A secret FBI hacking tool, used to compromise the Tor anonymous browser in one investigation, is facing challenges from criminal defendants, perhaps putting its future in doubt.
Defendants have demanded to see details of the FBI's network investigative technique (NIT), the agency's name for the relatively recent hacking tool, in a handful of criminal cases, but the agency has refused to disclose the information.
A judge in a high-profile child pornography case, in which a website called Playpen was accessible only through Tor, is trying to decide whether the FBI should disclose the NIT's source code to the defendant.
If the FBI shares the source code, its hacking tools may be compromised in future cases. But the U.S. Constitution's Sixth Amendment gives a defendant the right to confront his accusers and challenge their investigation.
Judge Robert Bryan of the U.S. District Court for the Western District of Washington wrestled with the competing interests in a case status order he issued in the U.S. v. Michaud case this week.
The defendant's request for the NIT source code "places this matter in an unusual position," Bryan wrote. "What should be done about it when, under these facts, the defense has a justifiable need for information in the hands of the government, but the government has a justifiable right not to turn the information over to the defense?"
Ars Technica, which reported on Bryan's order this week, noted that two other judges, in Oklahoma and Massachusetts, have ruled this year to suppress NIT-obtained evidence. And a defense attorney in West Virginia has filed to withdraw a guilty plea in a case involving NIT evidence.
In another order this week, Bryan refused Mozilla's request for the government to disclose a vulnerability in Tor. Tor is based on Mozilla's Firefox browser.
The FBI's strategy with NIT-aided investigations appears to involve hiding its use of hacking tools, and, in some cases, pressing for guilty pleas before defendants and their lawyers question the investigative techniques, said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union.
The ability of defendants to confront the evidence against them is "absolutely essential" to conducting fair trials, Wessler said. Secret evidence is "irreconcilable" with the U.S. justice system, he added.
The FBI has defended NITs, saying their use is limited. "The use of Network Investigative Techniques is lawful and effective, and only employed when necessary -- against some of the worst offenders," the agency said in a statement. "The technique is time and resource intensive, and is not a viable option for most investigations ..."
The Michaud case raises several sticky issues, technology and legal experts said.
Both sides should have access to evidence in a criminal case, but FBI disclosure of the NIT's source code could kill the tool's effectiveness going forward, said Paul Fletcher, security evangelist for security vendor Alert Logic.
"Sharing that detailed information in this scenario doesn’t necessarily mean that information should be released to the public," he said by email. "The implications of the FBI being forced to share these techniques could expose their technical capacity and/or their dependence on external sources to help with hacking techniques. In other words, the general public would begin to understand the level of technical capabilities of the FBI."
In the Michaud case, the defendant's lawyer had agreed earlier to view the source code using FBI-approved security measures, but the FBI backed away from that compromise.
Look for inconsistent rulings across the U.S. related to secret government hacking tools, added James Goodnow, a lawyer with the Fennemore Craig law firm in Phoenix.
"This is a classic example of the law not keeping up with technology," Goodnow said by email. "The law on the disclosure of source code is murky, at best."
The issue is "ripe" to go to an appeals court, or even the U.S. Supreme Court, he added.
In addition, expect more defendants to challenge government hacking techniques, with their lawyers questioning whether the hacking exceeded the limits of a warrant, Goodnow added.
"When it comes to source code, defendants are going to argue that they have a constitutional right to explore whether the officer provided the judge with enough specificity about how evidence was being obtained and whether the obtained evidence is within the scope of that warrant," he said. "No code; no due process; no conviction -- at least that’s how the argument will go."