REUTERS / Jonathan Ernst
The US Department of Justice is dismissing a case against a man accused of accessing child pornography through a website called PlayPen because the authorities didn’t want to reveal publicly how they were able to catch the man.
The case, officially titled United States v. Jay Michaud, is a microcosm of a new pattern in law enforcement’s work, specifically referred to as a Network Investigative Technique (NIT).
The DoJ is prosecuting more than 135 people around the country over allegedly gaining access to PlayPen, an illegal hidden service that is only reachable through Tor, according to Ars Technica.
Tor is a platform that automatically anonymizes Internet Protocol (IP) addresses, the numerical fingerprint each computer has for accessing the web.
Authorities were not only able to gain entry into the illicit platform, but also takeover the administrative control of PlayPen unbeknownst to the rest of the community on the “Dark Web” site. The FBI was essentially running a child pornography site for weeks, all attributed to helping catch people who publish, disseminate and watch the obscene content.
Because of Tor’s capabilities, the FBI was originally not capable of identifying the IP addresses, and thus the locations of the child porn distributors and consumers.
The FBI eventually used a court authorized hacking method to determine the IP addresses.
The government is unwilling to disclose the technological means it allegedly used to ensnare Michaud because tech-savvy cybercriminals will then inevitably come up with a solution to block the agency from collecting data.
“The government must now choose between disclosure of classified information and dismissal of its indictment,” Annette Hayes, a federal prosecutor, wrote in the court filing dated March 3.
“Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery,” the legal document continues, referring to the fact that the dismissal is technically temporary.
US law enforcement and intelligence agencies were granted expanded hacking powers in early December, after rule changes permitted lower level judges (magistrates) to issue warrants when a suspect uses anonymizing technology to mask their location and identity.
The FBI could then more easily obtain official authorization to remotely access computers and online communications.
“The amendments do not change any of the traditional protections and procedures under the Fourth Amendment, such as the requirement that the government establish probable cause,” Assistant Attorney General Leslie R. Caldwell of the Criminal Division wrote on an official DoJ blog post.
Democratic Sens. Ron Wyden and Chris Coons, along with Republican Sen. Steve Daines, tried to pass a bill that would disallow the amendments, but Republican Sen. John Cornyn blocked their efforts.
“By sitting here and doing nothing, the Senate has given consent to this expansion of government hacking and surveillance,” Wyden said. “Law-abiding Americans are going to ask ‘what were you guys thinking?’ when the FBI starts hacking victims of a botnet hack. Or when a mass hack goes awry and breaks their device, or an entire hospital system and puts lives at risk.”
Christopher Soghoian, former chief technologist at the American Civil Liberties Union who now works as a technology fellow in Congress, agrees with Wyden’s concerns.
“My concern is that when they hack enough people, surveillance becomes so cheap–hacking becomes cheaper than even a single hour of law enforcement overtime–that this will become the tool of first resort,” Soghoian said in a speech in December. “Hacking will be the first tool in the toolkit that they reach for, before they go undercover, before they try and convince someone the old-fashioned way. My concern is that hacking is making spying far too cheap.”