Image: Getty

Federal prosecutors have dropped all charges against a Washington man who allegedly downloaded explicit photos of minors from Playpen, a popular child pornography site on the dark web that was briefly run by the FBI.

The site in question operated on the Tor network, a system used to anonymize web activity. The network makes use of a special web browser that conceals people’s identities and location by routing internet connections through a complex series of computers and encrypting data in the process.

Advertisement

The FBI claims to have used “network investigative techniques” (also known as malware) in order to uncover people’s real identities on the network. In court, however, the agency refused a request for information about its techniques, choosing to drop all charges against a defendant rather than reveal its secret spying methods. Federal prosecutor Annette Hayes explained the move a court filing on Friday.

“The government must now choose between disclosure of classified information and dismissal of its indictment. Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery.”

The case, United States v. Jay Michaud, is one of about 200 launched as a result of the FBI’s investigation into the child pornography website Playpen. The FBI infiltrated the site in February 2015, after which it activated malware on the site and obtained IP addresses of about 1,300 computers from the estimated 215,000 members registered to the site. In sum, the cases brought against Playpen’s alleged criminals have raised questions about due process and whether cyber criminals can be lawfully hacked. For some, the FBI’s reaction to the court’s request for more information about the hacking procedures speaks to its importance.

Advertisement

“This doesn’t mean that the FBI’s investigation was unjust or unjustified,” said executive director of the Center on Law & Security and NYU adjunct professor Zachary Goldman in an interview with Gizmodo. “It’s the exact opposite. The FBI is placing paramount importance on preserving the ability to use this technique in the future.”

“The FBI basically said they’d rather have [Michaud] go free than reveal the code, because if the code becomes publicly available, the ability to use this investigatory technique in the future is impaired,” he added.

New York sex crime lawyer Zachary Margulis-Ohnuma, who has defended several people charged as a result of the Playpen investigation, believes that the malware technique violates search and seizure law.

“The courts are struggling to keep up with technological changes,” Margulis-Ohnuma told Gizmodo in a phone interview. “You don’t have the same type of physical intrusion you’d see in a person’s home [during a raid]. There’s a sense in the courts that [criminal hacking] is not as serious. That’s dead wrong.”

Judges around the country have interpreted the legal procedures surrounding these cases differently. Officials have relied heavily on the Supreme Court ruling from a 2014 case, Riley v. California, that established police cannot search digital information on a cellphone without a proper warrant. The legal process for government hacking, however, was recently expanded as a result of the ongoing Playpen cases.

In November last year, the Justice Department expanded “Rule 41,” which governs search and seizure procedures. The new interpretation of the rule lets officials search multiple computers across the country with a single warrant, regardless of whether the computers are in the same district as the federal judge issuing the warrant. Critics say the new interpretation is overreaching and violates the Fourth Amendment, which protects citizens from unreasonable search and seizure.

Advertisement

In many of the cases, to avoid any legal workarounds, the FBI is not using evidence obtained while it operated Playpen for two weeks as it distributed malware. Instead, federal officials are using the malware to identify individuals, then subpoena internet service providers for a person’s name and address. Then, they use that information to obtain a local search warrant a raid a person’s home in a search for physical evidence of child pornography.

“In law enforcement situations, some people have the mentality that the ends justify the means,” Margulis-Ohnuma told Gizmodo. “I do not think they would have done this in a drug case. They wouldn’t mail out drugs to hundreds of people. I think because child pornography is so heinous, they bend the rules.”

Goldman, however, disagrees. “Think about all the steps you had to go to to download the malware in this case. You had to find the site, register, and log in,” he said. “You had to very purposely engage in child pornography. There’s so such thing as an casual bystander in this case.”

Advertisement

The true controversy in the Playpen cases stems from the fact that the FBI continued to operate the site rather than shutting it down after seizing control. According to a motion filed by the creator of Playpen’s lawyer, the FBI improved the site’s performance, driving more users to it. The motion claims the “website’s membership grew by more over 30 percent” and that the “unique weekly visitors to the site more than quadrupled” during the time it was operated by the government.

When asked for comment about why the charges were dropped and whether officials would continue using similar techniques to thwart child pornography, a spokesperson for the US Attorney’s Office said, “Neither the Department of Justice nor the U.S. Attorney for the Western District of Washington has any comment beyond what was stated in the court filing.” For now, that means an alleged child pornographer Jay Michaud will walk free without having to explain himself in court. If it’s a victory for the Fourth Amendment, it’s certainly a strange one.