The FBI has a controversial new method of fighting child pornography: distributing child pornography. As part of "Operation Pacifier," the federal law-enforcement agency ran a dark-web child porn clearinghouse called The Playpen for two weeks, delivering malware to any site visitors, in a scheme that was revealed last summer. But it turns out that site may not have been the only dark-web site that the FBI maintained. According to documents obtained by the American Civil Liberties Union (ACLU), the agency was actually authorized to takeover 23 child-pornography websites in addition to The Playpen.

According to a recently unsealed FBI affidavit, the 23 Tor-hidden sites were run on one computer server and the FBI requested authority to seize this server and deploy its "network investigative technique" on these sites. During the 30-day deployment period, any visitor to sites 1-23 would receive the NIT instructions (essentially malware), which were "designed to cause the 'activating' computer to deliver certain information to a computer controlled by or known to the government," as the FBI affidavit explained it. This information included the computer's actual IP address, host name, operating-system type, and MAC address.

Near the end of the affidavit, the FBI notes that "while Websites 1-23 operate at a government facility," normal user-request data associated with websites 1-23 will be collected" and "such request data can be paired with data collected by the NIT… to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23."

Cybercrime lawyer Fred Jennings told Ars Technica, "That paragraph alone doesn't quite say the FBI is operating" the websites. "But definitely no other way to read that than websites 1-23 were hosted at a government facility, with the FBI's knowledge and to the FBI's informational benefit. It's clever phrasing on their part."

An analysis from security researcher Sarah Jamie Lewis found that between April and August 2016, there were 29 Tor-hidden websites devoted to child porn. Lewis told Ars Technica that "it's a pretty reasonable assumption" that the FBI as running about half of them at some point. "Doing the math, it's not zero sites, it's probably not all the sites, but we know that they're getting authorization for some of them. I think it's a reasonable assumption—I don't think the FBI would be doing their job if they weren't."

As Reason's Jacob Sullum noted when the Playpen news came out, "the government's position is that children are revictimized every time images of their sexual abuse are viewed or shared," which "is one of the main rationales for punishing mere possession of child pornography," not just those who make or distribute or profit from it. Under federal law, distributing a sexually explicit image of a child comes with a mandatory minimum prison sentence of five years and a possible 20 years."If such actions merit criminal prosecution because they are inherently harmful," Sullum points out, "there is no logical reason why the federal agents who ran The Playpen should escape the penalties they want to impose on the people who visited the site."

The Playpen authorization came from a judge in Virginia, while the mysterious websites 1-23 were authorized by a judge in Maryland. So far, more than 200 charges have stemmed from the FBI's Playpen foray, mostly for receiving or possession of child porn. But in trying to prosecute theses cases, the FBI has already faced resistance from federal judges holding that the FBI's operation was unconstitutional and any evidence obtained must be suppressed. "The courts have been divided in their rulings on whether the FBI went too far," explained Mike Carter at The Seattle Times, "and prosecutors and defense lawyers say the case is almost certainly headed to the U.S. Supreme Court."