Judge rules FBI malware warrant in Tor child porn case 'void'

The judge says the problem lies with how the warrant was issued, not the technology itself.

credit-cnet.jpg
CNET

A US federal judge has ruled that the FBI's use of malware to track down suspected paedophiles was little more than an unlawful search.

The judgement means that 1,200 cases against visitors of a Dark Web domain hosting child pornography could be placed in jeopardy.

Last year, US law enforcement turned its attention to a website hosted on the Dark Web -- only accessible via the Tor network -- which contained content and links to illegal pornography involving minors.

The FBI took over the forum and seized control of the domain's servers, but continued to allow the website to operate while rerouting traffic through FBI servers. After a few weeks of collecting data, the agency obtained a number of search warrants which gave agents permission to identify individual visitors to the website. One of the warrants issued by a local magistrate allowed the FBI to use a Network Investigative Technique (NIT) to track these users.

The NIT, a hacking tool, was used to probe suspect computers, download malware and gather information including the user's IP address, operating system and MAC address, allowing agents to track down suspects to their physical locations.

The use of an NIT, in this case, is focused on Alex Levin, one of many alleged child pornography viewers tracked by the FBI after the US agency seized control of the Dark Web domain.

According to the ruling (.PDF), Levin has attempted to suppress evidence gathered through the NIT, claiming that the warrant was not valid and so the use of such a tool was unconstitutional.

It appears the judge presiding over the case, Massachusetts District Court Judge William Young, happens to agree.

As reported by The Register, Young has ruled the installation of malware on hundreds of user PCs, including Levin's, was little more than an unlawful search as the "magistrate judge lacked authority" to issue the NIT warrant.

The problem is that the Alexandria, Virginia-based magistrate who issued the warrant was only able to do so for their own district -- and not beyond the borders of that area. Unfortunately for the FBI, the use of the NIT extended beyond district lines, and this kind of tracking requires the support of a judge higher up the chain.

The FBI could have gone to several district judges in the area and circumvented this issue, but as the agency did not, the warrant is considered null and void.

"Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded," the judgement reads.

The US government also attempted to claim that installing and downloading the NIT to suspect computers should be likened to a tracking device hidden in contraband, used by agents to catch suspects across judicial lines -- and so the warrant should be considered valid. However, Young was not impressed, dismissing the analogy by saying the two were different, regardless of where installation of the NIT took place.

It is possible the ruling will send countless individual cases regarding the TOR tracking and suspects into disarray, as evidence must now be thrown out. According to the publication, up to 1,200 cases could be impacted.

The judge, however, made a point of saying NITs are "legitimate law enforcement tools," commenting:

"Perhaps magistrate judges should have the authority to issue these types of warrants. Today, however, no magistrate judge has the authority to issue this NIT warrant."

In a related case, the FBI was asked in March to prove the full exploit code used to compromise the Tor network to security expert Vlad Tsyrklevich as part of the defense of Jay Michaud, another visitor to the compromised Dark Web domain.

Law enforcement says providing the full code is not required, whereas the defense wants to ascertain whether the use of the exploit was beyond the FBI's warrants. A decision has yet to be reached.

Read on: Top picks