FBI posts fake hyperlinks to snare child porn suspects

Screen snapshot: This now-defunct site is reportedly where an FBI undercover agent posted hyperlinks purporting to be illegal videos. Clicking the links brought a raid from the Feds.

The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.

Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.

A CNET News.com review of legal documents shows that courts have approved of this technique, even though it raises questions about entrapment, the problems of identifying who's using an open wireless connection--and whether anyone who clicks on a FBI link that contains no child pornography should be automatically subject to a dawn raid by federal police.

Roderick Vosburgh, a doctoral student at Temple University who also taught history at La Salle University, was raided at home in February 2007 after he allegedly clicked on the FBI's hyperlink. Federal agents knocked on the door around 7 a.m., falsely claiming they wanted to talk to Vosburgh about his car. Once he opened the door, they threw him to the ground outside his house and handcuffed him.

AUDIO

News.com daily podcast
Reporter Declan McCullagh talks about the FBI's
hyperlinking tactic for getting child porn suspects.

Download mp3 (6.36MB)

Vosburgh was charged with violating federal law, which criminalizes "attempts" to download child pornography with up to 10 years in prison. Last November, a jury found Vosburgh guilty on that count, and a sentencing hearing is scheduled for April 22, at which point Vosburgh could face three to four years in prison.

The implications of the FBI's hyperlink-enticement technique are sweeping. Using the same logic and legal arguments, federal agents could send unsolicited e-mail messages to millions of Americans advertising illegal narcotics or child pornography--and raid people who click on the links embedded in the spam messages. The bureau could register the "unlawfulimages.com" domain name and prosecute intentional visitors. And so on.

"The evidence was insufficient for a reasonable jury to find that Mr. Vosburgh specifically intended to download child pornography, a necessary element of any 'attempt' offense," Vosburgh's attorney, Anna Durbin of Ardmore, Penn., wrote in a court filing that is attempting to overturn the jury verdict before her client is sentenced.

In a telephone conversation on Wednesday, Durbin added: "I thought it was scary that they could do this. This whole idea that the FBI can put a honeypot out there to attract people is kind of sad. It seems to me that they've brought a lot of cases without having to stoop to this."

Durbin did not want to be interviewed more extensively about the case because it is still pending; she's waiting for U.S. District Judge Timothy Savage to rule on her motion. Unless he agrees with her and overturns the jury verdict, Vosburgh--who has no prior criminal record--will be required to register as a sex offender for 15 years and will be effectively barred from continuing his work as a college instructor after his prison sentence ends.

How the hyperlink sting operation worked
The government's hyperlink sting operation worked like this: FBI Special Agent Wade Luders disseminated links to the supposedly illicit porn on an online discussion forum called Ranchi, which Luders believed was frequented by people who traded underage images. One server allegedly associated with the Ranchi forum was rangate.da.ru, which is now offline with a message attributing the closure to "non-ethical" activity.

In October 2006, Luders posted a number of links purporting to point to videos of child pornography, and then followed up with a second, supposedly correct link 40 minutes later. All the links pointed to, according to a bureau affidavit, a "covert FBI computer in San Jose, California, and the file located therein was encrypted and non-pornographic."

Excerpt from an FBI affidavit filed in the Nevada case showing how the hyperlink-sting was conducted.

Some of the links, including the supposedly correct one, included the hostname uploader.sytes.net. Sytes.net is hosted by no-ip.com, which provides dynamic domain name service to customers for $15 a year.

When anyone visited the upload.sytes.net site, the FBI recorded the Internet Protocol address of the remote computer. There's no evidence the referring site was recorded as well, meaning the FBI couldn't tell if the visitor found the links through Ranchi or another source such as an e-mail message.

With the logs revealing those allegedly incriminating IP addresses in hand, the FBI sent administrative subpoenas to the relevant Internet service provider to learn the identity of the person whose name was on the account--and then obtained search warrants for dawn raids.

Excerpt from FBI affidavit in Nevada case that shows visits to the hyperlink-sting site.

The search warrants authorized FBI agents to seize and remove any "computer-related" equipment, utility bills, telephone bills, any "addressed correspondence" sent through the U.S. mail, video gear, camera equipment, checkbooks, bank statements, and credit card statements.

While it might seem that merely clicking on a link wouldn't be enough to justify a search warrant, courts have ruled otherwise. On March 6, U.S. District Judge Roger Hunt in Nevada agreed with a magistrate judge that the hyperlink-sting operation constituted sufficient probable cause to justify giving the FBI its search warrant.

The defendant in that case, Travis Carter, suggested that any of the neighbors could be using his wireless network. (The public defender's office even sent out an investigator who confirmed that dozens of homes were within Wi-Fi range.)

But the magistrate judge ruled that even the possibilities of spoofing or other users of an open Wi-Fi connection "would not have negated a substantial basis for concluding that there was probable cause to believe that evidence of child pornography would be found on the premises to be searched." Translated, that means the search warrant was valid.

Entrapment: Not a defense
So far, at least, attorneys defending the hyperlink-sting cases do not appear to have raised unlawful entrapment as a defense.

"Claims of entrapment have been made in similar cases, but usually do not get very far," said Stephen Saltzburg, a professor at George Washington University's law school. "The individuals who chose to log into the FBI sites appear to have had no pressure put upon them by the government...It is doubtful that the individuals could claim the government made them do something they weren't predisposed to doing or that the government overreached."

The outcome may be different, Saltzburg said, if the FBI had tried to encourage people to click on the link by including misleading statements suggesting the videos were legal or approved.

In the case of Vosburgh, the college instructor who lived in Media, Penn., his attorney has been left to argue that "no reasonable jury could have found beyond a reasonable doubt that Mr. Vosburgh himself attempted to download child pornography."

Vosburgh faced four charges: clicking on an illegal hyperlink; knowingly destroying a hard drive and a thumb drive by physically damaging them when the FBI agents were outside his home; obstructing an FBI investigation by destroying the devices; and possessing a hard drive with two grainy thumbnail images of naked female minors (the youths weren't having sex, but their genitalia were visible).

The judge threw out the third count and the jury found him not guilty of the second. But Vosburgh was convicted of the first and last counts, which included clicking on the FBI's illicit hyperlink.

In a legal brief filed on March 6, his attorney argued that the two thumbnails were in a hidden "thumbs.db" file automatically created by the Windows operating system. The brief said that there was no evidence that Vosburgh ever viewed the full-size images--which were not found on his hard drive--and the thumbnails could have been created by receiving an e-mail message, copying files, or innocently visiting a Web page.

From the FBI's perspective, clicking on the illicit hyperlink and having a thumbs.db file with illicit images are both serious crimes. Federal prosecutors wrote: "The jury found that defendant knew exactly what he was trying to obtain when he downloaded the hyperlinks on Agent Luder's Ranchi post. At trial, defendant suggested unrealistic, unlikely explanations as to how his computer was linked to the post. The jury saw through the smokes (sic) and mirrors, as should the court."

And, as for the two thumbnail images, prosecutors argued (note that under federal child pornography law, the definition of "sexually explicit conduct" does not require that sex acts take place):

The first image depicted a pre-pubescent girl, fully naked, standing on one leg while the other leg was fully extended leaning on a desk, exposing her genitalia... The other image depicted four pre-pubescent fully naked girls sitting on a couch, with their legs spread apart, exposing their genitalia. Viewing this image, the jury could reasonably conclude that the four girls were posed in unnatural positions and the focal point of this picture was on their genitalia.... And, based on all this evidence, the jury found that the images were of minors engaged in sexually explicit conduct, and certainly did not require a crystal clear resolution that defendant now claims was necessary, yet lacking.

Prosecutors also highlighted the fact that Vosburgh visited the "loli-chan" site, which has in the past featured a teenage Webcam girl holding up provocative signs (but without any nudity).

Civil libertarians warn that anyone who clicks on a hyperlink advertising something illegal--perhaps found while Web browsing or received through e-mail--could face the same fate.

When asked what would stop the FBI from expanding its hyperlink sting operation, Harvey Silverglate, a longtime criminal defense lawyer in Cambridge, Mass. and author of a forthcoming book on the Justice Department, replied: "Because the courts have been so narrow in their definition of 'entrapment,' and so expansive in their definition of 'probable cause,' there is nothing to stop the Feds from acting as you posit."