You might be interested in Orin Kerr's analysis over at Volokh.

I'm inclined to go with Kerr's analysis, assuming his assumptions about the facts are accurate, as seems likely.

Like all probable cause and search cases, the specific facts matter a lot; traffic to that URL immediately after posting (on a now-defunct forum dedicated to the topic) is staggeringly unlikely to be innocent clicks on a URL sent in an email forward to an innocent person.

Assuming that the searches were done only on rapid responses to the posting of the link, rather than ongoing over a longer period of time, such that there was about zero probability of a spammer sending the URL out to random innocent people, I'm not sure I see anything unreasonable.

Man, that sure could make "Rick-rolling" look pretty weak. Think of the fun you could have tricking people into clicking sendthefbitomyhouse.gov.

What Sigivald said.

The situation you would find abhorrent certainly would be. But that's not the case in this instance. The link was at a known (but defunct) kiddie porn site (not a site of 'kids having sex', BTW). Not only did the perp have to go to that site, but then had to click on a link to download supposed kiddie porn.

That second action got his address captured, not just 'clicking on a link' out of the blue.

You can disguise such a URL with an entirely plausible looking title. That is what the phishers do when they try to direct you to a spoof financial site, in a bid to get your account passwords. A few years ago, we thought that would be staggeringly unlikely.

It may be considered acceptable for the FBI to set up spoof communities online, but their prosecutions should be dependant on consistent and repeated accesses, to eliminate the accidental surfers. And they need to be able to eliminate the WiFi uncertaincies. At the very least, they should be able to narrow down their suspicions to one single dwelling.

Ah I just have a problem with any kind of stings -it's so damned unAmerican. It is one thing to catch a criminal it is another to tempt someone into becoming a criminal

If someone posts a phony link to a site which claims to sell illegal drugs, and someone clicks on the link but doesn't actually get drugs, should they be able to get a search warrant to search the house of the "buyer" who bought nothing?

And on what basis? Simply because IP numbers are said to originate from a machine at a particular location? I don't think that furnishes probable cause -- especially because the IPs could be going to a proxy server.

Furthermore, how can it be said that the person downloading really knew what was being downloaded? It wasn't there, but a lot of times I have tried to download things that turned out to be other than described. Simply declaring something to be kiddie porn does not make it kiddie porn. I don't see how it is possible to "attempt" a crime which is impossible. At most, this tends to show that someone wanted kiddie porn, and failed to get what he wanted. If we assume that the reason kiddie porn is illegal is because children are victimized making it, where there is no porn, there is no victim.

Eric,

I'm sure you know this, but for others who don't these are referred to as status crimes.

That is to say there is no victim.

If you are busted for having drugs who is the victim? If you are dumb enough to use drugs (I don't believe it is dumb but that is a different question - I'm assuming the standard mind set) then you are being punished for being a victim of yourself. Where is the justice in that?

Don't join the ACLU over this, the judge in question was appointed by Clinton, and the fed prosecutor on the case was probably a Clinton holdover.

"kiddie porn?"
Dude, the preferred nomeclature is "child pornography".
It is a serious crime, not a carnival ride.

Easy solution. Find the link (don't click on it!) Rename it to something else that is legal but somewhat interesting (maybe a mass email from Robert S. Mueller.) Make sure the page it hits is the same one of the original link. Email this link to everyone at the FBI. Sit back and watch the fun ensue.

There's the third party problem. A wife involved in a bitter divorce sends the link to her husband, triggering an FBI raid...

Easy solution. Find the link (don't click on it!) Rename it to something else that is legal but somewhat interesting (maybe a mass email from Robert S. Mueller.) Make sure the page it hits is the same one of the original link. Email this link to everyone at the FBI. Sit back and watch the fun ensue.

Or better yet, email it to all 100 Senators and 435 Congressman!

The real problem that I see here is that some nefarious third party could easily set up a spam bot to send this link to millions of recipients with some innocuous link text and hide the actual URL.

I mean, how many people would fall for a link that said "Click Here to Enter the Publishers Clearing House Sweepstakes" or some such even though the actual link could direct them to this FBI site?

All it would take is one very ambitious a****** to totally ruin the lives of hundreds of thousands or even millions of people potentially.

If a person uses an email program that interprets HTML, it would be easy to create an email which opened that link automatically. Which would mean all they'd have to do is view the email; they wouldn't have to click anything.

Seems to me that if I don't like some obnoxious blogger, then I can whip up an A Href with a bogus tag on it (e.g. "conservafascistssuck.pdf"). Post that into the blogger's HTML-enabled comments, and loftily announce that it rebuts everything the right wing stands for. Then sit back and chuckle as all the Kossacks "download" the "file" and get raided.

Some browsers pre-fetch links to make them load faster. There are plenty of situations where your computer automatically clicks links.

I would highly recommend anyone and everyone contact their reps in Washington in order to get some action on this issue.

I think it's also a really good idea that this issue be forced with the current presidential hopefuls--they need to understand how imperfect this implementation is.

And yes, I'm working on the assumption that Kerr's analysis is incorrect as I've got no real proof or reason to trust it. Sorry, but we've already heard too many half truths and whole lies this political season from all sides of the aisle.

"And people wonder why there is an ever larger segment of the nation with a deep abiding and visceral hatred for the government and anyone connected with it."

You know government can be a force for good, like a church but without all the fire and brimstone for those who are religious, unfortunately the US has been subjected to some abysmal governing over the last few years...hence the anti-gov sentiment, just what hardcore conservatives really want, makes ya think don't it?

Viral countermeasures are needed against this kind of crap. For example, send an Instalanche to the link every day.

I tell you what. I am a regular work-a-day law-abiding Joe and more and more everyday I hate cops, with prejudice.

For the tiny bit of progress, if any, that the cops have made against fighting "crime" I wonder why is it that we just keep letting them get more and more powerful.

Are we stupid? Or is the over-reaching police state a fait accompli.

Someone's already mentioned browser pre-fetch. Also, it's trivial to make a tinyurl.com URL that refers to the supposed pr0n. Then email victim with tempting headline (blurb about Paris Hilton video, make money fast, etc.) and the tinyurl link, and wait.

I would think that if some spammer embedded this link in spam or a virus writer put it in their code and that particular server were flooded with hits, the FBI would have to shut the program down. The FBI program could not function in any practical way.

It would be like a DOS since the FBI couldn't possibly pursue each IP.

If anyone has the specific link on the upload.sytes.net server, it should be made public and distributed.

I'm not for kiddie porn, but these tactics are reprehensible.

As someone else pointed out: this link was posted at a forum on a known child pornography site. Now that the scam site is known, I highly doubt the FBI is leaving it up for third parties/spammers/whatever to direct people to. For a spammer to send the link to people, they have to first know about the existence of the site, that it's an FBI sting, and what the URL is. The FBI would have to be full of complete morons for such a site to be left up for more than a few days, or after the ruse was made public, whichever came first. And since the post was made on a child porn forum, your browser wouldn't pre-fetch the link unless you were already on the forum (and reading the thread) anyway.

We're also not talking about requiring enough for a conviction here. The question is, do they have enough evidence for *probable cause* for a search. It's obvious that they do. They didn't post a random "click here" link in the comments of a random blog; they posted a link advertising child pornography on a known child pornography forum. That's not something that any old innocent web surfer would stumble upon.

I think I have to disagree with the "no victim" claim from a layman's viewpoint. While child pornography may only involve viewing pictures, presumably a child would have to be victimized in order to take the pictures in the first place. While the picture viewer didn't do this, they certainly created a market for the illicit pictures. That would be like saying that buying stolen property (which is it's own crime separate from theft) is a victimless crime because it's a willing financial transaction between two willing parties. Following the "logic," if we were to decriminalize the purchase of stolen property, wouldn't it be likely that more theft would occur?

Sounds like the FBI has a little too much time on their hands. I'm for MASSIVE budget cuts to FBI, Homeland Security, the War on Drugs, etc.

Don't bother calling the ACLU. They're too busy worrying that somebody, somewhere has a crucifix showing or is praying to Jesus Christ. (But they're fine with separate foot-washing and prayer facilities for our future Moslem overlords, of course. Moslems are exotic and multicultural, whereas Christians are just hicks and minivan drivers.)

This is rife for abuse, here is how a life could be maliciously destroyed with less than 4 hours of effort.

An evil person could find a life to destroy. If this evil man is ironic he might pick some one like a prosecutor, an attorney general, or one of the congressman, who made it illegal to even posses a smidgen of these images under any circumstances. He could also pick some one vulnerable who isnt politically connected, such as lookup any FBI agent assigned to the operation and find their brother, father, or son. Chances are he'll just pick a nobody, who is vulnerable, or someone he just plain doesn't like.

1. The evil sob obtains 250 black market pictures. Easy to do from a single source. he reduces the quality until they are each 15KB or less.
2. He obtain Stolen Credit card info.
3. He creates a web page listing black market images. He covers up the page with something that overlaps. This way the mark never ever sees an offending image.
4. He host's the website in a country that doesnt respect US courts or Warrants.
5. He entice's the target to click on this link for any reason, "You just won a free ipod".
6A. He either entices the target to click on FBI link OR
6B Uses their wifi to click on the link

All six steps can be set up in under four hours.

The unwitting victim would not know they had been had, even if they did and deleted the files or if closes the link before the page is done loading, on a standard dsl link the full page will load in under 15 seconds, and even if the page is closed before it fully loads the marks browser cache is still stuffed full of offending images. The FBI forsenic tools can still find the remnants of those files after they've been deleted.

Their house will be raided, and by the time their computer has been analyzed the any evidence that they have been framed will be gone. The website that hid the pictures in the background will be gone.

The FBI will have them on 250+ counts of possesion of black market images, and no jury on the planet will buy the 250 accidental downloads. The fact that they are in the browsers cache, the prosecutor will simply allege that the victim purposesly stored them there.

An innoncent person is now branded for life.

If an anyone feels so inclined to setup up a proof of concept, they dont need evil pictures to do so, or a stolen credit card a simple proof of concept can be done with pictures of the US Constitution and the bill of rights.

I wonder if someone sent the link to the judge's e-mail address if he would get a wake up early some morning.

> They didn't post a random "click here" link in the comments of a random blog; they posted a link advertising child pornography on a known child pornography forum.

They are not even checking to see if the clickthroughs are coming from that site. Anybody could be clicking on that link, disguised as something else like "Funny LOL Cat Video," and they get a late-night FBI raid. People have been known to get killed in such raids, including police.

This puts too powerful a search tool in the government's arsenal. Anybody they wanted to search, for any reason, would be an easy target. All they would have to do is hack into their wireless network, click on the link from around the corner, and call the judge.

With all the complaints from liberals about the Patriot Act, where is the outrage about this actual and ongoing destruction of civil liberties?

How about finding the people that actually abuse kids and, you know, actually put them away forever? No. Better to use them to make it easier to get warrants on innocent citizens.

Somebody get this to the Supreme Court asap.

It's worse than you may realize. Have you heard of link pre-fetching? Yeah, that's right. Your browser might actualy "click" on that link without you even knowing it if someone else linked to that FBI site from the page you are looking at.

Somebody posted above that to be raided you had to click twice - first to a site that supposedly hosted the unlawful content, and second to "download" the unlawful content. As I read the materials associated with the case, that's not true - only one click was required.

If we are to assume that the FBI only looked to clicks that occurred shortly after the fake link was posted, and I am not sure what basis there is for such an assumption, in this age of instant messaging, twitter, etc., that's not reassuring. You can transmit a URL to others instantaneously and, if malicious, could even set up a bot to scrape URL's from the dubious site, obfuscate them, and forward them to others within seconds of their being posted.

As others have noted, it's easy to disguise a URL and pass it along to others. Capturing referrer information could help reveal a ruse, but in its absence you could be clicking on a "shortened" URL (e.g., a tinyurl.com link) and have no idea what is on the other end. On the other hand, if clicking an obfuscated URL would defeat probable cause, anybody with even a small amount of savvy could obfuscate the URL before clicking it.

Say, you don't suppose that URL is rattling about somewhere in the bowels of Google, do you??

If not, perhaps someone can do that tinyurl link and punch it up with a bunch of Google Ads to make the page percolate up to the top of a lot of searches. Bonus points if it's searches FBI agents are likely to do!

Finally, any volunteers to go to a Comcast sales kiosk (or some such) in a mall and access that URL. Make sure someone has a pocket vidcam to record the ensuing fun!

as a general rule, the cops prefer the easy cases, not just in this area.

I'm almost tempted to encourage folks to place automatic blind redirects to known illegal-but-not-bad URLs in order to SPAM the FBI with millions of bad hits just to demonstrate the absurdity of this idea.

This sounds like the FBI wanting to horn in on MSNBC's predator fishing trips. I'm sorry, folks, the problem with today's youth aren't overweight geeks trolling teeny-bopper chat rooms trying to hook up with a PYT or twinkie; it's more often the youth's lack of engaged and active parenting and their having grown up in a permissinve latch-key environment.

If we, as a society, really think child pornography and paedophilia are problems then we need to quit taking cheap and easy shots at emotionally stunted dweebs chasing after the high school girlfriend they never had and, instead, focus on those who target the young children who we can't expect to know better and protect themselves.

Does this mean that the FBI is going to prosecute Google? Because certain as Death and the permanence of temporary taxes, Google's search bots (and the other surviving search spiders) are going to hit the sting sites lots of times looking for whatever is there and archiving copies of it offline ("no bot" or "no archive" flags or not in Google's case).

Obsessive fact-collector at your service:

The age of consent in many countries is only 13 or 14. Backwards places, mostly, like, uh...SPAIN. And though I don't know about Spain, "kiddie porn" is legal in many of those countries, since it's not "kiddie porn" there, unlike our odd porn laws that set the age of porn consent to 18 even in states where the age of consent is 16. So the supply of such images comes mostly from these countries, I imagine. This may explain why there is a continuous supply of such videos on P2P networks like Kaaza.

Back in the day, before the web, what is now Google Groups to most is actually Usenet, and was text-only. So people would post pirate software and all manner of porn on there, in hexadecimal-coded text format, but newsreader programs would automatically convert those to real files or show real images. To say the least, there were at least a dozen kiddie porn groups such as alt.binaries.pre-teen, and maybe there still are, outside of Google's filters. Not sure about today, but back then it was trivial to post truly anonymous posts, using encrypted anonymous remailers and mail-to-new gateway e-mail addresses.

Astonishment alone would make most anybody see if these were "real" and indeed they were, so I have indeed viewed kiddie porn, but newsreaders didn't cache images, so my hard disk never contained it, and that was 20 years ago.

Other trivial pursuit facts are that recently NY had to pass a law against older men taking their 16 year old lovers to NJ for flings, since the age of consent in NY is a year older, and indeed men were evidently doing this, and parents probably complained. Unfortunately I don't meet many 17 year old girls who have much in the way of interesting conversation to offer, nor much interest in us guys over twice their age. That 16 year old girls use fake IDs to get into bars, and can easily look 21, it makes it a little risky to date young looking girls anyway. I wonder why the FBI isn't sending 16 year old girls all around Manhattan, dressed up to look older and thus easily seducing older men? Or would that be entrapment? They do it with fake prostitutes. Ah, but then they wouldn't really be catching a pedophile I guess, but creating one, and there would be no kiddie porn to show a jury.

Another tidbit is that since 3D animation has gotten so good, congress recently outlawed fake yet photorealistic kiddie porn. I wonder if the Dancing Baby being periodically squirted with body lotion would count?

Yet another tidbit comes to mind. Due to the First Amendment, fantasy STORIES of kiddie porn events, which are very popular with NAMBLA members, are evidently legal as can be, and not probable cause for a dawn raid:

"So there I was, Johnny was eleven; I was in 56 year old heaven, as he bounced around blah blah blah."

I ran into a site with such stories once, maybe on Usenet again, and these guys, mostly gay, went on for page after boring page of the most sappy perversion I'd ever not want to discover. Nobody was raided though, since their archives went back years.

Another law is that if you travel, to say, Spain, even though the age of consent is, say 16, in your state, it's set by Federal law to 18, for US travelers. Wow, I didn't know that and bet a lot of 16 year old girls in Spain don't either!

http://www.avert.org/aofconsent.htm

Oddly enough, Spain legalized most non-narcotic drugs (club drugs) a decade ago, so taking drugs in Spain is perfectly legal for US travelers, whereas here, it will net you a unparolable jail sentence worse than even child molestation! Actually, again we have government abuse of power here, since seizure of ALL assets and possessions is often done, under the threat of prosecution, despite a lack of probable cause for a search (or planted drugs, or drugs unknown to the parents of teen drug users), entire farms and bank accounts are taken from property owners. Non-prosecuted property seizure has become a huge source of income for the DEA, but I digress.

Then there is the most available kiddie porn of all: dozens of classic Tracy Lords porn videos, which are all over file sharing networks. Her fake ID worked, but she started out at the precocious age of 15. Thus thousands, if not millions of people in the USA have likely not destroyed their VHS tapes of these. That many states have laws at age 16, I guess only the earliest ones are illegal in certain states. Ah, but again, porn requires age 18 so that's three years of them!

Is it not very odd onto itself that being paid to have sex with a stranger is perfectly (First Amendment) legal if you videotape it, but very illegal if you do not? Except in Nevada, where I hear the brothels are boring and overpriced.

There's a funny true story, again about Usenet. Once upon a time, on a normal porn "binaries" group someone asked where he could find pictures of naked 14 year old girls. I imagine his ISP filtered the kiddie porn groups, which most did not do, back in the day. You can imagine how badly he was threatened with all manner of barbaric torture. The next day, he logged back on and apologized for the misunderstanding: he was 14, and just curious. Suddenly those same men fell all over themselves giving fatherly advice about it being a better idea to wait and see.

Another very odd loophole in the laws is that porn-quality childhood nudity on videotape is perfectly legal if it is made on a "nudist camp" so P2P file sharing sites are utterly chock full of such videos. Somehow when you search for the Rolling Stones (which of course I would never do, ha ha), people at least until recently had figured out how to spam search results, and sure enough, there they were, pre-teen birthday-suit-birthday-party videos. I just checked the Rolling Stones and my P2P client no longer has any porn spam in the results like it did for the last couple years.

There's yet another new law that was passed due to legal sex tourism, namely that until very recently, countries like Costa Rica, where prostitution at age 18 is legal (along with government registration ID cards that indicate regular medical tests for STDs!) *used* to a major tax haven for early retirement expatriates from the USA. They could slowly move their savings to banks there, then party away with a bottle or two of Viagra, often eventually marrying a young girl (age of consent 16) and settling down, often to the extreme delight of her family. But a HUGE amount of capitol was draining out of the USA this way, so the US extended its taxation for several years for people who move away. I don't know the details, but it ruined the "good life" option for old guys tired of being divorced by American women (who initiate 85% of the 78% of marriages that fail) who being only slightly rich made them filthy rich in Costa Rica.

To avoid a dawn surprise, or a queasy stomach, I'd avoid viewing the rest of this site:
http://www.dolldataroom.org/index-pics/index-2003-0106-all.jpg
(Perfectly work safe, but demonstrates that it's legal to sell ultra-realistic pre-teen sex dolls in Japan!).

As a question though, what if the FBI really did get access to a members-only kiddie porn site (likely a bit torrent file sharing site), and this trick was the only way they could get the IP addresses of the more active members who were obviously true kiddie porn collectors, even creators, which for now is VERY much against the law to be? Put yourself in the shoes of a frustrated FBI agent who is daily watching more and more fresh kiddie porn being posted on a site that masks IP addresses from other members either via the site or the bit torrent client software they insist members use. There are many IP masking services too, which I think are called proxy servers. Legality aside, isn't this just an effective undercover operation that has inadvertently gone public? Even strong Libertarians don't on average suggest legalizing sex with children. The question is then whether they were recklessly negligent. After all, the actual One Click link (no longer patented by Amazon) has not been publicized, nor was that link likely meant to continue indefinitely as jail bait.

I'm not on the left, and I abhor socialism, but things like this make me want to write out a check right away and send it to the ACLU.

Actually, these methods ARE, in fact, socialist. So there's no point sending a check to ACLU.

This FBI approach is definitely questionable.

Well, they have, or at least, the FBI has taken it upon itself to arrest people in pre-dawn raids for what they say is the crime of clicking the wrong link

But when you begin your post with a blatant lie you pretty much discredit your complaint.

Q: "This is not to defend kiddie porn, but are there any stats on how many kiddie porn violators have ever actually touched a child?"

A: Yes.

About 85%

Thank you for noticing this! I saw it already on Volokh and left the following comment:
This is just over-reaching. The idea that clicking on a link can constitute probable cause---not even accounting for all of the various computer-magic that can mis-identify the click-or, who may not even be a human---is to me a terrifying prospect. As a prosecutor, I couldn't be more in favor of catching those who sexually exploit children. But it has to involve more old-fashioned "real life" investigation than the given scenario provides.
By the way, the scenario said nothing about "downloading" or "saving" the image. It just identified the suspects as those who clicked on the link. I'm not a computer-whiz, but simply visiting any website creates a record in one's hard drive, yes? There is no mention in the facts above of a person having to take yet another step to download.