In a recent child pornography case that involved the Firefox-based Tor browser, both the defense team and Mozilla have asked the FBI to reveal the vulnerabilities the agency used to hack Tor users. After the FBI refused, the judge canceled the warrant it initially gave the FBI and threw out all evidence the agency gathered with it.
The FBI has been using “network investigative techniques,” which is a “cleaner” way of referring to hacking. This type of hacking often happens through malware that the FBI sends to its targets to get access to their computers. The malware in this case took advantage of an undisclosed Tor browser vulnerability.
Mozilla believes the vulnerability may exist in the core Firefox code as well, considering that the Tor Browser is a customized version of the enterprise version of Firefox. That’s why the company has also been trying to get the FBI to reveal the vulnerability to Mozilla before the agency tells anyone else about it, including the defense attorneys in this case.
Mozilla thinks that if anyone else finds out about the vulnerability, it could be later used by bad actors. The FBI is also bound by the Vulnerabilities Equity Process to reveal major vulnerabilities in technology products, although it hasn’t always abided by those policies.
Because the FBI has refused to reveal how its hacking methods work, citing the need for operational secrecy, the judge felt compelled to cancel the warrant and toss the evidence. If the FBI wants the case to continue, it may have to appeal this decision.
There seems to be an increasing trend of the U.S. government trying to hide information about how it gathers evidence through new surveillance techniques. Often, the reason that it gives for hiding that information is that it doesn’t want criminals to know about its methods.
However, in many cases, such as when talking about cell site simulators, the technology or methods have been public for years. When judges do discover what these new surveillance techniques actually are and what they do, they seem to lean towards calling them illegal and throwing out the evidence obtained with them. (This may be the real reason why the government is trying to hide its methods in the first place.)
The FBI may now find it increasingly harder to hide these techniques from judges. The agency could risk losing even more cases if it doesn’t either fully disclose its methods to the judges and hope for approval, or stop using them altogether.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.