{"id":4635,"date":"2016-09-27T13:57:33","date_gmt":"2016-09-27T17:57:33","guid":{"rendered":"http:\/\/ncjolt.org\/?p=4635"},"modified":"2020-06-04T20:53:00","modified_gmt":"2020-06-04T20:53:00","slug":"fbi-vs-dark-web","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/fbi-vs-dark-web\/","title":{"rendered":"FBI vs. The Dark Web"},"content":{"rendered":"

\"larson-image\"The Fourth Amendment guarantees a right to privacy… or so we all thought. \u00a0In the recent string of Playpen cases<\/a><\/span> pending now across the United States, this issue has arisen after the discovery of thousands of users of the child pornography website. \u00a0Was the Federal Bureau of Investigations (FBI) able to legally hack into private users\u2019 computers and track the Internet Protocol (IP) addresses associated with the child pornography website to locate users?\u00a0 The answer: lawyers, scholars, and courts are in dispute if the FBI\u2019s hacking tactics are legal.
\nThe FBI discovered thousands of users on Playpen after receiving a tip from a foreign law enforcement agency that the site was not hidden as believed, but rather misconfigured making the server\u2019s IP address publicly known.\u00a0 Playpen was supposed to be hidden through an anonymous virtual private network (VPN) called Tor<\/a><\/span>, specifically through Tor\u2019s hidden network, which would have concealed the identity and location of its users.\u00a0 The Tor network connects users through a series of virtual tunnels (as opposed to a direct connection) that reroute traffic to a different location while masking the location and real IP address, allowing users to maintain their privacy, security, and prevent tracking, thus creating a \u201cdark web site.\u201d \u00a0Once the FBI realized the IP address was publicly available, it obtained a search warrant and located the server<\/a><\/span> hosting the site to a computer in Lenoir, North Carolina.
\nInstead of shutting the site down, however, the FBI actually took over the \u201cdark web site\u201d and continued to operate it for almost two weeks.\u00a0 While Playpen was under FBI control, thousands of users were hacked using a network investigative technique (NIT).\u00a0 NIT works by sending malware to site visitors and copying identifying information from each user\u2019s computer before sending it back to the malware sender, e.g. the FBI.\u00a0 This technique led to hundreds of arrests.<\/p>\n

According to the Electronic Frontier Foundation, this is the most extensive domestic use of malware by a U.S. law enforcement agency to date, and it was all done through a single search warrant.<\/p><\/blockquote>\n

 
\nThe use of NIT has raised serious right to privacy<\/a><\/span> issues.\u00a0 How was the FBI allowed to hack thousands of computers with only a single warrant for one computer linked to the server IP address?\u00a0 For every computer the FBI sent malware to, they were able to obtain the computer\u2019s IP address, a unique identifier generated by the NIT to distinguish the data from that of other activating computers, what operating system was used, the host name, operating system username, and MAC address.\u00a0 By using the NIT, the FBI was able to obtain a myriad of private information, all without the owner even knowing their computer was being \u201csearched.\u201d\u00a0 Armed with IP addresses, the FBI subpoenaed<\/a><\/span> internet service providers for the names and home addresses of suspected users.
\nThe search and seizure of this information has led to a debate about whether the FBI\u2019s use of NIT violates the Fourth Amendment.\u00a0 Many of the accused users and those generally opposed to using this tactic view this as an unwarranted search and seizure<\/a><\/span> of private property.\u00a0 They argue by using NIT, the FBI\u2019s malware \u201cseized\u201d the users\u2019 computers by turning them into a surveillance tool controlled by the FBI, \u201csearched\u201d the computer for certain identifying information, and \u201cseized\u201d this information by sending it back to the FBI.\u00a0 These actions presumably involved personal computers kept in private residences, therefore intruding upon privacy rights.\u00a0 Those opposing this method believe that using malware should be evaluated the same way a physical search would be conducted – with an agent physically taking a computer and looking through it for information.\u00a0 By this reasoning, there is a clear violation of privacy.
\nOn the other hand, the Ninth Circuit\u2019s reasoning in one of the many Playpen cases, United States v. Acevedo-Lemus<\/em>, presents the other side of the debate.\u00a0 The Court declared that the \u201cDefendant could not have had a subjective expectation that his IP address would remain private because he routinely disclosed it to third parties, including Time Warner, the Tor network, and websites he visited on the open Internet.\u201d\u00a0 Therefore, because the user made his IP address known to some, and the FBI obtained the address from a third party, it was no longer private information. \u00a0The Ninth Circuit has, on several occasions, concluded that \u201c[i]nternet users do not have reasonable expectations of privacy in their IP addresses or the IP addresses of the websites they visit\u201d because it is generally regarded as public information, despite the fact that users attempted to \u201chide\u201d their identity using an anonymized network.\u00a0 Some of those who agree with the Ninth Circuit\u2019s reasoning even go so far as to believe that all internet usage is public information.
\nGiven these differing viewpoints, the issue will not simply disappear into the \u201cdark web.\u201d\u00a0 With the ever-growing use of the internet by the public and the government\u2019s use to police the nation, a clear precedent should, and likely will, be established.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Fourth Amendment guarantees a right to privacy… or so we all thought. \u00a0In the recent string of Playpen cases pending now across the United States, this issue has arisen after the discovery of thousands of users of the child pornography website. \u00a0Was the Federal Bureau of Investigations (FBI) able to legally hack into private …<\/a><\/p>\n","protected":false},"author":1,"featured_media":4636,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/4635"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=4635"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/4635\/revisions"}],"predecessor-version":[{"id":7177,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/4635\/revisions\/7177"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/4636"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=4635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=4635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=4635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}