The FBI Operated a Child Porn Website for Nearly Two Weeks
By: Peter Steffensen
What are the lengths that the Federal Bureau of Investigation may go to in order to identify moderators and users of a prominent dark web child pornography ring?
That is the novel question arising from the FBI’s investigation into Playpen, a child pornography website that, for a 13-day period in 2015, Motherboard reports, was actually controlled by the FBI and run from FBI servers based in Virginia. The FBI’s actions have resulted in the identification of over 1,300 unique IP addresses and a (still-growing) number of indictments from a single warrant, issued in the Eastern District of Virginia, authorizing the searches related to the investigation.
In seizing Playpen, the FBI effectively converted the website into a “honeypot,” a term used in the computer security field to describe a mechanism for detecting and counteracting cyberthreats. Here, the FBI’s control of Playpen allowed it to deploy a “network investigative technique” (in other words, government-administered malware) onto users’ computers to uncover their real IP addresses, which almost assuredly would have been masked by some sort of anonymized routing technology, such as Tor.
The FBI has been severely criticized by a number of privacy advocates, who have suggested that the use of these techniques amounts to an “unprecedented” expansion of law enforcement surveillance powers. These advocates argue that the use of “powerful hacking tools” by the government to monitor and/or control a target computer system is something that requires both public debate and Congressional action.
Others have accused the FBI of being complicit in the distribution of child pornography during the 13-day period that the federal agency operated Playpen. The suggestion raises a fascinating question about means and ends. Though many, if not most, would categorically applaud a law enforcement agency for taking down a prominent child pornography ring, do the FBI’s steps here go too far?
Other, even murkier questions naturally follow: What type of internal assessments, if any, were conducted to determine the potential impact on victims? Were the “network investigative techniques” affirmatively deployed by the FBI covered under the scope of the authorizing warrant? Do its actions in the Playpen case allow the FBI to similarly operate, for example, the Silk Road in order to uncover the identities of drug traffickers? If so, what length of time, if any, is reasonable to achieve this goal?
Many of these questions are already being raised by defense counsel to several of those indicted in the investigation, and will hopefully be addressed by courts in the ensuing litigation. Importantly, this case may serve as a crucial proving ground for the ability of the FBI—and other law enforcement agencies—to utilize hacking techniques to discover, locate, and monitor potential criminals.