FBI Sends Computer Information Collected By Its Hacking Tools In Unencrypted Form Over The Open Internet

from the the-(fraying)-ends-justify-the-(sloppy)-means dept

The FBI doesn't want to talk about its secret malware, but with over 100 child porn prosecutions tied to it, it's had to discuss at least a few aspects of its Network Investigative Technique (NIT).

In yet another prosecution -- this one actually taking place in Virginia for a change -- the FBI is once again struggling to withhold details of its NIT from the defense. Suppression of the evidence likely isn't an option, as the warrant it obtained in Virginia was actually deployed in Virginia. I'm sure the FBI is as surprised as anybody by this fortuitous coincidence. But the defendant still wants access to more information, as he is looking to challenge the evidence the FBI collected with its Tor-defeating exploit.

The defendant, Edward Matish, has questions about the chain of custody. FBI Special agent Daniel Alfin, who has testified in other Playpen/NIT cases inadvertently admits there could be problems here, considering the FBI does nothing to protect the information it collects from suspect's computers from being intercepted or altered. (h/t Chris Soghoian)

I have read the Defendant's reply to the Government's Response to the Motion to Compel dated May 23,2016. In the motion, Matish asserts that there are chain of custody problems caused by the fact that the NIT transmitted data "unencrypted over the traditional internet". This assertion is further supported by the declaration of Matthew Miller who states "the IP address relayed to the FBI was unencrypted and subject to attack by hackers" Miller Dec.

So, the NIT the FBI says is so secret it won't discuss it even if facing contempt orders apparently sends back info over the open internet. Agent Alfin plows past this admission, calling the defense expert "wrong" while refusing to discuss the possibility that unencrypted transmissions could be altered.

He is wrong. In fact, the network data stream that has been made available for defense review would be of no evidentiary value had it been transmitted in an encrypted format. Because the data is not encrypted, Matish can analyze the data stream and confirm that the data collected by the government is within the scope of the search warrant that authorized the use of the NIT. Had the data been transmitted in an encrypted format the data stream would be of no evidentiary value as it could not be analyzed.

This is absurd. If Alfin is to be believed, any communications/data sent utilizing end-to-end encryption would be nothing but useless, scrambled gibberish to recipients. The FBI didn't encrypt these transmissions because it probably didn't seem worth the effort… at least not at the time. The FBI could have encrypted the transmissions and delivered the decrypted results to defendants for them to examine. I'm sure it wishes it had done this, now that it's being challenged in court.

This is one more example of the FBI's overconfidence getting in the way of its better judgment. These were supposed to be open-and-shut child porn prosecutions -- a repeat of its mostly under-the-radar use of the same tools and tactics in 2012. But they aren't. They're being challenged and the FBI is going from courtroom to courtroom, putting out fires. And all that scrambling is leading to half-assed explanations like this, which raises serious questions about the FBI's investigative "techniques."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: daniel alfin, doj, edward matish, encryption, fbi, going dark, hacking, malware, nit, playpen