. Someone could add sex trafficking website links to the blockchain, making those storing copies or transmitting of it illegal under SESTA/FOSTA.
In your example the bus driver isn't "knowingly" participating. But once the word is out about illegal links in the blockchain, all those who don't erase their Bitcoin are "knowingly" participating.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
SESTA takes its' evil toll...
[ link to this | view in chronology ]
Re: SESTA takes its' evil toll...
Making third parties responsible is the way to end all crime.
[ link to this | view in chronology ]
Re: Re: SESTA takes its' evil toll...
[ link to this | view in chronology ]
Irony in process
[ link to this | view in chronology ]
https://www.weather.gov/disclaimer
[ link to this | view in chronology ]
"Could The DOJ Be Violating SESTA/FOSTA?" -- NO, M_snick!
[ link to this | view in chronology ]
Re: "Could The DOJ Be Violating SESTA/FOSTA?" -- NO, M_snick!
Unlike you.
[ link to this | view in chronology ]
Re: "Could The DOJ Be Violating SESTA/FOSTA?" -- NO, M_snick!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Seriously doubt it
Second, most people don't read raw log files line by line. There's too much information there for trafficked websites like this. Administrators will be looking for certain known patterns when they filter logs which could miss things like this because no one is looking. You can't just assume that because it's potentially in the logs that it's automatically going to be noticed. You have to be looking for it.
As for the law itself, politicians name laws like this exactly so they can nail opposition next election cycle. You think any politician in our society is going to want to have ads run against them that decry them for "supporting prostitution", "exploitation of women", "not opposing sex and human trafficking", "not protecting our children from sexual predators", and any other resonant issues that's bound to stir up Average Law Abiding Joe? Average Law Abiding Joe doesn't know, and probably doesn't care, that the law was badly written, all he's going to see is that their Congressman didn't stand up against sexual deviancy and loose morals. He won't care till he gets caught in the gears and by then it's too late.
[ link to this | view in chronology ]
Re: Seriously doubt it
Since they have a "good bye" page, this is less likely and actually not fully a redirect issue anymore. Their page listed the URL and courts have found liability in linking.
"most people don't read raw log files line by line"
That is not necessarily important for the "knowledge" standards. It is still up in the air as to whether or not "could have known" , "should have known", or "knew" fits the definition. There is a lot of risk in these as they tend to encourage not logging and making it impossible to know, and that is the point. Laws that make it safer to not retain laws make it harder for law enforcement to work with sites that have bad actors using them.
"politicians name laws like this exactly so they can nail opposition next election cycle"
While I am no fan of US politicians, that is a broad statement that is almost certainly, overwhelmingly false. Most US laws are written with good intentions. Some have bad side-effects. It really is unlikely that these laws were written with as much political motivation as you seem to be attributing.
[ link to this | view in chronology ]
Re: Re: Seriously doubt it
Considering that the MPAA and RIAA got behind this law, and they would love to see all content on the Internet approved before publication, I doubt that good intentions come into it. Third party liability is a way of forcing third parties to control the use of their websites, and this law is a big step in that direction.
[ link to this | view in chronology ]
It gets better
It's worth remembering that one of the big problematic aspects of the law is that it's retroactive, so if one of the sites they linked to qualified then they'd be on the hook, even if they currently aren't linking to said site.
Of course this assumes that the DOJ would ever prosecute... ah yes, 'the DOJ', so I doubt anyone in the agency is losing any sleep over the possibility.
[ link to this | view in chronology ]
Re: It gets better
[ link to this | view in chronology ]
Prosecutory Discretion
id est selective enforcement. It works like this:
1. Pass laws criminalizing actions everyone is guilty of.
2. Appoint prosecutors who only prosecute bad people (rather than good people who might have broken a law accidental-like.)
3. Bypass the rule of law!
[ link to this | view in chronology ]
lmao..
And those responsible for it, DONT USE ANY..
A site, setup and NEVER UPDATED...
WHO is supposed to be responsible??
Those Internet/Tech Czars that we keep firing?? WHY?? Because they tell our GOV., that they need to spend abit of money to FIX SHIT..
[ link to this | view in chronology ]