FBI CP comments - also Entrapment vs Enticement (from a US lawyer)

["Steve Kalman" <techauthor () gmail com>]

I sent this yesterday to an individual, rather than to the group as
was intended. I've also added a few paragraphs.

Entrapment is when a law enforcement officer (LEO) facilitates a
crime. An example: a LEO approaches the owner of a print shop and says
"I just got some great paper. Let's print some currency". Then when
the ink dries, "Good job. You're under arrest."  That's a crime that
would not have happened without the assistance of the LEO.

Enticement is when LEO gets a crook to identify himself. The classic
fencing operation sting is a good example. The crook robbed houses,
stores or people and would have done so whether LEO ran the fencing op
or not. By getting him to come in to sell his stuff (and using video,
etc) a valid arrest can be made.

Note: There is no such thing as civil entrapment (entrapment requires
a crime). There is civil enticement, such as the RIAA running a
honeypot.

In the FBI CP case, the arrestee went to the site on his own, thus
enticement, not entrapment.


Assuming the reporting is accurate (always a risky move) the only
issue on appeal is whether the jury had enough evidence to believe
beyond a reasonable doubt that the links were clicked from his
computer (thus his IP address) rather than from a neighbor who was
using his open access point.

Presence of the downloaded/encrypted file or images unique to the web
site residing in temporary internet cache should cover that.

Had the defendant argued CSRF or HTTP caching or email spidering or
some other "automated" technique (and managed to explain it to the
jury in one-syllable words) he might have confused them enough to get
below the reasonable doubt threshold. By not making those arguments in
the original case, they're gone on appeal. He waived them forever,
unless he somehow gets a new trial.

Had the warrant turned up no such files and no other CP, then the jury
would certainly have found reasonable doubt and acquitted (as they did
on some of the charges).

Whether the police should participate in such stings is a policy
debate, not an issue of law.

I also saw some statements in the article about getting an early
morning visit by merely clicking on the link. Note that the affidavit
for the warrant showed file download logs, not server access logs.
Someone who visited the site then went elsewhere would not raise
enough probable cause for a warrant to be issued (or if issued, to be
sustained).

-- 
Steve Kalman, JD
SSCP, CISSP-ISSMP, ISSAP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.