SEATTLE (AP) - The Justice Department's refusal to disclose information about a software weakness it exploited during a major child pornography investigation last year is complicating some of its prosecutions arising from the bust.
During the investigation, the FBI allowed a secret child porn website on the largely anonymous Tor network to run for two weeks while it tried to identify users by hacking into their computers. The cases highlight how courts have struggled to square technological advances with existing legal rules.
A federal judge in Washington state last month threw out the government's evidence against one of the defendants, saying unless the FBI detailed the vulnerability it exploited, the man couldn't mount an effective defense.
In another case, a Virginia judge rejected a similar request in an opinion unsealed Thursday, saying even if the defendant had demonstrated a need for the full source code, that need would be outweighed by the government's interest in keeping it secret to protect investigative techniques.
The judge suggested even though the FBI obtained a warrant to hack into the defendants' computers, it didn't need one. He compared the agency's exploiting of the software vulnerability to a police officer being able to see through broken window blinds into someone's home - an analogy privacy and computer security experts called obviously wrong.
For starters, people know if their blinds are broken and have a chance to fix them. An officer looking through them is only observing what anyone else could observe. And "even if their blinds are broken doesn't mean you get to go into their house and search," said Mark Rumold, a senior staff attorney at the San Francisco-based Electronic Frontier Foundation.
"The court's decision that you don't have a reasonable expectation of privacy in a laptop in your own home - people should be very worried," he said.
The DOJ has said the information is not relevant. Defendants have been offered or provided all the evidence they need, including limited source code and data streams showing what the program did, the FBI has argued.
The department has also declined to disclose the information to Mozilla Corp., which believes it might concern a previously undisclosed flaw in its open-source Firefox browser.
"We'll continue to encourage the Government to disclose vulnerabilities to affected technology companies to allow us to do our job to prevent users from being harmed and to make the Web more secure," Denelle Dixon-Thayer, Mozilla's chief legal and business officer, said in an email.
The child porn website, called Playpen, operated on Tor, which provides users anonymity by routing their communications through multiple computers around the globe, and it had more than 150,000 members. The Tor browser is based on Firefox, and while the network is used for various reasons - including circumventing free-speech restrictions in some parts of the world - it has also provided sanctuary for child pornography, drug trafficking and other criminality.
After arresting Playpen's operator in Florida in early 2015, the FBI let the website continue running for two weeks while trying to identify users - something the agency said was necessary to apprehend those posting and downloading images of children being sexually abused. Defense attorneys criticized the tactic as unethical.