How ICE used an obscure rule to pursue the owners of a Korean porn site

Share All sharing options for: How ICE used an obscure rule to pursue the owners of a Korean porn site

Over the course of this summer, tens of thousands of protesters took to the streets of Seoul, demanding that the government take aggressive action over spycam porn — dubbed molka in Korean. A march in June counted around 20,000 participants; by August, the marches had swelled to 70,000. “You never know if there’s a spycam lens hidden inside [a public bathroom] filming you while you pee,” one protester told Agence France-Presse. In July, a man was arrested for installing spycams in motel rooms — when police raided his home, they found 20,000 videos.

Protesters are planning another rally next month, according to The Korea Herald.

In South Korea, molka is closely associated with the now-defunct site Soranet — a “hub of pornographic materials in Korea,” according to one anti-trafficking group. Though police shut down the site in 2016, and Korean police arrested one of Soranet’s admins this past June, the site continues to be the central cultural touchstone in the battle over nonconsensual pornography and other abusive porn in South Korea.

The battle over Soranet is the culmination of a new wave of feminist activism in South Korea, a highly developed country that nonetheless holds societal views on gender that are considered regressive in other OECD countries. There is no right to abortion in South Korea. The country has the world’s third-highest rate of female homicides relative to all homicides (52.5 percent, the worldwide average is 22.2 percent). One study found that about 80 percent of Korean men admit to having physically or psychologically abused a girlfriend.

Agents from the investigative arm of ICE attempted to help chase down Soranet admins

The accusations brought against Soranet by officials and critics included distribution of child pornography — though the site itself has long maintained that it banned child porn — and spycam porn, which appeared frequently on the site. Such sites are not unique to South Korea. Reddit announced in 2015 it would ban revenge porn from adult-content subreddits, and in 2014 hackers uploaded more than 100,000 Snapchat photos to The Pirate Bay and 4chan, including nude pictures of minors.

But The Verge has learned that the Soranet shutdown was unique in a very specific way. Court documents show that agents from Homeland Security Investigations (HSI), the investigative arm of ICE, attempted to help chase down Soranet admins in late 2015 and early 2016, after Korean police decided they were going to shut down the site for good.

Soranet’s servers bounced around over the years, including to the US, according to domain lookups and Korean officials. Much of the story of Soranet takes place abroad — the servers were seized in the Netherlands, and the admins were arrested in South Korea and New Zealand by Korean police.

HSI investigates cross-border crimes, from money laundering to human trafficking to weapons smuggling. In the case of Soranet, it appears HSI issued a customs summons — a New Deal-era administrative warrant originally meant to address, say, illegal imports — in order to demand information about Soranet’s admins from Google, Yahoo, and Microsoft.

The Verge’s reporting suggests that this is one of the first times that a customs summons has been used to pursue a website operating abroad.

Why was the United States government involved in taking down Soranet? And how widely can HSI apply the customs summons to police the global internet? More than two years later, HSI won’t discuss its role in the Soranet investigation.

Not surprisingly, the customs summons was created to aid in investigating customs matters. Established in 1930 under the protectionist Smoot–Hawley Tariff Act, the customs summons empowered US Customs Service agents — who worked for the Treasury Department at the time — to review ledgers and determine whether shippers owed any duties or fees.

The Customs Service has long since been dissolved and its investigative functions have been reassigned to ICE. Over time, HSI agents and prosecutors have come to consider the customs summons a much broader tool, one no longer limited to investigations of physical merchandise crossing borders. In particular, it seems to have become the tool of choice for agents working child pornography cases.

Before the internet, the international trade in child pornography was unquestionably a customs matter, since illicit photos, magazines, and videos were shipped across borders as physical items. But the internet has made policing child pornography importation a much thornier matter. Is it an “import” to download child porn from a foreign server?

In 1993, the Justice Department and Customs Service announced “Operation Long Arm,” the first nationwide investigation of online child pornography, which arose after Danish police seized a web bulletin board and found American subscribers. And in the mid-‘90s, the Customs Service created a “Cybersmuggling Center,” with child porn as one of its primary initiatives.

It’s unclear when HSI agents began using customs summonses in online child porn cases. The first instance found by The Verge was in a 2000 investigation where customs agents issued a summons to an ISP in California based on a tip from German police.

Much of the story of Soranet takes place abroad

The Customs Service, Immigration and Naturalization Service, and other agencies underwent a messy and arguably poorly thought-out restructuring in the Bush years, forming the Department of Homeland Security in 2003. Although they were no longer “Customs Service” agents, ICE agents continued to use the customs summons in cybercrime investigations.

Records from more than two dozen child porn investigations, including one from 2017, show HSI agents sent customs summons to ISPs like Comcast as well as tech companies like PayPal, Yahoo, and Google.

An ICE spokesperson wrote by email that the customs summons “may be used in any HSI investigation or inquiry conducted for the purpose of ensuring compliance with the laws of the United States, as administered by HSI.”

In the few cases where a summons was challenged in court, prosecutors put forward broad arguments about the modern, borderless web.

“Of course, since the advent of the Internet, the distribution of child pornography has no geographic limitations,” the government noted in 2009. “[ICE] has regularly used its summons authority [...] to obtain subscriber information on Internet accounts.”

Ian Samuel, a Harvard Law lecturer who has written about the increasing role network service providers play in criminal investigations, found the government’s explanation “aberrational.”

“It would end up giving ICE quite broad subpoena power,” Samuel told The Verge. “I’m not sure any non-DOJ, non-prosecutor would have anything comparable. It would allow ICE to investigate all internet crimes, or any involving contraband.”

HSI agents have come to consider the customs summons a much broader tool

But the customs summons has popped up in some bizarre cases, including some where it was wasn’t clear the porn in question crossed state lines, much less national borders. Last year, an HSI agent handed a summons to a desk attendant at a motel in the Seattle suburbs, looking for information about a guest. Child porn had been found on the guest’s work laptop by his employer, according to a search warrant affidavit. The suspect was later charged in Snohomish County court, rather than in federal court.

In two cases, it wasn’t even clear what crime the agents were investigating. Last year, an agent with Customs and Border Protection tried to use a customs summons to unmask @ALT_USCIS, a Twitter account that claims to be run by a Department of Homeland Security employee. When Twitter fought the summons in court, the government quickly backed off.

In 2014, an HSI agent at the US Embassy in Buenos Aires sent a customs summons to Twitter seeking information about accounts that criticized a local prosecutor. An ICE spokesperson declined to answer questions about this summons, which the government withdrew when it came to the attention of the Argentine press.

“I bet there is a lot of abuse of 1509 [summonses] and we’ve likely only scratched the surface,” said attorney Ansel Halliburton, referring to the statute that established the customs summons.

Halliburton worked on Doe 1 v. Google and Doe 1 v. Microsoft, cases in which customs summonses were served to “the owner of a Korean-language website” that featured adult content. Halliburton declined to identify the website in question, saying he was unable to discuss it in detail. But based on court documents, The Verge believes that the Doe 1 cases involve Soranet.

The origins of Soranet seem jarringly benign for a site that has mobilized tens of thousands of protesters to take to the streets and an international effort to track down its administrators.

For “Sora,” Soranet’s anonymous founder, access to erotic material is a democratic right. In early interviews and blog posts, she indicated that she wanted to build a platform where members not only swapped porn but also critiqued a conservative culture and a government that closely monitors online expression.

On launching “Sora’s Guide” in 1999, the founder described it as a “guiding light helping non-English speaking Koreans navigate easily across the sea of adult sites.” Sora, who moved to the US in junior high school, said in a 2000 interview that she started the site in her mid-twenties after becoming “disillusioned with the strict control and suppression of sex” that came with “growing up in a strict Korean family.”

“It is one of the human rights to enjoy sex to the fullest,” Sora said.

The site launched a time of fierce debate over whether the Korean government should block “obscene” websites in the name of protecting minors. Sora peppered free expression banners in between the sexy GIFs on the homepage.

“It would end up giving ICE quite broad subpoena power”

“The words that are used by dictatorial powers or regimes around the world to suppress individual rights are ‘wholesome,’ ‘order,’ and ‘moral,’” Sora told another interviewer. She likened blocking websites to the nationwide curfews imposed after World War II, which were only lifted in 1982.

“There is still a curfew on the internet in Korea, which is called filtering,” she said.

When ISPs filtered her site at the request of the Korean Ministry of Information and Communication, Sora put up an “emergency notice” on the homepage urging users to protest.

She revamped the site in 2003 as the Soranet portal, adding features so members could chat, swap erotic stories and relationship advice, and even play games, à la eBaum’s World.

And, of course, they could find all kinds of porn. Soranet catered to a broad spectrum of orientations, yearnings, and fetishes. From the start, Sora included gay and lesbian content — controversial not just because of its adult nature, but because of attitudes toward homosexuality. (South Korea’s current president, largely hailed for his progressive politics, said just last year that he opposes homosexuality.)

Sora also included voyeur footage, bondage videos, and rape scenes. (You’ll find content like this on adult websites in the US and around the world, of course.) In early interviews, she defended much of this content as staged and consensual, while drawing the line at spycam material, saying “there is a problem with peeping on private life if you are not aware or refuse to disclose it.”

Soranet would later claim the site blocked users who uploaded photos taken without consent, saying it “immediately deletes the postings that seem like revenge porn.” Court filings defending Soranet said that users who tried to upload child porn were banned. But such moderation efforts were, generously speaking, ineffective. The less-generous interpretation is that these claims were disingenuous — although The Verge cannot confirm what existed on the now-defunct site, one contemporaneous observer wrote for the Columbia Journal of Transnational Law that at least one of the Soranet boards was solely dedicated to amateur voyeur materials like upskirt videos and spycam porn.

For “Sora,” Soranet’s anonymous founder, access to erotic material is a democratic right

As Soranet’s membership grew into the hundreds of thousands and even past one million, it attracted more attention from law enforcement and internet censors. Police arrested dozens of members and administrators in 2004. But its servers were overseas, ostensibly beyond reach of Korean authorities.

At some point after a 2004 crackdown, Sora added a disclaimer to the homepage: Soranet wasn’t targeted to “Koreans living in Korea,” but was rather “an adult-only service for Korean language users in North America, Japan, Australia, and Europe, where adult content is legal.” It’s not clear where Soranet’s servers were located at in 2004 — in a blog post around this time, Sora wrote only that the site was hosted “overseas.” In earlier interviews, she said the domain was owned by a company in the Bahamas but under contract with a US-based hosting company.

For visitors who just happened to live in Korea, the site offered step-by-step guides to getting around their country’s internet firewalls. To evade filters, Soranet constantly changed its domain, using blogs and then Twitter to broadcast alternate addresses.

As early as 2008 Sora recognized that, like any anonymous platform, the site could facilitate incredible abuses.

“Unfortunately, however, crimes committed in regards to anonymity on the internet are also occurring on Soranet, which lead to the tragic destruction of individuals by intimidating and threatening them with privacy infringement,” Sora wrote, adding that this can lead to “damages that are beyond description,” including suicide.

Sora committed to “provide full cooperation” if requested by the authorities in response to what she called “apparent crimes regarding anonymity.”

In November 2015, the Korean government decided to take down Soranet for good. In the preceding years, Soranet seems to have rented servers all over the world, and its Twitter account tweeted alternate URLs registered in various countries, including the United States, Japan, Panama, and Barbados. As of November 2015, Korean police said the website’s server was on American soil. And in blog posts around the same time, Sora wrote that she operated the site in accordance with California state law.

”We are having talks with our U.S. counterparts to swiftly shut down the website which has its server in the U.S.,” National Police Agency (NPA) Commissioner General Kang Sin-myeong said in late November 2015, according to The Korea Times.

”The two sides have reached an agreement in principle that the website should be closed,” Commissioner Sin-myeong said of the US involvement.

The Department of Justice, which typically handles foreign government requests for investigative assistance, declined to answer which agency pitched in to take down Soranet, but court records indicate it was HSI.

In November 2015, the Korean government decided to take down Soranet for good

Soon after Korean officials announced they were shutting down Soranet, an HSI agent sent subpoenas to Microsoft, Google, and Yahoo. In December 2015 and January 2016, Special Agent Barry Harsa, who was stationed at the US Embassy in Seoul, sent each company a customs summons demanding subscriber information for accounts related to Soranet. (Harsa did not respond to emailed inquiries.)

In February and April 2016, an anonymous litigant — “Doe 1,” who identified themselves as “the owner of a Korean-language website” that features adult content — petitioned US federal courts to block Harsa’s subpoenas to Google and Microsoft. Yahoo declined to comply unless ordered to do so by a judge, according to Doe 1’s filings.

You won’t find “Soranet” anywhere in the court records, but it’s clear which site Doe 1 ran.

Harsa asked Microsoft for information about a Hotmail email account associated with “Sora Park,” the moniker often used by Soranet’s webmaster. And in an affidavit, Doe 1 indicated their website’s servers were seized in Europe in early April 2016, and that shortly afterward police announced the arrest of 62 people “somehow related to the website.” On April 7th, 2016, Seoul police announced the arrest of 62 people related to Soranet following the seizure of servers by Dutch authorities.

Doe 1 argued Harsa’s summonses were part of a campaign by Korean politicians and law enforcement, and invalid on their face.

“Korean politicians, as well as the elected chief of the Korean National Police Agency, have publicly pledged to suppress the Website,” Doe 1 wrote in a May 2016 motion. “These Korean authorities have apparently enlisted the help of agents of the United States government.” (Doe 1’s attorney also declined to discuss the case.)

An HSI agent sent subpoenas to Microsoft, Google, and Yahoo

Doe 1 said the information Harsa sought via his customs summonses was “wholly unrelated” to “Customs-related goals,” and thus invalid.

“Instead, the Administrative Summons is aimed at information from a Google account from a non-U.S. account holder, related to a non-U.S. website with a non-U.S. audience,” Doe 1 argued in the April 2016 complaint. “The only connection to the U.S. is that Doe 1 holds a Google Account.” By this time, Korean police later said, Soranet had moved its servers to Europe.

Yahoo told the government in February 2016 it wouldn’t comply with the Soranet summons absent a court order. The Department of Homeland Security dropped its Soranet summons to Microsoft soon after Doe 1 filed their lawsuit.

But DHS attorneys dug in on the Google summons, refusing to drop it even months after Korean police arrested dozens of Soranet admins and users. Unlike Yahoo, Google didn’t challenge the summons, and Doe 1 called the company “largely a bystander” in the proceedings.

It’s unclear whether Google produced any documents, but the US government ultimately withdrew the summons in August 2016, months after Soranet operators had been identified by Korean officials. Court records do not indicate what eventually happened with the Yahoo summons.

The Verge contacted multiple attorneys and legal scholars about the customs summons, particularly its use to investigate internet crimes. Even lawyers with extensive cybercrime experience had either not seen customs summons being used or were entirely unfamiliar with them.

“I’ve never even heard of a 1509 summons,” wrote Orin Kerr, a law professor at the University of Southern California who has written extensively about the Fourth Amendment and technology.

Marcia Hofmann, who is special counsel to the Electronic Frontier Foundation and has litigated over administrative subpoenas and encryption, said she had never seen a customs summons, either.

“The only connection to the U.S. is that Doe 1 holds a Google Account.”

“Other than the @ALT_USCIS case, I haven’t encountered 1509 subpoenas,” said Nate Wessler, an attorney with the ACLU’s Speech, Privacy, and Technology Project. Wessler argued the Carpenter case before the Supreme Court, which established that law enforcement must get a warrant before requesting location data from cell phone providers.

“I would not want to be the prosecutor trying to be the one to defend this in a case that’s unconnected to the border,” said Edward McAndrew, who prosecuted internet crimes, including child pornography, as a federal prosecutor for nearly a decade.

“It seems really, really broad,” McAndrew, now in private practice, said of the government’s interpretation of the customs summons.

According to Korean media, three of Soranet’s operators are still on the loose, and ICE has not answered whether HSI is helping track them down.

Translations by Jaecheol Choi.