FBI Warrant Used to Hack Child Porn Visitors Was Unconstitutional, EFF Argues

Attorneys from the Electronic Frontier Foundation filed a strongly-worded amicus brief in a case related to the FBI's takeover of child pornography site Playpen.

|
Mar 3 2016, 3:30pm

An FBI mobile digital forensics lab. Image: Mark Boster/Getty

The Federal Bureau of Investigation's shuttering of dark web child pornography site Playpen is one of the more controversial moves by the agency in recent years. The FBI ran the site from its own servers for 13 days in order to deploy a network investigative technique (NIT)—the agency's term for a hacking tool—in an effort to identify its visitors.

The NIT hacked over a thousand computers, but all of those malware infections were authorised by one warrant, a point covered in a new, strongly-worded amicus brief from attorneys with the Electronic Frontier Foundation (EFF).

The brief, which was filed on Wednesday, says that the warrant was "unconstitutional."

It is signed by Mark Rumold, Nate Cardozo, and Andrew Crocker from the EFF, and Venkat Balasubramani, an attorney who is representing the EFF.

Judging by court documents in related cases, the warrant used to authorise the deployment of malware allowed the FBI to infect anyone who logged into the site (the warrant and its supporting affidavit are currently sealed). However, an FBI special agent recently testified that the NIT was only activated in some cases when users visited a specific, child pornography related section of the site.

A screenshot from the brief.

Regardless, the EFF is arguing against the fact that the broad warrant allowed a wider search. And even if the actual NIT deployment was narrower in scope than the warrant allowed, it still granted the FBI searches all over the world.

The government didn't obtain specifics warrants for specific users, the attorneys argue, even though the FBI could have done so: Because "the FBI was in possession of the server that hosted the site, the government had a clear window into the site's user activity." In other words, the FBI could have seen which users were posting and accessing specific information, and then base a warrant on those pieces of information, they argue.

Secondly, the warrant apparently "failed to particularity describe what was being searched and where those searches would occur," the attorneys continue.

"The Warrant broadly encompassed the computer of 'any user or administrator' of the website," the brief reads.

"Because an activating computer could conceivably be located anywhere in the world, the Warrant conceivably authorized FBI searches and seizures in all 50 US states, every US territory, and every country around the world," the brief continues.

Indeed, Motherboard has uncovered evidence that the FBI hacked computers in Greece, Chile and likely elsewhere.

When the broad nature of the NIT warrant has been brought up previously, Keith Becker from the Department of Justice has said that "the affidavit does articulate that the FBI may deploy in a more limited sort of fashion, including in particular areas of the target website."

But the EFF see an issue with this as well, writing that the decision of how to deploy the malware was given up to the FBI, rather than dictated by the warrant itself.

"It thus left to the FBI to decide: how the malware would be deployed; how the malware operated; what portions of the activating computers the malware would search; and which of the hundreds of thousands of users of the site it would be deployed against," the brief continues.

The brief was filed in the case of Bruce Lorente, in the United States District Court for the Western District of Washington. Lorente is being represented by Mohammad Ali Hamoudi and Colin Fieman. Fieman is also a defense lawyer in a related case, where the FBI was recently forced to turn over the code used in its malware.

Peter Carr, a spokesperson for the Department of Justice did declined to comment, but pointed to a January ruling in a related case where a judge ruled against similar arguments.

In sum, the EFF write that, as far as the organization is aware, "the Warrant is unprecedented in terms of both breadth and the discretion it provided to the officials executing it."