Judge torpedoes 'Tor pedo' torpedo evidence A US District Court judge has tossed out evidence gathered by the FBI from Tor users, because the Feds wouldn't reveal how exactly it exploits their browsers to unmask them. Jay Michaud, a Vancouver school administration worker, was charged with viewing a hidden service called Playpen, which hosted child abuse material, on the …
>Mozilla had backed the defence in the case, on the basis that if the FBI wouldn't reveal its techniques, browsers like its Firefox software couldn't be patched against vulnerabilities.
Fscking Fed asshats. As bad as pedophiles are keeping exploits that only serve to make our crappy vulnerable infrastructure even more so are just as criminal. Keep thinking the US can stay on the cyber offensive and will always inflict more damage on our often far less technological dependent enemies because of course only we know the zero days. Idiots.
If they have one exploit, I'd bet they have more. Rather than release this info and garner convictions, they'll let them go free under the "national security" flag-waving. They've already tipped off the bad guys that TOR is insecure, so what's the real harm?
On a different front, the FBI has been fighting encryption because of paedophiles and ya' know.. terrorists. Now they won't follow up on the alleged paedos. I guess next, they won't follow up on any alleged terrorists. In the mean time, everyone picked up innocent or not has had their name dragged through the mud. Has justice been served? I think not. It's been perverted.
Once upon a time, I actually thought the FBI were somewhat good guys (J. Edgar and crew were not good guys). But I'm now believing that it was misplaced. Anyone who thinks this is all ok, has obviously put their head and sand and fails to see where this behavior is headed. And it's not to a warm, happy future.
Thanks to laws like the Patriot Act, the FBI doesn't have to prosecute terrorism suspects the same as citizens. They don't actually have to prosecute them at all (that's why Gitmo is still around). So while perverts can cower behind the constitution </sarcasm>, the FBI can use all the near criminal tactics they want to catch terrorists, and we may never even know it happens.
> Unknown to Michaud, at the time he's accused of viewing the material, the server was already under the control of the Feds.
Shirley that sentence is getting pretty close to libel. I'm making no assumptions about whether he is guilty or innocent here, but one would expect the whole point of the defence argument was that he never accessed that site. If that is true (presumption of innocence and all that) then it would make no more sense than pointing out that Chirgwin did not know at the time that Michaud is accused of viewing...
The point here is that "we have secret evidence that proves his guilt, trust us" doesn't cut it. Perhaps with the opportunity to review and contest the evidence, an innocent man could be spared from unjust punishment, or perhaps it proves guilt beyond reasonable doubt.
"we have secret evidence that proves his guilt, trust us" doesn't cut it. Perhaps with the opportunity to review and contest the evidence, an innocent man could be spared from unjust punishment,
The Government knows full well that "secret evidence" that will allow a Federal Prosecutor to file charges is sufficient to achieve their aims, simply by destroying the defendant through catastrophic legal fees, destruction of reputation, probable loss of employment, and other personal damage such as impact on family relations and possible divorce proceedings. More significantly, the wide circle of fear and confusion that spreads through the community: "don't risk government displeasure" is significant. The FBI is indeed spying on pedophiles and terrorists, but is equally concerned with internal dissidents and domestic "opposing forces," whoever and whatever they may be. It established itself as an unapologetic watchdog during the Civil Rights and Vietnam War protest eras, and has simply gone "quiet" while ramping up internal surveillance abilities.
Also, please remember that "public defenders" in the US are underpaid, overworked, and inexperienced. Public defenders are regarded as a burden on the system, employed at great taxpayer expense to defend the undeserving. Typically, public defender offices are ill-funded and under-manned in most jurisdictions. Yes, justice is available... to those Americans who can afford it. Those without means may get a plea bargain prior to sentencing.
"They can show ... but they will not reveal how they obtained the evidence"
If they will not reveal how they obtained the evidence then we don't know that they didn't simply invent it. If they invented it then it isn't evidence. If they don;t have evidence then they can't show anything.
Revealing how they obtained the evidence is a link in the chain of proof every bit as essential as the evidence itself. No chain, no proof.
No it isn't, the law is doing it's job. Stopping the government/law enforcement doing whatever it wants by making stuff up.
Would you feel the same way if the accused was a relative of yours, and you want information on how the FBI evidence was collected in order to prove their innocence?
You have to consider the wider implications. If law enforcement is allowed to say 'Trust us, the evidence is right' without proving it, the potential for abuse is massive.
Obviously they put content on the playpen site that pervs downloaded and infected their PCs with, which then made a connection over the open internet to an FBI controlled server.
Giving away the exploit used costs them nothing, it isn't like they don't have a whole library full of them - and what they used might have been fixed by now anyway. They can always use a different FBI controlled server next time, and probably would use a separate one for each such attack.
It would be impossible to protect yourself against this unless you block EVERY outgoing connection that isn't TOR via a firewall using a separate device - which seems prudent whether you are looking for child porn or contacting ISIS for bombmaking advice... Are they afraid people are going to figure that out?
They've released enough information (Flaw in the version of FF used with the 'tor browser' project) that we know to not use that browser.
You're know now that you are going to need to use Tor as your proxy and use a different browser. Ideally one that doesn't have flaws, or at least one that doesn't have the weaknesses that the bundled version of FF has. Even better would be to retrieve everything via curl and view it offline.
That's irrelevant though, as there are plenty of flaws in regular versions of Firefox, Chrome and IE that could be similarly exploited. Since the FBI controlled the site the pervs were visiting, they could put any sort of malicious HTML, CSS, or whatever on the site to take advantage of those flaws. So long as the client PC has the ability to connect to the internet without going through TOR, the FBI can find them.
Using the Firefox with TOR built in is probably harder to exploit, as it probably can't make any connection without going through TOR. You'd have get an exploit that runs code, rather than one that simply makes an HTTP connection without going through TOR.
Presumably the logic is that if they reveal the exploits used, they won't be able to use it again in the future to find more criminals. But they already know from this case that any evidence gathered using the same method will be useless, so why would that matter? Either they have a known exploit that might be patched in the future, or an unknown exploit that they can never actually use. Are they just hoping that another court will rule differently in the future?
The source of the exploit might be the NSA, and the NSA has not authorized the FBI to divulge the exploit in criminal court to go after alledged pedophiles. That's because the exploit is being used in hundreds of other intelligence operations run by the NSA/GCHQ/insert name of shadowy sigint agency here.
Possibly, but I would think that when you use an exploit in an operation like this it pretty much has to be considered "burned" anyway. (Which of course means the NSA wouldn't let them use the good stuff for this purpose.) I mean this isn't quite like when they attacked freedom hosting (which hosted a wide variety of hidden services, not just illegal porn), but still, you're putting your exploit in the hands of thousands of security-conscious users.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
