Evidence FBI Gathered While Running Porn Site Thrown Out Again

With one warrant, the FBI launched a mass hack against all users of the porn site it had taken over.

Photo: Shutterstock

For the third time, a federal judge has ruled that a mass hack by the FBI — which ensnared thousands of computers based on only one warrant — was illegal.

Like the previous ones, the decision was based on a jurisdictional technicality: Rule 41 of criminal procedure holds that magistrate judges can only authorize searches inside their jurisdiction – meaning a judge in one district cannot authorize a search in a different geographical location.

The hack in question was part of an investigation into a child pornography website called Playpen. Playpen was hosted on the dark web, meaning that users could only access it through a service that concealed their IP address, making it impossible for the FBI to tell who was accessing the site and downloading child pornography.

In 2014, the FBI received a tip from a foreign intelligence agency that Playpen’s server was operating out of Lenoir, N.C. The FBI seized the server, but instead of shutting the website down, continued running it — placing a copy of the site on government-run servers in Virginia.

After obtaining just one search warrant in the Eastern District of Virginia, the FBI manipulated the code on the site to install malware on any computer that entered a username and password into Playpen. The malware would then reveal the location of users’ computers to law enforcement. With that tactic — based on the one warrant — the FBI installed malware on more than a thousand computers, leading to hundreds of arrests nationwide.

Defendants across the country are challenging the evidence obtained through the operation, though, arguing that one search warrant should not be able to authorize such a widespread hacking operation. So far three courts have ruled in favor of three defendants, while 11 have upheld the government’s warrant.

The case has attracted little public attention or outcry, largely because possession of child pornography does not make for very sympathetic defendants. But civil liberties groups are warning that the precedent could lead to a dramatic expansion of government hacking power. If large-scale hacking could be authorized by one judge, it would allow the government to seek out the most sympathetic judge for any nationwide operation.

The DOJ is seeking permission to do just that. At their request, the Supreme Court has already approved a change that would remove jurisdictional limitations on magisterial warrants. Unless Congress acts by December, the rule change will take effect automatically.

Join The Conversation