Government Tossing Child Porn Cases Rather Than Discuss Its Torrent-Tracking Software In Court
from the escape-hatches-and-opacity dept
The federal government isn't done tossing cases rather than let defendants have access to slightly more level playing field. A new investigation by ProPublica has uncovered more dismissed prosecutions due to the government's unwillingness to allow defendants to examine the software used to build cases against them.
The cases deal with child porn and BitTorrent distribution. The defendants are hardly the most sympathetic. But, like the cases that exposed the FBI's use of malware to gather identifying information from devices around the world, child porn investigations are on the front line of the government's tech deployments. From the description of the cases covered here, it almost appears the government had enough evidence to see the prosecution through to the end. It just chose not to because continuing the cases would mean turning over info on their tracking software to the accused.
Using specialized software, investigators traced explicit child pornography to Todd Hartman’s internet address. A dozen police officers raided his Los Angeles-area apartment, seized his computer and arrested him for files including a video of a man ejaculating on a 7-year-old girl. But after his lawyer contended that the software tool inappropriately accessed Hartman’s private files, and asked to examine how it worked, prosecutors dismissed the case.
Near Phoenix, police with a similar detection program tracked underage porn photos, including a 4-year-old with her legs spread, to Tom Tolworthy’s home computer. He was indicted in state court on 10 counts of committing a “dangerous crime against children,” each of which carried a decade in prison if convicted. Yet when investigators checked Tolworthy’s hard drive, the images weren’t there. Even though investigators said different offensive files surfaced on another computer that he owned, the case was tossed.
The secrecy in these cases is being aided and abetted by private companies. A nonprofit called the Child Rescue Coalition produces a suite of tools called the Child Protection System. But as ProPublica points out, the details are more complicated than its initial appearance: a kindhearted nonprofit helping law enforcement catch child porn producers and consumers. CRC has ties to TLO, a data brokerage recently acquired by credit reporting agency, TransUnion.
Defendants have asked prosecutors to turn over information about CRC's software in cases where it appears to have possibly drawn the wrong conclusions about downloading and distributing child porn. In those cases, TLO -- not the CRC -- has stepped in to inform the courts that it will not be producing the requested info.
The software’s makers have resisted disclosure of its coding. In May 2013, TLO asked a federal court in El Paso, Texas, to quash a subpoena to reveal the software known as the Child Protection System in a child-porn case. The materials sought, they said, “are protected under the law enforcement privilege and trade secrets laws.” After the judge ordered the software produced, prosecutors instead agreed to a plea deal that favored the defendant; he was sentenced to three years he had already served for “transportation of obscene material.
It's not just private companies pushing prosecutors towards dropping cases. It's also public institutions. Torrential Downpour -- software used to track the sharing of child porn via hash values -- was developed by the University of Massachusetts using government funding. When access to code was requested by a child porn case defendant, the university inserted itself into the case to reject the judge's order to turn over the code.
Its lawyer said in a court document that handing over the software would “destroy its value to the university and its faculty researcher,” citing a $440,000 annual FBI grant. “Releasing it to public view would frustrate public policy and impede law enforcement’s ability to deter peer-to-peer sharing of child pornography,” the lawyer added.
The trove of documents [PDF] ProPublica secured show instances where the evidence prosecutors said they had may not have actually been there, thanks to software or human errors. A recent ruling in favor of letting the defendant have access to Torrential Downpour's code seems to show the FBI relies more on what the software tells it than it can actually see with its own eyes.
Defendant Gonzales argues that Torrential Downpour is material to his defense because the distribution charges are based on child pornography files that Torrential Downpour purportedly downloaded from his tablet but that were not found on the tablet when it was seized by the FBI. Doc. 25 at 8-9. He has presented an affidavit from his expert, Tami Loehrs, confirming that the files are not on the tablet. Doc. 25-5. Loehrs explains in her affidavit that it is critical to Gonzales’s defense to understand how Torrential Downpour functions in order to determine the program’s reliability and accuracy in identifying files that Gonzales is charged with knowingly distributing. Id. at ¶ 17. She further states that based on her many years of research and testing of peer-to-peer file sharing software, including BitTorrent, she has discovered that all of these programs “contain bugs, they do not always function as intended and the data reported by these applications is not always accurate or reliable.”
[...]
Loehrs explained that, because a torrent is simply a text-file containing the hash values – or “fingerprints” – of the target image and video files, a BitTorrent user who downloads a torrent has fingerprints of the target files, even if he has not yet downloaded them. Id. at 22:14-23:8. Loehrs stated that the actual downloading of the target files occurs only when the client software instructs the torrent to search for those files on the BitTorrent network and download them to a designated folder on the user’s computer. Id. at 23:9-25:3. She further stated that a forensic examination of the device used to download the torrent can determine whether the torrent has been used to download the file, and her examination of Gonzales’s tablet revealed no evidence suggesting that he downloaded the files listed in counts one through eight.
It's not just defendants' experts being unable to find the files the government claims they downloaded. Investigators themselves have admitted they can't find files that Torrential Downpour said the accused accessed. An examination of the software being used to build cases should be allowed, but the entities behind the software won't allow it and the government is cutting defendants loose rather than giving them a chance to properly defend themselves against these very serious charges. I supposed it ultimately works out for defendants, but it only encourages the government to tip the scales in its favor again when the next prosecution rolls around with the hopes the next defender of the accused isn't quite as zealous.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bittorrent, child porn, child protection system, defendants, discovery, evidence
Reader Comments
Subscribe: RSS
View by: Time | Thread
Where is the outrage?
With all of the unreasonable "tech giants should censor all of the bad things" pushes you think politicians would be more outraged at law enforcement choosing tools so shittily that they would rather child porno distributiors go free than take a peek behind their curtain. That is just not a good look for anyone involved.
[ link to this | view in chronology ]
Re: Where is the outrage?
AC,
Consider something important here..
That in the end its blackmail.
SUGGEST..
That with the info the gov. has that they might release the info of WHY he was taken to court.
You want the list of WHO he is in contact with.
And if he gives over the info, the case MAY, disappear off their computers..Which can be hacked.
[ link to this | view in chronology ]
Re: Where is the outrage?
"With all of the unreasonable "tech giants should censor all of the bad things" pushes you think politicians would be more outraged at law enforcement choosing tools so shittily that they would rather child porno distributiors go free than take a peek behind their curtain."
You'd think so, yes.
Here's my take on it. Law enforcement managed to get access to sporadic use of NSA software/data and if a judge in any court orders the police to reveal how the software works, US intelligence agencies will be negatively impacted.
So inept law enforcement uses the tools, digs up the data, finds their suspect...and somehow forgets that revealing their evidence means either shooting their national security in the foot or reveals that it has been unlawfully obtained.
It's about the only way this makes any sense at all, barring the accused turning out to be an in-law to the director of the FBI or something similar.
[ link to this | view in chronology ]
Wait a sec. Isn't research done on federal grant (read: public tax money) public domain? Or is that just urban legend?
[ link to this | view in chronology ]
Re:
Stuff produced by the federal government is public domain. They can and do send public tax money to private companies to develop proprietary stuff. Grants rarely have any public-domain requirements; at best they might require publication of papers (but not code) in an open-access journal.
[ link to this | view in chronology ]
Correct. If a member of the U.S. Army takes a photograph while in Army service, that photograph is public domain. If the Army pays Stark Industries to develop a new type of arc rifle, that rifle is not public domain.
[ link to this | view in chronology ]
Re:
"Releasing it to public view would frustrate public policy and impede law enforcement’s ability to deter peer-to-peer sharing of child pornography"
But if failing to indict and convict actual child pornographers because they don't want review of the code/processes, doesn't that impede law enforcement's ability to deter sharing of child pornography, as well?
[ link to this | view in chronology ]
torrent files...
Use of scanning software to look for hashes was the main reason for "magnet links" that pretty much every BT site now uses. There is NO torrent file downloaded to any machine in the swarm.
If the entire system is based on the hash value of a given file, software to inject a few "invisible" characters at a random point in any file to change the hash value is already available.
[ link to this | view in chronology ]
From the PDF:
I'm calling bullshit on that claim. It would be very difficult to get the entire file download from a single targeted person unless he left the file seeding for an extended length of time. Few Bitorrent users do that, and presumable even fewer who are downloading such illegal content as child porn. Also, such a system could easily be completely evaded by people who use non-standard torrent clients that have the upload ability disabled.
In all probability, the cops are simply harvesting IP addresses from the trackers and DHT network, and then getting search warrants and raiding those residences within their jurisdiction. It's also possible that once they have a target's IP address, they try to hack into the computer to see what files are stored there. But of course they don't want anyone to know that, so they instead play the parallel construction game, only to cut and run when the defense starts demanding detailed information.
There's also a good chance that the child porn was released by the cops themselves, in a Prenda-like honeypot trap.
[ link to this | view in chronology ]
Re:
Ut oh it sounds like they stole the code that Righscorp and Guardalay use...
[ link to this | view in chronology ]
Re:
Not difficult enough to call "bullshit", really. Some clients will disconnect as soon as they're done or when they've reached a certain ratio, but it's easy to just forget about an ongoing torrent and leave it uploading.
Note, also, that the government could be pretending to be multiple clients—multiple IP addresses which, between them, have downloaded 100% of chunks from the target IP. Maybe downloading from some other seeds too, to blend in.
[ link to this | view in chronology ]
Re:
Agreed, the "swarm" would have to be one seed and one leech, the leech being the person getting arrested.
Even if it was a honeypot, they couldn't get the hash from the leech until the file was completely downloaded.
But what they're claiming is that they can see inside the leech's machine to get the hash of the .bt torrent file itself.
That's a hell of a lot more invasive (and illegal....) than firing up their own client and joining the swarm.
Does anyone still download torrent files? The Magnet Link system does away with that for this very reason.
[ link to this | view in chronology ]
Magnet links
Magnet links are the hash of the .torrent file. When a BitTorrent client starts downloading via a magnet link it downloads the .torrent file from its peers before downloading the actual data.
The torrent file contains block hashes of the file(s) to transfer and there's almost certainty when the block hashes match a known file that that file is being downloaded in the torrent. (It still is computationally hard to generate data with a pre-chosen 160 bit sha1 checksum.)
However there are specialized clients that only (but automatically) download the .torrent files, for example to fill a search database of available files. If you're running such a client you could be detected because you download the .torrent (metadata) of the download. If the "police" client is buggy enough to not make a distinction between data downloads and metadata downloads you could be caught in the dragnet.
[ link to this | view in chronology ]
Re: anonymous coward
Actually I ran across an operation once where a government entity, most likely a rogue FBI unit, was releasing child porn over a p2p network then tracking the IP addresses of downloads, the re-uploading the file again from the same computers, presumably to upgrade a mere possession of child pornography charge to one of distribution.
[ link to this | view in chronology ]
Not a good look
"The defense wants to see the code that accused them and said they're guilty of terrible acts? Quick, drop the case!"
There is really no way for the companies and prosecutors involved to come out of this looking good. The companies/individuals would rather drop cases involving accused child porn than have the programs checked for accuracy, something that's just kinda important if said software is going to be used to put people behind bars and destroy their lives, suggesting that they know or suspect that their 'foolproof' tech is instead riddled with holes that a good lawyer could shoot down.
Over on the investigator/prosecutor side, you've got people willing to drop cases in order to... preserve secrecy? Which is apparently more important than actually finding and punishing people downloading/sharing child porn? Those are some telling priorities there, nicely highlighting just what they consider more important, if they're willing to drop a case and run rather than allow someone to challenge what they are using to gather evidence(though given what's mentioned in the article sounds like they've got good reason to want to avoid scrutiny of the program, as it apparently likes to hallucinate evidence.)
[ link to this | view in chronology ]
Re: Not a good look
But think of the children! How are they supposed to protect the children by arresting people on accusations of having child pornography and then dropping the charges when asked to cross-examine the "witness", unless their code is secret?
[ link to this | view in chronology ]
Re: Re: Not a good look
No, not in that way!
[ link to this | view in chronology ]
Re: Re: Not a good look
I'm more impressed with them being unable to find the files that claim their target downloaded...
Reminds me of the trolls who claimed that a lack of evidence is evidence of guilt...
[ link to this | view in chronology ]
They are bad people, our super secret tech said so...
NO NO NO DO NOT LOOK BEHIND THE CURTAIN!!!!!!!!!
If the thing used can not be examined by the defense or any independent outside lab, perhaps it is the same as "bite mark forensics".
Kinda wierd to see the government using the Prenda/MM play book... make wild allegations they can't prove in the hopes the target just gives in to what they want b/c their name will be ruined if the 'facts' come out.
[ link to this | view in chronology ]
Our government is using the same techniques as copyright trolls. Wonderful.
[ link to this | view in chronology ]
Well, not really. The government gets to publicly brand you as a child molester without ever having to prove anything in court. You may not go to prison, but you'll probably lose your job, your family, and all your friends.
A lot of these guys deserve it. Some don't.
[ link to this | view in chronology ]
Sounds like a cover up.
[ link to this | view in chronology ]
Reminds me of that movie Mercury Rising where the kid decrypts a message in a cipher. Instead of admitting that their software (is|might be) flawed, they just try to murder the kid.
[ link to this | view in chronology ]
Because showing screenshots of the peer connections from an off-the-shelf torrent program seeding said torrent when you've received $440,000 from the FBI wouldn't be a good look.
[ link to this | view in chronology ]