Marques was the first in a line of famous cybercriminals to be caught despite believing that using the privacy-shielding anonymity network Tor would make them safe behind their keyboards. The case demonstrates that government agencies can trace suspects through networks that were designed to be impenetrable.

Marques has blamed the American NSA’s world-class hackers, but the FBI has also been building up its efforts since 2002. And, some observers say, they often withhold key details of their investigations from defendants and judges alike—secrecy that could have wide-ranging cybersecurity implications across the internet.

“The overarching question is when are criminal defendants entitled to information about how law enforcement located them?” asks Mark Rumold, a staff attorney at the Electronic Frontier Foundation, an organization that promotes online civil liberties. “It does a disservice to our criminal justice system when the government hides techniques of investigation from public and criminal defendants. Oftentimes the reason they do this kind of obscuring is because the technique they use is questionable legally or might raise questions in the public’s mind about why they were doing it. While it’s common for them to do this, I don’t think it benefits anyone.”

Freedom Hosting was an anonymous and illicit cloud computing company running what some estimated to be up to half of all dark web sites in 2013. The operation existed entirely on the anonymity network Tor and was used for a wide range of illegal activity, including the hacking and fraud forum HackBB and money-laundering operations including the Onion Bank. It also maintained servers for the legal email service Tor Mail and the singularly strange encyclopedia Hidden Wiki.

But it was the hosting of sites used for photos and videos of child exploitation that attracted the most hostile government attention. When Marques was arrested in 2013, the FBI called him the “largest facilitator” of such images “on the planet.”

Early on August 2 or 3, 2013, some of the users noticed “unknown Javascript” hidden in websites running on Freedom Hosting. Hours later, as panicked chatter about the new code began to spread, the sites all went down simultaneously. The code had attacked a Firefox vulnerability that could target and unmask Tor users—even those using it for legal purposes such as visiting Tor Mail—if they failed to update their software fast enough.

While in control of Freedom Hosting, the agency then used malware that probably touched thousands of computers. The ACLU criticized the FBI for indiscriminately using the code like a “grenade.”

The FBI had found a way to break Tor’s anonymity protections, but the technical details of how it happened remain a mystery.

“Perhaps the greatest overarching question related to the investigation of this case is how the government was able to pierce Tor’s veil of anonymity and locate the IP address of the server in France,” Marques’s defense lawyers wrote in a recent filing.

In the original indictment, there is little information beyond references to an “investigation in 2013” that found a key IP address linked to Freedom Hosting (referred to in the document as the “AHS,” or anonymous hosting service).

Marques’s defense lawyers said they received only “vague details” from the government, and that “this disclosure was delayed, in part, because the investigative techniques employed were, until recently, classified.”

Peter Carr, a Justice Department spokesperson, said the letter is “not in the public record.” The defense attorneys did not respond to questions.