Declan McCullagh has written up an article about a questionable tactic used by the FBI to go after people looking for child porn
. It set up a honeypot server and then posted links to it on a forum frequented by those who are looking for child pornography. It then used the IP address of people who clicked on the link as enough evidence to charge them with a crime. In the specific case McCullagh discusses, the guy was found guilty of simply clicking on that link. Of course, it's always difficult to separate out legal discussions like this from the fact that it involves child pornography -- which immediately sets off an emotional response. The problem here, though, is that the evidence on which the guy was found guilty could be used to find many people guilty of many things. The FBI didn't even track the referrer log -- just who went to the site. In other words, if someone had taken that link out of the forum and posted it on another site, a blog or sent an email around -- and anyone clicked on it without knowing anything about the link, they could have broken the law. This is open to tremendous abuse. If all you need to do to get someone convicted of child porn charges is get them to click a link, that doesn't seem right. Furthermore, in this case, the only other evidence was two small (admittedly questionable) thumbnail images, that there was no evidence that the guy looked at. In other words, to have enough evidence to convict someone and send them to jail for years (and get them listed as a sex offender), you could just send them an email with a link and some thumbnail images attached. If they click on the link (even if they don't ever look at the attached files), that's enough evidence, according to this case. That seems incredibly problematic.