Tuesday, October 23, 2018

U.S. v. Henderson (9th Cir. - Oct. 23, 2018)

The FBI is no slouch.

People use the Internet for a variety of things.  Those things include, inter alia, child pornography.  But the people into such things are generally aware that this is a crime.  So they typically go to great lengths to hide what they do.

So here, for example, there's a particular website that's only available on Tor.  The website address is the utterly nonmemorable upf45jv3bziuctml.onion.  Tor makes sure that your IP can't be traced.  And the website's presence on the "dark web" means you can do whatever you'd like on the thing.  Those things including viewing and sharing child pornography.

But, again, the FBI is no slouch.  They get wind of all this, so they (1) get a warrant to seize the servers of this particular website, and then (2) run the website themselves (!).  While doing the latter, the FBI then inserts a malicious code into the website that causes the computer of anyone who visits the thing to transmit its IP address (among other things) to the government.  No more anonymity, notwithstanding the whole "Tor" thing.  Then the FBI follows up on that by getting a warrant and searching the home of all the visitors to the "hidden" website.  Thus getting legions of evidence to prosecute the relevant visitors.

Brilliant.

The short lesson is never to assume, no matter how many precautions you take, that what you send over the Internet is secure.  The FBI has a long reach.

And are pretty darn sophisticated.