Government Tossing Child Porn Cases Rather Than Discuss Its Torrent-Tracking Software In Court

from the escape-hatches-and-opacity dept

The federal government isn’t done tossing cases rather than let defendants have access to slightly more level playing field. A new investigation by ProPublica has uncovered more dismissed prosecutions due to the government’s unwillingness to allow defendants to examine the software used to build cases against them.

The cases deal with child porn and BitTorrent distribution. The defendants are hardly the most sympathetic. But, like the cases that exposed the FBI’s use of malware to gather identifying information from devices around the world, child porn investigations are on the front line of the government’s tech deployments. From the description of the cases covered here, it almost appears the government had enough evidence to see the prosecution through to the end. It just chose not to because continuing the cases would mean turning over info on their tracking software to the accused.

Using specialized software, investigators traced explicit child pornography to Todd Hartman’s internet address. A dozen police officers raided his Los Angeles-area apartment, seized his computer and arrested him for files including a video of a man ejaculating on a 7-year-old girl. But after his lawyer contended that the software tool inappropriately accessed Hartman’s private files, and asked to examine how it worked, prosecutors dismissed the case.

Near Phoenix, police with a similar detection program tracked underage porn photos, including a 4-year-old with her legs spread, to Tom Tolworthy’s home computer. He was indicted in state court on 10 counts of committing a “dangerous crime against children,” each of which carried a decade in prison if convicted. Yet when investigators checked Tolworthy’s hard drive, the images weren’t there. Even though investigators said different offensive files surfaced on another computer that he owned, the case was tossed.

The secrecy in these cases is being aided and abetted by private companies. A nonprofit called the Child Rescue Coalition produces a suite of tools called the Child Protection System. But as ProPublica points out, the details are more complicated than its initial appearance: a kindhearted nonprofit helping law enforcement catch child porn producers and consumers. CRC has ties to TLO, a data brokerage recently acquired by credit reporting agency, TransUnion.

Defendants have asked prosecutors to turn over information about CRC’s software in cases where it appears to have possibly drawn the wrong conclusions about downloading and distributing child porn. In those cases, TLO — not the CRC — has stepped in to inform the courts that it will not be producing the requested info.

The software’s makers have resisted disclosure of its coding. In May 2013, TLO asked a federal court in El Paso, Texas, to quash a subpoena to reveal the software known as the Child Protection System in a child-porn case. The materials sought, they said, “are protected under the law enforcement privilege and trade secrets laws.” After the judge ordered the software produced, prosecutors instead agreed to a plea deal that favored the defendant; he was sentenced to three years he had already served for “transportation of obscene material.

It’s not just private companies pushing prosecutors towards dropping cases. It’s also public institutions. Torrential Downpour — software used to track the sharing of child porn via hash values — was developed by the University of Massachusetts using government funding. When access to code was requested by a child porn case defendant, the university inserted itself into the case to reject the judge’s order to turn over the code.

Its lawyer said in a court document that handing over the software would “destroy its value to the university and its faculty researcher,” citing a $440,000 annual FBI grant. “Releasing it to public view would frustrate public policy and impede law enforcement’s ability to deter peer-to-peer sharing of child pornography,” the lawyer added.

The trove of documents [PDF] ProPublica secured show instances where the evidence prosecutors said they had may not have actually been there, thanks to software or human errors. A recent ruling in favor of letting the defendant have access to Torrential Downpour’s code seems to show the FBI relies more on what the software tells it than it can actually see with its own eyes.

Defendant Gonzales argues that Torrential Downpour is material to his defense because the distribution charges are based on child pornography files that Torrential Downpour purportedly downloaded from his tablet but that were not found on the tablet when it was seized by the FBI. Doc. 25 at 8-9. He has presented an affidavit from his expert, Tami Loehrs, confirming that the files are not on the tablet. Doc. 25-5. Loehrs explains in her affidavit that it is critical to Gonzales’s defense to understand how Torrential Downpour functions in order to determine the program’s reliability and accuracy in identifying files that Gonzales is charged with knowingly distributing. Id. at ¶ 17. She further states that based on her many years of research and testing of peer-to-peer file sharing software, including BitTorrent, she has discovered that all of these programs “contain bugs, they do not always function as intended and the data reported by these applications is not always accurate or reliable.”

[…]

Loehrs explained that, because a torrent is simply a text-file containing the hash values – or “fingerprints” – of the target image and video files, a BitTorrent user who downloads a torrent has fingerprints of the target files, even if he has not yet downloaded them. Id. at 22:14-23:8. Loehrs stated that the actual downloading of the target files occurs only when the client software instructs the torrent to search for those files on the BitTorrent network and download them to a designated folder on the user’s computer. Id. at 23:9-25:3. She further stated that a forensic examination of the device used to download the torrent can determine whether the torrent has been used to download the file, and her examination of Gonzales’s tablet revealed no evidence suggesting that he downloaded the files listed in counts one through eight.

It’s not just defendants’ experts being unable to find the files the government claims they downloaded. Investigators themselves have admitted they can’t find files that Torrential Downpour said the accused accessed. An examination of the software being used to build cases should be allowed, but the entities behind the software won’t allow it and the government is cutting defendants loose rather than giving them a chance to properly defend themselves against these very serious charges. I supposed it ultimately works out for defendants, but it only encourages the government to tip the scales in its favor again when the next prosecution rolls around with the hopes the next defender of the accused isn’t quite as zealous.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Government Tossing Child Porn Cases Rather Than Discuss Its Torrent-Tracking Software In Court”

Subscribe: RSS Leave a comment
24 Comments
Anonymous Coward says:

Where is the outrage?

With all of the unreasonable "tech giants should censor all of the bad things" pushes you think politicians would be more outraged at law enforcement choosing tools so shittily that they would rather child porno distributiors go free than take a peek behind their curtain. That is just not a good look for anyone involved.

Scary Devil Monastery (profile) says:

Re: Where is the outrage?

"With all of the unreasonable "tech giants should censor all of the bad things" pushes you think politicians would be more outraged at law enforcement choosing tools so shittily that they would rather child porno distributiors go free than take a peek behind their curtain."

You’d think so, yes.

Here’s my take on it. Law enforcement managed to get access to sporadic use of NSA software/data and if a judge in any court orders the police to reveal how the software works, US intelligence agencies will be negatively impacted.

So inept law enforcement uses the tools, digs up the data, finds their suspect…and somehow forgets that revealing their evidence means either shooting their national security in the foot or reveals that it has been unlawfully obtained.

It’s about the only way this makes any sense at all, barring the accused turning out to be an in-law to the director of the FBI or something similar.

Anonymous Coward says:

Torrential Downpour — software used to track the sharing of child porn via hash values — was developed by the University of Massachusetts using government funding. When access to code was requested by a child porn case defendant, the university inserted itself into the case to reject the judge’s order to turn over the code.

Wait a sec. Isn’t research done on federal grant (read: public tax money) public domain? Or is that just urban legend?

Anonymous Coward says:

Re: Re:

Stuff produced by the federal government is public domain. They can and do send public tax money to private companies to develop proprietary stuff. Grants rarely have any public-domain requirements; at best they might require publication of papers (but not code) in an open-access journal.

Anonymous Coward says:

Re: Re:

"Releasing it to public view would frustrate public policy and impede law enforcement’s ability to deter peer-to-peer sharing of child pornography"

But if failing to indict and convict actual child pornographers because they don’t want review of the code/processes, doesn’t that impede law enforcement’s ability to deter sharing of child pornography, as well?

Bamboo Harvester (profile) says:

torrent files...

Use of scanning software to look for hashes was the main reason for "magnet links" that pretty much every BT site now uses. There is NO torrent file downloaded to any machine in the swarm.

If the entire system is based on the hash value of a given file, software to inject a few "invisible" characters at a random point in any file to change the hash value is already available.

Anonymous Coward says:

From the PDF:

Unlike traditional BitTorrent programs, the government claims that Torrential Downpour downloads files only from a single IP address – rather than downloading pieces of files from multiple addresses

I’m calling bullshit on that claim. It would be very difficult to get the entire file download from a single targeted person unless he left the file seeding for an extended length of time. Few Bitorrent users do that, and presumable even fewer who are downloading such illegal content as child porn. Also, such a system could easily be completely evaded by people who use non-standard torrent clients that have the upload ability disabled.

In all probability, the cops are simply harvesting IP addresses from the trackers and DHT network, and then getting search warrants and raiding those residences within their jurisdiction. It’s also possible that once they have a target’s IP address, they try to hack into the computer to see what files are stored there. But of course they don’t want anyone to know that, so they instead play the parallel construction game, only to cut and run when the defense starts demanding detailed information.

There’s also a good chance that the child porn was released by the cops themselves, in a Prenda-like honeypot trap.

Anonymous Coward says:

Re: Re:

I’m calling bullshit on that claim. It would be very difficult to get the entire file download from a single targeted person unless he left the file seeding for an extended length of time.

Not difficult enough to call "bullshit", really. Some clients will disconnect as soon as they’re done or when they’ve reached a certain ratio, but it’s easy to just forget about an ongoing torrent and leave it uploading.

Note, also, that the government could be pretending to be multiple clients—multiple IP addresses which, between them, have downloaded 100% of chunks from the target IP. Maybe downloading from some other seeds too, to blend in.

Bamboo Harvester (profile) says:

Re: Re:

Agreed, the "swarm" would have to be one seed and one leech, the leech being the person getting arrested.

Even if it was a honeypot, they couldn’t get the hash from the leech until the file was completely downloaded.

But what they’re claiming is that they can see inside the leech’s machine to get the hash of the .bt torrent file itself.

That’s a hell of a lot more invasive (and illegal….) than firing up their own client and joining the swarm.

Does anyone still download torrent files? The Magnet Link system does away with that for this very reason.

MathFox says:

Re: Re: Magnet links

Magnet links are the hash of the .torrent file. When a BitTorrent client starts downloading via a magnet link it downloads the .torrent file from its peers before downloading the actual data.
The torrent file contains block hashes of the file(s) to transfer and there’s almost certainty when the block hashes match a known file that that file is being downloaded in the torrent. (It still is computationally hard to generate data with a pre-chosen 160 bit sha1 checksum.)

However there are specialized clients that only (but automatically) download the .torrent files, for example to fill a search database of available files. If you’re running such a client you could be detected because you download the .torrent (metadata) of the download. If the "police" client is buggy enough to not make a distinction between data downloads and metadata downloads you could be caught in the dragnet.

Dude says:

Re: anonymous coward

Actually I ran across an operation once where a government entity, most likely a rogue FBI unit, was releasing child porn over a p2p network then tracking the IP addresses of downloads, the re-uploading the file again from the same computers, presumably to upgrade a mere possession of child pornography charge to one of distribution.

That One Guy (profile) says:

Not a good look

"The defense wants to see the code that accused them and said they’re guilty of terrible acts? Quick, drop the case!"

There is really no way for the companies and prosecutors involved to come out of this looking good. The companies/individuals would rather drop cases involving accused child porn than have the programs checked for accuracy, something that’s just kinda important if said software is going to be used to put people behind bars and destroy their lives, suggesting that they know or suspect that their ‘foolproof’ tech is instead riddled with holes that a good lawyer could shoot down.

Over on the investigator/prosecutor side, you’ve got people willing to drop cases in order to… preserve secrecy? Which is apparently more important than actually finding and punishing people downloading/sharing child porn? Those are some telling priorities there, nicely highlighting just what they consider more important, if they’re willing to drop a case and run rather than allow someone to challenge what they are using to gather evidence(though given what’s mentioned in the article sounds like they’ve got good reason to want to avoid scrutiny of the program, as it apparently likes to hallucinate evidence.)

That Anonymous Coward (profile) says:

They are bad people, our super secret tech said so…
NO NO NO DO NOT LOOK BEHIND THE CURTAIN!!!!!!!!!

If the thing used can not be examined by the defense or any independent outside lab, perhaps it is the same as "bite mark forensics".

Kinda wierd to see the government using the Prenda/MM play book… make wild allegations they can’t prove in the hopes the target just gives in to what they want b/c their name will be ruined if the ‘facts’ come out.

Anonymous Coward says:

Releasing it to public view would frustrate public policy and impede law enforcement’s ability to deter peer-to-peer sharing of child pornography

Reminds me of that movie Mercury Rising where the kid decrypts a message in a cipher. Instead of admitting that their software (is|might be) flawed, they just try to murder the kid.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...