Couldn't the agent be referring to a http header, in which case it doesn't seem that improbable.
I've worked on sites before where if you logged in as the admin it started attaching a header with the ip of the application server responsible for generating that page to help with debugging. It's not outside the realms of possibility that something like that could break and start leaking ips.
Prosecutors can write whatever fiction they want in a criminal complaint. The false criminal complaint I was once extradited on, for example, was based upon a fictitious claim that AT&T was headed in New Jersey, when a simple search of SEC Edgar or Wikipedia can verify that it is headquartered in Dallas, Texas. Federal agents have been caught lying multiple times to everyone from the public to Congress, and yet for some reason people still consistently take the garbage they say seriously.
Conspiracy to Distribute a Controlled Substance; Attempted Witness Murder; Use of Interstate Commerce Facilities in Commission of Murder-for-Hire; Aiding and Abetting
I don't think that's what he's suggesting at all. We shouldn't automatically discount their statements, but we should start scrutinizing them very carefully before we make a call.
Scrutiny is fine, but the "scrutiny" on display in this thread is quite fanciful indeed. It's almost as if people were hoping that FBI is, somehow, someway, wrong, instead of skeptically analyzing the data presented using critical analysis and then following where the evidence leads.
E.g. the top comment right now claims that a footnote practically proves FBI employed parallel construction, based on no reasoned argument, and without examining even the possibility that there is a reasonable explanation on the FBI's behalf.
So if scrutiny is the byword, let's practice scrutiny. But I'm just seeing advocacy.
First we're not a monolith. Second, I don't see people advocating for due process so much as I see outright advocacy and willful ignorance of the idea that it's possible for the FBI to indict someone without violating their due process.
The HTTP header is not in the packet header. It is in the data section of the TCP packet. If so, this calls the federal agent's capacity to serve as an expert witness in question.
The TCP packet is not in the 'packet header'. Both the Ethernet and IP frames precede it. How can you possibly suggest that a HTTP header doesn't count, but a TCP packet does?
Weev you are disqualified due to your incorrect assertions from being an expert commentator :D
TCP is a packet-switched protocol. HTTP is a socket-based protocol. HTTP as a protocol is a stream of bits that is carried within the data segments of a packet-based transit protocol. HTTP itself does not have a "packet header". TCP has a packet header, as one can simply verify by googling "TCP packet header". Go do some learnin', bro.
Weev you know me, you also know I'm right. TCP as a protocol is a stream of bits carried within the data segments of a frame based transit protocol. Both TCP and HTTP have headers.
HTTP does have a header, but what is carried within the data sections of TCP/IP packets created by the establishment of an HTTP socket are not packets. HTTP is not in itself a packet switched protocol. It forms a circuit. Seriously, your CCNA does not make you a networking expert.
If the agent's claim is true it wouldn't have come from an HTTP header anyways, but instead the IP address was leaked by the captcha part of the SR website, which the agent would have noticed on his wireshark-equivalent dumping TCP logs.
What I'd like to know is if anyone in the public domain has any packet logs from SR?
I find it than incredible that, given SR's notoriety, nobody had ever used tcpdump, an interception proxy or a browser's inspector and noticed this IP before.
Then again, I found it incredible that HeartBleed hung out in OpenSSL for as long as it did, when you'd think there'd be at least a couple of people in every security group out there reviewing each patch for new vulns.
It's a bit unfair to say he was out on a technicality. The appeals judge ruled that the venue was improper, and venue can be extremely important. Not to mention the judge also saw several issues with the original charges.
There was a VPN IP leaked in April-May 2013 for maybe a hour or two but then quickly corrected. That ip belonged to the VPN provider not the server host provider
The underlying argument here seems to be that if the evindence was procured via unlawful means, then Ulbricht should go free even he is guilty of the crime.
It seems to me as a quaint way to practice justice. What is the rationale behind this? Isn't it the court's job to establish guilt?
This specific case might not be a great example to reason about, but if this was a rapist or killer that should be set free despite being screamingly obvious guilty, just because the cop was a crook too, how could that possibly be morally justified? Two wrongs does not make one right, if you ask me.
Edit: An explanation would be nice, instead of the downvotes. Is it that questions about the justice system is off topic here?
It's designed to try and avoid a moral hazard where a rogue police office may choose to suffer the consequences of an illegal search (if indeed a case could be brought) in order to get the evidence he or she needs.
It's because of such rules the police won't enter your home without a warrant. If they did so, and found evidence of a crime - it would be thrown out. These rules exist to make sure the police have no incentive to enter your home unless they have a warrant (or evidence of a crime in progress)
It protects the population at large from an unrestrained law enforcement system from intruding upon you in a multitude of ways.
I don't think this evidence would count as fruit of the poisonous tree based on exceptions 1 and 2.
1. This investigation couldn't have been the result of other, illegally obtained evidence. It started from the publicly known Silk Road site, and didn't rely on previously known information about DPRs identity, nor on any "lucky coincidences" that could be set up using other information.
2. The vulnerability was easy to encounter even by accident. Unless it took a very large number of login attempts to activate the CAPTCHA, any serious investigation would hit upon this.
If they really had his info from an illegal search, they could make a better story without forging evidence by using parallel construction, e.g. claim that they investigated him based on his Stack Overflow posts.
It's to discourage police from overstepping their bounds. In any particular case you might figure that it's in the public's interest to just put these people away regardless of how the evidence was procured, but the people who designed the system saw government overreach as an existential threat in a way that no small-time criminal attacking individuals one-at-a-time could be.
It's a tough call either way, but I think the founding fathers made a good decision on this one. Either way, it's worthwhile understanding what their motivations were.
Very well, I think. Look at data from Amnesty International for example, for more information about the prevalence of torture in the world.
I don't want to name specific countries (I've had enough of the downvotes) but it should be deeply obvious that this poisoned fruit doctrine has no correlation to police misconduct. (As would be expected, the risk of letting a criminal walk free is not much of a personal risk to take.)
It's not at all obvious to me that poisoned fruit doctrines have no correlation to police misconduct, and I think it's not obvious to the many people I've talked about this with in meatspace. Do you have sources to back up that claim?
It's not just about punishing the cops, though. The problem is that illegal searches are Fourth Amendment violations -- which we take very seriously -- and this seems to be the best way of preventing them.
Usually constitutional violations are handled in a compensatory manner, but it probably wouldn't work to rely on lawsuits for 4th Amendment violations. How much to compensate for a police officer illegally searching your backpack? Probably a nominal amount, and certainly not enough to prevent police from committing illegal searches in the future -- it would just be considered part of the cost of securing a conviction, and illegal searches would be rampant. And it's hard to imagine the victims of most of these illegal searches being able to find lawyers to take the cases (not worth it).
Excluding illegally obtained evidence (the "exclusionary rule") is the best way we've come up with to consistently protect these rights. The obvious downside is that we throw out tons of perfectly good evidence and lose lots of convictions, which is why the rule seems absurd to many people, especially lawyers from other countries. But we're essentially forced by the constitution to consider illegal searches a more serious evil than a missed conviction.
Not a confession for example, because such evidence is not trustworthy. Not because it was procured illegally. Those are two very separate questions.
If a police tortured someone, he or she should be brought to justice and possibly jailed for the crime. But indenpendently of that, if that produced absolutely irrefutable evidence of another crime, then that evicence should be allowed to stand on its own. It is what the word evidence means (a mathematical evidence, for example, is just as valid no matter how it was procured).
And it's not "my" logic. I'd venture a guess that it is the most common way to practice justice in the world: That the purpose of a court is to establish guilt.
As I said earlier, evidence is evidence. It is not illegal or legal for the purpose of establishing guilt. It can be more or less trustworthy, but legality does not play into it.
The appropriate questions to ask in that situation would be "does this evidence really say what we think it does", and "are there reasons to believe this evidence is fabricated?", not "how was it procured?".
The people responsible for a warrantless search should of course be brought to justice, and at least lose their jobs, but as a separate matter.
Do you think there would be many people calling for the resignation of a rogue cop who flagrantly violated the law but in the process managed to solve a much higher than average number of crimes?
Fortunately, the populace does not decide justice. Judges and lawyers are not elect, for this very reason.
But we shouldn't go too deep with the hypothetical questions. In most (western, civilized) parts of the world evidence is evidence. And they have lesser problems with police brutality, pretty much any way you look at the data (from bullets fired to people's conceptions).
A judge is supposed to be neutral, but a prosecutor isn't. This isn't an issue of brutality, we would need stats on the number of illegal searches conducted in different countries and we would need to know that these stats were accurate. This might be difficult because most illegal searches probably go unreported.
I suggest you read the SCOTUS opinions in the cases that generated the exclusionary[1] and other "prophylactic" rules. The judiciary has created several, including this one and the Miranda warnings[2], in order to protect the integrity of the judiciary. The opinions lay out why the court felt it necessary to do so.
Thank you for taking the time to actually answer the question, despite the sea of downvotes.
That is quite heaving reading for someone not up to speed with the US justice system. I have to admit I will save it for a rainy day.
The Miranda readings does also come off quite strange to an outsider, but the reasons behind it is much more obvious as a matter of educating the public.
In England evidence from an illegal phone tap could be used to convict someone, but the people doing the tapping would also face prosecution for that criminal offence.
No prosecution in England is automatic. Police gather evidence and present that to the criminal prosecution service who then decide whether or not to push a prosecution. Private citizens can push for something to be prosecuted and in rare events they can prosecute themselves.
English courts are pretty keen to prosecute corrupt police officers.
The general idea is that the integrity of the criminal justice system is at least an order of magnitude more important than the outcome of any particular case.
> Isn't it the court's job to establish guilt?
No, that's the prosecutors' job.
The Court's job is ensure that the defendant receives due process.
It's arguably impossible to have a perfect justice system. So, you have to try to construct the best one you can.
While the exclusionary rule does allow guilty people to go free, that negative is arguably overwhelmingly outweighed by keeping innocent people out of prison, providing equal protection to all, and maintaining public faith in the criminal justice system.
One can argue that the system as implemented doesn't do such a good job of providing those three outcomes, but if we assume it does, wouldn't you agree maintaining such a system is more important than ensuring every last (actual) criminal who makes it to trial is convicted?
>While the exclusionary rule does allow guilty people to go free, that negative is arguably overwhelmingly outweighed by keeping innocent people out of prison, providing equal protection to all, and maintaining public faith in the criminal justice system.
But should we be letting guilty people go free? It's not like they'll ever come after me.
> The Court's job is ensure that the defendant receives due process.
Thank you for being the first commenter to give an answer to the actual question.
However, I do not think it really holds water. It does not seem to be the case that the prosecutor is the one to actually establish guilt. The guilty verdict is reached by a jury and a judge.
These get to value evidence according to a multitude of reasons, one of which is if it was acquired legally.
> wouldn't you agree maintaining such a system is more important than ensuring every last (actual) criminal who makes it to trial is convicted?
Oh, absolutely. The question is why principle would help? To put it very blunt, "if we let a few criminals loose then the police will stop breaking the law" does simply not make sense to me.
The widespread idea in the comments below that police somehow "profits" when someone is convicted does not make sense to me either.
Blackstone's Formulation, "It is better that ten guilty persons escape than that one innocent suffer", is a very influential idea in Western Justice systems. The idea is that the government has a stronger duty to protect innocent people than to punish guilty people. http://en.wikipedia.org/wiki/Blackstone's_formulation
> The general idea is that the integrity of the criminal justice system is at least an order of magnitude more important than the outcome of any particular case.
If for some reason only one lesson on civics were taught in 12 years of schooling, this would be a top candidate for that lesson.
Not really this is one of those rules that makes people think they can win court cases that they can't really win. The idea that if you catch the police in a small error you can get off in a criminal case. You have to catch the police in a big error that they based the case off, or a serious breach of your rights. This will hardly ever work.
There are others :
1) If I follow the law I won't lose a case. Cute. Try being unreasonable to a judge and see how that works (A popular one : tell the judge that because a car accident happened on your own property, you got to set traffic law governing that accident. Technically correct. Try it)
2) If they don't have proof I can't be convicted. (and sometimes : video is not proof). False (well the video thing is true). The big mistake here is civil versus criminal cases. If it's not the government suing you, or "technically" not the government, e.g. mall security, then proof is not required, and video is perfectly admissible. Even if you are not recognizable on the video, but there's good reason to think it's you (e.g. a credit card record). Second, witness statements from people watching video can be accepted sometimes.
3) If the opposing party makes one tiny mistake I can get off scott-free. False. The justice system's job is to make the smallest possible change to the arrangement that makes it legal. If you sign a contract "I will kill my firstborn and pay $200" (extreme, ridiculous example), obviously you do not have to kill anyone, you will however, be on the hook for the payment. Interesting cases result from the use of "or" instead of "and".
This goes for government integrity too. Suppose Ulbright's lawyers get this one. The next thing that happens is the judge telling the prosecutor to go home, have a good night sleep, start the case from scratch and try again (in the same court case). If he succeeds, that's fine (of course he might not be able to).
4) With a lawyer I can tie up any case for any amount of time. No you can't. Ridiculously complex contract law cases, yeah sure (even then best take a good lawyer). Not paying your car repair bill, no.
5) They can't get to me if I move/hide/other state/other country/... Might be true. Not true for any place worth living. So good luck with that.
These things should be taught, with a few example cases illustrating what can happen. It would lessen the load on the justice system by 50%.
As another poster pointed out, it is that the purity of the criminal justice system is more important than any given case.
In any case there is more than just the accused on trial. Always and ever the system is on trial as well. If it were not then there would be insufficient checks and balances. Most importantly, putting the system on trial routinely is necessary, because while one man (one murderer, one rapist, one thief) can do a considerable amount of harm to others and society if set free in error the system is capable of doing much, much more damage if it is allowed to become corrupt, abused, misused, etc.
One serial killer might kill hundreds. A corrupt system can kill thousands, or millions.
>The underlying argument here seems to be that if the
evindence was procured via unlawful means, then Ulbricht
should go free even he is guilty of the crime.
If they don't provide the packetlogs, it's not that the evidence is procured via unlawful means, it's that there's no evidence!
And if there's no evidence, why would you claim that Ross is guilty of the crime?
Constitutional rights are not quaint. Protecting them is not quaint. The idea that letting some criminals walk free would be a good way to deter police from breaking these laws seems very much so, at least to an outsider. That is why I asked.
You are being down voted because there are people here who cannot conceive that there might be people here from other countries that have working, fair, justice systems built on different rules than the US justice system, and so that take different approaches to things, and so the US way of handling something might seem strange to such a person.
I'm not sure they(FBI) are under any obligation to even make packet logs? Are there laws dictating this? I would think they would have just made note of the IP and the circumstances of uncovering it on paper with pen and then called it a day. Maybe save out a few raw packets. The IP address isn't the evidence against him, it was just their initial lead on the physical server...
A footnote in the Agent's declaration even suggests Parallel Construction:
After Ulbricht’s arrest, evidence was discovered on his computer reflecting that IP address leaks were a recurring problem for him.
It continues on to specify specific instances of leaked IP information, which is completely irrelevant hearsay if the stated means of discovery were supported by properly documented evidence. Instead it provides circumstance in which it seems likely that the server could have been discovered through such a leak. If the server were discovered through illegal means, this information would have been useful in the construction of a technically plausible sounding alternative means.
I'm not claiming that the discovery was illegal, but weev is spot on in his demand for evidence.
It's not really the Agent's job to make such legal determinations? If I was doing forensic analysis on a server under such circumstances I would have made note and reference to that as well. Again, the IP address leak isn't the real evidence anyway and I don't see how the FBI is on the hook to prove beyond a shadow of a doubt that they got the IP address the way they said they did. His attorneys are spinning a yarn and poking the FBI's story because it's their job, but I think we should not be suggesting the FBI is guilty of something and must be required to prove their innocence. If the FBI have the logs they should answer in kind, however I don't believe the absence of such logs is going to or should help his case any.
That's a lot of different things. Perhaps you could focus on one and try again.
If I was doing forensic analysis on a server under such circumstances I would have made note and reference to that as well.
The footnote is not forensic, and not evidence, and there's no good reason for it to be there. I doubt you are a forensic investigator so it isn't relevant what you think you would have done, but if you were a good one I suspect you would have kept packet logs of everything you saw.
That's really just two things. I apologize if you had trouble discerning that, but I'm not inclined to try again. But thanks for asking and making it clear my opinion doesn't matter ;)
I don't see how the FBI is on the hook to prove beyond a shadow of a doubt that they got the IP address the way they said they did.
That seems kind of important to protect against illegal methods of obtaining evidence. It's not enough to say the evidence could have been obtained legally; it must actually have been obtained legally.
I don't see how you read Parallel Construction from there.
Instead the amended declaration is responding to the claim from the defense that "there's no way FBI could have found our boy's IP address without NSA hax!!!!1"
The reply to that can be direct: "DPR configured his captcha wrong, it was actually pretty easy...". This is all that's strictly needed, which is why the rest is in a footnote.
But the footnote isn't unimportant: It explains further that it's not that unlikely (again, as the defense had been claiming) for DPR to have leaked IP addresses, as the evidence on SR's own logs showed in retrospect DPR had been having difficulty with that.
This further undermines the defense claims that only mysterious NSA de-anonymity programs, but it doesn't need or even require parallel construction, as the agent clearly explained how he actually found the IP address: from the captcha routine.
This is all that's strictly needed, which is why the rest is in a footnote.
I'm not sure of the legal requirements, or if there even are any.
But I know that I've filed irrelevant bugs with better documentation than the event which is claimed to be the seminal moment when an extremely high profile prosecution was suddenly possible. If for nothing else, whoever saw this packet should have documented it for bragging rights. It should be printed on the back of their business card, the byline to the rest of their career.
Instead they said "this totes happens all the time, trust us".
Bragging rights aside, this packet is the basis of a high profile international search warrant. Visiting the IP and receiving the same page is circumstantial... Anyone could be serving that same page. I'm sure you'll find plenty of them by Googling for whatever text was on the page, but you won't get a search warrant like that. It is the original packet from the source that points to that page which makes that IP crucial. It should be properly documented.
> Instead they said "this totes happens all the time, trust us".
They're the FBI. They probably do see this all the time. Your "bragging rights" is likely just another example of the same stupid mistake that the investigator sees in criminal activities of less fame all the time...
I was initially going to downvote you but after analysis you're correct.
It continues on to specify specific instances of leaked IP information, which is completely irrelevant hearsay if the stated means of discovery were supported by properly documented evidence.
Hearsay is, literally, an "out of court statement offered to prove the truth of the matter asserted [in the statement]". Hearsay must be (1) a statement (2) by a person and (3) offered to prove that something else happened. A log of IP addresses generated outside of the courtroom to prove that a defendant visited those computers/sites/addresses would normally be hearsay. However, in the US, hearsay specifically excludes records of regularly conducted activity. (See Federal Rule of Evidence 803). Internet access is a regularly conducted activity, so IP logs, like phone records and GPS addresses, have been deemed by the courts not to be hearsay.
But all of this is irrelevant. Weev's demand is asinine and shows that he (still) doesn't understand the law. In order to use the IP logs in court, the prosecution must turn over the IP logs, and all evidence collected with respect to those logs, to the defense during the discovery phase prior to trial. The defense will get their opportunity to investigate those logs. As other commenters have already pointed out, there isn't likely to be anything in the IP logs that would substantiate the NSA theory over the far more likely scenario of RU having borked his server configuration.
My understanding is that frequently the records must be regularly collected; it might not suffice that the activity is regularly conducted. I wouldn't hope to rely on this in your defense without talking to a lawyer first, but it's a good thing to keep in mind to stress the importance of (for instance) regularly keeping meeting minutes and such which might wind up needing to be exculpatory evidence at some point.
It seems to me that IP logs would be even more "regularly collected" than meeting minutes though. And somewhat ironically, would not be exculpatory evidence here, but substantiating evidence of the FBI claim that DPR didn't know how to configure SR to safely serve as a Tor hidden service.
Sure, it's plenty likely they're still "regularly collected"; my intent was simply to add some interesting tangential details, not to assert that they were relevant to the case at hand.
Where it says (the “June 12 Request”), I guess that is referring to a document included with the statement (or otherwise available to the participants in the case). Anybody manage to find it?
> It is several orders of magnitude more difficult to fake packetlogs of network traffic which include a protocol as complex as Tor.
I would be careful with that. It's not as difficult to fake as you might think. And a statement like this puts you entirely at the mercy of someone who is capable of faking it.
honestly, there would be so many gaping flaws in a faked pcap. there are a thousand ways to go wrong. it is much harder than forging a document, but will still trust documented evidence in a court.
here though, the FBI is basically saying "the document said this, but we don't have it anymore for some reason."
This really reminds me of when Hans Reiser was on trial. I remember a lot of people in the tech community tried explaining away things like him removing the (presumably bloody) seat from his car, washing out the carpet of his car with a hose, buying books on how to commit a murder, and finding Nina's cel phone with the battery popped out in her abandoned car.
Each of those things was explained away by the tech community. The seat was taken out and the floor was cleaned with a hose because Hans was broke and wanted to live in the car. He bought the books because he knew he was being followed and was curious about the process. The cel phone battery was popped out because of the real perp had done it, or maybe it was something Nina had done.
The point is none of that shit matters. The finer points of TCP are going to be lost on a jury and debating the academic points of packetlogs is fruitless. I've served on a jury before where not even a single other member could parse the most basic of logical statements. Our judicial system is based on story telling; each side tells their story and the person with the best story wins. The feds do this shit all the time, so they're probably going to have a pretty damn good story.
I wouldn't trust a jury on this stuff, either, but it's going to be a judge deciding these issues, and they usually at least TRY to get this stuff right (though some are much better at it than others).
There's a major difference between this and the Reiser case. As you mentioned, with Reiser people were really practicing wishful thinking in order to save a hero of theirs. In this case people are trying to follow the case because there's a huge and reasonable chance that the FBI did not act above board in following US law.
I don't think anyone things DPR is innocent, or that he's going to some how get away with this. However, people are concerned that the methods used to find him were not constitutional. This has more to do with keeping the government in check than it does with anything else.
That's a fair point. I think you articulated better what I was feeling than I had expressed, which is that it felt like wishful thinking on the part of the OP.
There does feel like there is hero worship going on with DPR "standing up to the man" though, regardless of whether people feel he's guilty or not. That's particularly so with people who feel services like the Silk Road only came about as a result of the prohibition of narcotics.
Regardless though, the unsavoury nature of Ulbricht's actions unfortunately taint the constitutionality issue.
> However, people are concerned that the methods used to find him were not constitutional.
However, people are expressing this concern independent of evidence to support this concern. Even if you're of the school of thought that the FBI has no extra "public authority" power to do their statutory job whatsoever, it's not illegal for anyone to go to the SR website on Tor, and to see what IP addresses the website instructs your web browser to hit in the process.
So there's a perfectly reasonable (and likely, IMHO) explanation on the record that supports the FBI position, and against the FBI position, there's only a lot of rather painful wishful thinking (as you say). So I'm not sure how the situation is that different, at least until more substantive evidence against the FBI's claims are presented.
Q: What does the government call an illegal wiretap?
A: "The anonymous informant".
Whoever below pointed out that a jury of 12 morons will NOT be persuaded by some turgid debate over the minutiae of packets is 100% correct. You can always spot someone naive about how the legal system actually works based on just how loftily ideological their narratives and 'theories' are.
Nevertheless, this is relevant from a procedure standpoint as if the defense can demonstrate malfeasance on the part of the FBI using computer forensics, they can have certain evidence dismissed.
I've worked on sites before where if you logged in as the admin it started attaching a header with the ip of the application server responsible for generating that page to help with debugging. It's not outside the realms of possibility that something like that could break and start leaking ips.
reply