The FBI has refused to comply with a judge’s request to reveal how it uncovered the identities of Tor users suspected of visiting a child pornography website.
The court order came in a case involving Seattle teacher Jay Michaud, who is one of those alleged by prosecutors to have visited dark web site Playpen.
In February 2015, the FBI managed to seize the site’s servers and kept them running with the addition of some unnamed software – dubbed a 'Network Investigative Technique' (NIT) – which is thought to have exploited a flaw in Tor to reveal the IP addresses of visitors.
Michaud’s lawyers had demanded more details of how the Feds did this in case they exceeded the scope of the warrant granted by a court to conduct the sting operation, and to check if their client has been identified correctly.
In the new court filing (via The Register), the FBI special agent, Daniel Alfin, argues that revealing the nature of the exploit will not provide the information sought by the defense team.
“Discovery of the exploit would do nothing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud’s computer, not what it did once deployed,” he writes.
“Knowing how someone unlocked the front door provides no information about what that person did after entering the house. Determining whether the government exceeded the scope of the warrant thus requires an analysis of the NIT instructions delivered to Michaud's computer, not the method by which they were delivered.”
Alfin goes on to clarify that the identifier assigned to Michaud’s NIT results was definitely unique – and no duplicates were generated.
Alongside this declaration by Alfin, the FBI is reported to have filed a sealed brief explaining why it is resisting the judge’s requests to reveal its exploit code.
If those exploit details were made public then it’s pretty certain that any related bugs would soon be fixed by Tor.
The news comes as the FBI’s high profile courtroom battle with Apple took another twist this week.
Now that the Feds have apparently found a way of brute forcing the iPhone of San Bernardino shooter Syed Farook, it is Apple that wants information – namely how they did it.
It’s thought an unnamed third party firm may have helped the agency in its efforts, but so far it has remained tight-lipped on its methods.
Apple will be worried that this represents a significant security risk to its users, especially if the details fall into the wrong hands.