Could The DOJ Be Violating SESTA/FOSTA?
from the quite-possible dept
Last week, Gizmodo’s Dell Cameron has a great report on how the DOJ’s Amber Alert site was configured so stupidly that it could be used to redirect people to any website (this was also true of weather.gov and the National Oceanic and Atmospheric Administration). And it was being used. To redirect people to hardcore porn. Basically, the sites were designed such that just by knowing the right URL and adding a new URL to the end, it would redirect to those sites. Porn sites used this for a couple of reasons: first, since they’d now be getting referrals from high ranking sites, it can help their Google ranking. Second, because the primary URL would come from a trusted source again, it would help their Google ranking. And, finally, the links may look much more legit to people doing searches (though that would be more true of scam sites than porn sites).
Redirect scripts like this used to be fairly common, but they died off long ago. Except in the federal government. From Cameron’s article:
?This is like the 1990s called and wants its vulnerable redirect script back,? said Adriel Desautels, founder of the penetration testing firm Netragard.
But, here’s the thing: does this mean that the DOJ (and the NOAA) could be violating SESTA/FOSTA? It’s possible! And that just goes to show how poorly drafted the law is. Remember, under the law, it is now illegal to “participate in a venture” that “knowingly” is “assisting, supporting, or facilitating” a violation of sex trafficking laws. So, if someone were to create a DOJ Amber Alert redirect to a sex trafficking website (or just an escort site, since people keep insisting those serve little purpose other than sex trafficking) would the DOJ be in violation?
The obvious response is that the DOJ isn’t “knowingly” doing this. But… is that true? As Cameron’s article notes, every time you hit one of those Amber Alert redirects, the DOJ gives you a nice little parting message:
Is that enough to “knowingly” participate? Maybe. I would bet that if non-governmental websites popped up similar messages, SESTA/FOSTA supporters would argue it’s proof of knowledge. After all, Rep. Cathy McMorris Rodgers claimied that merely “turning a blind eye” was enough to prove “knowledge.” And here, clearly, the DOJ must be logging those exit pages. Is it ignoring them? Is that turning a blind eye? Does that count as knowledge?
Maybe it’s a stretch, but the fact that the language of the bill even makes this a possibility just demonstrates how poorly drafted the bill is, and shame on all the politicians who refused to step up and fix it.