Tor is a piece of “free software enabling anonymous communication.” In other words, Tor gives users the ability to freely use the Internet without any potential monitoring by Internet Service Providers. To do this, Tor directs internet traffic through a global system of relays consisting of thousands of volunteers, successfully allowing untraceable Internet browsing. The main purpose of Tor is to allow users keep their privacy and freedom of conducting confidential communication without being monitored. This appeals to a growing portion of the population because trust in government and its agencies has gone down significantly, meaning that people are worried that their first amendment rights are being taken away if they are being monitored.

But, networks like Tor can lead to very difficult situations where user information may be needed for public safety and security. Recently, The Department of Justice stood by Tor in a child pornography that would have disclosed Tor’s vulnerability. The FBI had been investigating a case which involved Playpen, a child porn website hosted as a Tor hidden service. Part of this investigation involved using user traffic on Tor to actually find out who had committed the crime. In other words, the FBI had found a vulnerability in Tor’s infrastructure, which clearly showed the proper evidence to prove the child pornography case.

However, the Department of Justice had deemed this evidence unusable in court because it was illegally obtained, without the consent of Tor or users. In a filing on the case, federal prosecutor Annette Hayes wrote that the suppression order filed by the FBI “has deprived the government of the evidence needed to establish defendant Jay Michaud’s guilt beyond a reasonable doubt at trial.” The main reason why the government had difficulty making this decision was that there were only two visible options: disclosing classified information and dismissal of the investigation and indictment.  The final decision was to dismiss the case and to not disclose the confidential information.

Annete Hayes had written that “dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery,” and “The government has not sought unfair advantage over Michaud, nor has it acted with any improper motive. It simply acted to protect highly sensitive information from criminal discovery as was its obligation. The Court should, therefore, dismiss this case without prejudice.”

The reason as to why the Tor vulnerability would not be disclosed is that it would violate Rule 41 of the Federal Rules of Criminal Procedure, which states that federal law enforcement agencies, like the FBI, were allowed to “hack computers outside the jurisdiction in which the warrant was granted.” Recent changes to this rule indirectly permitted federal law enforcement agencies from hacking computer systems outside of jurisdiction without a warrant, which is exactly what the case was for this investigation. Ultimately, the court decided that the indictment must be dropped, because the evidence was obtained without consideration of Rule 41.

Featured Image via Wikimedia