pageok
pageok
pageok
Fake Hyperlinks Used in FBI Child Pornography Stings:
Declan McCullagh reports that the FBI has begun using fake hyperlinks to alleged child pornography images to build cases in child porn investigations:
  The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.
  Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.
  A CNET News.com review of legal documents shows that courts have approved of this technique, even though it raises questions about entrapment, the problems of identifying who's using an open wireless connection--and whether anyone who clicks on a FBI link that contains no child pornography should be automatically subject to a dawn raid by federal police. . . .
  The implications of the FBI's hyperlink-enticement technique are sweeping. Using the same logic and legal arguments, federal agents could send unsolicited e-mail messages to millions of Americans advertising illegal narcotics or child pornography--and raid people who click on the links embedded in the spam messages. The bureau could register the "unlawfulimages.com" domain name and prosecute intentional visitors. And so on.
  This is a very interesting technique, although I disagree with Declan's claim that the "implications" of it are "sweeping." The key question is whether clicking on a link constitutes probable cause to search a home. There is no "automatic" answer to this question; it is always fact-specific. See Illinois v. Gates, 462 U.S. 213 (1983) ("The task of the issuing magistrate is simply to make a practical, common sense decision whether, given all the circumstances set forth in the affidavit before him,. . . there is a fair probability that contraband or evidence of a crime will be found in a particular place.") So you really can't analyze the technique without knowing the facts.

  Consider the facts of the case described in Declan's story. (Warning: The facts are graphic.) An undercover FBI logged in to a now-defunct message board hosted in Russia called "Ranchi," which the agent knew to be used for distributing images of child pornography. The agent posted a message, "here is one of my favs — 4yo hc with dad (toddler, some oral, some anal) — supercute! Haven't seen her on the board before" with links to URLS that appeared to host a file named "4yosuck". The links ended up being to an FBI computer that didn't host anything criminal, but the FBI computer collected the IP addresses of the people who clicked on the link. When the IP address resolved to an ISP in the U.S., the FBI obtained the home address associated with the account and then raided the house for the computer and any child pornography stored inside the house.

  Did the government's affidavit create probable cause? I would need to look at the entire affidavit to know for sure, but just based on these basic facts I would think the case for probable cause is likely to be pretty good. I assume the FBI did not in any way broadcast their IP address or host anything on that computer, and that the link came in soon after the message was posted, so it seems likely that the only incoming web traffic request would be from a link other than from the message board. And given the context, this seems like an unlikely link that someone might come across by accident. To be sure, it's possible to imagine scenarios involving innocent links or some other break in the connection between the home and the possible evidence (unsecured wireless connections, for example), but my sense is that this would still likely create probable cause (again, a call hard to make without seeing the whole affidavit, just something that is likely).

  Nor is there a case for entrapment at trial on these facts. For a defendant to have an entrapment defense, the government needs to pressure him to commit the crime in some way. Here there was no significant pressure; the government created and advertised the opportunity but did not excessively push the defendant to click on the link.

  Does this mean that the government could send you spam with apparent links to child pornography, and that if you clicked on the link the government could raid your home? No, I don't think so. In the case of spam in an inbox, a person might click on a link by mistake or out of curiosity as to what the file may be without actually knowing or expecting it to be child porn. That seems significantly less likely in the case of a link on a message board such as the one in this case. Second, a spam e-mail is unlikely to be as clearly labeled as the image in this case. What tends to make the case for probable cause in the case Declan described is the likelihood in context that a person who clicked on the link was actually looking for images of child pornography. If you change the context, you change the strength of the case for probable cause.

  Thanks to Michael Cernovich for the link.
nvs (mail):
This is an interesting issue. I wonder what the court would do with individuals that have "pre-fetchers" installed on their computers. Back in the day when I used to try to boost my 56k browsing, pre-fetchers essentially pre-downloaded certain data from a certain group of links on the page you were currently browsing. In this case, where the individual is browsing the message board thread, the prefetcher would automatically download certain links on the page, which could include the incriminating link to the faux-child pornography. Now, the prefetcher would likely send certain data to the FBI server in communicating with it that, arguably, would tell the FBI that this is in fact a prefetcher and not a bona fide visit to the page. Where such information exists, certainly it would be a factor that would diminish probable cause. But what would happen if the FBI, for sake of plausible deniability for instance, simply ignored such information or didn't provide it? Harmless error?
3.20.2008 8:13pm
Laura S.:
Orin: is this a restatement of your argument:

Probable cause derives from the act of viewing a notorious message board--as such an act is implied by the attempt to access that URL?
3.20.2008 8:19pm
Mark Robinson (mail):
Let me see if I have this right... The FBI went onto a site that caters to child porn, then leaves a message advertising child porn with links to the "fake" child porn files. A user logs on to this site, reads the post and then clicks on the link. The FBI then records the IP, gets the ISP to cough up the user account info, gets a warrant, serves that warrant... If I have this correct and the details of the affidavit support those facts, I see no problem with this....

Mark
3.20.2008 8:22pm
Nessuno:
This situation just underscores how important and powerful the issuing judges and magistrates are.
3.20.2008 8:35pm
hattio1:
Am I the only person who doesn't think that there is probable cause here? The one thing we know about these users is that they went to a site which did not contain child porn. How does this become probable cause to believe that there is more likely than not child porn in the house at this time? They have to have a specific idea of the evidence which is likely to be in the home. what they have is a specific idea of what evidence is definitely NOT there.
Let me ask you this, would a list of those subscribing to High Times in a neighborhood provide PC to believe there was marijuana in a home? I don't think so, because someone can legally have High Times magazine, but not marijuana. Similarly, what the defendants in this case actually did was not illegal. What they wanted to do was illegal, but they never completed that crime. I just don't see PC here notwithstanding that most of those caught would probably have kiddie porn on the computer.
3.20.2008 8:49pm
scooby (mail):
Here's the link prefetching FAQ from Mozilla.

Some relevant points:

Are anchor (<a>) tags prefetched?

No, only <link> tags with a relation type of next or prefetch are prefetched. However, if there is sufficient interest, we may expand link prefetching support to include prefetching <a> tags, which include a relation type of next or prefetch in the future. Doing so would probably help content providers avoid the problem of stale prefetching links.

As a server admin, can I distinguish prefetch requests from normal requests?

Yes, we send the following header along with each prefetch request:

X-moz: prefetch

Of course, this request header is not at all standardized, and it may change in future Mozilla releases.


That's one form of prefetching, and it's very limited in that the page author has to explicitly request it. The reason for that is that prefetching can cause all kinds of side effects if pages aren't designed to expect it.

However, there are accelerators that prefetch more extensively:

# What is prefetching?

"Prefetching" is the silent loading of links in the background before you click them. This speeds up browsing because in many cases, by the time you click a link it is already cached on your machine and there is zero load time needed.

By default, Firefox prefetches links which are explicitly marked by the web page designer to be prefetched. This is seldom done in practice, so you rarely benefit from it.

Fasterfox's "Enhanced Prefetching" causes all of the links on the page to be eligible for prefetching, which leads to a very noticeable difference in snappiness while surfing the web.

# Can prefetching "mess" things up?

Since prefetching is basically the same as clicking on a link, and clicking on a dynamic link can perform some action such as "logging you out" or "emptying your cart", only static content is prefetched by Fasterfox.

On top of the Mozilla prefetching limitations which are outlined here: Mozilla Link Prefetching FAQ

Fasterfox further limits prefetching such that only files with the extension .gif, .htm, .html, .jpeg, .jpg, .pdf, .png, .text, .txt, and .xml are prefetched. This should eliminate all possibility of Enhanced Prefetching messing things up, however, if you should notice undesirable behavior, please file a bug or email me.

Users who are behind a firewall which monitors web surfing habits (such as users at work) should note that all links which are prefetched will appear to the firewall as though they were visited by you (even though they will not appear in your history file). These users may wish to disable prefetching by disabling prefetching in the "Fasterfox" tab.
3.20.2008 8:50pm
Chris Hundt (www):

What tends to make the case for probable cause in the case Declan described is the likelihood in context that a person who clicked on the link was actually looking for images of child pornography.

Doesn't the likelihood that the person would have actual child pornography come into play as well? This would be another thing that would easily distinguish between someone who visits a "notorious" message board and someone who receives an unsolicited email.
3.20.2008 8:53pm
PersonFromPorlock:
My first reaction is that this is like a fake-fence scam; my second is that it's like arresting anyone who walks into the fake fence's' shop, before they try to sell something. Not too sure about it, it seems more like 'possible' than 'probable' cause.
3.20.2008 8:57pm
nvs (mail):
Sccoby: that FAQ is related to browser-prefetching. What I am referring to are browser plugins and external programs that perform the function. Based on my quick read of Mozilla's prefetching feature, it is quite conservative in what it does.
3.20.2008 8:59pm
Cornellian (mail):
I wonder if these kinds of schemes ever end up catching police investigators from other jurisdictions (e.g. state or foreign police forces) who have entirely legitimate and lawful reasons for wading through such material.
3.20.2008 8:59pm
M. Lederman (mail):
Orin: Is the theory here that whenever someone attempts, unsuccessfully, to obtain contraband for free, there is probable cause that they possess more contraband in their domicile?

Or is the argument instead for some reason limited to child porn, such as through the following sequence of propositions?:

1. If Person X attempted on one occasion to view (free) child pornography, they must find it erotic;

2. If someone finds child porn erotic, and they were willing to risk criminal culpability once in order to view it, they probably tried on earlier occasions, too.

3. If they tried on earlier occasions to view (free) child porn, they were more likely than not successful on those earlier occasions at viewing the porn -- and more likely than not to have retained such depictions in their home, such as on their computer.

Either way, it seems like a (troubling) leap of logic, or at the very least an extremely broad theory of propensity and probable cause. But I know almost nothing about this particular area of law . . .
3.20.2008 9:13pm
Tim A (mail):
I thought I'd weigh in on this one since I'm more involved with the technical stuff than the lawyerly stuff.

I know of a couple of plugins for Mozilla that will download all links on a given page. This is really useful when downloading packages or a bunch of files from an FTP site with a web front end; this is really common for Linux distributions and packages.

A larger item of concern from my perspective would be the ability of a website author putting an invalid image tag pointing to the file in question. Most browsers will happily attempt to download anything pointed to in an image tag and not display it if the request result isn't a valid or recognized image type. Putting
<img src="http://example.com/honeypot-image" border="0" height="1" width="1" style="display:none">
would cause the browser to attempt to grab the file pointed to, and the "display:none" in the style attribute should make most browsers hide even the broken image icon.

The damage is done even if the browser displays an icon, however, as the request was sent to the web server and exists in their logs.

Referrer logs could be used to attempt to tell where the request came from, but even that is problematic. The server relies on the client (web browser) to tell the server what URL gave the referral. Using a command line to enter the commands directly, anybody slightly knowledgeable about how browsers work could send a referrer string of "http://volokh.com/" to the image quite easily. There are plugins for Mozilla that clear the referrer and even a couple that allow you to specify your own.
3.20.2008 9:24pm
scooby (mail):
My main problem with this is that browsers can be automated.

You can force Internet Explorer to perform any action a human could. (I'm sure it can be done with other browsers, but I've personally done it quite a bit with IE.) This technique is sometimes known as "webscraping."

I could, in an afternoon, write code to have IE run hidden and load several illegal web sites with a convincing set of pauses. This could be set to automatically load from a usb flash drive and all the perpetrator would need would be access to a usb port for a few seconds on the victim's computer.

The end result is that the server would register the requests *and* the browser's history would register the same requests. The only possible defense would be a system log showing a device mount or process launch.
3.20.2008 9:24pm
Anon Y. Mous:

Nor is there a case for entrapment at trial on these facts. For a defendant to have an entrapment defense, the government needs to pressure him to commit the crime in some way. Here there was no significant pressure; the government created and advertised the opportunity but did not excessively push the defendant to click on the link.


Entrapment doesn't require "pressure", but merely inducement.
3.20.2008 9:30pm
scooby (mail):
Sccoby: that FAQ is related to browser-prefetching.

The second FAQ is for the Firefox extension, here's the link which was a bit subtle before.

I know of a couple of plugins for Mozilla that will download all links on a given page.

I'm not sure if that's such an issue because unlike the web accelerators (which tend to work in the background and so pause between downloading links so as to not overload the connection) the plugins that download all the links tend to hammer the server.

Still, I've read my share of server logs and trying to guess whether a human being is on the other end from timestamps and other information has always seemed pretty fruitless, let alone trying to fathom what that person was thinking.

Another issue there's nothing I know of that can stop someone from simply fabricating server logs. I mean, if they're not a flat text file, they're a table in a DBMS. Tracing back from that, what's to stop someone from forging the network traffic at any point downstream from the server?
3.20.2008 9:35pm
Dave N (mail):
Perhaps there should be a second step once the perp is on the FBI computer--a provocative (but legal) thumbnail to click on, a request that the other person "share" first, but something so that there is no question that the perp took some additional action besides merely clicking on a link.
3.20.2008 9:36pm
Random 1L:
Orin takes the position that there is no need to fear a government dragnet operation where spam emails containing fake links to child porn are used to establish PC to search people's homes. I am not convinced that this is an unreasonable fear. Though many magistrates would probably find that merely clicking a link in a spam email is insufficient to establish probable cause, this is no guarantee that all magistrates would reason the same way (as Nessuno implied earlier in the thread).
The problem therefore becomes whether evidence gathered in pursuance of a warrant based on such a finding of probable cause would be subject to the exclusionary rule. The good faith exception of Leon might cause problems here. The fact that reasonable judges might disagree about the existence of probable cause seems to suggest that such a warrant would not be so lacking in indicia of probable cause as to render reliance on the warrant unreasonable for an objectively reasonable executing officer. This would prevent the exclusionary rule from kicking in.
Thoughts?
3.20.2008 9:39pm
mrsizer (www):
scooby, good point - it's easy to frame someone. (Although how you get the URL without getting caught yourself is an interesting question - the library perhaps?)

Is this an issue with anything other than child pornography? Are there other probable cause situations where it is this easy to be framed without anyone to testify against you?

Drugs don't seem likely. The High Times example doesn't seem to be a good analogy or the FBI would just sit outside stores that sell grow lights and take down license plate numbers (which is, actually, somewhat close to how syringes are monitored).

Having one's spouse/significant-other murdered (and no good alibi)? Is the statistical weight of how many people do it enough for probable cause to search your house?
3.20.2008 9:41pm
David Schwartz (mail):
I don't see probable cause here. They simply have no way of knowing where the human being that triggered the request is. They simply found the endpoint of one link in the chain between a human being and their link. For example, the person could be running a Tor node.

It's hard to come up with a perfect analogy. A good example might be searching your home for drugs because someone drove to a known drug dealer, talked to him (but bought no drugs) then drove to your house. He may or may not live there. He may or may not still be there. He may or may not have ever bought any actual drugs.

Obviously, that person could be you, and in any event it's someone you let in your house. That person at least is known to talk to drug dealers, maybe they even bought drugs. Maybe they left some of them at your house, maybe not?

Let's try another hypothetical. The police set up a business with a big sign "Weed! Crack! Get your drugs!" in a neighborhood where there are lots of drug dealers. Some people walk in looking for drugs, but the doors are locked. When someone tries to get in the doors, they follow them back to their car, write down the license plate number, and get the registered address. Then they search these houses.
3.20.2008 9:45pm
CDU (mail) (www):
One technical issue that hasn't come up is TOR. Any criminal with a lick of sense is going to use something like TOR when they're doing something illegal on the internet. If someone uses TOR to click on one of these FBI links, the FBI may end up raiding innocent owner of the TOR server, rather than the person who actually clicked on the link.
3.20.2008 9:52pm
Realist Liberal:
I think there is probable cause in the distinct case of child porn. The case is different from the "fake fence" shops in that lots of people fence items only once but most people that would be on a child porn website looking for child porn do it more than once. In response to the maybe's that Prof. Kerr discusses, several cases discussing probable cause say that innocent explanations alone do not negate probable cause.

Anon Y Mous.~
You're technically right that entrapment requires inducement but it requires inducement to do something that the defendant normally would not do which in a practical sense means that there must be some level of pressure to overcome his or her will.
3.20.2008 9:56pm
Brent Peterson:
First, I agree with Orin that there is no entrapment here. The burden for proving entrapment is quite high. See, for example, Jacobson v. United States, 503 U.S. 540 (1992), a case that also involved child pornography. Under Jacobson, the accused has to show that the government made repeated attempts to create a disposition to commit a crime. A single link on a web site doesn't come close to meeting that standard. (I am astounded, by the way, that the four Justices who dissented in Jacobson believed that the government's behavior in that case did not constitute entrapment.)

Judicial matters aside, I find the law enforcement technique troubling. It is not difficult to imagine this technique applied to other areas of law enforcement. I can envision, for example, an FBI agent going on a gun-related message board and posting a link to a site that purports to sell rifles that are illegal under federal law, and then searching the homes of those who click the bogus link.
3.20.2008 9:57pm
MDC (mail):
This is great news. I wonder where they found Janet Marsh's body.

I mean, all crime has ceased and every single cold case has been solved at this point, given that the FBI is now making up crimes. Right? Um, fellas?
3.20.2008 9:57pm
CG (mail):
So running a spider becomes illegal?
3.20.2008 10:18pm
wuzzagrunt (mail):
mrsizer wrote:

Is this an issue with anything other than child pornography? Are there other probable cause situations where it is this easy to be framed without anyone to testify against you?

Drugs don't seem likely. The High Times example doesn't seem to be a good analogy or the FBI would just sit outside stores that sell grow lights and take down license plate numbers (which is, actually, somewhat close to how syringes are monitored).

Actually, it's already been done.

On Thursday, October 26, 1989, the Drug Enforcement Agency conducted raids on retail stores and warehouses specializing in indoor garden supplies in 46 states, in an attempt to shut down the indoor production of marijuana in this country. The raids were the culmination of a DEA plan, dubbed "Operation Green Merchant," which began in 1987 as the brainchild of DEA agent Jim Stewart.
Described by NORML as "a publicity stunt," the Black Thursday raids resulted in the confiscation of books, merchandise and records from more than three dozen stores and the padlocking of several others. Eleven store owners were arrested and more arrests were anticipated, the DEA announced in a press release issued that day.
According to U.S. News &World Report, Stewart, who was unavailable for comment to HIGH TIMES, conceived Operation Green Merchant while thumbing through a copy of this magazine. Struck by the number of ads for both indoor gardening supplies and marijuana seed banks, he began mapping out a plan for undercover agents to visit garden centers and request information regarding the growing of pot. The responses of the store owners or their employees were, in some cases, revealing enough to give the DEA the legal authority to "subpoena United Parcel Service records from 29 of the equipment firms," U.S. News &World Report said. The records produced more than 20,000 names of customers who had done business with those supply stores.
Treating each customer as a potential marijuana grower, the DEA followed several hundred of those "leads" and arrested more than a hundred indoor growers. Those growers' illegal use of garden equipment provided the legal leverage necessary to conduct raids on the stores themselves. In addition, all customer records, mailing lists and shipping invoices were seized from every store raided. Those lists have produced tens of thousands of additional "leads" for the DEA and local authorities to follow.

3.20.2008 10:20pm
OrinKerr:
Marty,

There are two different bases for PC. The first and easier standard is that the clicking is likely a crime -- an attempt to download child pornography -- and that there is probable cause to believe that some evidence to find the person who clicked is in the home (for example, evidence from the homeowners computer showing that he was logged into the message board and clicked on the link.) A secondary theory is that a person who clicks may have CP on his machine, but that's a lot more indirect.

To take a bunch of comments in turn:
Orin takes the position that there is no need to fear a government dragnet operation where spam emails containing fake links to child porn are used to establish PC to search people's homes.

I didn't say there is no need to fear it. My rule is to fear everything.

Entrapment doesn't require "pressure", but merely inducement.

I've read a lot of inducement cases, and I teach the topic, and my sense is that the easiest way to explain the concept of inducement is some kind of significant pressure.

I don't see probable cause here. They simply have no way of knowing where the human being that triggered the request is. They simply found the endpoint of one link in the chain between a human being and their link. For example, the person could be running a Tor node.

Probable cause doesn't require knowledge; just a fair probability.
3.20.2008 10:24pm
R:
INAL, but this seems kind of strange to me.

Suppose I posted a link in this comment that I claimed would lead you to a picture of kiddie porn and some of you clicked on it to see if I was just messing around or not. Would that be probable cause to search your homes? Or is the fact that the site is notorious for such things the determining factor (though I'm scared to think about what kind of search engine queries are going to lead to this blog now)?

Is this unique to child pornography? What if you click on a link that claims to lead you to a site where you can find out how to help Al Quaeda? Is that in the same legal ballpark?
3.20.2008 10:36pm
Fub:
mrsizer wrote at 3.20.2008 8:41pm:
Drugs don't seem likely. The High Times example doesn't seem to be a good analogy or the FBI would just sit outside stores that sell grow lights and take down license plate numbers (which is, actually, somewhat close to how syringes are monitored).
Or maybe it is a good analogy.The first national operation of note was almost 20 years ago, Operation Green Merchant.
3.20.2008 10:43pm
Fub:
wuzzagrunt wrote at 3.20.2008 9:20pm:
[link to Operation Green Merchant, and discussion]
Looks like we both found the Gorman archive material. I'd no intention to duplicate your link, but I certainly agree it's a good synopsis of Green Merchant. That'll teach me to reload before clicking "post comment".
3.20.2008 10:50pm
mrsizer (www):
wuzzagrunt (nice handle, btw), thanks, I think. Good information, scary story.

The Constitutional Convention was called because (who?) realized the Articles of Confederation just were not working. I wonder how one would go about doing something similar based on the idea of "The Constitution is fine, but let's disband the entire Executive branch, repeal everything passed by the Legislative branch, and invalidate all precedent of the Judicial branch - We need a fresh start!"

Orin, "Probable cause doesn't require knowledge; just a fair probability."

PLEASE tell me the "my spouse is dead, there is probable cause to search my house" theory is NOT covered under that interpretation. What determines "fair probability"? (Obviously, I'm not a lawyer so, please, keep it simple.)

Since I addressed this to you personally, I must say that I love this site. It's a great place for non-lawyers to find out what and how y'all think (that client-confidentiality thread is an excellent example: My opinion before reading the comments was completely different from the one I now hold).
3.20.2008 10:57pm
mrsizer (www):
P.S. I haven't killed my spouse. It's just the most distressing example I could think of.
3.20.2008 11:01pm
OrinKerr:
MrSizer,

The post above lnks to Illinois v. Gates, a Supreme Court case from 1983. I would read it for the answer to what probable cause means.
3.20.2008 11:07pm
OrinKerr:
Oh, and glad you like the blog!
3.20.2008 11:09pm
Robb Shecter (denk) (mail) (www):

I find the law enforcement technique troubling. ... imagine this technique applied to other areas... I can envision, ... an FBI agent going on a gun-related message board and posting a link to a site that purports to sell rifles...

I think this case can be distinguished: Here, the suspect completed the faux illegal act:

1. After going to the notorious website, they
2. Viewed the FBI's posting via its teaser text. (Analogous to entering a gun shop.) Then, they
3. Requested the illegal material to be sent to them, by clicking the link. (Analogous to saying, I'll take the illegal one on the shelf there.) Then, they
4. Directed their computer to receive the transmission of the faux illegal-to-own material.

So I can imagine a fairly strong PC case, based on this portrayal.
3.20.2008 11:31pm
Robb Shecter (denk) (mail) (www):

...it's like arresting anyone who walks into a fake fence's shop, before they try to sell something. Not too sure about it, it seems more like 'possible' than 'probable' cause.

I disagree. I'd say that viewing the post with the link is akin to walking into the shop. Clicking on the clink is like requesting/selling an item. Letting your computer download the entire file is like taking marked/fake $$$ back home with you.
3.20.2008 11:35pm
Random 1L:
@OrinKerr
Prof. Kerr,
Assuming that a federal magistrate found probable cause to search A's house because someone using his internet connection (possibly A, possibly not) clicked on a child-porn hyperlink in a spam email sent by the government, do you think the evidence seized would be admissible? In your original post you made a good case for the absence of probable cause supporting a warrant in such a situation. However, in my post I mentioned that if a warrant did issue based on the attenuated connection between clicking a spam link and actively looking for child-porn, the Leon Good Faith exception might prevent the application of the exclusionary rule. What do you think?
3.20.2008 11:40pm
J○n (mail):
Not that kiddie porn fans are the brightest bunch, but couldn't they avoid things like this pretty easily by using coralized links, anonymous proxies, or Tor?

On that note, now might be a good time to shut down the Tor relay I've been running at home. Yikes.
3.20.2008 11:46pm
Apodaca:
Orin writes:
The first and easier standard is that the clicking is likely a crime -- an attempt to download child pornography
I'd like you to visit this page that has absolutely no offensive material whatsoever on it.

Now, supposing you were to click on that link, and supposing I were a not-very-nice person who'd lied to you &sent you off to a contraband image: still "an attempt to download child pornography"?
3.20.2008 11:52pm
mrsizer (www):
And I thought technical specifications were hard to read.

An observation: Most of that is legal verbiage about whether or not the Supreme Court has jurisdiction (right word?) to even have an opinion.

In any case, the phrase that stuck out for me is "on the basis of a partially corroborated anonymous informant's tip"

From a non-legal perspective: Clicking on a link of a web page has no relationship whatsoever to that.

"partially corroborated" would presumably be related to the fact that the link was on a known (but, since hosted overseas, unassailable) illegal website.

The "anonymous informant's tip" is (again presumably) clicking on the link and the resultant computer log records.

I don't think the analogy holds (although I'm welcome to being slapped down as thoroughly as with the grow-light idea).

The informant's tip is someone who cares enough (out of good citizenship or spite) to complain. The computer is just logging everything - no PERSON cares and no PERSON complains.

I'm willing to admit that in child porn the "caring" party is unable to complain or tip, but the extension of authority given a reasonable basis ("for the children") has - ever so occasionally - gotten out of hand.
3.20.2008 11:52pm
mrsizer (www):
The idea of automated tips is disturbing (although probably inevitable).

Let's try another example: If someone's car has been photographed repeatedly running red lights, are the records of the camera system enough for probable cause to pull that car over and search it for drugs (after all, only druggies repeatedly run red lights)?

If so, should red light camera systems be designed to flag repeat offenders to the police for search?

I'm not entirely sure it's a bad idea, but it also doesn't sound like a place I want to live.
3.21.2008 12:00am
M. Slonecker (mail):
So...if I happen to use at home a wireless router that is not secure, and if someone living nearby accesses the internet via my router and clicks on the link, then it is my home that gets raided?

What about surfing the net while eating a sandwich at Panera? I rather doubt the store manager will be all too pleased to have police show up as non-paying "customers".

Etc.

Etc.
3.21.2008 12:05am
Sedgequill:
Law enforcement and intelligence agency personnel should be familiar with Tor; some of them use Tor.

The use of Tor does not prove that, and should not be seen as evidence that, a person is doing or attempting anything illegal. I'm using Tor right now.

Simply visiting any web site should not be considered criminal. Acquisition and possession of prohibited materials are different matters.

Hopefully news of the law enforcement effort described will get to those who would turn in exploiters of children but who prefer to verify evidence before submitting it.
3.21.2008 12:13am
NI:
If I have weekend houseguests who use my computer, do I now need to worry about being raided if they use my computer to follow an FBI link that claims to be for child porn?

I think there's a broader issue here than whether it's probable cause. With the help of an increasingly compliant judiciary, between the war on drugs and the war on terror we are rapidly becoming a police state in which people have no rights except on paper. In the old Soviet Union people had rights on paper too.
3.21.2008 12:16am
OrinKerr:
Apodaca,

No, no intentional mens rea, as would be required for an attempt. (There's a possibility for a subsequent possession offense if the person gets the image and decides to keep it, but otherwise not.)
3.21.2008 12:20am
Chris Soghoian (www):
Prof Kerr,

I run two wireless access points at my home. One is password protected (which I use for myself), and another is named "Free Wireless for All", which has no password. I use traffic shaping to make sure that my data always gets priority.

I'm not the only geek to do this, Bruce Schneier does so, and has written about it.

In this incident, "Federal agents knocked on the door around 7 a.m., falsely claiming they wanted to talk to Vosburgh about his car. Once he opened the door, they threw him to the ground outside his house and handcuffed him."

I've already had the FBI come to my home once (well, twice if you include the friendly chat before they came back at 2AM, smashed my window, and took all my stuff). I'd rather not have a repeat of that experience..

However, at the same time, I like running an open wireless network. It's a nice thing to do for the neighborhood, and frankly, since I'm paying for the connection, and prioritize my own traffic, someone next door checking their email does me no harm.

So - What I'd like to know is: How are people supposed to be able to provide free wifi if it can result in FBI agents forcing them to the ground?

Must we all serve coffee and dress in green starbucks uniforms to be treated with a bit of respect? As, surely, if someone visited the FBI's honeypot from a free wifi coffeeshop, the FBI agents wouldn't tackle the baristas to the ground.

If I recall, there is also free Wifi available while standing on the steps of the Supreme Court. Ironic, perhaps.


At the -very- least, the FBI should be hosting some form of malware on the honeypot, which would infect the user's PC, and leave a bit of forensic evidence on the machine. This would be similar to the paint-pack put into the bag of cash by bank employees during a robbery.

When the FBI did bust down your door and search your computer, if they didn't find their malware delivered payload, they'd be forbidden from looking at anything else on the computer. Lacking the virtual paint-pack, it'd be likely that someone else using your wifi connection had visited the url.

Finally, I'd like to point you to a blog post by a well respected security researcher, RSnake: here

As he notes, a single line of html could enable you to force an unknowing web visitor to view the link, and the FBI's webserver would not get anything from the HTTP referrer header.

Thanks
3.21.2008 12:27am
Apodaca:
Orin:
No, no intentional mens rea, as would be required for an attempt.
This is why it's problematic to claim that there's probable cause of a crime based on the bare fact that a given IP address sent an HTTP GET for a bait file. Without more, there's no indication that the user knew the purportedly illegal nature of the file in question.
3.21.2008 12:32am
mrsizer (www):
Mr. Soghoian, now there's an analogy I like.

But only sort-of. It solves the immediate problem, but it does not deal with slippery-slope problem of unsolicited links entrapping the innocent.
3.21.2008 12:35am
1L computer guy (mail):
Linking in HTML is built on the principle of obfuscation, i.e., which can be used for good:

(links broken on purpose)

a_rel="nofollow" href="http://volokh.com" Click here to go to the Volokh Conspiracy blog!

or evil:

a_rel="nofollow" href="http://www.felonytoclickhere.com" Click here to go to the Volokh Conspiracy blog!

With this in mind, isn't it generally considered "bad" for the legislature + law enforcement to create a mechanism with which 3rd party malefactors might easily leverage to effect the prosecution of their "enemies?"

Though seemingly more sophisticated, it would be trivially easy for any first year computer science undergraduate to write a program that would run invisibly in the background on your computer and constantly search for and generate GET requests for pages and files on any topic based on a specified search string or strings.

I am a law student who used to do computer support for law professors, and very few of them had any idea what was running on their computer. More often that not I would find some sort of Malware or Adware with this capability (though not such an intent) built in.

Though the exploitation of children certainly demands extremely aggressive enforcement, prosecution, and punishment, the law should also consider the the potential damage done to an innocent individual who is the victim of a malicious hacker (who might be simply trying to obfuscate his own traffic in such materials). Persons labeled sex offenders might likely be imprisoned, have their careers destroyed, find themselves socially stigmatized, divorced, and lose custody of their own children.

Consequently, I should think the burden should be higher here—how much higher I am not sure.
3.21.2008 12:39am
Chris Soghoian (www):
Prof Kerr,

As Declan's article makes clear, "there's no evidence the referring site was recorded as well, meaning the FBI couldn't tell if the visitor found the links through Ranchi or another source such as an e-mail message."

So, while you write that "Does this mean that the government could send you spam with apparent links to child pornography, and that if you clicked on the link the government could raid your home? No..."

I have to ask - what if -someone else- sent you spam, advertising "H_O_T X_X_X Mature ladies" (i.e. not in anyway connected with kiddie porn), and the link took you to the FBI honeypot. As someone else in this thread demonstrated with a tinyurl, it's quite easy to have someone click on a URL without them knowing where it'll take them, or even the name of the final url they'll visit.

While I have some concern about the FBI's tactics, as a security researcher, my real worry relates to what happens when evil-doers start abusing the FBI-raid-causing powers of that one magical URL.

We've already seen hackers (if you can call them that) use easy to use fake caller ID services (such as spoofcard) to bring SWAT teams to innocent peoples homes in the middle of the night. How can reasonable people not expect 14 year old script kiddies to (ab)use this new power against their IRC foes?

Cheers
3.21.2008 12:41am
OrinKerr:
To be clear, Apodaca, I make no such claim; my claim was contingent on the details of why an innocent click was unlikely given the specific facts of the case Declan had described. (Not sure if you were questioning what I had written or a comment, though.)
3.21.2008 12:48am
RainerK:
Interesting. So the FBI used a Korean domain hosting one of those ubiquitous Korean freeware message boards to upload fake cp files. Many of these board, while showing a .kr address actually reside on servers in the US. The boards are notoriously unsafe and easily hacked. The second scanned document at Orin's link actually shows an excerpt of the server log. It is fairly easy to take over one of those boards including access to the logs. I wonder if the FBI set up their own or if they hacked some unsuspecting Korean user's message board. Would that be legal?
seook.co.kr (66.232.138.21 / lsh805.siteprotect.co.kr) appears to be a Korean company in the cad/cam business. Unless they're fake too and my IP has now been logged as accessing a FBI sting site.
I wonder what Americans, including the FBI, would have to say if for instance the German BKA used American companies' servers to trap their criminals.
3.21.2008 12:53am
RainerK:
Orin,

If I now have given some kind of probable cause, like messing with a FBI sting site, obstructing an investigation or whatever obscure crime has been enacted as a rider to an unrelated measure and my door gets taken down, I will refer to your post prompting my curiosity and I will expect ready and candid testimony in my support. :)
3.21.2008 1:03am
M. Slonecker (mail):
Just a few of the above links about how readily available technology can be used to place totally blameless people in peril gives makes me wonder just how anyone can state with conviction that the mere act of clicking a link, the true identity of which is easily hidden, can in any reasonable manner be construed as sufficient to create probable cause?

Sorry, but any attorney with a technical understanding of how the internet actually works should be able with relatively minimal effort to sucessfully challenge a warrant issued by those who are generlly technically clueless. Of course, this would be small consolation to the accused who has suffered the indignity of being wrongfully type cast as a potential sexual predator.
3.21.2008 1:05am
Tony Tutins (mail):
By now it's clear to me that for there to be probable cause, clicking on the link has to show some knowledge of the purported contents. So if the child pornography board (or similar) is not the referrer, then probable cause must be established some other way.

There are other cases where the bad guy intends to obtain contraband, but what is delivered is not actually contraband. This click-on-a-link-to-obtain-purported-contraband situation is different from the setup where a 50 year old detective pretends to be a 13 year old girl, because there would be a set of exchanges showing intent. And clicking on a random link is certainly different from a pothead attempting to buy a bag of thyme from a narcotics officer. It is more like a person in a spice store thinking he's buying thyme but actually getting imitation marijuana.
3.21.2008 1:13am
David M. Nieporent (www):
Without more, there's no indication that the user knew the purportedly illegal nature of the file in question.
Apodaca: you seem to be confusing "beyond a reasonable doubt" with "probable cause."
3.21.2008 1:16am
TruePath (mail) (www):
The problem I have with this situation is the following. The links were present on a webpage in link form and if you configure your browser with the right extensions it will automatically prefetch links without any action on your part. Admittedly few people so configure their computers but still it is troubling that customizing your computer configuration could make you vulnerable to this sort of search. If the FBI had not hyperlinked the URLS but instead posted them as text requiring them to be typed in it would be less troublesome.

However, while I agree (besides this small quibble) that legally this breaks no new ground it is still deeply troubling in other ways. In particular even if it doesn't rise to the legal standard of entrapment it does violate our commonsense expectations that offering people a temptation that a sizeable fraction of otherwise law abiding people would accept is reasonable justification to substantially invade their privacy. Furthermore, since the people clicking on the link can't possibly really know that it is genuine (as opposed to constitutionally protected CG child porn) even if that is what is claimed it is hard to see how this ought to be able to justify a search.

Moreover, the particular facts in this case are very troubling. Presumably the protected first amendment rights of association and speech the members of this forum are exercising shouldn't be grounds to conduct a search any more than membership in NORML should allow the government to search your house for pot. Yet in a case like this I'm skeptical if a judge would have reached the same conclusion if these links had been posted say on this blog.
3.21.2008 1:25am
Elliot123 (mail):
If an FBI agent observed an American buying child porn in Amsterdam, would that be probable cause to search his US home?

If he observed him smoking marijuana in Amsterdam, would that be probabe cause to search his US home?

An American gets off a plane from Amsterdam to Atlanta. The US Customs dogs register marijuana. No marijuana is found. The dogs keep yelping. The Customs agent says, "Don't worry, Sir. You probably have traces on your clothes. Have you been to a marijuana coffeehouse in Amsterdam?" The American repiles, "Yes." Is that probable cause to search his US home?
3.21.2008 1:27am
TruePath (mail) (www):
This link takes you to images of child pornography

Are you going to click on it? Would you do so if you were drunk or hadn't just read this post? Does it seem reasonable that the feds could now search your computer and mail?

If not what is different? The only thing I can think of is the fact that this isn't a forum devoted to discussing child porn positive activities. But surely that sort of first amendment protected behavior can't be the grounds for the warrant. Moreover, if all the weight is coming from the nature of the forum then how can clicking on the lins bootstrap up to a search that mere forum membership wouldn't have been sufficient to justify?
3.21.2008 1:30am
RainerK:
Does anyone who accesses not one, but several files with names containing 4yo_su** not know what that is supposed to be?
What I have more of a problem with is the Feds stating "... a Ranchi user utilizing the IP address...."
How do they know that? It is quite possible that someone got the link address somewhere else and never visited Ranchi at all. But the fact remains, what were they thinking 4yo means?

Another concern to me is the breadth of the search warrants: "The search warrants authorized FBI agents to seize and remove any "computer-related" equipment, utility bills, telephone bills, any "addressed correspondence" sent through the U.S. mail, video gear, camera equipment, checkbooks, bank statements, and credit card statements." Utility bills?
Now they're obviously not limiting themselves to the alleged access of contraband via the Net, but they're looking for any other way the suspect could have possibly gotten or even produced more of the same or if he has live scene contacts. Strikes me as "Once we have a target, we're free to go fishing."
I do happen to think that cp and drugs are godsent issues for law enforcement broadening their powers.
3.21.2008 1:30am
Fub:
M. Slonecker wrote at 3.21.2008 12:05am:
Sorry, but any attorney with a technical understanding of how the internet actually works should be able with relatively minimal effort to sucessfully challenge a warrant issued by those who are generlly technically clueless.
Successfully challenging a warrant depends upon the courts having a clue, regardless of the cluefulness of the defense counsel. According to the cited article:
But the magistrate judge ruled that even the possibilities of spoofing or other users of an open Wi-Fi connection "would not have negated a substantial basis for concluding that there was probable cause to believe that evidence of child pornography would be found on the premises to be searched." Translated, that means the search warrant was valid.
That's as technically wrong as it's possible to be.

But it's legally correct as long as courts say so.
3.21.2008 1:35am
Apodaca:
David Nieporent:
you seem to be confusing "beyond a reasonable doubt" with "probable cause."
David, you seem to be confusing "my IP visited a URL" with "my IP visited a URL under circumstances where there's a fair inference that I knew or had reason to know the allegedly unlawful nature of the content available there."
3.21.2008 1:56am
OrinKerr:
But surely that sort of first amendment protected behavior can't be the grounds for the warrant.

That is quite wrong, actually, although I appreciate the preface "surely" before stating it. Consider this: You have a First Amendment right to announce that you have 10,000 images of child pornography at home, and to say that you absolutely love it and can't live with out it. But the fact that you have a constitutional right to say it does not mean that it can't be used to create probable cause against you. If you want to talk about your interest in criminal activity in a public forum, it's not a Fourth Amendment problem to use that evidence to get a warrant.
3.21.2008 2:10am
Bacchus (mail) (www):
Oddly enough, I got a spam email a few days ago that included a link advertising child porn. What was unusual in that it was by far the most explicit and direct solicitation to view child porn that I've ever seen on the internet, and I'm a user who must filter and process thousands of spam messages a day, most of which originate in the porn industry.

This thing was so unusual and so open (with no circumlocutions or misspelled words or euphemisms) that my very first thought was "Geez, this feels like some kind of entrapment email." The "vibe" was that it was written by somebody with nothing to hide and no consciousness of guilt.

As I deleted the email, link unclicked, and then emptied my trashcan for good measure, I remember thinking that I was being unduly paranoid. After seeing this story, I am wondering again.
3.21.2008 4:10am
Charlie (Colorado) (mail):
Orin, this really raises an interesting secondary question. As someone whose technical speciality involves computer security, I can tell you that the ideas already presented here are not nearly as slick as some that could be applied; nor would it be at all difficult for a nefarious user to create apparent requests from anyone's computer to any of these files.

Given these facts, can a judge ignorant of the technical issues make a valid decision on probable cause?
3.21.2008 4:24am
TruePath (mail) (www):
OrinKerr,

I stated that very sloppily. Obviously speech can be a justification for a warrant in many circumstances, e.g., when you admit to having evidence of a crime.

What I meant was that it is impermissable to infer that because one associates with a certain political group or social organization there is probable cause to execute a warrant on you because frequently those who share your views are evidence of some crime. Part of the reason I stated it so sloppily is that I'm having trouble formulating the exact difference but what I am really getting at is illustrated by the examples I gave.

In particular I suspect that 90% of members of NORML (marijuanna legalization advocacy) have marijuanna in their home. Suppose the government had credible survey data that proved this. Could the government then obtain a search warrant merely on the grounds someone is a member of NORML? If there isn't some protection for obtaining search warrants based on inferences from protected political association it would seem this would be valid. Presumably the situation will not change if I suppose the government finds a lighter in plan view in the house of a NORML member. Could the government, even though this lighter would not create probable cause for a search for marijuanna in general infer that in this case it did because people who advocate for marijuanna legalization are so frequently in possession?

Sorry for the sloppy wording. I was in a hurry and I thought that people would see where I was getting at. I'm quite curious about this so would appreciate an answer on this point.

If in fact using NORML membership in this fashion against the person is invalid how is it different when it comes to membership in this forum? Or to put it differently the analysis in the post seems to tacitly assume that probable cause tracks probability but how can it do so without giving absurd results in the NORML case? Or alternatively how does one not gain probable cause to search the nearest ex-con's residence after a robbery in the neighborhood if hypothetically they were statistically very likely to have committed the crime. I suspect the answer is that probable cause does not track probability but then the explanations in the post seem insufficient.
3.21.2008 5:19am
UWV (mail):
Is this scenario unlikely?

The FBI sends out a link to a a site that doesn't exist saying it is child porn. Some rascal recieves the link or sees it, or is told about it, but doesn't himself access it. He posts messages on various boards changing the text. Instead of saying something along the line of "come see hot kiddie porn" he instead says "read about the secret prophecies of Jesus" or "Obama is really a terrorist here's the proof". Soon hundreds of people, maybe thousands, start clicking on the link. They don't get anything they expected, nor do they get child porn as the story goes. What they do get is a raid by the FBI as pedophiles.

If the FBI sent a link directly to person X and person X responded they might have a strong case to say there was probably cause. But what about others who might go there? Does the FBI have a "chain of custody" regarding what information those people received which inspired them to go that link?

The problem is that once a link is released in the Net there is no clear chain linking a visitor to the actual message originally sent out. For all the judge knows someone linked because they were told they could contibute to Obama's election campaign there. I can see some justification for saying the immediate recipient responded and this was sufficient for a warrant but all subsequent recipients, or those who come from sources other than a direct solicitation, may be there for many different reasons, none of which are criminal.
3.21.2008 6:25am
UWV (mail):
Is this scenario unlikely?

The FBI sends out a link to a a site that doesn't exist saying it is child porn. Some rascal recieves the link or sees it, or is told about it, but doesn't himself access it. He posts messages on various boards changing the text. Instead of saying something along the line of "come see hot kiddie porn" he instead says "read about the secret prophecies of Jesus" or "Obama is really a terrorist here's the proof". Soon hundreds of people, maybe thousands, start clicking on the link. They don't get anything they expected, nor do they get child porn as the story goes. What they do get is a raid by the FBI as pedophiles.

If the FBI sent a link directly to person X and person X responded they might have a strong case to say there was probably cause. But what about others who might go there? Does the FBI have a "chain of custody" regarding what information those people received which inspired them to go that link?

The problem is that once a link is released in the Net there is no clear chain linking a visitor to the actual message originally sent out. For all the judge knows someone linked because they were told they could contibute to Obama's election campaign there. I can see some justification for saying the immediate recipient responded and this was sufficient for a warrant but all subsequent recipients, or those who come from sources other than a direct solicitation, may be there for many different reasons, none of which are criminal.
3.21.2008 6:25am
NI:
UWV, I don't know if that's a likely scenario or not. But if it did happen, I can see one of two possible results (or both).

Either the FBI finds itself with thousands of hits, far more than would be expected, figures out that something is wrong, and pulls the plug on the whole operation.

Or it raids thousands of innocent people who then sue the FBI for negligence on the grounds that it was forseeable that once a link is released onto the Internet other people will copy and forward it to people who had no way of knowing its original pedigree.
3.21.2008 9:25am
NaG (mail):
Can't the FBI figure out where people who hit the weblink are being referred from? That way, they could sort out those who reached the prohibited website from the targeted BBS as opposed to from some other location. I would think that would solve UWV's concern.
3.21.2008 10:21am
ruralcounsel (mail) (www):
Anyone notice how many of these troubling "probable cause" issues revolve around morality statutes ... drugs and porn, probably gambling, etc?

My philosophy is that until we can handle the crimes where people physically behave badly, we need to quit worrying about the ones where we don't like what pharmacuetical molecules are floating around in their bloodstream or what thoughts are floating around in their minds.

At least it is really obvious that there are lots of ways to mislead/trick a computer-based scam trying to lure offenders ... which should weaken any probable cause finding. Kinda similar to the RIAA suits where the industry claims someone downloaded music to a certain computer, and sues the owner ... even when someone else might have had access to that computer or that person's wireless. Seems like RIAA is starting to get payback on that tactic.
3.21.2008 10:35am
billb:
I'd take David Schwartz's drug analogies a step further:

If the police go to a neighborhood where crack is regularly sold in the open on the street corners, setup a table with a sign saying "Free Crack!" and a bucket of baggies with a crack-like but legal substance in them, surveil the table, and follow those who take a baggie home, do you think there is probable cause to grant a search warrant for the homes of these people? If not, how do you distinguish this from the case at hand? Second, do you think this counts as inducement? If not, why not?
3.21.2008 10:42am
Dan Weber (www):
From a technical perspective, you can get someone to "click" on a link without leaving any referrer trail to yourself. All I need you to do is load up some HTML I've got, and use some META refresh yumminess, and the referrer is now (generally) blank.

(Forging referrer headers is generally pretty hard, and requiring exploiting bugs. Those bugs are generally fixed as they are found, but I'm sure there are more bugs we just haven't discovered yet.)

This is a good reason to use NoScript, although that's only partial protection.
3.21.2008 11:12am
fooTryingToFindANameThatWorksAsGuestFoo:
66.232.138.21 might appear to be a korean site in the whois, but the /17 it's in is owned by Hostway Corporation in Chicago. Read into that what you will.

I wouldn't click it.
3.21.2008 11:39am
OrinKerr:
What I meant was that it is impermissable to infer that because one associates with a certain political group or social organization there is probable cause to execute a warrant on you because frequently those who share your views are evidence of some crime.

True. But no one is doing that here, it seems to me.
3.21.2008 11:52am
OrinKerr:
Anyone notice how many of these troubling "probable cause" issues revolve around morality statutes ... drugs and porn, probably gambling, etc?

The issue isn't so much "morality statutes" as it is contraband statutes. Contraband prosecutions are always very Fourth Amendment focused because possession is often hard to challenge; the key to the defense becomes trying to suppress the evidence possessed.
3.21.2008 11:55am
shawn-non-anonymous:
It would be trivial to view the link without giving your IP address to the FBI--just use an anonymous, foreign proxy server. That server makes the requests for you, using it's own IP address. Then it sends the information to your browser where it is displayed as if you had browsed it directly.

If your PC has been compromised and is now a "zombie" or part of a botnet, the person with access to your machine can turn you into their own proxy server and do all sorts of illegal stuff in your name. When the FBI shows up to throw you to the ground and handcuff you in front of your family, you can be comforted by the fact that they will eventually let you go and give you your personal property back.

Now if there are thousands of hits, the FBI would catch on pretty quick, right? Just like credit card companies catch on when a credit card number is posted on the net and large numbers of transactions show up in a short period of time. Of course, the folks stealing card numbers know about this and are clever in how they use these card numbers. You generally only get one or two shots with a number before it's useless. I think it's reasonable to expect they'd also use FBI honeypots the same way. Once they discover one, they'll use it only once so as not to ruin the chances their target will get nabbed. (What happens if they upload some real kiddie porn onto the guy's PC prior to signaling the honeypot?) Some 15-yo in Deluth could do some serious damage to a person's reputation, stress, and bank account from the safety of their basement computer setup thousands of miles away.
3.21.2008 11:58am
Gary McGath (www):
Legally you may be right, but morally it's entrapment -- luring people into committing a technical crime in order to arrest them -- nonetheless. The idea that viewing an image can be a crime is outrageous in itself. This takes it a step further, making a crime of attempting to view a non-existent image. The only purpose this serves is to put people in jail.
3.21.2008 12:07pm
Tony Tutins (mail):

But the fact remains, what were they thinking 4yo means?

But what if they clicked on a TinyURL? Further, enough people got rickrolled a year ago to establish that the habit of negligently clicking on links is widespread.
3.21.2008 12:07pm
The Unbeliever (mail):
Is this really a question of probable cause? Sure, there are a hundred different ways to trick someone into visiting a link, or hide your own attempt to do so, or otherwise create a false positive. But does the existence of those cases actually eliminate the "probable" part of the phrase?

So long as the FBI is sure the IP they logged is the IP that attempted to visit the link, isn't the possibility that the suspect is an unwitting victim of one of those scenarios a question of fact for an indictment or trial?
3.21.2008 12:18pm
Anderson (mail):
N.b. that I just now got what "4yo" stands for -- I'd been thinking "for you."
3.21.2008 12:19pm
TruePath (mail) (www):
OrinKerr,

My argument was the following. Either the law gives the bad (though not necessarily legally inconsistent) result that anyone who clicked on the link I posted early in this discussion would have created probable cause for a government search or what created the probable cause was the fact that these people were memembers of a bulletin board that was favorably disposed towards child pornography. What is it that lets you draw the legal distinction between membership in a group like NORML and frequenting a bulletin board that is filled with other pedophiles?

I mean analagous to the link I posed earlier in this discussion suppose someone went to a young republicans meeting or some DEA office's spring picnic and said, "hey anyone want to buy some pot brownies for a dollar." Presumably this would not create probable cause to search these people's homes for marijuanna. I mean after all it seems reasonable to conclude most people in these situations who did buy a brownie did so not really believing it was a pot brownie. However, suppose (analagous to the post of links on this bulletin board) some government agent makes the same offer at a NORML meeting (say in both cases it wasn't real pot brownies) which seems to exactly track the posting of these links on this pedophile forum. Now you might say in that context people's willingness to purchase something advertised as a pot brownie for a dollar does give probable cause. However, all the work in this situation was really done by your expectations of members of NORML. The distinction that makes us say that the people who asked for a "pot brownie" at a NORML meeting are likely to be trying to do something illegal while the young republicans/DEA picnic attendees offered the same choice is just our prior assumption that people who go to NORML are likely to smoke pot. If that sort of consideration is impermissable to establish probable cause in the first place how can it create the probable cause for the NORML members that was laking for the other hypothetical?

I'm crazy tired (preparing for big talk) so this isn't very clear but the point I'm trying to make is that I don't see the distinction between the behavior of the pedophiles on this forum and someone who clicked the link I posted in this thread other than the fact that these people associated in an organization that was pro child porn.
3.21.2008 12:25pm
TruePath (mail) (www):
I think what is really bothering me about this situation is the following:

The FBI did not actually gain any specific evidence that these men were likely to have child porn on their computers or at their homes other than the fact that they were the sort of people who were inclined to download child porn. I presume that merely intending to download child porn is itself a crime but surely there was no reason to think there was evidence in these individuals' postal mail that they had intended to download the videos from the FBI's site but the scope of the warrants seems to suggest that the magistrate took them to have probable cause to search these people's belongings for other examples of child porn.

This is why it is analagous to getting a search warrant for someone's house on the basis of them being an ex-con living nearby or a NORML member. The only connection between clicking these links and the belief that evidence of a crime would be found in many of the search locations is that clicking on the link showed them to be the sort of person who was likely to like child porn. Thus I don't see how you can distingush this sort of warrant from other warrants issued without particularized suspicion but instead simply on data suggesting that this person was the sort of person likely to engage in a certain illegal activity.
3.21.2008 12:38pm
Elliot123 (mail):
"As I deleted the email, link unclicked, and then emptied my trashcan for good measure, I remember thinking that I was being unduly paranoid. After seeing this story, I am wondering again."

Keep in mind that files remain in your hard drive after you empty your trashcan. They remain in place until some other application writes over them. So, it's possible a file will remain on the drive for years after it has been put in the trashcan, and after the trashcan has been emptied hundreds of times. There are programs available which can easily retreive these trashed files.

To really get rid of the file, trash it, empty the trash, then use a wiping program. It actualy writes over the space used by the file. Emptying the trash just makes the file's space available for use, but does not change it. Wiping replaces the files bytes with different values.

An analogy: I have ten blackboards filled up with writing. I hand a paper sign on three of them saying "Trash." That means anyone else can come in and use the boards as they please. But, until someone uses the board, the last thing written on it is still there.
3.21.2008 12:52pm
Henry679 (mail):
OK, after reading this story, why would I ever click on a shortened link (like from snipurl, or tinyurl), or just any unfamiliar link, in a forum, message group, comment section (like this one), newsgroup, etc.? I never worried about it before because I figured my firewall, anti-virus, etc., would protect me from true mischief. But I guess I wasn't counting on the terrors of the all-powerful state.
3.21.2008 12:59pm
an internet user:
Can anyone comment on the legality of the charge "clicking on an illegal hyperlink"?

About 10 years ago when the pInternet was a much newer phenomenon, and was when I was much more naive, I remember clicking on one or two links that purported to be child porn, just because I was curious: is this stuff really on the internet?

What I got was not child porn, and I never tried it again out of fear that the "feds were watching". But the fact is that there are people out there who are more curious than criminals, and this kind of stuff is set up to catch them.
3.21.2008 1:20pm
OrinKerr:
TruePath,

To be honest, I don't understand your argument. There is only one question here: Did an incoming link from a U.S.ISP indicate a "fair probabiility" given the context in which the link was posted that there would be evidence of the crime in the home to which that IP address was assigned? I know you're trying to focus on the possible First Amendment issues, I assume because there is something about this case that reminds you of other cases that raised First Amendment issues. But I don't understand the argument. Perhaps you could cite the best cases for your side?
3.21.2008 1:22pm
Bacchus (mail) (www):
Elliot123 wrote: "Keep in mind that files remain in your hard drive after you empty your trashcan. They remain in place until some other application writes over them. So, it's possible a file will remain on the drive for years after it has been put in the trashcan..."

I actually know that, but it's useful info for folks who don't. Consider that in my case, all I was deleting was the purported spam email, which I had carefully not clicked the links from. So (a) there was no real need even to delete the email; and (b) if it were recovered by computer forensics, I don't think it could incriminate me in any way, since it was unsolicited and almost certainly bogus along at least one axis of bogosity, if not more.

Which means that, like anything else in security, the amount of deletion you need depends on your threat model. My imagined "threat model" for deleting the email was twofold; I figured there was a chance (very small) that the link was an enticement designed to do me some harm if I clicked it, and another chance (vanishingly small) that the link was honest and would create legal liability for me if I clicked it. Since I had ZERO intention of clicking the link, my only need was to eliminate the possibility of accidental clicking; and standard deletion (followed by clearing my garbage can) provided "good enough" satisfaction of that computer security need.
3.21.2008 1:32pm
naked pictures of children illegal?:
Since when are naked pictures of children illegal? I have some picture of my brother's 1-year old girl on my phone, taken when he and his wife were giving her a bath, (she's a beautiful little girl). So can that send me to jail for child porn if someone were to search my phone?

Also, on my coffee table is a book where the cover has naked children on it -- photographer Sally Mann's book "Immediate Family" (My girlfried is an amateur photographer and loves Sally Mann's work)

So given that the guy was convicted of "clicking an illegal hyperlink" and for unknowingly possessing a grainy thumbnail nude picture of a possibly underage girl (who can tell in a grainy thumbnail). But the girl was just photographed nude, not in any sexual act.

So how is plain nudity child pornography? This case is more than a little troubling in a lot of ways. If someone were to trick me into clicking a link like that, I could go to jail too, but not because I am doing anything wrong.

What is also troubling is that probably close to $500,000 will be spent in the guy's trial and prison costs. We could put that money to much better use, like paying for children's health care if the intent was really to "protect the children".
3.21.2008 1:32pm
dontclickonme:
>"Can't the FBI figure out where people who hit the weblink are being referred from? That way, they could sort out those who reached the prohibited website from the targeted BBS as opposed to from some other location."

Yes, they could by logging the Referrer header (which could be easily faked by a malicious program). But the articles make clear that they do *not* do so. This can only be construed as an effort to cast as wide a net as possible. They apparently don't care *how* the link was accessed - just the IP that was used.

It sure looks like a case of "shoot them all, and let God sort 'em out". They're hoping to get a few good hits out of the thousands of busts. The downside is minimal - maybe a little bad publicity for a bit. But the increased activity has got to look good at budget review time.
3.21.2008 1:56pm
Fub:
OrinKerr wrote at 3.21.2008 12:22pm:
To be honest, I don't understand your argument. There is only one question here: Did an incoming link from a U.S.ISP indicate a "fair probabiility" given the context in which the link was posted that there would be evidence of the crime in the home to which that IP address was assigned?
As several others, including dontclickonme at 3.21.2008 12:56pm (immediately above) have pointed out: The prosecutor presented no evidence of the referring link. That means that the prosecution presented no evidence of "the context in which the link was posted", at least no evidence that the defendant got the link from the "context" that prosecution claims he did.

If the standard for probable cause is "his computer accessed this URL", then that standard will give incentive for law enforcement to simply give a URL to a spammer, and then swear for a warrant on every clueless spam recipient who clicks on an emailed link advertizing "v1A64a" or cheep mortgages.

As Operation Green Merchant amply demonstrated nearly twenty years ago, morality law enforcers are quite happy to make such sweeps of the innocent and let gawd sort 'em out later.
3.21.2008 2:34pm
George Weiss (mail) (www):
here's my problem with the current sttutory scheme combined with the procedure for prosecuting it.

while there is a definition of probable cause-in the end-its an evidentially standard which is highly subjective-and people's opinions will necessarily vary widely about what makes probable cause (just as they would other evidentially standards-like reasonable doubt and preponderance-we recognize this in our system by having a jury for some of these decisions)

while sometimes, when a cop has probable cause (or thinks he does), he goes and executes the search right then..thats when he has an exception to the warrant requirement (consent, PC+exigent circumstances, automobile search on PC (us v carrol) etc, inventory search etc.q)

those warrantless searches can be second guessed. If later, some court decides he may not have had that PC-or consent-bam, litigation on exclusion and a possible 1983 (or bivens suit if its a federal agent-since the feds are immune from 1983.

In our case-it seems likely he'd have to convince a judge to get a warrant-since it doesn't seem PC alone would be enough here with the fake kiddie pron links)

however-(this is the problematic part)

probable cause is 99% upheld (and thus does not allow for suppression) as long as you get a magistrate to sign the warrant and the police operate under good faith that the magistrate meant that there was probable cause. Any magistrate will do-(if magistrate A refuses to sign-go to magistrate B). Furthermore, under qualified immunity, the police are immune from any liability caused by their ransacking of an innocent person's home as long as they get 1 magistrate-again any magistrate including the one on the fifth try-to sign their warrant affidavit.

that means-even if the entire federal judicary would disagree with the standard of probable cause the judge adopted, as long as he signed the warrant-the police can search-and no matter how much the rest of the world find the search as a complete fishing expedition, there is no remedy whatsoever. (even if the magistrate now regrets singing the warrant-heck even if the magistrate was drunk-so long as the police executed it in good faith)

also remember that a warrant is a 100% ex parte decision. the prosecutor for the gov, or the law enforcement agency alone perhaps, is begging and pleading the magistrate to sign that warrant. Nobody is there to argue that they are being overzealous-but it might be a mistake. (note-im not saying there should be-warrants are necessarily ex parte by their nature-im just pointing out the reality)

HYPO
your a magistrate at 3 in the morning. The FBU says-we sent out these fake links (in your hypo-in spam emails) to 100 people. 5 people clicked-your honor it must be them! (you can do this and still believe in good faith because your not lying in the warrant affidavit..)


Furthermore-your honor-even if he didn't have intention to keep it after he saw it-and even if he was revolted by it and left the page but it stayed in his temporary internet files-, as long as he knew about the images-and their location in temp internet files-and he didn't immediately get rid of it or call the police after he become aware of it-entirely to the best of his knowledge,-perhaps even on his unallocated space after he tried to delete it-if the guy is as computer savy as Orin Kerr (constructive possession goes pretty far)..hes still criminally liable for possession as long as he knew they remained in his possession. see 18 USC 2552a

plus, your honor, our link contained more than 3 images, and since there are more than 3 images-even if he did immediately format his hard drive-there is no affirmative defense of immediately getting rid of the images or reporting it to police under 18 USC 2252a for more than 3 images. your liable once you find out about them and there is nothing you can do to make yourself not liable-calling the police might only assure prosecution.

but here is the key-even if YOU don't think this is probable cause-your honor-SOME MAGISTRATE WILL, and once he does-that the end of the story-no exclusion, no lawsuit-as long as the warrant is signed and they get the right house...so why dont you just sign??
3.21.2008 2:57pm
TruePath (mail) (www):
OrinKerr,

Sorry for being so unclear. I'm leaving for a plane shortly and had much work to do so I haven't gotten much sleep. I'll try one last time but I won't try your patience more than that.

The main thrust of what I am arguing is that high probability is not sufficient to constitute probable cause. Or more precisely it's not sufficient to justify a warrant in all cases and given this fact I don't see how to distinguish the cases where high probability is not enough to justify a warrant from this case.

There are three sorts of cases where it seems high probability of finding evidence of some crime is not sufficient to justify a warrant (or at least intuitively should not be). They are as follows.

1) The high probability of possessing evidence of a crime at their house is infered only because of a statistical correlation between their political advocacy/membership and the proclivity for committing crimes.

2) The high probability of evidence is infered on no other grounds than the fact that they offended once in the past and in a small town this makes them far and away the statistically most probable person to have committed the crime.

3) Slightly more iffily if one can infer a high probability of evidence of some crime in their home simply on the grounds that they have so much information in their house it almost certainly has evidence of some crime in it.

I had always assumed these cases could be distingushed from the normal standard for a warrant by a requirement that the warrant present particularized evidence, i.e., you need to have evidence specific to that case of a specific crime. This would thus rule out probabilistic arguments that would work anytime a certain crime was committed (he's the only guy with a criminal record in our town) as well as warrants based on the gamble that there are so many possible crimes they might have evidence for they surely must have evidence for one. However, both of these options seem to run into problems in this case, particularly the latter one since the FBI just seems to be bettering that 'well if he liked this child porn he probably has some others'

I will give examples below of 1-3 cases where the probability is high but intuitively a warrant is very unreasonable but I took you to already agree with me when you said:

Maybe I misunderstood you earlier but when you said:


What I meant was that it is impermissable to infer that because one associates with a certain political group or social organization there is probable cause to execute a warrant on you because frequently those who share your views are evidence of some crime.

True. But no one is doing that here, it seems to me.


Particularly I took you to be agreeing that in the hypothetical where rigorous scientific studies demonstrated that 99% of members of NORML keep pot in their house it would still not justify issuing a warrant to searc someone's house merely on the grounds they belong to NORML. This would be an example of number 1.

For #2 suppose it's true that pedophiles have a 50% chance of re-offending in any given year but that members of the public who haven't been convicted of molestation only have a .01% chance of molesting a child in a given year. Now take a village of 1001 people in which only one convicted and released pedophile lives and which just discovered a child who killed himself out of shame of being molested. The probability that the 500 other people would have molested a child this year is 9.5%. Thus the total probability that at least one child was molested in this village in a given year would be about 55%. However, conditional on exactly one child having been molested this year (assuming independent events) the probability the convicted molestor did it is about 90%. That seems to be a very high probability but without any particular connection between him and the crime it doesn't seem like a warrant would be reasonable.

#3. Suppose I'm a journalist or someone who has extensive correspondance with many rock muscians and counterculture figures. Given the amount of correspondence I likely have the probability that some of it is evidence that some crime has been committed (drug use say) is super high yet surely a warrant shouldn't be issued just because I have lots of correspondence with famous people.

----

Maybe I'm missing something silly here but I would greatly appreciate it if you could explain whether warrants really could be issued in cases 1-3 based on current precedent and if not what distinguishes these cases from the pedophile case? In particular I don't see the legal distinction between belonging to NORML or associating on a child porn forum nor between saying that you are the only ex-con in town so you likely did it and saying you downloading some possible child porn so you probably have others.
3.21.2008 3:00pm
TruePath (mail) (www):
Weiss:

There were no actual images so he never possessed them. He merely had the intention to posses them. Which troubles me seperate from the legal question.

I mean what probability do I have to assign to a link containing child porn before it becomes illegal for me to click it?
3.21.2008 3:04pm
George Weiss (mail) (www):
truepath-
ok. good point.

suppsoe the fbi did use actual contraband in the investigation..they already do it for drugs
3.21.2008 3:08pm
George Weiss (mail) (www):
trurpath-

my main point though is that since you can magistrate shop and you get the magistrate ex parte to plead you case for the warrant-and that as long as its executed in good faith-it can never be overturned for exclution or civil libaility.

the fact that some people on here thin kthere is PC and some poeple dont is the very3 problem-all a cop needs to do is go to one of the ones who thinks there is PC-and thats the end of the story because of good faith and qualified immunity doctrines...
3.21.2008 3:14pm
David Schwartz (mail):
Did an incoming link from a U.S. ISP indicate a "fair probabiility" given the context in which the link was posted that there would be evidence of the crime in the home to which that IP address was assigned?


Suppose a study indicated that 80% of children between the ages of 13 and 15 who have more than 5 unexcused absences in a month have used illegal drugs that month. In your view, would that create a "fair probability" sufficient to justify compelling them to collect specimens to collect evidence that they had illegally possessed drugs? What about a search of their homes with the sweeping scope of this search?

The question is whether the search is reasonable, and it is not. At a minimum, there is no "fair probability" that the location searched is the site of the crime.

Illinois v. Gates is completely distinguishable. There is a huge difference between an actual investigating officer who observes particular human beings engaged in a particular course of conduct and what happened in this case. The possibility that the tip was malicious (or totally random) was adequately handled in that case by personally observing behavior by these particular individuals that pointed to a specific vehicle they were driving. This behavior was consistent with the tip.

If Illinois v. Gates was even remotely a close call, then this is definitely unreasonable. This is so much worse than Illinois v. Gates.
3.21.2008 3:23pm
George Weiss (mail) (www):
random 1l-didn't see your post before-you made essentially the same point as me before-sorry my bad.

i wish someone besides us was slightly concerned with the combination of the ability to pick your magistrate for the warrant-convince him ex parte-try again if no good- and then have it 100% protected from exclusion or civil liability by any court in the future through leon-as long as its signed by someone

perhaps, since both you and I are 1L's-we find this amazing-but everyone else is already used to that-after all, it has nothing to do with kiddie pron specifically-its just something thats always there in criminal investigations.
3.21.2008 3:31pm
Roscoe (mail):
Reminds me of the DEA's Operation Desert Hoax some years back. They put up a sign on Rt. 15 (between LA and Vegas) that said something like "Slow Down for DEA Checkpoint Ahead, All Vehicles Subject to Search". The sign was right before an exit that literally went nowhere. The DEA watched the exit, and stopped any car that took it. Pretty cute, and they actually caught some bad guys.

That being said, I think that a lot of people here are missing a couple/three points. First, presuming the affidavit includes some expert testimony about how unlikely it would be for someone to be at that site if they weren't looking for kiddie porn, and the practice for persons searching for kiddie porn to store it on their home computers, I think there is pretty obviously probable cause here.

Second, remember we are just talking about probable cause. I don't think that anyone would argue that clicking on the link is a crime (at least one that anyone would care to prosecute). The crime is having kiddie porn on your computer, and if the FBI searched the house and didn't find kiddie porn, that would be the end of it.

Third, the larger issue here is not whether clicking on this link at this site generates probable cause. Rather, we should be considering whether this sort of thing is a reasonable law enforcement practice, both from the standpoint of allocating scarce resources and from privacy concerns. Just because the government can do something, doesn't mean that it should be doing it.
3.21.2008 3:37pm
George Weiss (mail) (www):
if the FBI searched the house and didn't find kiddie porn, that would be the end of it.


except an fbi search of your hard drive can take as long as they want. they frequently will tkae it back to HQ to scower for kidde pron using their high tech software that tries to reconstruct what was deleted.

had work files or school files on there that you need? causes you to loose a job? fail a paper? your tax documents that you were about to file and now have to redo or incur a huge late penalty? too bad so sad-they had a warrant they got from some magistrate..and after that-there is no remedy whatsoever.
3.21.2008 3:44pm
Roscoe (mail):
Reminds me of the DEA's Operation Desert Hoax some years back. They put up a sign on Rt. 15 (between LA and Vegas) that said something like "Slow Down for DEA Checkpoint Ahead, All Vehicles Subject to Search". The sign was right before an exit that literally went nowhere. The DEA watched the exit, and stopped any car that took it. Pretty cute, and they actually caught some bad guys.

That being said, I think that a lot of people here are missing a couple/three points. First, presuming the affidavit includes some expert testimony about how unlikely it would be for someone to be at that site if they weren't looking for kiddie porn, and the practice for persons searching for kiddie porn to store it on their home computers, I think there is pretty obviously probable cause here.

Second, remember we are just talking about probable cause. I don't think that anyone would argue that clicking on the link is a crime (at least one that anyone would care to prosecute). The crime is having kiddie porn on your computer, and if the FBI searched the house and didn't find kiddie porn, that would be the end of it.

Third, the larger issue here is not whether clicking on this link at this site generates probable cause. Rather, we should be considering whether this sort of thing is a reasonable law enforcement practice, both from the standpoint of allocating scarce resources and from privacy concerns. Just because the government can do something, doesn't mean that it should be doing it.
3.21.2008 3:47pm
Quertz:

I don't think that anyone would argue that clicking on the link is a crime (at least one that anyone would care to prosecute).


According to the linked news story, clicking on the link is one of the two charges that the defendant was convicted of. It is illegal to even attempt to download child pornography, punishable by up to 10 years in prison.
3.21.2008 4:15pm
dontclickonme:
>"First, presuming the affidavit includes some expert testimony about how unlikely it would be for someone to be at that site if they weren't looking for kiddie porn, and the practice for persons searching for kiddie porn to store it on their home computers, I think there is pretty obviously probable cause here. "

This argues otherwise:

"There's no evidence the referring site was recorded as well, meaning the FBI couldn't tell if the visitor found the links through Ranchi or another source such as an e-mail message."

In fact, logging the referrer header is *standard* with most web server report generators. You have to do some configuration to exclude it. So they don't know if those
hits were from people visiting that site or not.

>"if the FBI searched the house and didn't find kiddie porn, that would be the end of it."

Sure it is. Let's see - you've lost all of your electronic devices and financial records for some indeterminate time (they're going to keep examining your drives looking for *something*). Your reputation is shot - your arrest is front-page news (at least in your local community). Good luck trying to find a new job with that publicity over your head. Even clearly-innocent people never escape from the stigma, and especially from this particular accusation.

So no, they don't have to convict you to utterly ruin your life.

>"I don't think that anyone would argue that clicking on the link is a crime (at least one that anyone would care to prosecute)"

And yet that's exactly what happened.

"From the FBI's perspective, clicking on the illicit hyperlink and having a thumbs.db file with illicit images are *both* serious crimes"

It seems the FBI disagrees with you.

The really scary thing is how open this is to abuse by malicious third-parties. It's apparent from this episode, as well as the "swatting" incidents, the LE agents are fairly easy to manipulate. Just feed them information that re-enforces their preconceptions about a situation, and watch them wreak havoc on your target. And with immunity from civil action, there is no effective mechanism to correct the problem.
3.21.2008 5:05pm
rigeldog:
This is just over-reaching. The idea that clicking on a link can constitute probable cause---not even accounting for all of the various computer-magic that can mis-identify the click-or, who may not even be a human---is to me a terrifying prospect. As a prosecutor, I couldn't be more in favor of catching those who sexually exploit children. But it has to involve more old-fashioned "real life" investigation than the given scenario provides.
By the way, the scenario said nothing about "downloading" or "saving" the image. It just identified the suspects as those who clicked on the link. I'm not a computer-whiz, but simply visiting any website creates a record in one's hard drive, yes? There is no mention in the facts above of a person having to take yet another step to download.
3.21.2008 5:28pm
2L Guy:
There are many problems with this law enforcement approach, most of which have been mentioned.

However, another thing worth noting is that the FBI did *NOT* have a system in place for determining where the "click" came from. In other words, the person might have clicked on an email, on the forum, or some other web site. The text he clicked on may or may not have included any words that indicate it was child porn.

I could easily send people an email that includes a link to a "Supreme Court PDF opinion" but actually took them to a child porn link. I could do this as a joke, or to ruin someone's life.

But the FBI would have no way of determining how or why the person opened that connection (based on the facts of this case).
3.21.2008 6:40pm
OrinKerr:
2L Guy,

That's why the timing was important. As I understand it, the click in this case occurred 4 hours after the undercover posted the message.

Of course, it's theoretically possible that someone would read the message on a child porn message board, not actually click on the link (which would show no video was there), instead copy the link location and then send an e-mail to someone else disguising the link as an innocent link to something that isn't child porn, all very soon after the initial message. But it seems pretty unlikely, and probable cause only requires a "fair probability."
3.21.2008 7:11pm
eyesay:
Quertz: you wrote "It is illegal to even attempt to download child pornography..."

On that linked page, it says this (please excuse lack of proper formatting):
Affirmative Defense. It shall be an affirmative defense to a charge of violating paragraph (4) of subsection (a) that the defendant—
(1) possessed less than three matters containing any visual depiction proscribed by that paragraph; and
(2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any visual depiction or copy thereof—
(A) took reasonable steps to destroy each such visual depiction; or ...
Based on that, it would seem that one is free to view three child porn images from the internet, provided that one promptly "destroys" each image after viewing.

I suspect that this analysis is wrong, but please explain why.

Also, what if one viewed four images, but never had possessed than three images at any one time? Is possession to be interpreted instantaneously or for one's entire lifetime?
3.21.2008 7:51pm
dontclickonme:
>"That's why the timing was important. As I understand it, the click in this case occurred 4 hours after the undercover posted the message."

That'll probably only be true for this first instance. Now that the cat is out of the bag, so to speak, I don't think you can depend on that.

It's *trivial* to write a small program that reads a message board, scrapes links, and sends GET requests to each one. Totally automated. And this could just as easily run undercover on a Windows box, just like the multitude of worms and bots do now. Add in an update capability via irc, and you've got the makings of quite a mess.

It would be even easier to automatically scrape the links from boards and channels, and blast out spam with them embedded. The infrastructure to do this is out there right now.

Before this operation, there would have been no value to the script kiddies to set up anything like this. Except in the cases of DDOS attacks or click-fraud, there wasn't anything to gain. But thanks to the knee-jerk reaction of LE to an easily-forged HTTP request, there is. At least to those who get their kicks from causing trouble for others. And there are a *lot* of those on the net.
3.21.2008 8:10pm
Dave Krueger (mail) (www):
I wonder how much the crime rate would drop if we eliminated all the crimes that cops trick people into committing. I'm guessing about half.
3.21.2008 8:19pm
warrior (mail):
If the FBI only had the log of the IP clicking on the link, without any referral to where the link came from, that is, no evidence that the IP ever accessed the message board with the explicit description, would that be proof beyond a reasonable doubt of attempt to download child porn? Any case law come to mind?
3.21.2008 8:39pm
Quertz:
eyesay, the standard IANAL caveats apply, but my main purpose was to show that the FBI had reasonable suspicion to conclude that a crime was committed and thus should have had a basis to get a warrant. The affirmative defense, however, only relates to the possession of child pornography (paragraph 4 of subsection a), not to the attempt to receive it (paragraph 1 of subsection b, in reference to paragraph 2 of subsection a).

There are too many unknown variables in this case. Assuming the clicks to the link came within a relatively short period after it was posted, that the link was clearly identified as child pornography, and that the existence of an FBI honeypot was unknown (and thus there was no reason for people to try and use links on that message board to entrap people in an FBI sting), it seems that there likely was enough evidence to bring charges and gain a warrant. Lots of ifs, I know.

In the future, I would expect the bar to be raised for this sort of FBI action if anyone can document any effort by groups to surreptitiously make people download links from the board in question or similar boards.
3.21.2008 8:44pm
brett:
So what happens when someone not so tech-savvy (or maybe just not concentrating) searches for "4 year old sucks thumb" (looking for a topic on a parenting forum) and land at a search results page that leads them to the FBI links... Do they have to expect a visit by the police?
3.21.2008 8:52pm
andrewg:
Repugnant.

The FBI that is.

And people wonder why there is an ever larger segment of the nation with a deep abiding and visceral hatred for the government and anyone connected with it.
3.22.2008 12:57am
Elliot123 (mail):
When the internet was initially introduced on a limited basis in Saudi Arabia, they had all kinds of filters set up to defeat the forces of vice. I had one of the first connections, and needed information on the Excel spreadsheet versions that were available.

So, I entered "MSExcel" into Yahoo, and was promptly flagged as a pervert for searching for MSExcel.
3.22.2008 1:01am
eyesay:
Elliot123: Good thing you didn't search for "Jewelry" . . .
3.22.2008 1:59am
Bern (mail):
People searching for Scunthorpe in the UK have similar problems when browsing behind content filters.
3.22.2008 11:21am
David Schwartz (mail):
Quertz: Reasonable suspicion that a crime has been committed is not probable cause to search a particular location for evidence of it. In fact, I can't imagine what they could possibly have been searching for. If you assume an actual human being clicked the link, presumably on not finding what they were looking for, they would not have kept the contents.
3.22.2008 11:45am
Houston2L (mail) (www):
The prefetching concerns are valid ones. Google employs prefetching for Mozilla/Firefox users (http://www.google.com/help/features.html#prefetch) so theoretically one does not need to click the FBI's link or even visit the offending forum for a connection to be made and ones IP address to be recorded. Type in the right keywords in Google and one might get an unexpected visit.

It seems to me the 'fair probability' in question is perilously predicated on a heterogeneous and evolving technological context and on whether a magistrate can really make a 'common sense decision' with the limited facts he or she is likely to have in front of them.

I just finished a paper on this subject and owe a huge debt to Prof. Kerr and VC. Only wish this thread had come up before I had written it. It would have saved me some work and suggested a few new avenues. ;-)
3.22.2008 2:49pm
Elliot123 (mail):
What is the quantitative value of "fair probability?" Is a fair probability higher or lower than average probability? Poor probability? Very good probability? How about plain old probabilty without an adjective? In the law, doesn't it come down to:

1. We think he has contraband.
2. We really think he has contraband.
3. We really, really think he has contraband.
4. We really, really, really think he has contraband.
5. I need a promotion.
3.22.2008 3:00pm
DamionKutaeff (mail):
Hello everybody, my name is Damion, and I'm glad to join your conmunity,
and wish to assit as far as possible.
3.23.2008 7:06am
RT:
This has to be the MOST disturbing conversation I've read in a long time... I CAN NOT BELIEVE anyone with any knowledge of how computers and how the internet works or I should say, can be made to work/look like. Believes that this isn't a serious perversion of "justice"..

Anyone who has done any sort of IT work should know this "evidence" is a "joke". If they don't realize that, then they shouldn't be in IT and don't have a clue as to what they're doing.

I'm all for stopping child pron.. but this is a bit much.. You don't sacrifice the innocent in hopes of catching the guilty. In this case, I don't see how anyone could condone such actions. And as was stated by others.. this is one of the many things leading to the distrust of law enforcement and the government..

Also added IANAL, nor do I need to be one to know stupid when I see it.. Though I am well versed in IT, and this reaks of ignorance..
3.24.2008 3:15pm
htom (mail):
I am not sure if the behavior of the FBI or the behavior of those seeking kiddy porn is more disgusting. In that the FBI is supposedly acting as an agent of my government, I am very inclined to say that it is the more disgusting (and I use that word because I can't think of a properly revolting one.)

This is imagined thought crime. Clicks are like noise, there's no way of telling where or why they've arrived.

Since it's legal for the government to secretly install software on your pc, how is it possible to tell that that secret software has not done the clicking?

I understand that these actions by the FBI may be legal; I am unimpressed by that claim.
3.24.2008 4:40pm
Dan(lazy)Honnet (mail):
Hello everybody, my name is Daniel, and I'm glad to join your conmunity,
Wish to assist as far as possible.
3.25.2008 11:10am
Eric Scheie (mail) (www):
4yo_suck looks like typical south Philly chatter to me. Especially the word "YO." If I had seen that online it wouldn't have occurred to me that the "yo" meant "years old." But then, I was born and grew up in Philly.
3.25.2008 11:46pm
Jasper:
So the feds, apparently, had no control over the website, before, during or after the suspected crime. They now have control over the suspect's computer, but won't/can't provide a mirror copy of the hard drive to a hired computer expert, to conduct a search for exculpatory evidence. The feds themselves will not look for evidence of innocence, and if found, will withhold it, manipulate it, ignore it, or flip it into a "thought crime."

Ironic that an alleged click on a false link carries so much time, yet the feds are allowing companies to profit off footage they already prosecuted as child porn.
3.26.2008 1:42pm
rosignol (mail):
Anyone who has done any sort of IT work should know this "evidence" is a "joke". If they don't realize that, then they shouldn't be in IT and don't have a clue as to what they're doing.

Yeah. Even with all the ways to spoof or clear referrers, if they're not logging referrers, it means the FBI has specifically and deliberately decided to not record potential evidence. That sounds really fishy to me, the FBI's attitude on evidence is usually "we'll take all we can get".

Another question is why they would they be trying to nail people based on a logged ip address and attempting to prove intent, when they could put actual kiddie pr0n from the evidence db on the server and nail actual pedos for possession with no ambiguity whatsoever? There are times when real cops sell real drugs to set up a sting, how would this be any different?
3.26.2008 1:43pm
Cheerful Iconoclast (mail) (www):
I think that Orin may be suffering from a bit of lawyers' tunnel vision here. Sure, the strictly legal question may be whether this creates a "fair probability" (whatever that means) that there's porn on somebody's computer. But many of us think it implicates a few broader issues.

To state the obvious: if the FBI is reduced to putting up fake links to non-existent web sites, it seems fairly clear that kiddie porn isn't actually that serious of a problem. Oh, I'm not saying it's an urban myth, like the Murderous Satanic Cults, but if this sort of investigative technique is necessary, it's probably not a huge problem.

Further, regardless of what happened in this particular case, widespread use of this technique could certainly result in the sorts of abuses your other commenters have discussed. For example, setting people up and the like. And, unlike you, I do think that spam e-mails and less obvious links are a likely next step if this sort of thing is generally allowed.

Finally, even on the narrow lawyers'-tunnel-vision question of whether there is a "fair probability" in this case, I think you are off-base. I am not as technically sophisticated as most of your readers, but as I understand it, the FBI has no way of knowing whether the clicker clicked from the Russian child porn site or from someplace else. Now you say that we can infer that he came from that page because "only" four hours had passed. Well, four hours is a fairly long time. Moreover, as I understand it, they didn't know where he clicked from because they themselves set up the software to not record that information. I fail to see why the government is entitled to a favorable and pretty speculative inference when it's the government's fault it doesn't have the actual information.
3.26.2008 3:18pm
nobody important:
Interestingly enough, these links HAVE been used as "pranks" and embedded etc. by people. The various chan websites revel in just these types of tactics. I can't understand how anybody could decide that this guy had intended to download child pron BEYOND a reasonable doubt with basically zero evidence. Something smells REALLY bad and I hope he has an excellent attorney and the funds to pursue appeals.
3.27.2008 7:56am
David Robarts (mail):
It seems to me that there is probable cause for an investigation; however, I think the means of the investigation ought to be more limited. If the Feds were to get a warrant to monitor the ISP account that appeared to access the honey-pot, they would be able to weed out many of the possible false positives. Because the investigators would have access to inbound and outbound traffic on the account, they would be able to see the context in which the user of the account attempts to access resources. It would not even be very difficult to filter out traffic from a Tor exit node from that of the actual users of the account because the Tor exit traffic could be correlated with the Tor inbound traffic. We already know that the Federal Government has the ability to do such wiretaps. And I wouldn't mind hearing about them doing such monitoring based on warrants obtained through the use of honey-pots.
3.28.2008 2:42pm