In December 2014, the FBI received a tip from a foreign law enforcement agency that a Tor Hidden Service site called “Playpen” was hosting child pornography. The site's actual IP address was publicly available and appeared to resolve to a location within the U.S. After some additional investigation, the FBI obtained a search warrant and seized the server hosting the site.
Instead of shutting down the site, the FBI continued to operate the suspected child porn website for nearly two weeks, allowing thousands of images of child pornography to be downloaded. FBI began sending malware to visitors of the site, copied certain identifying information from a users’ computer and sent it back to the FBI in Alexandria, Virginia.
The government calls its malware a “NIT”—short for “Network Investigative Technique.” Thousands of computers, located all over the world, were searched in this way. The FBI exploited a vulnerability in the software, executed code on an individual’s personal computer, and seized data remotely from that computer without the user’s knowledge. As far as EFF is aware, this is the most extensive use of malware a U.S. law enforcement agency has ever employed in a domestic criminal investigation.
And all of this was done on the basis of a single warrant.
As it stands now, the government has prosecuted hundreds of people across the country as a result of this investigation. Now, these prosecutions are being challenged based on the tenuous legal basis of the FBI’s warrant and prosecutors' refusal to disclose to defendants exactly how the FBI malware operated. However, some courts have upheld these governmental actions in dangerous decisions that, if ultimately upheld, threaten to undermine individuals’ Constitutional privacy protections in their home computers.