Senator: Let's monitor P2P for illegal files

WASHINGTON--A prominent Senate Democrat on Wednesday said federal and local police should use custom software to monitor peer-to-peer networks for illegal activity, and he wants to spend $1 billion in tax dollars to help make that happen.

Sen. Joe Biden (D-Del.)

(Credit: Biden.senate.gov)

At an afternoon Senate Judiciary subcommittee hearing about child exploitation on the Internet, Sen. Joe Biden (D-Del.) said he was under the impression it's "pretty easy to pick out the person engaged in either transmitting or downloading violent scenes of rape, molestation" simply by looking at file names. He urged use of those techniques by investigators to help nab the most egregious offenders.

The software, dubbed "Operation Fairplay," was developed two years ago by Special Agent Flint Waters in the Wyoming Attorney General's Office, who, by Biden's description, is considered an expert in the field. The application is currently being used by all of the regional Internet Crimes Against Children (ICAC) task forces nationwide and internationally, Waters told the panel.

Waters describes the system as a "comprehensive computer infrastructure," housed in Wyoming, that grants law enforcement officers a "big picture" of what sort of child pornography file transfers are going on across the country. It's able to help investigators conduct undercover operations involving peer-to-peer file-sharing applications, chat rooms, Web sites, and mobile telephones, Waters said.

No one's trying to demonize those technologies, Waters said. "Blaming this problem on peer-to-peer innovation is like blaming the interstate highway system when someone uses it to transport drugs," he said.

But in 2008 alone, investigators using Fairplay have "seen" more than 1,400 IP addresses tied to swapping child pornography files on at least 100 different occasions, Waters said. He didn't say how he identified what he viewed as child pornography, which can include photographs of fully-clothed teenagers taken with their parents' consent. In addition, as critiques of a 1995 law review article pointed out, trying to guess the contents of a file based on its name can be a problematic process.

Based on Waters' statements to the committee, the system appears to work like this: Investigators log onto peer-to-peer file-sharing networks as any other person would and search for files containing certain keywords that are likely to indicate child pornography is involved. Then they download the files--frequently videos, sometimes as long as 20 to 30 minutes, with names like "children kiddy underage illegal.mpg" and much more obscene--to their own machines. They're able to use the Fairplay software to obtain the IP address of the file's sender and, in some cases, display its geographic location in map form.

Once armed with an IP address and date and time of the download, investigators can subpoena the Internet service provider for more information, such as name and address of the subscriber who was assigned it at that moment. "It's not necessarily the suspect but it tells us the physical location to start," Waters said. (He didn't say whether any wiretaps were conducted to monitor ongoing file swapping.)

Investigators use the IP addresses to keep track of offenders on a "daily" basis, Waters told CNET News.com during a break at the hearing. But in about half its cases, for purposes of longer-term tracking, the software captures "unique serial numbers" from the person's computer and keeps a tally of how many allegedly illicit files that particular user is trading.

Waters provided the committee with a chart that said, for example, law enforcement had "seen" one user in Pennsylvania exchanging those files 2,792 times, one New Jersey user swapping them 1,182 times, and so on. It wasn't clear whether the so-called serial number corresponded to IP address, P2P username, or something else, and Waters wouldn't elaborate.

"It's unique to the computer, that's as far as I'll go," Waters added, saying he didn't want to divulge more details that suspects could use to circumvent detection. "We're able to get it when they're transferring child pornography."

So far, investigators have recorded more than 642,000 "unique serial numbers" that can be traced to the United States and another 650,000 of them that cannot be traced to a particular country, with the number of unique serial numbers rising steadily each month since "widespread capturing" of the details began in October 2005.

In addition to tracking the senders of the files, investigators use Fairplay to track the files themselves through their hash values or digital signatures. In one case, investigators found that an image of a toddler who'd been "horribly abused" was available in more than 1 million places around the world, Waters said.

Lt. Robert Moses, unit commander of the Delaware State Police High Technology Crimes Unit, told the committee that the software has been instrumental in allowing law enforcement to "proactively" identify criminals who possess and distribute child pornography, helping lead to arrests and prosecutions.

Grier Weeks, executive director of an anticrime nonprofit association known as the National Association to Protect Children, said the system has "revolutionized law enforcement" in the child pornography area.

Biden and Sen. Jeff Sessions (R-Ala.), the committee's ranking member, said they were troubled that because of limited resources, investigators are able to take on less than 2 percent of what they called "known" cases of child-pornography trafficking via the Internet. Biden said he also isn't pleased to see that the FBI currently has only 32 agents working in its "Innocent Images" unit, which focuses on child pornography. Still, Biden said he isn't out to "exaggerate" the problem and acknowledged that some of those cases may involve "accidental" exchanges of illicit material.

Biden pushed for passage of a bill known as the Combating Child Exploitation Act. It would authorize more than $1 billion over the next eight years to hire 250 new federal agents devoted to Internet crimes against children, provide additional funding to regional computer forensics labs, and give out more federal grants to the regional Internet Crimes Against Children (ICAC) task forces. The House of Representatives passed a companion bill in October.

"We can get our arms around it, the worst aspect of it," he said, "if we provide the resources."

Sessions cautioned the law enforcement officials to be smart about obtaining search warrants in such investigations. "You can't just go peruse everybody's computer," he said. "You train the officers in what is legal and established and approved and how to get warrants when they need a warrant?"

Waters said he "didn't know of any cases where (requests for warrants) had been overturned."

News.com's Declan McCullagh contributed to this report