Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

US govt dismisses child porn case to protect their Tor exploit.


US govt dismisses child porn case to protect their Tor exploit.

Disclosure is not currently an option.

Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.

The case, United States v. Jay Michaud, is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the governments ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed.

The government must now choose between disclosure of classified information and dismissal of its indictment, Annette Hayes, a federal prosecutor, wrote in a court filing on Friday. Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery.

The Department of Justice is currently prosecuting over 135 people nationwide whom they believe accessed the illegal website. However, in order to find those people, federal authorities seized and operated the site for 13 days before closing it down. During that period, the FBI deployed a Tor exploit that allowed them to find out those users real IP addresses. The use of Tor, which obscures and anonymizes IP addresses and browser user agents, makes it significantly more difficult for individuals to be tracked online. With the exploit, it became extremely easy for suspects to be identified and located.

The DOJ has called this exploit a network investigative technique, (NIT) while most security experts have labelled it as malware.


Defense attorneys have attempted to gain access to some, if not all, of the NITs source code as part of the criminal discovery process. In a related case prosecuted in New York, an FBI search warrant affidavit described both the types of child pornography available to Playpens 150,000 members and the NITs capabilities.

Last year, US District Judge Robert Bryan ordered the government to hand over the NITs source code in Michaud. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending.

Since the prosecution against Playpen defendants has unfolded, many have pleaded guilty, and only a few have had charges dropped altogether.

Another one of those ongoing Playpen-related cases is United States v. Tippens, which is also being prosecuted in the same federal court in Tacoma, and is being heard by the same judge. The defendant there, David Tippens, is being represented by the same federal public defender, Colin Fieman. Despite all those parallels, Judge Bryan denied the defenses request to suppress evidence in Tippens—the case is set to go forward as a bench trial (without a jury) later this month.

The Tippens case is still scheduled for trial on March 13, and we have raised and briefed our concerns about the governments overreaching and tactics in both the Michaud and Tippens cases, Fieman e-mailed Ars on Saturday. One way or the other those concerns will ultimately be resolved in the Court of Appeals.

Fieman later e-mailed that he is still unsure as to why the two cases turned out differently.

With the same material facts and applicable law in both cases, we anticipated consistent results, he added.

Peter Carr, a spokesman for the Department of Justice, declined comment on the Michaud case, but noted that its dismissal has no effect on the Tippens case.

Since these cases began, a new change to federal judicial rules will make it easier for lower-level federal judges, known as magistrates, to issue warrants authorizing future NITs that are valid anywhere in the country, rather than being limited to their own judicial district. Some advocates are finding that prospect alarming.

Last year, Christopher Soghoian, a security and privacy expert formerly with the American Civil Liberties Union, spoke before the annual Chaos Communication Congress about Michaud and related cases. Soghoian wasnt just acting as a pundit: he served as an expert witness during earlier hearings in Michaud. Soghoian, who is currently serving as a technology fellow in Congress, has often raised many concerns about such surveillance.

My concern with the economics of hacking is that if the government hacks enough people, hacking not only becomes an attractive way of surveilling but it becomes the cheapest way to spy on people, he said in December 2016.

My concern is that when they hack enough people, surveillance becomes so cheap—hacking becomes cheaper than even a single hour of law enforcement overtime that this will become the tool of first resort, he continued. Hacking will be the first tool in the toolkit that they reach for, before they go undercover. Before they try and convince someone the old-fashioned way. My concern is that hacking is making spying far too cheap.

However, some legal experts have argued that such lawful hacking is an appropriate way for the government to combat the so-called going dark problem—the widespread use of sophisticated anti-surveillance tools, such as Tor and other forms of encryption that stymie traditional law enforcement.

If lawful hacking is going to be a meaningful solution to Going Dark, Congress may need to develop a legislative framework for procedures surrounding highly technical, privileged law enforcement information, Susan Hennessey, a former lawyer at the National Security Agency, and the current managing editor of the Lawfare blog, wrote in a January 2017 paper.

Procedures could also modify the rule to address whether alternative methods or summary information can satisfy the defendants basic inquiry, she continued. In essence, the intention of such legislation is not to eliminate the possibility of the disclose-or-dismiss dilemma but instead to ensure it arises only where constitutionally or otherwise appropriate and not as a Hail Mary litigation strategy.

Comments
Sorry but there are no comments to display