HideTechdirt is off for the long weekend! Looking for something to read instead? Check out our new Working Futures anthology »
HideTechdirt is off for the long weekend! Looking for something to read instead? Check out our new Working Futures anthology »

ACLU Seeks To Unseal Docket In FBI's Tor-Exploiting Takedown Of Freedom Hosting

from the keeping-the-public-at-arm's-length dept

The ACLU would like to take a closer look at the government's activities regarding its seizure of Freedom Hosting back in 2013. To date, the docket remains sealed -- as is the case in far too many DOJ prosecutions. In this case, the FBI basically took over Freedom Hosting to serve up its Network Investigative Tool to unmask anonymous Tor users.

The difference between this and its more recent NIT deployment in the Playpen child porn case is that many of those exposed by the malware weren't suspected of any wrongdoing. While letting the exploit run its course, the FBI also helped itself to TorMail's email database, later acquiring a warrant to access the contents of the seized communications.

The ACLU would like to take a look at the warrant authorizing the NIT deployment, especially in light of recent Playpen prosecutions where federal judges have found the warrant used invalid. But the first step is unlocking the docket itself, which remains blocked from public view. Joseph Cox of Motherboard was the first to report on the ACLU's recent filing.

The Washington Post recently confirmed that the FBI used a “network investigative technique” or NIT—the agency's term for a hacking tool—on the TorMail site. According to the article, the FBI had obtained a warrant to hack the owners of certain email accounts suspected of being involved in child pornography, and anonymous sources claimed that, with this approach, only suspects who had been linked to child pornography would be hacked.

But journalists, dissidents, and other individuals used TorMail too, and it seems that the error page was presented to every TorMail user—raising questions about how broad the operation really was.

“That the FBI engaged in a bulk hacking operation against all visitors to TorMail, which had many lawful, valid uses, raises serious concerns about the appropriateness of bulk hacking, and the extents to which courts should be authorizing and supervising such operations,” reads the motion to unseal the docket, which was written by ACLU attorneys Brett Kaufman, Nathan Wessler, and David Rocah and filed last week.

As the ACLU points out in its filing [PDF], the public should be apprised of the details of questionable actions taken by the FBI -- especially the contents of the warrant supposedly authorizing the bulk distribution of malware to Tor users who weren't suspects in criminal investigations.

Even if the government were to argue that unsealing the docket and the contents of the warrant would negatively affect future investigations/prosecutions (and it surely will argue this…), the court shouldn't find that assertion particularly compelling. From the motion to unseal:

Once the First Amendment right of access attaches, the burden to overcome it “rests on the party seeking to restrict access, and that party must present specific reasons in support of its position.” Access may only be denied if the party can demonstrate a “compelling governmental interest” in support of closure and prove that closure is “narrowly tailored to serve that interest.”

There is, to be sure, a legitimate governmental interest in protecting the integrity of an ongoing investigation. As the Fourth Circuit has recognized, however, “it is not enough simply to assert this general principle without providing specific underlying reasons for the district court to understand how the integrity of the investigation reasonably could be affected by the release of [the] information [sought].”


The malware warrant in question here was issued by this Court in mid-2013, and by the end of 2014 the sole prosecution known to the ACLU to have resulted from it had already been resolved. See Klein Press Release. The existence of the malware operation, moreover, has been officially acknowledged by the FBI. 2013 Pouslen Article. Thus, “the genie is out of the bottle” with respect to information the government may have once had a legitimate interest in protecting.

What remains secret, however, is the very “index” to the proceedings that authorized the deployment of malware. Perversely, then, the public is aware of the investigation’s existence, and experts have even been able to analyze the malware used by the government, but the most basic details regarding the circumstances under which this operation was judicially authorized remain hidden. The public has a vital interest in knowing this information, which would greatly contribute to the ongoing public debate about the use of malware by law enforcement, and the government has no legitimate interest in keeping it secret.

The deployment of malware by a law enforcement agency -- a deployment that affected website visitors from around the world -- using a single warrant issued by a single judge is something that has never specifically been addressed by legislators. When cases like this arrive, the DOJ is quick to point out that the lack of a specific legislative permission slip should be construed as a lack of definitive "no," rather than a suggestion the agency shouldn't allow its reach to extend its statutory grasp.

But despite having the permanent ear of many sympathetic legislators, the FBI has never sought to codify its questionable hacking tactics. The closest it's come is the proposed Rule 41 changes, which would allow the agency to obtain a search warrant from the most accommodating magistrate judges and deploy them in jurisdictions where permission might not be so easily obtained.

As the ACLU points out, the FBI's refusal to discuss this openly with legislators is being aided and abetted by courts far too willing to lock up any supposedly public documents the DOJ feels the public -- including legislators -- shouldn't be able to access.

“The breadth and potency of malware as a law-enforcement tool raises concerns that can only be properly debated if legislators and the general public are aware of instances in which it is being used, the ways in which law enforcement seeks to use it, and the extent of judicial supervision,” the motion reads. “The sealing of docket sheets with warrants authorizing the use of malware prevents this critical public debate from happening, in violation of the public’s right of access.”

Allowing the government to maintain this secrecy only encourages further abuse of existing statutes. The longer secrets can be protected, the longer the FBI can use questionable methods backed by even more questionable legal authority. The DOJ's insistence on secrecy in all things tech-related has led it to directly encourage parallel construction, order prosecutors to drop cases rather than reveal means and methods, and basically turn normal law enforcement into Black Ops: Domestic Edition.

Filed Under: exploits, fbi, malware, tor
Companies: aclu, freedom hosting

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 8 Sep 2016 @ 6:50am

    With liberty and justice for all? I guess I need to keep my sorry ass in my seat during the playing of oyr national anthem too.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.