Slashdot Mirror
FBI Posts Fake Hyperlinks To Trap Downloaders of Illegal Porn
mytrip brings us a story from news.com about an FBI operation in which agents posted hyperlinks which advertised child pornography, recorded the IP addresses of people who clicked the links, and then tracked them down and raided their homes. The article contains a fairly detailed description of how the operation progressed, and it raises questions about the legality and reliability of getting people to click "unlawful" hyperlinks. Quoting:
"With the logs revealing those allegedly incriminating IP addresses in hand, the FBI sent administrative subpoenas to the relevant Internet service provider to learn the identity of the person whose name was on the account--and then obtained search warrants for dawn raids. The search warrants authorized FBI agents to seize and remove any "computer-related" equipment, utility bills, telephone bills, any "addressed correspondence" sent through the U.S. mail, video gear, camera equipment, checkbooks, bank statements, and credit card statements. While it might seem that merely clicking on a link wouldn't be enough to justify a search warrant, courts have ruled otherwise. On March 6, U.S. District Judge Roger Hunt in Nevada agreed with a magistrate judge that the hyperlink-sting operation constituted sufficient probable cause to justify giving the FBI its search warrant."
You should disable prefetching; a little-known fact is that cookies are exchanged when links are prefetched.. if you're on unsecured wifi (like my internet during the months I'm at school) all someone has to do is present you with a link to amazon or to wikipedia or to slashdot, and you don't even have to click it for the auto-login cookie to be exchanged. Those of you with credit card info saved on amazon, beware. ~~~~
apologize? The FBI? You're kidding right?
There is absolutely NO repercussions to a judge who authorizes a search warrant on shoddy evidence. Law enforcement can literally *lie* to get the warrant and, even if you can prove they were lying, there isn't a venue to file your complaint. Even if they cause damage to your property, you can't sue... they had a valid warrant. About the only people you *can* file your complaint with is the FBI.. who will action it, around the 4th of never.
How we know is more important than what we know.
IANAL But I would but wouldn't entrapment be more like they made a page trying to convince you that Child Porn was Legal, Moral, and/or Not a big deal, then give you a link. In general pressuring you do the activity. Just putting a link and say it is for Child Porn, isn't entrapment because the person is actively looking for child porn, and clicks the link knowing what they are getting. Not someone who wouldn't do so except after the convincing.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
There are LOTS of problems here, but in particular (no pun intended), this does not meet the "particularity" test. Courts have also repeatedly held that an IP address does not "particularly describe" a person OR a place, or even a thing. In order to be Constitutional, warrants have to "particularly describe" the person or thing to be seized.
I could have any number of computers on my Comcast connection. I could have open wi-fi and be serving Internet to my neighbors... it would show up as my IP.
This whole thing is a crock of shit.
No.
An example, off the top of my head - if I'm an undercover cop and I walk up to you on a shady street corner and ask if you're holding, and you sell me drugs, and I arrest you, if the evidence is sufficient to establish that you're a drug dealer independent of my initiating a drug sale transaction (e.g., you have other individually packaged quantities of drugs, I have corroborating witness testimony that has you dealing drugs, etc -- yes, this is character evidence, but an entrapment defense puts character in play and I can present it), guess what, even if you wouldn't have sold me drugs but for my request, it's not entrapment.
Oh, and no, asking "are you a cop," and my answer in the negative, doesn't constitute entrapment.
geek. lawyer.
By definition and law, no. Pedophilia is for prepubescent children. Post pubescent, as you mention, would be ephebophilia. Normally the break point is considered 13/14.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
All sex with underage children regardless of age is considered pedophilia.
It's one of those things where people started using the word without actually knowing what it means. Legally, it is not considered pedophilia. That's why statutory rape is on the books and is a different crime. I've had to take child protection courses for my work with the Boy Scouts. That's one of the definitions mentioned. Partly because they are two different categories of offenders and you need to look for different signs for each one.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Nimp.org link. Do not touch.
The "illegal hyperlink" was not in fact illegal - it was a harmless trap full of junk content. They didn't convict him because they found illegal browsing history on his computer - they convicted him because he clicked on their fake file.
The "child pornography" was a single thumbs.db file. You know, the low-res file with all the thumbnail pictures that XP makes for you automatically? At any time in the past, he could have accidentally downloaded pictures (from say a P2P program), deleted them without even viewing them. I find it hard to believe that he could be so good at covering his tracks, but he'd keep a single thumbs.db file around by accident.
At the very least, the first count should be overturned. I'm going to have to look at my pictures pretty closely and delete stuff - I know that I've accidentally downloaded some pretty fucked up stuff from usenet and P2P.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
People seem to think entrapment means "police pretend to let you commit crime".
Entrapment is only when the police encourage, cajole, and pressure you into committing a crime that you wouldn't otherwise have considered committing.
Every time I see a story on a sting like this people trot out the "entrapment!" argument. If things like this were entrapment, every sting operation, every undercover operation, etc. would all be invalidated. Clearly, the cops are permitted to put a fake hooker on a street corner and wait to be approached.
That is why purchase transactions and personal data from amazon are served from a secure server. The secure server uses an independent cookie with the secure flag set, which cannot be transmitted except over https. Hijacking the unsecured session cookie won't get you much more than recommendations tailored to someone else's account. This is a standard design for a high-volume service that can't afford to have every page SSL encrypted.
i am in china and so out of the juristiction of the fbi, so i was able to rtfa without much fear of retribution.
So,fyi, the tfa says that the fbi link was advertising images of a 4 year old, and so it would seem that it falls squarely under the definition of cp.
Max.
Link prefetching does not randomly load any link it finds, the links need to be tagged accordingly, or nothing will happen. See the Mozilla link prefetching FAQ for more info. Unless the FBI people were complete idiots or wanted to massively inflate the number of child porn suspects (considering the german case of over twelve thousand child porn "suspects" to drum up popular support for new, "urgently needed" surveillance laws, the latter is not too unlikely), they probably didn't make use of this feature. It could however be abused to send the FBI to you,
If you read the article, you'll see they quote the court records which show that the search warrant was issued solely on the basis of the man's IP address appearing in the logs of the FBIs HTTP server, doing a GET of the links. As per the article, the FBI did /not/ record the referrer, so there is absolutely no indication the links were followed from the forum. They then found a thumb nail image of naked children on his hard drive..
It seems like this action will predominantly catch people who were specifically looking for child pornography and so searches will therefore find other material. However it is very disturbing that a HTTP GET can result in all your computers, much of your electronic gadgets and all your correspondence being impounded indefinitely. It sounds like it's way too easy for, inevitably, at least few innocent people to be massively inconvienced (potentially maliciously by 3rd parties).
I use Friend/Foe + mod-point modifiers as a karma/reputation system.