Declan McCullagh reports that the FBI has begun using fake hyperlinks to alleged child pornography images to build cases in child porn investigations:
The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.
Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.
A CNET News.com review of legal documents shows that courts have approved of this technique, even though it raises questions about entrapment, the problems of identifying who’s using an open wireless connection–and whether anyone who clicks on a FBI link that contains no child pornography should be automatically subject to a dawn raid by federal police. . . .
The implications of the FBI’s hyperlink-enticement technique are sweeping. Using the same logic and legal arguments, federal agents could send unsolicited e-mail messages to millions of Americans advertising illegal narcotics or child pornography–and raid people who click on the links embedded in the spam messages. The bureau could register the “unlawfulimages.com” domain name and prosecute intentional visitors. And so on.
This is a very interesting technique, although I disagree with Declan’s claim that the “implications” of it are “sweeping.” The key question is whether clicking on a link constitutes probable cause to search a home. There is no “automatic” answer to this question; it is always fact-specific. See Illinois v. Gates, 462 U.S. 213 (1983) (“The task of the issuing magistrate is simply to make a practical, common sense decision whether, given all the circumstances set forth in the affidavit before him,. . . there is a fair probability that contraband or evidence of a crime will be found in a particular place.”) So you really can’t analyze the technique without knowing the facts.
Consider the facts of the case described in Declan’s story. (Warning: The facts are graphic.) An undercover FBI logged in to a now-defunct message board hosted in Russia called “Ranchi,” which the agent knew to be used for distributing images of child pornography. The agent posted a message, “here is one of my favs — 4yo hc with dad (toddler, some oral, some anal) — supercute! Haven’t seen her on the board before” with links to URLS that appeared to host a file named “4yosuck”. The links ended up being to an FBI computer that didn’t host anything criminal, but the FBI computer collected the IP addresses of the people who clicked on the link. When the IP address resolved to an ISP in the U.S., the FBI obtained the home address associated with the account and then raided the house for the computer and any child pornography stored inside the house.
Did the government’s affidavit create probable cause? I would need to look at the entire affidavit to know for sure, but just based on these basic facts I would think the case for probable cause is likely to be pretty good. I assume the FBI did not in any way broadcast their IP address or host anything on that computer, and that the link came in soon after the message was posted, so it seems likely that the only incoming web traffic request would be from a link other than from the message board. And given the context, this seems like an unlikely link that someone might come across by accident. To be sure, it’s possible to imagine scenarios involving innocent links or some other break in the connection between the home and the possible evidence (unsecured wireless connections, for example), but my sense is that this would still likely create probable cause (again, a call hard to make without seeing the whole affidavit, just something that is likely).
Nor is there a case for entrapment at trial on these facts. For a defendant to have an entrapment defense, the government needs to pressure him to commit the crime in some way. Here there was no significant pressure; the government created and advertised the opportunity but did not excessively push the defendant to click on the link.
Does this mean that the government could send you spam with apparent links to child pornography, and that if you clicked on the link the government could raid your home? No, I don’t think so. In the case of spam in an inbox, a person might click on a link by mistake or out of curiosity as to what the file may be without actually knowing or expecting it to be child porn. That seems significantly less likely in the case of a link on a message board such as the one in this case. Second, a spam e-mail is unlikely to be as clearly labeled as the image in this case. What tends to make the case for probable cause in the case Declan described is the likelihood in context that a person who clicked on the link was actually looking for images of child pornography. If you change the context, you change the strength of the case for probable cause.
Thanks to Michael Cernovich for the link.