Could The DOJ Be Violating SESTA/FOSTA?

from the quite-possible dept

Last week, Gizmodo's Dell Cameron has a great report on how the DOJ's Amber Alert site was configured so stupidly that it could be used to redirect people to any website (this was also true of weather.gov and the National Oceanic and Atmospheric Administration). And it was being used. To redirect people to hardcore porn. Basically, the sites were designed such that just by knowing the right URL and adding a new URL to the end, it would redirect to those sites. Porn sites used this for a couple of reasons: first, since they'd now be getting referrals from high ranking sites, it can help their Google ranking. Second, because the primary URL would come from a trusted source again, it would help their Google ranking. And, finally, the links may look much more legit to people doing searches (though that would be more true of scam sites than porn sites).

Redirect scripts like this used to be fairly common, but they died off long ago. Except in the federal government. From Cameron's article:

“This is like the 1990s called and wants its vulnerable redirect script back,” said Adriel Desautels, founder of the penetration testing firm Netragard.

But, here's the thing: does this mean that the DOJ (and the NOAA) could be violating SESTA/FOSTA? It's possible! And that just goes to show how poorly drafted the law is. Remember, under the law, it is now illegal to "participate in a venture" that "knowingly" is "assisting, supporting, or facilitating" a violation of sex trafficking laws. So, if someone were to create a DOJ Amber Alert redirect to a sex trafficking website (or just an escort site, since people keep insisting those serve little purpose other than sex trafficking) would the DOJ be in violation?

The obvious response is that the DOJ isn't "knowingly" doing this. But... is that true? As Cameron's article notes, every time you hit one of those Amber Alert redirects, the DOJ gives you a nice little parting message:

Is that enough to "knowingly" participate? Maybe. I would bet that if non-governmental websites popped up similar messages, SESTA/FOSTA supporters would argue it's proof of knowledge. After all, Rep. Cathy McMorris Rodgers claimied that merely "turning a blind eye" was enough to prove "knowledge." And here, clearly, the DOJ must be logging those exit pages. Is it ignoring them? Is that turning a blind eye? Does that count as knowledge?

Maybe it's a stretch, but the fact that the language of the bill even makes this a possibility just demonstrates how poorly drafted the bill is, and shame on all the politicians who refused to step up and fix it.

Filed Under: doj, fosta, intermediary liability, porn, prostitution, redirects, sesta, trafficking, unintended consequences


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Michael, 25 Apr 2018 @ 12:45pm

    Re: Seriously doubt it

    "First of all, they may not even be logging redirects."
    Since they have a "good bye" page, this is less likely and actually not fully a redirect issue anymore. Their page listed the URL and courts have found liability in linking.

    "most people don't read raw log files line by line"
    That is not necessarily important for the "knowledge" standards. It is still up in the air as to whether or not "could have known" , "should have known", or "knew" fits the definition. There is a lot of risk in these as they tend to encourage not logging and making it impossible to know, and that is the point. Laws that make it safer to not retain laws make it harder for law enforcement to work with sites that have bad actors using them.

    "politicians name laws like this exactly so they can nail opposition next election cycle"
    While I am no fan of US politicians, that is a broad statement that is almost certainly, overwhelmingly false. Most US laws are written with good intentions. Some have bad side-effects. It really is unlikely that these laws were written with as much political motivation as you seem to be attributing.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.