
Playpen: The Story of the FBI’s Unprecedented and Illegal Hacking Operation - lelf
https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation
======
speeder
A tv program here in Brazil showed the "cutting edge" tech in capturing
"pedophiles"

First, they showed that the police here, got from some US organizations,
access to some kind of realtime NSA style spying tools, they showed on tv that
their software show realtime torrent data transfer worldwide, with pips
popping up on a map in the entire planet!

Then, they decided to show one person, and showed on tv some kind of hidden
teamviewer, they showed someone screen, realtime.

All of this already made me cringe, what kind of mass spying is US exporting?

Then the tv showed 3 people caught, showed their names, location, jobs, even
filmed one guy house and his family inside...

1\. One guy was an old man that wants help and avoid kids.

2\. Another is a 32 year old unemployed that never his parents apartment, and
never invite anyone, doesn't have friends or romantic partners.

3\. Guy is 28 year old IT worker, no friends or girlfriend. used his work
Internet because he couldn't afford broadband at home.

None of the 3 are in jail, they were only officially charged, and they don't
have a trial date yet.

Then the tv points out that 70% of pedophiles in jail actually raped a child,
and implied that those 3 maybe lied about never abused kids.

So, illegal spying, and guilty until proven otherwise? How these 3 will walk
on the street now? All of them lived in smaller towns, and the tv station was
the most popular tv station of the country.

~~~
retox
I'm interested in watching this footage, do you remember the name and air
date?

~~~
speeder
[http://g1.globo.com/fantastico/noticia/2016/09/exclusivo-
nov...](http://g1.globo.com/fantastico/noticia/2016/09/exclusivo-nova-
tecnologia-se-torna-arma-eficiente-na-cacada-aos-pedofilos.amp)

~~~
retox
Belated thank you.

------
arca_vorago
All I have to say is _get a fucking warrant like the constitution you swore an
oath to requires!_ Once they have a warrant, a specific one at that (as
opposed to a general or blanket one), and then use of these tools is ok.

I understand they got a warrant for the server, but theydidnt get warrants for
each user like they should have, so unless I am missing something, it's
blatantly unconstitutional.

This is where some beltway establishment stenographers would say "but it was
thousands, warrants would take too long!" Well tough fucking shit, you still
have to get a warrant for each IP.

Unless there is some legal precedent someone wants to cite to me, which I have
yet to see.

Mark my words, cp and terrorism and cyberterrorism (read: major bank hacks)
are the things going to be used to increase the surveillance of the internet.
If we dont stand up for the rights even of horrible people, its a slippery
slope that _will, not might_ bite us in the ass later.

First they came for the people who clicked on url shortners, etc.

Shit hell, I wouldnt be surprised if the FBI used this fishnet to spearphish
people that had nothing to do with the site so they became targets.

eg: Send that pesky dissident an email with a link to this so that they pop on
the autocomprimise tool and voila, dissident surveillance engine disguised as
good guy cp catching program.

On a side note, I did some pretty extensive forensics training to be able to
testify about stuff like this, and you would be utterly amazed at how many of
the other "forensics specialists" were utterly incompetent. (for example, not
knowing any other fs than ntfs...)

~~~
gaius
Consider that in American TV and pop culture, the cop who breaks the rules,
ignores due process, shoots first and asks questions after, is the _hero_.

~~~
arca_vorago
Consider that operation mockingbird never really went away after the church
committee and much of that is potentially propaganda.

------
sigmar
This is the second post in the EFF's series on Playpen:
[https://www.eff.org/deeplinks/2016/09/playpen-story-some-
fou...](https://www.eff.org/deeplinks/2016/09/playpen-story-some-fourth-
amendment-basics-and-law-enforcement-hacking)

------
javajosh
Unfortunately the government was wise to expand their power in a child porn
case. It's very, very difficult to motivate to do anything in defense of such
people. If only they'd gone after someone at least _somewhat_ sympathetic!

~~~
cloudjacker
I like to have a thought exercise about the constitutional way to achieve the
same result

You Game?

~~~
mastazi
I'm not sure what you are trying to say. One of the reasons why the
Constitution exists is that, thanks to its very existence, some things become
unconstitutional. If we were to conclude that there isn't a constitutional way
to achieve legalised mass surveillance, then we would have to conclude that
that mass surveillance is unconstitutional. I would be quite happy with that
conclusion, if I may add.

~~~
ikeboy
This case is about targeted, not mass, surveillance.

~~~
mastazi
What if the "target site" was Gmail? Would you still call it targeted
surveillance? What's the limit under which we consider surveillance to be
targeted? 100,000 users? One million? 10 millions?

~~~
nullc
Well... there probably is more child porn in gmail.

~~~
mastazi
Exactly. As the article explains, "the FBI received a tip from a foreign law
enforcement agency that a Tor Hidden Service site called “Playpen” was hosting
child pornography".

What if the FBI received a tip that Gmail users are hosting child pornography?
Would they be allowed to infect Gmail users' computers?

~~~
ikeboy
The entire purpose of playpen was child pornography. The FBI knew that, I
assume they could just go on the site and check. The tip was just telling them
how to find the location of the site so they could do something about it.

If the entire purpose of gmail was to facilitate illegal sharing of cp, then
yes.

(I gather that they also had discussion forums of some sort, but that the FBI
only used the malware against people who visited the specific pages for child
porn. So yes, it was targeted.)

~~~
mastazi
> The entire purpose of playpen was child pornography.

I understand your point and I accept your observation that "mass surveillance"
may not be the right definition of what happened in the Playpen case.

However, I invite you to consider the following: once (and if) there is a
legal precedent where law enforcement agencies are allowed to hack the users
of a given website, that legal precedent will be relevant in future cases,
related to other websites that are not Playpen. Today it's Playpen, tomorrow
it might be a community of activists. By then, I think you will agree with me,
it will be much easier to consider that proper mass surveillance. And if you
were one of those activists mentioned in my example above, good luck building
your defence on the fact that "this provision can't be applied to me, because
it was intended for child pornography websites".

This type of process has already happened in recent history, e.g. with
"security" laws that were passed after 9/11\. Those laws, in several ways,
limit everyone's liberties, not just those of terrorists[1][2].

Of course those provisions seemed like a damn good idea soon after 9/11\. Now,
not so much. Erosion of freedom, just like natural erosion, has a way of
progressing very slowly but steadily.

[1]
[http://www.economist.com/node/1301751](http://www.economist.com/node/1301751)

[2]
[http://www.economist.com/node/9833041](http://www.economist.com/node/9833041)

~~~
ikeboy
They did get a warrant. The laws you reference allowed surveillance without a
warrant.

------
nylsaar
To me, the disturbing thing is the FBI took over the Tor node, moved the
content to a FBI server, and ran it for two weeks.

This article was posted here 17 days ago by minamisan.

[https://news.bitcoin.com/fbi-child-porn-role-
govt/](https://news.bitcoin.com/fbi-child-porn-role-govt/)

~~~
phkahler
>> To me, the disturbing thing is the FBI took over the Tor node, moved the
content to a FBI server, and ran it for two weeks.

Yeah, why don't they just run a porn site full time? Is the limited duration
an admission that they shouldn't use that method? Why not continue if it's so
effective?

------
nxzero
Are there any examples of the FBI creating or enabling predators so they are
able to hunt them?

If so, is this illegal, and if not, why?

------
gragas
Honestly, I'm very satisfied with the work the FBI did in this case.

To those mad about the FBI overstepping privacy rights on shaky grounds: how
could you possibly need more evidence than proof of visits to a website that
distributes child pornography?

~~~
Zombieball
What constitutes "a visit to a child pornography site"?

Say this was not on TOR but the regular internet. Say I masked the URL of this
child porn website with a popular URL shortening service and posted that link
here saying "read this!" You click this link and are surprised and quickly
close the page.

You visited a child porn site!

But now imagine in that ONE visit the FBI exploited an undisclosed
vulnerability in your browser. Now they spy on your malware infected machine.

Would you be happy? I'm not saying this happened but it's possible when you
allow this sort of activity to happen in your country.

~~~
nl
_Say this was not on TOR but the regular internet. Say I masked the URL of
this child porn website with a popular URL shortening service and posted that
link here saying "read this!" You click this link and are surprised and
quickly close the page._

But that _isn 't_ what happened here. Or even close to it.

A better analogy here is something like the FBI staking out an illegal dog
fighting ring (which isn't exactly easy to get into in the first place) and
then tracking the cars of people who visited it.

Maybe they should have to get a warrant, maybe not - I think there are valid
arguments on both sides of that.

But let's not pretend these people didn't know exactly what they were doing.
These aren't innocent people tricked into it.

~~~
Zombieball
I mean the argument still holds for TOR I imagine. Aren't there .onion URL
shorteners (I honestly don't know)?

You're probably right that these people weren't tricked at any point. But
setting a precedent that it's ok for government agencies to inject malware and
attack citizen computers seems like a very slippery slope.

Boobytraps, land mines, etc. are often banned because they attack people
without discretion. Injecting malware into someone's machine just because they
stumble upon an URL (be it .com, .onion, .xxx or .whatever) sounds criminal to
me regardless of who is running the show.

I can't imagine what a warrant for this scenario would look like given it was
on TOR? Who would it be issued for?

~~~
throwaway2016a
I would guess that you could put a proxy in-front of the Tor URL on a clearnet
domain and set the X-Forwarded-For header to the IP of the actual visitor. If
they trust forwarding proxies than it's easy to implicate someone. If they
don't, it's easy to hide from them.

But the same argument holds true for general possession laws. Take some
illegal images, plant it on someone's computer, phone in an anonymous tip,
boom jail time for an innocent person. It's the whole problem with possession
of anything being a crime. Same with drugs. Just accessing something is an
even scarier thought.

------
trowaway_mcshea
This is not going to be popular.

Quite frankly, I think that any person with these compulsions should be put to
death. People with these compulsions are almost never "cured" of them and they
cause unimaginable harm to society. A child who has been sexually abused is
pretty much ruined as a person for the rest of his or her life. The rest of
that person's life is a long, drawn out torture. And this is assuming that the
predator lets the child live. Often they are killed by the predator since the
crime is so egregious and there is no turning back.

I really, really do not care if the rights of these people were trampled on.
Even if my machine was somehow collaterally infected with this malware, it
would not bother me in the least if I knew for sure it was part of this
investigation.

These "people" are beyond help. There is no reform if you have these
compulsions. That is why, even after they have did their time, they must
register as a sex offender and be restricted in where they reside. They should
just be destroyed.

~~~
logfromblammo
Unfortunately for your opinion, creating a state apparatus to surveil,
capture, diagnose, and execute such individuals is far more dangerous than
allowing such people to exist.

You may be expecting far too much of your government. My opinion is that if
pedophilia became a mental illness treatable by execution, enemies of the
powerful might discover that their hard drives had been filled with outlawed
images without their knowledge, rather than just having convenient car wrecks
or drug overdoses.

Why just murder someone when you can simultaneously discredit and vilify them?

If you truly believe that such people are too dangerous to live, the logical
course of action is for you to go out and murder them yourself. Are you
prepared to deal with the consequences of that? Would it be better to just
hire a professional to do it on your behalf? Would that become more acceptable
if the professional is a state employee?

~~~
trowaway_mcshea
When you are convicted of a serious pedophilia related crime with irrefutable
evidence against you or a confession, the min. sentence should just be
execution. The likelihood of re-offending is so high and they have already
done monumental damage that it's much better from a Utility point of view to
just put that person down.

Sexuality is something you can't re-wire. You don't get to choose your sexual
desires and compulsions. You can't "pray the gay away." Some people are
asexual and they are attracted to nobody (or thing, if that's what you fancy.
No judgements). Similarly, you can't stop a pedophile from being a pedophile.
The only difference with pedophiles is that they are wired to cause serious
negative Utility, so the negative Utility brought by killing the pedophile
will be less than the negative Utility the pedophile brings if they are left
alive to continue to commit atrocities.

~~~
Lawtonfogle
Recidivism rate is actually quite law compared to other crimes. As for
execution, you are playing chicken with people who hare far less to lose. It
will also give them a great tool to silence any victims because most victims
do not want their abusers killed and many will make the choice to tolerate the
abuse rather than have a family member killed.

To say nothing that the level of hatred will only lead to pedophiles thinking
through system is being rigged against them and thus be less likely to even
try to live a non harmful life. Germany's program which does the opposite of
what you want seems to be the far better method for ensuring the least amount
of children are abused.

