For almost two weeks last year, the Federal Bureau of Investigation captured and maintained what it has described as one of the Internet’s most prolific child pornography websites, allowing users to download thousands of explicit images and videos from a government site in the suburbs of Washington, D.C.
The operation — whose details remain largely secret — was at least the third time in recent years that FBI agents took control of a child pornography site but left it online in an attempt to catch users who officials said would otherwise remain hidden behind an encrypted and anonymous computer network. In each case, the FBI infected the sites with software that punctured that security, allowing agents to identify hundreds of users.
The Justice Department recently acknowledged in court filings that the FBI was running the website known as “Playpen” from Feb. 20 to March 4, 2015. During that time frame, the site averaged more than 215,000 users and housed more than 23,000 images and videos, more than 9,000 of which users could download directly from the FBI.
That approach is a significant departure from the government’s past tactics for battling online child porn, in which agents were instructed that they should not allow images of children being sexually assaulted to become public. The Justice Department has said that children depicted in such images are harmed each time they are viewed, and once those images leave the government’s control, agents have no way to prevent them from being copied and re-copied to other parts of the internet.
Officials acknowledged those risks, but said they had no other way to identify the people accessing the sites.
“We had a window of opportunity to get into one of the darkest places on Earth, and not a lot of other options except to not do it,” said Ron Hosko, a former senior FBI official who was involved in planning one of the agency’s first efforts to take over a child porn site. “There was no other way we could identify as many players.”
Lawyers for child pornography victims expressed surprise that the FBI would agree to such tactics – in part because agents had rejected them in the past – but nonetheless said they approved. “These are places where people know exactly what they’re getting when they arrive,” said James Marsh, who represents some of the children depicted in some of the most widely-circulated images. “It’s not like they’re blasting it out to the world.”
The FBI hacks have drawn repeated – though so far unsuccessful – legal challenges, largely centered on the search warrants agents obtained before agents cracked the computer network.
But they have also prompted a backlash of a different kind. In a court filing, a lawyer for one of the men arrested after the FBI sting charged that “what the government did in this case is comparable to flooding a neighborhood with heroin in the hope of snatching an assortment of low-level drug users.” The defense lawyer, Colin Fieman, asked a federal judge to throw out child pornography charges against his client, former middle school teacher Jay Michaud. A federal judge is scheduled to hear arguments on that request Friday.
Federal agents first noticed Playpen not long after it went online in August, 2014. The site was buried in what is often called the “dark web,” a part of the internet that is accessible to the public only through Tor, network software that bounces users’ internet traffic from one computer to another to make it largely untraceable.
By March of last year, the FBI said, Playpen had grown to become “the largest remaining known child pornography hidden service in the world,” the Justice Department said in a court filing. FBI agents tracked the site to computer servers in North Carolina, and in February seized the site and quietly moved it to its own facility in Newington, Va.
During the 13-day period that the FBI ran the site, which had sections labeled “toddlers” and “prepubescent females,” the bureau did not post any images to the site but did allow images on the site to remain and did not block users from uploading more images.
One section of the site was labeled “toddlers,” according to court records. And prosecutors said that some of the images users accessed during the time Playpen was under the government’s control included “prepubescent female” having sexual intercourse with adults.
The FBI was able to track 100,000 registered users during the time of the operation on the “dark web,” court filings showed, and agents were able to find “true” computer addresses for 1,300 people, adding that the government has charged 137 individuals with a crime.
Law enforcement has long complained that online services like Tor create a type of safe haven for criminals because they hide the unique network addresses from which people connect to sites on the internet. Officials said the only way for the government to crack that network was to take over the site and infect it with malware that would trick users’ web browsers into revealing their real internet addresses, which agents could then trace back to the people who were using them.
“The government always considers seizing an illegal child pornography site and removing it from existence immediately and permanently,” Justice Department spokesman Peter Carr said. “While doing so would end the trafficking of child pornography taking place on that one website, it would do nothing to prevent those same users from disseminating child pornography through other means.”
Still, he said, “The decision whether to simply shut down a website or to allow it to continue operating for a brief period for a law enforcement purpose is a difficult one.”
Justice officials said they were unable to discuss details of the investigation because much of it remains under seal, at their request.
The Justice Department said in court filings that agents did not post any child pornography to the site themselves. But it did not dispute that the agents allowed images that were already on the site to remain there, and that it did not block the site’s users from uploading new ones while it was under the government’s control. And the FBI has not said it had any ability to prevent users from circulating the material they downloaded onto other sites.
“At some point, the government investigation becomes indistinguishable from the crime, and we should ask whether that’s OK,” said Elizabeth Joh, a University of California Davis law professor who has studied undercover investigations. “What’s crazy about it is who’s making the cost/benefit analysis on this? Who decides that this is the best method of identifying these people?”
The FBI was first known to have operated a child porn site in 2012, when agents seized control of three sites from their operator in Nebraska. FBI Special Agent Jeff Tarpinian testified that the government “relocated two servers to an FBI facility here in Omaha and we continued to let those child pornography run – websites operate for a short period of time."
That case led to federal child pornography charges against at least 25 people. But in an illustration of how difficult the cases can be, at least nine of the people charged in those cases are still identified in court records only as “John Doe,” suggesting the FBI has so far been unable to link specific people to the network addresses it logged.
The next year, the FBI took control of a dark web site known as Freedom Hosting. The man prosecutors have accused of operating that site, Eric Marques, is due to be extradited to the United States; the charges against him remain sealed. The FBI revealed its role in an Irish court hearing covered by local media.
In each case, the FBI injected the site with malware to crack Tor’s anonymity.
Those hacks, developed with the help of outside contractors, were a technical milestone. When the FBI first realized it could break through Tor, Hosko said the agency gathered counterterrorism investigators and intelligence agencies to see if any of them had a more pressing need for the software. “It was this, exponentially,” Hosko said.