A tv program here in Brazil showed the "cutting edge" tech in capturing "pedophiles"
First, they showed that the police here, got from some US organizations, access to some kind of realtime NSA style spying tools, they showed on tv that their software show realtime torrent data transfer worldwide, with pips popping up on a map in the entire planet!
Then, they decided to show one person, and showed on tv some kind of hidden teamviewer, they showed someone screen, realtime.
All of this already made me cringe, what kind of mass spying is US exporting?
Then the tv showed 3 people caught, showed their names, location, jobs, even filmed one guy house and his family inside...
1. One guy was an old man that wants help and avoid kids.
2. Another is a 32 year old unemployed that never his parents apartment, and never invite anyone, doesn't have friends or romantic partners.
3. Guy is 28 year old IT worker, no friends or girlfriend. used his work Internet because he couldn't afford broadband at home.
None of the 3 are in jail, they were only officially charged, and they don't have a trial date yet.
Then the tv points out that 70% of pedophiles in jail actually raped a child, and implied that those 3 maybe lied about never abused kids.
So, illegal spying, and guilty until proven otherwise? How these 3 will walk on the street now? All of them lived in smaller towns, and the tv station was the most popular tv station of the country.
> First, they showed that the police here, got from some US organizations, access to some kind of realtime NSA style spying tools, they showed on tv that their software show realtime torrent data transfer worldwide, with pips popping up on a map in the entire planet!
Were they monitoring a single torrent file? Multiple? An entire tracker? Most BT traffic in the world?
Trackers will happily disclose the list of peers who are downloading, so it's not hard to monitor a list of torrents. That's how BT works. A lot of anti-piracy companies do it. Unless they were monitoring a massive amount of torrent traffic, I don't see why an intelligence agency has to be involved.
All I have to say is get a fucking warrant like the constitution you swore an oath to requires! Once they have a warrant, a specific one at that (as opposed to a general or blanket one), and then use of these tools is ok.
I understand they got a warrant for the server, but theydidnt get warrants for each user like they should have, so unless I am missing something, it's blatantly unconstitutional.
This is where some beltway establishment stenographers would say "but it was thousands, warrants would take too long!" Well tough fucking shit, you still have to get a warrant for each IP.
Unless there is some legal precedent someone wants to cite to me, which I have yet to see.
Mark my words, cp and terrorism and cyberterrorism (read: major bank hacks) are the things going to be used to increase the surveillance of the internet. If we dont stand up for the rights even of horrible people, its a slippery slope that will, not might bite us in the ass later.
First they came for the people who clicked on url shortners, etc.
Shit hell, I wouldnt be surprised if the FBI used this fishnet to spearphish people that had nothing to do with the site so they became targets.
eg: Send that pesky dissident an email with a link to this so that they pop on the autocomprimise tool and voila, dissident surveillance engine disguised as good guy cp catching program.
On a side note, I did some pretty extensive forensics training to be able to testify about stuff like this, and you would be utterly amazed at how many of the other "forensics specialists" were utterly incompetent. (for example, not knowing any other fs than ntfs...)
The warrant in question is one that allows them to deploy the NIT in order to get the IP addresses in the first place. They wouldn't know these addresses prior to deploying the NIT, so there's no way they'd be able to get a warrant for each IP prior to that. Once they had the IPs, they subpoenaed the ISPs and got search warrants for the owners.
I haven't really made up my mind about the legalities of this case, it's quite tricky. I think the FBI should definitely have to disclose the NIT (both the exploit and the payload) to the defense, but I'm not sure about the warrant (Rule 41 issues aside).
Unfortunately the government was wise to expand their power in a child porn case. It's very, very difficult to motivate to do anything in defense of such people. If only they'd gone after someone at least somewhat sympathetic!
> Unfortunately the government was wise to expand their power in a child porn case.
The state is following the age-old tactic for expanding their power and authority: go after people others won't speak up for in fear of being labeled one of them. It's exactly what the Martin Niemöller quote is about.
While I do not condone the behavior of these people or otherwise support their crime, kudos to EFF for being willing to stand up to the state on this. As we have learned, any liberty sacrificed to "law enforcement" agencies or sociopolitical elites will almost never be reverted. You'd think we would have learned that with the Patriot Act and "terrorism".
Weak groups need to step on the heads of even weaker groups to gain influence. If anti-FBI-overreach activists appear to be aligned with pedophiles, that'll weaken the cause of the activists. Instead they should appear align themselves with some group that's more respected than themselves, like believers in the constitution. That's perhaps the reason pro-transsexual activists don't widely support Chelsea Manning or why bullied schoolkids aren't helped by the majority of the students who are all struggling to maintain their own image.
Not that it's a very nice thing to do, it's just self-interest.
This is exactly what they were trying to do in the San Bernadino case with the iPhone. They were trying to set a precedent using an 'indefensible' case. He was a terrorist! We should stop terrorism! It was never about that specific iPhone. Same thing here. If they get to use this technology here what's to stop them doing it in other cases?
It's a shame defence attorneys get paid such low wages. They are the front line defence against this stuff and the state always has a strong advantage over them in every trial.
And, in fact, it's very difficult to motivate anyone to do anything in defense of anyone merely accused of viewing child porn who has not yet come to trial.
I'm not sure what you are trying to say. One of the reasons why the Constitution exists is that, thanks to its very existence, some things become unconstitutional.
If we were to conclude that there isn't a constitutional way to achieve legalised mass surveillance, then we would have to conclude that that mass surveillance is unconstitutional. I would be quite happy with that conclusion, if I may add.
What if the "target site" was Gmail? Would you still call it targeted surveillance? What's the limit under which we consider surveillance to be targeted? 100,000 users? One million? 10 millions?
Exactly. As the article explains, "the FBI received a tip from a foreign law enforcement agency that a Tor Hidden Service site called “Playpen” was hosting child pornography".
What if the FBI received a tip that Gmail users are hosting child pornography? Would they be allowed to infect Gmail users' computers?
The entire purpose of playpen was child pornography. The FBI knew that, I assume they could just go on the site and check. The tip was just telling them how to find the location of the site so they could do something about it.
If the entire purpose of gmail was to facilitate illegal sharing of cp, then yes.
(I gather that they also had discussion forums of some sort, but that the FBI only used the malware against people who visited the specific pages for child porn. So yes, it was targeted.)
> The entire purpose of playpen was child pornography.
I understand your point and I accept your observation that "mass surveillance" may not be the right definition of what happened in the Playpen case.
However, I invite you to consider the following: once (and if) there is a legal precedent where law enforcement agencies are allowed to hack the users of a given website, that legal precedent will be relevant in future cases, related to other websites that are not Playpen. Today it's Playpen, tomorrow it might be a community of activists. By then, I think you will agree with me, it will be much easier to consider that proper mass surveillance. And if you were one of those activists mentioned in my example above, good luck building your defence on the fact that "this provision can't be applied to me, because it was intended for child pornography websites".
This type of process has already happened in recent history, e.g. with "security" laws that were passed after 9/11. Those laws, in several ways, limit everyone's liberties, not just those of terrorists[1][2].
Of course those provisions seemed like a damn good idea soon after 9/11. Now, not so much. Erosion of freedom, just like natural erosion, has a way of progressing very slowly but steadily.
Oh hey, I think you arent aware of the part where the judge has thrown out all the evidence collected by the fbi in this child porn operation because of the constitution and evidence collecting standards of the judiciary
From the article: "Some courts have upheld the FBI’s actions in dangerous decisions that, if ultimately upheld, threaten to undermine individuals’ constitutional privacy protections in personal computers"
>> To me, the disturbing thing is the FBI took over the Tor node, moved the content to a FBI server, and ran it for two weeks.
Yeah, why don't they just run a porn site full time? Is the limited duration an admission that they shouldn't use that method? Why not continue if it's so effective?
Honestly, I'm very satisfied with the work the FBI did in this case.
To those mad about the FBI overstepping privacy rights on shaky grounds: how could you possibly need more evidence than proof of visits to a website that distributes child pornography?
What constitutes "a visit to a child pornography site"?
Say this was not on TOR but the regular internet. Say I masked the URL of this child porn website with a popular URL shortening service and posted that link here saying "read this!" You click this link and are surprised and quickly close the page.
You visited a child porn site!
But now imagine in that ONE visit the FBI exploited an undisclosed vulnerability in your browser. Now they spy on your malware infected machine.
Would you be happy? I'm not saying this happened but it's possible when you allow this sort of activity to happen in your country.
Say this was not on TOR but the regular internet. Say I masked the URL of this child porn website with a popular URL shortening service and posted that link here saying "read this!" You click this link and are surprised and quickly close the page.
But that isn't what happened here. Or even close to it.
A better analogy here is something like the FBI staking out an illegal dog fighting ring (which isn't exactly easy to get into in the first place) and then tracking the cars of people who visited it.
Maybe they should have to get a warrant, maybe not - I think there are valid arguments on both sides of that.
But let's not pretend these people didn't know exactly what they were doing. These aren't innocent people tricked into it.
I mean the argument still holds for TOR I imagine. Aren't there .onion URL shorteners (I honestly don't know)?
You're probably right that these people weren't tricked at any point. But setting a precedent that it's ok for government agencies to inject malware and attack citizen computers seems like a very slippery slope.
Boobytraps, land mines, etc. are often banned because they attack people without discretion. Injecting malware into someone's machine just because they stumble upon an URL (be it .com, .onion, .xxx or .whatever) sounds criminal to me regardless of who is running the show.
I can't imagine what a warrant for this scenario would look like given it was on TOR? Who would it be issued for?
I would guess that you could put a proxy in-front of the Tor URL on a clearnet domain and set the X-Forwarded-For header to the IP of the actual visitor. If they trust forwarding proxies than it's easy to implicate someone. If they don't, it's easy to hide from them.
But the same argument holds true for general possession laws. Take some illegal images, plant it on someone's computer, phone in an anonymous tip, boom jail time for an innocent person. It's the whole problem with possession of anything being a crime. Same with drugs. Just accessing something is an even scarier thought.
This is precisely why it's kind of scary that the FBI did what it did to apprehend these people. But we should not think that at the end of the day, the people caught should be free to go because of the means by which the FBI caught them. They each have their days in court.
I'd rather say that I'm very impressed with the extent to which the FBI went to compromise these people from a technical standpoint. What they did is scary, yes. But I'm still very satisfied knowing that the FBI will put in not only so much manpower, but also technical and strategic effort to achieve its goals.
That sounds like you're glad that the FBI is technically competent at bypassing the very constitutional protections that each of its agents is sworn to protect.
Which constitutional protections did they bypass exactly?
The Federal Court has found the fourth amendment does not protect a home computer[1].
One might disagree with that, but claiming the FBI is "bypassing the very constitutional protections that each of its agents is sworn to protect" seems quite emotive given that an actual court found the exact opposite.
Illegally obtained evidence is not admissible in any sane court of law. How is this any different?
This reads to me like: there's this bad area in town where drug dealers are known to congregate. Does that make every person who hangs around there, or even passes by, a drug dealer by association?
That's a ridiculous argument. You don't just "hang around" child porn websites without participating.
Furthermore, the FBI achieved their goal at the end of the day. Just because evidence is obtained illegally doesn't mean that people who distribute CP are just off the hook. Sure, that's abuse of power. But it's absolutely ridiculous for any sane person to argue that these people should walk free because the FBI overstepped its bounds.
Ugh... I've had friends who use to send people links to child porn sites as a joke. Use to say "Now you're on the FBI's wanted list"
> Just because evidence is obtained illegally doesn't mean that people who distribute CP are just off the hook.
In the U.S. that's exactly what it is supposed to mean. If the FBI, police, or just about anyone oversteps the law it's not admissible in court. There has to be a reasonable suspicion and motive to get a warrant - that could have been as easy as simply getting a warrant to host a Tor node and sniff traffic. They didn't do that.
Now, lets get to what's scary about your argument. What if all the sudden it was illegal to visit Hacker News? Perhaps it was declared that way by your new president Trump. Trump got sick of people "hacking" things, so instead of just blocking all the websites he decided he wanted to simply monitor all the users who visit hacker news, then charge all of them with "hacking". It is a hacking website after all... And, although our justice branch of the government was never consulted, i'm sure you'll find some CNN poll showing 40% of American's should be jailed for life for hacking.
Later on the news, someone in a suit will be saying "it's absolutely ridiculous for any sane person to argue that these people should walk free because the FBI overstepped its bounds."
.... Hence, as a democracy we all try to get along, and that includes respecting each-others privacy as long as there is not a reasonable suspicion we are harming others. It's there to protect democracy, not the pedophiles.
> I'm pretty sure his argument was that the site could have had other purposes.
But in this case it didn't. Not a single case coming out of it has claimed that it was some kind of mistake, or inadvertent visit or they were there to do something else.
> how could you possibly need more evidence than proof of visits to a website that distributes child pornography?
That question is misleading. What people is worried about is "How much power has the FBI to spy on ordinary citizens?". Even the worst authoritarian governments put assassins in prisons, but that doesn't justify their systems.
What we need is a balanced dialog about privacy. Yes, there are good uses to spying. Yes, spying is open to abuse from institutions and individuals for personal gain. Lets work inside the constitutional framework and create laws that empower good uses and limit bad uses instead. That's why we have separation of powers.
Quite frankly, I think that any person with these compulsions should be put to death. People with these compulsions are almost never "cured" of them and they cause unimaginable harm to society. A child who has been sexually abused is pretty much ruined as a person for the rest of his or her life. The rest of that person's life is a long, drawn out torture. And this is assuming that the predator lets the child live. Often they are killed by the predator since the crime is so egregious and there is no turning back.
I really, really do not care if the rights of these people were trampled on. Even if my machine was somehow collaterally infected with this malware, it would not bother me in the least if I knew for sure it was part of this investigation.
These "people" are beyond help. There is no reform if you have these compulsions. That is why, even after they have did their time, they must register as a sex offender and be restricted in where they reside. They should just be destroyed.
Unfortunately for your opinion, creating a state apparatus to surveil, capture, diagnose, and execute such individuals is far more dangerous than allowing such people to exist.
You may be expecting far too much of your government. My opinion is that if pedophilia became a mental illness treatable by execution, enemies of the powerful might discover that their hard drives had been filled with outlawed images without their knowledge, rather than just having convenient car wrecks or drug overdoses.
Why just murder someone when you can simultaneously discredit and vilify them?
If you truly believe that such people are too dangerous to live, the logical course of action is for you to go out and murder them yourself. Are you prepared to deal with the consequences of that? Would it be better to just hire a professional to do it on your behalf? Would that become more acceptable if the professional is a state employee?
When you are convicted of a serious pedophilia related crime with irrefutable evidence against you or a confession, the min. sentence should just be execution. The likelihood of re-offending is so high and they have already done monumental damage that it's much better from a Utility point of view to just put that person down.
Sexuality is something you can't re-wire. You don't get to choose your sexual desires and compulsions. You can't "pray the gay away." Some people are asexual and they are attracted to nobody (or thing, if that's what you fancy. No judgements). Similarly, you can't stop a pedophile from being a pedophile. The only difference with pedophiles is that they are wired to cause serious negative Utility, so the negative Utility brought by killing the pedophile will be less than the negative Utility the pedophile brings if they are left alive to continue to commit atrocities.
Recidivism rate is actually quite law compared to other crimes. As for execution, you are playing chicken with people who hare far less to lose. It will also give them a great tool to silence any victims because most victims do not want their abusers killed and many will make the choice to tolerate the abuse rather than have a family member killed.
To say nothing that the level of hatred will only lead to pedophiles thinking through system is being rigged against them and thus be less likely to even try to live a non harmful life. Germany's program which does the opposite of what you want seems to be the far better method for ensuring the least amount of children are abused.
>The likelihood of re-offending is so high and they have already done monumental damage that it's much better from a Utility point of view to just put that person down.
I call bullshit. If you put such a strong statement out there you better back it up. I'd like to supply you with a quote from an actual study:
"The prevalence of recidivating for another sex offense was low (13% or less) while nearly half of sex offenders did recidivate with some type of offense."[0]
First, they showed that the police here, got from some US organizations, access to some kind of realtime NSA style spying tools, they showed on tv that their software show realtime torrent data transfer worldwide, with pips popping up on a map in the entire planet!
Then, they decided to show one person, and showed on tv some kind of hidden teamviewer, they showed someone screen, realtime.
All of this already made me cringe, what kind of mass spying is US exporting?
Then the tv showed 3 people caught, showed their names, location, jobs, even filmed one guy house and his family inside...
1. One guy was an old man that wants help and avoid kids.
2. Another is a 32 year old unemployed that never his parents apartment, and never invite anyone, doesn't have friends or romantic partners.
3. Guy is 28 year old IT worker, no friends or girlfriend. used his work Internet because he couldn't afford broadband at home.
None of the 3 are in jail, they were only officially charged, and they don't have a trial date yet.
Then the tv points out that 70% of pedophiles in jail actually raped a child, and implied that those 3 maybe lied about never abused kids.
So, illegal spying, and guilty until proven otherwise? How these 3 will walk on the street now? All of them lived in smaller towns, and the tv station was the most popular tv station of the country.