FBI Warns of Sweeping Global Threat to U.S. Cybersecurity
Andrew Noyes CongressDaily 10/15/2008
The FBI's newly appointed chief of cybersecurity warned today that "a couple dozen" countries are eager to hack U.S. government, corporate and military networks. While he refused to provide country-specific details, FBI Cyber Division Chief Shawn Henry told reporters at a roundtable cooperation with foreign law enforcement is one of the bureau's highest priorities and added the United States has had incredible success fostering overseas partnerships.
He compared the situation to 1999, when he headed the FBI's National Infrastructure Intrusion Center's computer intrusion unit and "there wasn't all that much we could do" in the face of a cyberattack.
Henry said certain countries have mounted aggressive campaigns to attack U.S. Internet assets like the .gov, .mil and .com Web domains. Some are interested in sensitive research and development data, while others, like terrorist organizations, see the value in stealing and selling sensitive data to fund physical attacks.
"The threat that we face from organized groups that have infiltrated home computers, corporate computers, government computers [is] substantial and its impact on economy is a national security concern," Henry said. He then hinted that an announcement, expected Thursday, will be "an example of really good cooperation" between the FBI and foreign counterparts.
The department's caseload of active cybercrime investigations is well into the thousands and the number has increased steadily in the past year, Henry said. That is due to a "greater sense of awareness about the amount of money that is to be made illegally" on the Web, he said. Malicious activity by armies of corrupted computers known as "botnets" and by criminal gangs is on the rise and a chief concern of the agency. Public awareness of the threat is also growing, he said. The FBI's Internet Crime Complaint Center has fielded more than a million complaints since May 2000 and the center hears from 18,000-20,000 victims per month.
At the briefing, Henry would not comment in detail on President Bush's largely classified government-wide initiative designed to better protect federal computer networks, which is being spearheaded by the Homeland Security Department. He shied away from commenting on a forthcoming report by the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency, which will recommend that government cybersecurity leadership in the next administration should reside at the White House. Both have been topics of hearings in the 110th Congress.
Henry's comments came a day after Homeland Security Secretary Chertoff spoke about the Bush administration's cybersecurity agenda, noting the topic would be a "major priority" for the next president. Unlike other areas of national security, the cyber realm "is not exclusively or even largely a federal responsibility," Chertoff said in a U.S. Chamber of Commerce speech that stressed the important role of the private sector.
Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm
DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.
Reports from the German national police obtained by the Südwestrundfunk, Southwest Germany public radio, blow the lid off the long running sting by revealing its role in nabbing a German credit card forger active on DarkMarket. The FBI agent is identified in the documents as J. Keith Mularski, a senior cybercrime agent based at the National Cyber Forensics Training Alliance in Pittsburgh, who ran the site under the hacker handle Master Splynter.
The NCFTA is a non-profit information sharing alliance funded by financial firms, internet companies and the federal government. It's also home to a seven-agent FBI headquarters unit called the Cyber Initiative and Resource Fusion Unit, which evidently ran the DarkMarket sting.
The FBI didn't return a phone call Monday.
Like earlier crime sites, DarkMarket allowed buyers and sellers of stolen identities and credit card data to meet and do business in an entrepreneurial, peer-reviewed environment. Products for sale ran the gamut from specialized hardware, to electronic banking logins collected from phishing attacks, stolen personal data needed to assume a consumer's identity ("full infos") and credit card magstripe swipes ("dumps), which are used to produce counterfeit cards. Vendors were encouraged to submit their goods for review before offering them for sale.
The unearthed documents, seen by Threat Level, show the FBI sting had begun by November, 2006. An FBI memo sent to the German national police regarding a forum member in that country boasts, "Currently, the FBI has been successful in penetrating the inner 'family' of the carding forum, DarkMarket." A March 2007 e-mail from Mularski's FBI address to his German counterpart puts it bluntly. "Master Splynter is me."
The documents indicate the FBI used DarkMarket to build "intelligence briefs" on its members, complete with their internet IP addresses and details of their activities on the site. In at least some cases, the bureau matched the information with transaction records provided by the electronic currency service E-Gold.
Last month, Master Splyntr -- now identified as Mularski -- announced he was shuttering the site as of October 4th, citing unwanted attention garnered by a fellow administrator, known as Cha0. From his home in Turkey, Cha0 had aggressively marketed a high-quality ATM skimmer and PIN pad that fraudsters could covertly affix to certain models of cash machines, capturing consumers account numbers and secret codes. But he began drawing heat this year after reportedly kidnapping and torturing a police informant. He was arrested in Turkey last month, where police identified him as one Cagatay Evyapan.
That's why it was time to close DarkMarket, Master Splynter explained, in a message that now rings with irony.
"It is apparent that this forum … is attracting too much attention from a lot of the world services (agents of FBI, SS, and Interpol). I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because ... we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down."
The German report confirm rumors that have swirled around DarkMarket since late 2006, when uber-hacker Max Ray Butler cracked the site's server and announced to the underground that he'd caught Master Splynter logging in from the NCFTA's office on the banks of the Monongahela River. Butler ran a site of his own, and the warning was generally dismissed as inter-forum rivalry, even when Butler was arrested in San Francisco last year on credit card fraud charges, and shipped to Pittsburgh for prosecution.
Until this afternoon, SpamHaus listed Master Splynter as an Eastern European spammer named Pavel Kaminski, who was active as recently as 2005. It's possible the FBI took over the handle sometime thereafter. In 2004, the Secret Service ran a similar scheme on the crime board ShadowCrew, but that agency used an informant, who went on to commit more crimes -- a risk not likely present with agent Mularski.
Lord Cyric, another former DarkMarket administrator, says Master Splynter was invited onto DarkMarket as an admin about two years ago, and was still known as a spammer. Based in Canada, Lord Cyric has sold fake IDs and checks in the underground, but he's convinced he's out of reach of any sting operation.
"Worry? Me? Nah," he wrote in an IM interview. "It's a long, slow hard process for them to interest Canadian [law enforcement] to go after someone who doesn't touch drugs nor deals with skimmers. ... It's all about U.S. busts, unless there's a big drug deal and DEA gets involved."
Threat Level admires Lord Cyric's bluster, but thinks his days in the underground are numbered. The FBI almost certainly closed DarkMarket in preparation for a global wave of arrests that will unfold in the next month or so. The site was likely shuttered to avoid an Agatha Christie scenario in which a diminishing pool of cybercrooks are free to speculate about why they're disappearing one-by-one like the hapless dinner guests in Ten Little Indians.
Kudos to Südwestrundfunk reporter Kai Laufen, who discovered the operation. I'm sending him the "I Spotted the Fed" tee-shirt I took home from DefCon 7.
updated 4:40 p.m. ET Oct. 16, 2008
ISPs Pressed to Become Child Porn Cops
New law, new monitoring technology raise concerns about privacy
Bill Dedman and Bob Sullivan
New technologies and changes in U.S. law are adding to pressures to turn Internet service providers into cops examining all Internet traffic for child pornography.
One new tool, being marketed in the U.S. by an Australian company, offers to check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.
The company caught the attention of New York's attorney general, who has been pressing Internet companies to block child porn. He forwarded the proposal to one of those companies, AOL, for discussion by an industry task force that is looking for ways to fight child porn. A copy of the company's proposal was also obtained by msnbc.com.
Privacy advocates are raising objections to such tools, saying that monitoring all traffic would be an unconstitutional invasion. They say companies can't start watching every customer's activity, and blocking files thought to be illegal, even when the goal is as noble as protecting children.
But such monitoring just became easier with a law approved unanimously by the Congress and signed on Monday by President Bush. A section of that law written by Republican presidential candidate Sen. John McCain gives Internet service providers access to lists of child porn files, which previously had been closely held by law enforcement agencies and the National Center for Missing and Exploited Children. Although the law says it doesn't require any monitoring, it doesn't forbid it either. And the law ratchets up the pressure, making it a felony for ISPs to fail to report any "actual knowledge" of child pornography.
That actual knowledge could be handed to the Internet companies by technologies like the one proposed by the Australian company, Brilliant Digital Entertainment Ltd. Known as CopyRouter, the software would let ISPs compare computer files — movies, photographs and documents — against those lists. Banned files would be blocked, and the requestor would receive a substitute file provided by law enforcement, such as a warning message: "The material you have attempted to access has been identified as child pornography." The attempt to send or receive the file could then be reported to law enforcement, along with the Internet Protocol address of the requestor.
The CopyRouter relies on a controversial new technology called "deep packet inspection," which allows Internet companies to analyze in real time the river of data flowing through their networks. The pipeline would know what was passing through it. You can read more about this technology in Bob Sullivan's Red Tape Chronicles.
Child porn foes give proposal to AOL
A PowerPoint slide show from Brilliant Digital Entertainment describing the technology was passed on to AOL last month by two powerful forces in the fight against child porn: the office of New York Attorney General Andrew M. Cuomo, who has been calling out ISPs that won't agree to block sites with illegal images, and Ernest E. Allen, the president and CEO of the National Center for Missing and Exploited Children, a nonprofit given by Congress a central role in the fight.
When msnbc.com inquired about the proposal, both Cuomo's office and Allen said they were not promoting the technology, merely passing it along to a committee of Internet service providers and software companies as part of "brainstorming" on new technologies to detect illegal images.
One of the leading experts on electronic privacy in the U.S. says the proposal would clearly run afoul of the U.S. Constitution, essentially setting up a wiretap without obtaining permission from a judge.
"This would be plainly illegal in the United States, whether or not a governmental official imposed this on an ISP or the ISP did this voluntarily," John Morris of the Center for Democracy and Technology said after viewing Brilliant Digital's slide show. "If I were the general counsel of an ISP, I wouldn't touch this with a 10-foot pole."
A spokesman for Brilliant Digital Entertainment disputed that, saying the technology would be "non-invasive," would not compromise privacy, would be legal in the U.S. and elsewhere, and most important, would curtail the global proliferation of child pornography.
"I don't think it takes many voices before the Internet industry separates out those who are prepared to build a business on the trafficking of child sexual exploitation," said Michael Speck, Brilliant Digital's commercial manager in charge of law enforcement products. "If boxes started turning up with Pablo Escobar's special-delivery cocaine inside, they'd stop it, they'd do something about it."
Here's how CopyRouter would work, according to the company's slide show:
• A law enforcement agency would make available a list of files known to contain child pornography. Such files are commonly discovered in law enforcement raids, in undercover operations and in Internet searches that start with certain keywords (such as "pre-teens hard core"). Police officers have looked at those files, making a judgment that the children are clearly under age and that the files are illegal in their jurisdiction, before adding them to the list. Each digital file has a unique digital signature, called a hash value, that can be recognized no matter what the file is named, and without having to open the file again. The company calls this list of hash values its Global File Registry.
• Whenever an Internet user searched the Web, attached a file to an e-mail or examined a menu of files using file-sharing software on a peer-to-peer network, the software would compare the hash values of those files against the file registry. It wouldn't be "reading" the content of the files — it couldn't tell a love note from a recipe — but it would determine whether a file is digitally identical to one on the child-porn list.
• If there were no match, the file would be provided to the user who requested it. But if there were a match, transmission of the file would be blocked. The users would instead receive another image or movie or document, containing only a warning screen. The makers of CopyRouter claim that it can even be used to defeat encryption and compression of files in the Internet's Wild West: the peer-to-peer file-sharing tools such as Gnutella and BitTorrent. Many people use those file-sharing systems for legal traffic, such as independent artists distributing their music, or software developers sharing open-source code. But others use them for illegal traffic in copyrighted music and movies. They also are popular for distributing adult pornography, which is legal, and child pornography, which is not.
Can software fool encryption schemes?
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file. The slide show calls this "special handling." This is done by changing the underlying protocol settings that establish how the sender and recipient exchange the file. This trickery, unknown to either the sender or recipient, would make it possible for CopyRouter to see the underlying files, calculate a hash value and compare the files to the list of illegal files, Brilliant Digital says.
A photo of the company's first test machine can be found online, in the online photos of the company's systems architect, Norberto "Beto" Meijome, author of the PowerPoint presentation. Meijome's portfolio of online photos on Flickr includes photos of his Cisco SCE router on the day he unpacked and installed it, Sept. 11, 2007. He labels the SCE router "the new toy."
Brilliant Digital Entertainment has a complicated past. Its subsidiary, Altnet, made news in 2002, when its software shipped with the Kazaa file swapping software, then heir to Napster’s throne as the favored way for file swappers to illicitly trade music. Altnet's program was designed to use unused bandwidth and processing power of Kazaa users for such uses as paid advertising and promotions for commercial products. The company claimed that this activity only occurred if the customer allowed it, but some antivirus firms labeled the software as spyware. Later, Altnet was sued by the recording industry for its role in helping spread the popularity of Kazaa.
After settling a lawsuit with the music industry, Brilliant Digital decided to approach file sharing from a new direction, selling products designed to help copyright holders protect their intellectual property. It now describes itself as a "significant online provider of licensed film and music content."
Seeking allies to move the new product to market
Now the company wants to expand into a new product line: fighting child porn.
"We have been working on it for some time," Speck said in a telephone interview from Australia.
"We've been in negotiations with ISPs and law enforcement agencies and content owners." Speck said he previously led the anti-piracy organization of the Australian sound recording industry.
Now he's lining up meetings in the U.S. next month with Internet providers and the National Center for Missing and Exploited Children.
In advance of his trip to the U.S., Speck spoke with the staff of Andrew Cuomo, whose New York attorney general's office has been pressuring Internet service providers to fight child porn. In June, Cuomo announced he was investigating ISPs, using a modern version of the public stocks to encourage cooperation. He set up a Web site listing Internet providers around the nation that made the changes he demanded, as well as "ISPs that have failed to make the same commitment to stop child porn." Cuomo, who was recently cited by McCain as one Democrat he would like to appoint to federal office, has urged Internet service providers to block access to child porn news groups and "purge their servers of child porn Web sites."
Speck had a conference call in September with Cuomo's staff, which he said gave him a blunt description of the legal and privacy landscape in the U.S.
"We'd be grateful for any assistance in getting this to the relevant ISPs and law enforcement agencies, and making any adjustments necessary," Speck said, recounting the conversation with Cuomo's staff. "It was made very clear that, for this to be a viable law enforcement tool, this would have to operate within the legislative framework within the country."
After talking with Speck, Cuomo's office passed the proposal on to John D. Ryan, AOL's senior vice president, deputy general counsel and head of its public safety and criminal investigations unit. Ryan received the slide show on Sept. 18, the day before attorneys from Cuomo's office arrived at AOL's headquarters in Virginia to discuss new technologies to fight child porn. Both Cuomo's office and AOL said that the CopyRouter was not discussed explicitly during what was described as a brainstorming session.
‘We have nothing to do with this technology’
"We have not pressured anyone to use this technology," said a Cuomo spokesman, Matthew Glazer. "We have nothing to do with this technology."
At the same time, AOL's Ryan received a copy of the slide show from the National Center for Missing and Exploited Children. Known as NCMEC, this private nonprofit organization has an increasing role in the law enforcement effort against child porn, and receives more than $35 million in taxpayer funds each year. NCMEC and Cuomo's office have worked together this year on the child-porn fight, holding a joint press conference to announce Cuomo's Web site.
Ryan also has close ties to NCMEC, serving as a member of the board of directors and as leader of its industry Technology Coalition on child porn. Members of that group also include Yahoo, Microsoft, Google and others. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)
AOL officials said they did not feel pressured by Cuomo or NCMEC to adopt any particular technology, adding that the company has a long history of fighting child porn on its own initiative. "The relationship with the attorney general is positive and partnering," Ryan said.
AOL's has a system of its own
AOL officials told msnbc.com that they already examine some files for child porn, block access to those files, and provide evidence to law enforcement. That system (called image detection filtering protocol) apparently is based on the same general principle as CopyRouter, comparing the hash values of files to a known list. But there are significant differences between the two approaches.
AOL checks files uploaded as attachments to e-mail against a list of files that AOL has identified as child porn. If the file matches one on its list, the sender is led to believe that the file has been sent, but it has not. AOL's methods have been shared with other Internet service providers.
But AOL officials said a device like the CopyRouter would be more extensive and more efficient for two reasons: AOL checks only e-mail attachments, not Web searches or other Internet traffic, and its home-grown list of banned files is much shorter than the lists compiled by law enforcement and NCMEC.
"The library of hash values that AOL has, has been derived over time, completely in house from reports from users and files we've stumbled upon," said Christopher G. Bubb, an AOL assistant general counsel in the public safety and criminal investigations unit. "So it's not a government list. Courts have likened it to citizen provided information."
Government role would be problematic
That distinction is important. Internet service providers could be considered agents of law enforcement if they began comparing files to a list provided by the police and intercepting traffic by substituting a legal file for an illegal one. The Fourth Amendment to the U.S. Constitution forbids unreasonable search and seizure by the government. Courts have held that Internet service providers are within their rights to examine the traffic that flows through their pipeline — as they must do, for example, to combat spam — because the scrutiny is being done by a company, not the government.
Although they said they could not pass judgment on software proposed by any vendor, the AOL officials suggested that Brilliant Digital's proposal might not work in the U.S., at least not without Congress providing ISPs more legal cover.
""Keep in mind that this is developed in a totally different cultural and legal regime. The Australian legal system is quite different from an American legal system," said Ryan, the AOL executive. "It would raise concerns. ... Would we be deemed an agent of the government?"
‘Not an intelligence-gathering tool’
Speck, the Brilliant Digital official, argued that CopyRouter would not put ISPs in a law enforcement role because the list of banned files would be managed by the law enforcement agency, not handed over to the private companies. CopyRouter would consult that list, but at arm's length from the companies.
"The responsibility is shifted to law enforcement," Speck said. "We've delivered to Internet service providers something they've called for. ... This is not an intelligence-gathering tool. This is not for developing a list of users. This is an extension of what routers already do."
But wouldn't the Internet service provider know which traffic CopyRouter had blocked, and which user had sent or attempted to download it? No, Speck said, because his company's product would be a neutral middleman, not sharing information with the ISP or law enforcement.
"All hashes are provided to Global File Registry, which manages a secure data base and communications channel between law enforcement agencies and the ISP such that the illicit file hashes targeted by law enforcement remain private and secure to the relevant law enforcement agency," he said in an e-mail after the interview. "There is no personal (sender/receiver) information identified, and privacy is maintained."
The company's slide show, however, does describe information on users being passed directly to law enforcement. Any files that matched the child porn list would be reported to a "law enforcement data collector," along with IP addresses identifying the user's computer. The slide show says, "Any hits here will generate a 'red' report, which will be routed to the police collector server ONLY. These reports contain full IP information."
Although Brilliant Digital says no law enforcement agency has signed on to the CopyRouter plan, that hasn't kept the company from including a familiar blue seal in its slide show. At each point when a law enforcement computer is depicted, it bears a mark that closely resembles the FBI logo. Only when the logo is magnified can one see that it says "Friendly Bus Investigator" rather than "Federal Bureau of Investigation." The FBI hasn't signed on to the plan, Speck said, and the logo was not meant to imply any endorsement.
The FBI met a hailstorm of criticism in 2000 when the existence of its Carnivore project was revealed. The packet-sniffing technology was used to monitor and log traffic when installed at an Internet service provider. The FBI by 2005 had stopped using the technology, in favor of commercial tools.
New law may take law enforcement out of the loop
Under the new U.S. law, a system like CopyRouter might not require involvement of law enforcement. The McCain portion of the new child-porn law allows such a system to be set up by the Internet service providers, because it gives them access to those lists of illegal files.
The key player in that transfer is the National Center for Missing and Exploited Children. Although it's a nonprofit organization, NCMEC has increasingly taken on law enforcement roles, with Congress requiring that complaints of child pornography be sent to its CyberTipline. Since 1998, NCMEC says, it has received more than 300,000 reports from ISPs. And it gives them a daily list of Internet addresses that appear to host child porn, so the companies can choose to block those Web pages.
The new law authorizes NCMEC to go further, handing to Internet service providers the list of files judged to be child porn. Law enforcement agencies give those hash values to NCMEC, which will be allowed (but not required) to give them to the ISPs. That cooperation would allow the ISPs to use CopyRouter or their own home-grown solutions, without including cops in the loop directly.
That provision was part of the SAFE Act, a bill introduced by Sen. McCain and Democratic Sen. Chuck Schumer of New York. A McCain aide called the bill a "NCMEC wish list." The SAFE Act also made it a felony for ISPs to fail to report child porn, if they discover it, with penalties up to $300,000 for each instance.
McCain's bill got caught in a tug-of-war with a broader bill written by another player in the presidential election, Sen. Joe Biden, the Democratic vice presidential candidate. Biden's solution leaned more toward law enforcement, giving more money to the Justice Department and state Internet Crimes Against Children task forces, which investigate child pornography.
With NCMEC lined up behind McCain's bill, and other child protection activists (and Oprah Winfrey) pushing for Biden's bill, Congress finally passed them both: McCain bill was folded into the Biden bill, which passed the House and Senate without objection. Republicans were able to cut the spending in the Biden bill, down to $300 million.
With the new law in place, NCMEC has a plan for ISPs to use their new access to the hash values.
"We believe that there needs to be more proactive, voluntary methods to identify illegal child pornography content that bring it to their attention," said Allen, the NCMEC president. "We are working with leading ISPs to do that."
He said NCMEC's Hash Sharing System would share with Internet service providers information on only the " worst of the worst" images of child pornography. An image must depict a pre-pubescent child who has been identified by law enforcement. And it must depict one of the following: "oral, vaginal or anal penetration and/or sexual contact involving a child whether it be genital, digital, or a foreign object; an animal involved in some form of sexual behavior with a child; or lewd or lascivious exhibition of the genitalia or anus. "
"Through this project, NCMEC is also working with the members of the Technology Coalition to test existing software and develop new technologies that will enable ISPs to identify apparent child pornography images by hash value and block them," Allen wrote in an e-mail.
Some ISPs willing to police copyright law
The idea of turning Internet service providers into cops has been opposed and embraced by different ISPs in a different realm — copyright protection. The recording and movie industries have pressed ISPs to monitor their customers to detect traffic copyright violations. AT&T has said it hopes to monitor for pirated content, and has been in discussions with content companies, including NBC Universal (co-owner of msnbc.com), which has pushed for such filtering. Microsoft (the other co-owner of msnbc.com) has said it opposes filtering by ISPs.
ISPs also have run into public and government opposition just for slowing down, not blocking, some Internet traffic. The Federal Communications Commission ruled in August, on a 3-2 vote, that Comcast's limiting of BitTorrent traffic was illegal. Comcast said it was merely trying to keep the flood of peer-to-peer file sharing from slowing down the Internet for everyone else. As for CopyRouter, the company's manager said it would not slow down Internet traffic noticeably, because it's not inspecting the contents of files, merely comparing their hash values to a list, which can be done quickly.
Privacy advocates have already raised objections to deep-packet inspection. Earlier this year, a California company named NebuAd proposed a service that would observe Web surfers’ Internet habits through machines installed at ISPs, then inject context-sensitive advertising into the Web sites the consumers visited. It called the system "Behavioral Targeting." Public outcry and rumblings of an investigation from Congress led firms considering the technology to pull out.
Morris, of the Center for Democracy and Technology, said Brilliant Digital's plan constitutes an illegal wiretap, and would run afoul of the Electronic Communications Privacy Act. No firm can listen in on private communications unless it is instructed to do so by a law enforcement official with a proper court order, he said.
‘Enormous First Amendment problems’
Even then, no government agency — even a law enforcement agency or state attorney general's office — could impose a requirement to stop all files on a blacklist, or otherwise create a list of forbidden content, Morris said. Such a list would not pass constitutional muster.
"You can't declare speech, or images, illegal without judicial proceedings," Morris said. "... That creates enormous First Amendment problems. You can't have an agency or outside firm acting as judge and jury on these images."
Also, blocking images before they were delivered would constitute a prior restraint of communication, Morris said, violating the First Amendment right of free speech.
Other methods used to combat child porn — logging IP addresses of frequent senders and investigating them, by using a subpoena to force ISPs to reveal the name, and then knocking on the user's door — raise no such constitutional issues, Morris said. He compared that to a law enforcement official overhearing illegal speech in a public place and prosecuting a speaker. Brilliant Digital's scheme, he said, is more like picking up a telephone and listening in on private conversations.
"As horrible as child pornography is, and it is horrible, you still have to follow the Constitution," Morris said.
At NCMEC, Allen said the privacy interests are being heard. "We have been very sensitive to legitimate free speech and privacy-related concerns. That is one of the reasons we are focusing exclusively on pre-pubescent children and the most egregious images. That does not suggest that child pornography images involving 13-year-old children are acceptable or less serious, however, traditional law enforcement investigation and prosecution efforts are being used for those situations."
A different approach
Another child protection group has a different approach. The National Association to Protect Children, which advised Sen. Biden on his bill, said that blocking of files by Internet service providers could easily be seen by the public as "overreaching," making it harder to get public support for efforts of law enforcement. What's needed, said the group's executive director, Grier Weeks, is for cops to investigate the leads they already have.
"The Department of Justice and all 50 attorneys general are sitting on a mountain of evidence leading straight to the doors of child pornography traffickers," Weeks said. "We could rescue hundreds of thousands of child sexual assault victims tomorrow in America, without raising any constitutional issues whatsoever. But government simply won't spend the money to protect these children. Instead of arrests by the Federal Bureau of Investigation, the child exploitation industry now faces Internet pop-ups from the Friendly Bus Investigators. That was always the fundamental difference between the Biden bill and the McCain bill. Biden wanted to fund cops to rescue children. McCain wanted to outsource the job."
Sen. McCain's general counsel, Lee C. Dunn, said that he's happy that both the law enforcement and technology approaches became law, that his focus was on protecting children. She said the new law does not require any Internet provider to monitor traffic.
"They have the responsibility and their right to manage the network as they wish," Dunn said. "If AOL wants to monitor their network for child porn, some customers may go to them, because they'll keep them from getting this stuff showing up in their e-mail. Other companies may choose not to, and other people may prefer that. We're not dictating to them that they monitor their network."
Brilliant Digital Entertainment is betting that most internet companies will choose to monitor their customers. Michael Speck said his company's product pitches have been well received by law enforcement agencies, government officials and Internet service providers.
"I don't think there's anyone in the Internet space," Speck said, "who doesn't think fighting child sexual exploitation is good business."