From CNET News - By Declan McCullagh
The FBI has recently adopted a novel investigative technique:
posting hyperlinks that purport to be illegal videos of minors
having sex, and then raiding the homes of anyone willing to click
on them.
Undercover FBI agents used this hyperlink-enticement technique,
which directed Internet users to a clandestine government server,
to stage armed raids of homes in Pennsylvania, New York, and
Nevada last year. The supposed video files actually were gibberish
and contained no illegal images.
A CNET News.com review of legal documents shows that courts
have approved of this technique, even though it raises questions
about entrapment, the problems of identifying who's using an open
wireless connection--and whether anyone who clicks on a FBI link
that contains no child pornography should be automatically subject
to a dawn raid by federal police.
Roderick Vosburgh, a doctoral student at Temple University who
also taught history at La Salle University, was raided at home in
February 2007 after he allegedly clicked on the FBI's hyperlink.
Federal agents knocked on the door around 7 a.m., falsely claiming
they wanted to talk to Vosburgh about his car. Once he opened the
door, they threw him to the ground outside his house and
handcuffed him.
Vosburgh was charged with violating federal law, which criminalizes
"attempts" to download child pornography with up to 10 years in
prison. Last November, a jury found Vosburgh guilty on that count,
and a sentencing hearing is scheduled for April 22, at which point
Vosburgh could face three to four years in prison.
The implications of the FBI's hyperlink-enticement technique
are sweeping. Using the same logic and legal arguments, federal
agents could send unsolicited e-mail messages to millions of
Americans advertising illegal narcotics or child pornography--and
raid people who click on the links embedded in the spam messages.
The bureau could register the "unlawfulimages.com" domain name and
prosecute intentional visitors. And so on.
"The evidence was insufficient for a reasonable jury to find
that Mr. Vosburgh specifically intended to download child
pornography, a necessary element of any 'attempt' offense,"
Vosburgh's attorney, Anna Durbin of
Ardmore, Penn., wrote in a court filing that is attempting to
overturn the jury verdict before her client is sentenced.
In a telephone conversation on Wednesday, Durbin added: "I
thought it was scary that they could do this. This whole idea that
the FBI can put a honeypot out there to attract people is kind of
sad. It seems to me that they've brought a lot of cases without
having to stoop to this."
Durbin did not want to be interviewed more extensively about
the case because it is still pending; she's waiting for U.S.
District Judge Timothy Savage to rule on her motion. Unless he
agrees with her and overturns the jury verdict, Vosburgh--who has
no prior criminal record--will be required to register as a sex
offender for 15 years and will be effectively barred from
continuing his work as a college instructor after his prison
sentence ends.
How the hyperlink sting operation worked
The
government's hyperlink sting operation worked like this: FBI
Special Agent Wade Luders disseminated links to the supposedly
illicit porn on an online discussion forum called Ranchi, which
Luders believed was frequented by people who traded underage
images. One server allegedly associated with the Ranchi forum was
rangate.da.ru, which is now offline with a message attributing the
closure to "non-ethical" activity.
In October 2006, Luders posted a number of links purporting to
point to videos of child pornography, and then followed up with a
second, supposedly correct link 40 minutes later. All the links
pointed to, according to a bureau affidavit, a "covert FBI
computer in San Jose, California, and the file located therein was
encrypted and non-pornographic."
Excerpt from an FBI affidavit filed in the
Nevada case showing how the hyperlink-sting was
conducted.
Some of the links, including the supposedly correct one,
included the hostname uploader.sytes.net. Sytes.net is hosted by
no-ip.com, which provides dynamic domain
name service to customers for $15 a year.
When anyone visited the upload.sytes.net site, the FBI recorded
the Internet Protocol address of the remote computer. There's no
evidence the referring site was recorded as well, meaning the FBI
couldn't tell if the visitor found the links through Ranchi or
another source such as an e-mail message.
With the logs revealing those allegedly incriminating IP
addresses in hand, the FBI sent administrative subpoenas to the
relevant Internet service provider to learn the identity of the
person whose name was on the account--and then obtained search
warrants for dawn raids.
Excerpt from FBI affidavit in Nevada case
that shows visits to the hyperlink-sting site.
The search warrants authorized FBI agents to seize and remove
any "computer-related" equipment, utility bills, telephone bills,
any "addressed correspondence" sent through the U.S. mail, video
gear, camera equipment, checkbooks, bank statements, and credit
card statements.
While it might seem that merely clicking on a link wouldn't be
enough to justify a search warrant, courts have ruled otherwise.
On March 6, U.S. District Judge Roger Hunt in Nevada agreed with a
magistrate judge that the hyperlink-sting operation constituted
sufficient probable cause to justify giving the FBI its search
warrant.
The defendant in that case, Travis Carter, suggested that any
of the neighbors could be using his wireless network. (The public
defender's office even sent out an investigator who confirmed that
dozens of homes were within Wi-Fi range.)
But the magistrate judge ruled that even the possibilities of
spoofing or other users of an open Wi-Fi connection "would not
have negated a substantial basis for concluding that there was
probable cause to believe that evidence of child pornography would
be found on the premises to be searched." Translated, that means
the search warrant was valid.
Entrapment: Not a defense
So far, at least,
attorneys defending the hyperlink-sting cases do not appear to
have raised unlawful entrapment as a defense.
"Claims of entrapment have been made in similar cases, but
usually do not get very far," said Stephen Saltzburg, a
professor at George Washington University's law school. "The
individuals who chose to log into the FBI sites appear to have had
no pressure put upon them by the government...It is doubtful that
the individuals could claim the government made them do something
they weren't predisposed to doing or that the government
overreached."
The outcome may be different, Saltzburg said, if the FBI had
tried to encourage people to click on the link by including
misleading statements suggesting the videos were legal or
approved.
In the case of Vosburgh, the college instructor who lived in
Media, Penn., his attorney has been left to argue that "no
reasonable jury could have found beyond a reasonable doubt that
Mr. Vosburgh himself attempted to download child pornography."
Vosburgh faced four charges: clicking on an illegal hyperlink;
knowingly destroying a hard drive and a thumb drive by physically
damaging them when the FBI agents were outside his home;
obstructing an FBI investigation by destroying the devices; and
possessing a hard drive with two grainy thumbnail images of naked
female minors (the youths weren't having sex, but their genitalia
were visible).
The judge threw out the third count and the jury found him not
guilty of the second. But Vosburgh was convicted of the first and
last counts, which included clicking on the FBI's illicit
hyperlink.
In a legal brief filed on March 6, his attorney argued that the
two thumbnails were in a hidden "thumbs.db" file automatically
created by the Windows operating system. The brief said that there
was no evidence that Vosburgh ever viewed the full-size
images--which were not found on his hard drive--and the thumbnails
could have been created by receiving an e-mail message, copying
files, or innocently visiting a Web page.
From the FBI's perspective, clicking on the illicit hyperlink
and having a thumbs.db file with illicit images are both serious
crimes. Federal prosecutors wrote: "The jury found that defendant
knew exactly what he was trying to obtain when he downloaded the
hyperlinks on Agent Luder's Ranchi post. At trial, defendant
suggested unrealistic, unlikely explanations as to how his
computer was linked to the post. The jury saw through the smokes
(sic) and mirrors, as should the court."
And, as for the two thumbnail images, prosecutors argued (note
that under federal child pornography law, the definition of
"sexually explicit conduct" does not require that sex acts take
place):
The first image depicted a pre-pubescent girl,
fully naked, standing on one leg while the other leg was fully
extended leaning on a desk, exposing her genitalia... The other
image depicted four pre-pubescent fully naked girls sitting on a
couch, with their legs spread apart, exposing their genitalia.
Viewing this image, the jury could reasonably conclude that the
four girls were posed in unnatural positions and the focal point
of this picture was on their genitalia.... And, based on all
this evidence, the jury found that the images were of minors
engaged in sexually explicit conduct, and certainly did not
require a crystal clear resolution that defendant now claims was
necessary, yet lacking.
Prosecutors also highlighted the fact that Vosburgh visited the
"loli-chan" site,
which has in the past featured a teenage Webcam girl holding up
provocative signs (but without any nudity).
Civil libertarians warn that anyone who clicks on a hyperlink
advertising something illegal--perhaps found while Web browsing or
received through e-mail--could face the same fate.
When asked what would stop the FBI from expanding its hyperlink
sting operation, Harvey Silverglate, a
longtime criminal defense lawyer in Cambridge, Mass. and author of
a forthcoming book on the Justice Department, replied: "Because
the courts have been so narrow in their definition of
'entrapment,' and so expansive in their definition of 'probable
cause,' there is nothing to stop the Feds from acting as you
posit.
Editors note: Since 2005, I
have received a number of SPAM messages regarding contraband
images, which have been reported to the authorities.
This one e-mail points to a site in
Alabama, not the
Ukraine and has been redacted accordingly, pursuant to the Adam
Walsh Act. Since notifying the FBI and
DHS/ICE, I haven't been receiving as much SPAM
of this nature, in my e-mail.
On 26 July 2007 the Adam Walsh
Act was signed into law by President George
W. Bush. Although I believe that John Walsh is an outstanding person and
should be commended for "America's Most Wanted" series and his
acting career, the Act is inherently defective in many
parts. Specifically speaking the denial of allowing
independent computer forensics personnel to perform an adequate
analysis in determining the evidence contained within a computer's
hard-drive and denying defense counsel to remove copies of the
data for the "ample opportunity" in the preparation of a
defense.
On 25 January 2007, in the matter of US V
Knellinger (3:06cr126), Judge Robert Payne of the
Eastern District, Richmond Virginia set aside the Adam Walsh Act,
since "ample opportunity" to examine the evidence was not
afforded to the defense experts or counsel.
About one year ago, I came into contact with a group
known as the Internet Crimes Against Children or ICAC, which
consisted of local law enforcement officers performing computer
forensics work. Frankly, I believe that this type of work
should be left to professionals who understand the concept of
computers, not "newbies", who would probably have problems
standing muster under the Daubert or Kumho
standards. In the same vein, I would not expect computer
professionals to understand the laws appertaining to traffic
control or responding to a domestic dispute. Personally,
with the shortage of officers in our respective communities, they
belong on the street, investigating crime, not sitting at a desk,
eating doghnuts and drinking coffee while a computer's hard-drive
is being mirrored and analyzed. This should be performed by
non-sworn personnel, be it an contracted independent lab or
internal personnel.
In the People v. Rando matter, one of the software
tools that was used was developed (but formally un-tested)
software, by a member of ICAC, Agent Flint Waters of the Wyoming
ICAC. In contacting the developer, I was referred to an
individual at Fox Valley Technical
College, in Wisconsin, which begged the question, "Why
Wisconsin?" In reviewing the Adam Walsh Act,
et.seq., I noticed a large appropriation of money going
to ICAC and Fox Valley Technical College, located at
1825 North Bluemound Dr. Appleton, WIsconsin
54913-2277. Fox Valley Technical
College has an extensive ICAC Program, which
makes Alaska's "Bridge to Nowhere" project look like a
pittance.
So what's going on here? It turns out that the
sponsor of this bill was none other than Rep. F. James Sensenbrenner,
Jr., of Wisconsin. Now how much
money do you think has been authorized? According to Sec.
706 (b), it states:
Authorization of Appropriations- There are
authorized to be appropriated to the Administrator of the Office
of Juvenile Justice and Delinquency Prevention for fiscal year
2007 such sums as may be necessary to
carry out this
section.
Can someone say "Blank Check?" (Okay,
$1.5 Billion through FY 2011,
per the CBO) I would suggest that Contractors, who do
not have a bias or prejudice when examining a computer, should be
retained instead of utilizing local law enforcement. Local
law enforcement is already on a bare budget and let's focus
the money where it is needed, the retention of credible and
capable Contractors. Pork projects, like these have to go
and Rep. Sensenbrenner needs to have a reality check when it comes
to the legislative branch overreaching their powers when it comes
to matters of due-process.
Mo' Money, Mo' Money,
Mo' Money... Sen. Biden want to
spend Mo' Money. Background checks are the responsibility of
the employer, not the US Taxpayer. Where does this money
plan on going? "The pilot program worked and the program
needs to be expanded," said Ernie Allen, CEO and President of the
National Center for Missing and Exploited Children. Way to
go Ernie!!! I hope that the "Taj Mahal" in Alexandria adds
an exercise room or more marble to the
palace!
