Playpen: The Story of the FBI's Unprecedented and Illegal Hacking Operation

["David Farber" <farber () gmail com>]

Playpen: The Story of the FBI’s Unprecedented and Illegal Hacking Operation
By MARK RUMOLD
Sep 15 2016
<https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation>

In December 2014, the FBI received a tip from a foreign law enforcement agency that a Tor Hidden Service site called 
“Playpen” was hosting child pornography. That tip would ultimately lead to the largest known hacking operation in U.S. 
law enforcement history.

The Playpen investigation—driven by the FBI’s hacking campaign—resulted in hundreds of criminal prosecutions that are 
currently working their way through the federal courts. The issues in these cases are technical and the alleged crimes 
are distasteful. As a result, relatively little attention has been paid to the significant legal questions these cases 
raise.

But make no mistake: these cases are laying the foundation for the future expansion of law enforcement hacking in 
domestic criminal investigations, and the precedent these cases create is likely to impact the digital privacy rights 
of Internet users for years to come. In a series of blog posts in the coming days and weeks, we'll explain what the 
legal issues are and why these cases matter to Internet users the world over.

So how did the Playpen investigation unfold? The tip the FBI received pointed out that Playpen was misconfigured, and 
its actual IP address was publicly available and appeared to resolve to a location within the U.S. After some 
additional investigation, the FBI obtained a search warrant and seized the server hosting the site. But the FBI didn’t 
just shut it down. Instead, the FBI operated the site for nearly two weeks, allowing thousands of images of child 
pornography to be downloaded (a federal crime, which carries steep penalties). That decision, alone, has spurred 
serious debate.

But it’s what happened next that could end up having a lasting impact on our digital rights.  

While the FBI was running Playpen, it began sending malware to visitors of the site, exploiting (we believe) a 
vulnerability in Firefox bundled in the Tor browser. The government, in an effort to downplay the intrusiveness of its 
technique, euphemistically calls the malware it used a “NIT”—short for “Network Investigative Technique.” The NIT 
copied certain identifying information from a user’s computer and sent it back to the FBI in Alexandria, Virginia. Over 
a thousand computers, located around the world, were searched in this way.

As far as we are aware, this is the most extensive use of malware a U.S. law enforcement agency has ever employed in a 
domestic criminal investigation. And, to top it all off, all of the hacking was done on the basis of a single warrant. 
(You can see our FAQ here for a bit more information about the investigation.)

As it stands now, the government has arrested and charged hundreds of suspects as a result of the investigation. Now 
defendants are pushing back, challenging the tenuous legal basis for the FBI’s warrant and its refusal to disclose 
exactly how its malware operated. Some courts have upheld the FBI’s actions in dangerous decisions that, if ultimately 
upheld, threaten to undermine individuals’ constitutional privacy protections in personal computers. 

[snip]


-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20160923133530:1C5EFF8A-81B4-11E6-BAB1-D192BBD3C4F6
Powered by Listbox: http://www.listbox.com