This story is over 5 years old.


Lawyers: FBI Must Reveal Malware for Hacking Child Porn Users or Drop Its Case

Defense says the government has to either reveal its network investigative technique or drop a case against an alleged child pornography user.

Last month, the FBI pushed back against a court order to reveal the full malware code it used to hack suspected visitors of a dark web child pornography site.

Now, in a partially redacted motion filed on Monday, opposing lawyers are arguing that the government either needs to comply with the order and reveal its malware, or drop the case.

"The Government has now made plain that the FBI will not comply with the Court's discovery order," wrote Colin Fieman and Linda Sullivan, attorneys representing Jay Michaud, one of those arrested as part of the FBI's investigation into child pornography site Playpen.


Michaud was arrested after the FBI deployed a network investigative technique (NIT)—the agency's term for a hacking tool, or malware—in order to identify the site's users.

Michaud's lawyers add that if the FBI continues its stalemate, then the judge should throw out the case himself

The FBI has been resisting an order to reveal the code for this NIT since February, when a judge said "you can either produce [the discovery] or move to dismiss."

Defense lawyers have echoed that ultimatinum.

"The consequences are straightforward: the prosecution must now choose between complying with the court's discovery order and dismissing the case," Fieman and Sullivan continue.

The motion was in response to a sealed filing from the government, which asked the judge to reconsider providing the malware code to the defense. Several large sections of the defenses' latest filing are redacted, as it quotes parts of the government's own motion. (The attorneys are also seeking to have the government's argument unsealed.)

There are parts that hint at what arguments the government has made, however. "It has flatly refused to adopt additional security measures for discovery that would address any legitimate security concerns," the attorneys write, indicating that the government may have argued that any exposure of the NIT, even to defense lawyers under a protective order, could put the malware at risk of being distributed more widely.


Experts have previously said that, judging by the effort that the FBI is going to in order to keep its hacking tool underwraps, it may still work.

The attorneys then point to similar cases where the FBI would rather lose convictions than divulge details of its surveillance techniques. With regards to Stingrays, devices that are capable of tracking cellphones and sometimes intercepting communications, "the FBI in fact ordered local prosecutors to dismiss cases or reduce felonies to minor charges rather than comply with discovery orders," they write.

They also note that the number of Playpen users increased dramatically while the FBI was operating the site in order to deliver its NIT. The two possible reasons given are that the FBI deliberately drew new users to the site, or that a small tweak in the homepage made by the administrator before the site was seized could have led users to not understand that they were about to log into a child pornography site. Both of these theories are unsubstanisted, however.

Last week, in a related case, a judge threw out evidence obtained via the NIT. That reasoning, however, had little to do with the malware itself or any discovery issues, and instead circled around the one warrant used to authorise the FBI's hacking campaign.

As for the Michaud case, the defense indicate that the FBI really has no intention of handing over its malware code.

"The FBI has announced that it will not comply with the Court's discovery order," the attorneys write.

Michaud's lawyers add that if the FBI continues its stalemate, then the judge should throw out the case himself.