IT Security Blog

I was forwarded this article this morning regarding an FBI sting operation using fake web links in an effort to catch people who surf to child porn sites.  I am all for prosecuting people who are breaking the law, particularly in relation to offenses relating to child porn, but the method described in the article has an uncomfortably high potential for false positives.

For starters, web sites are in the public domain and are accessible by anyone, anywhere, and at anytime regardless of how they got there.  How is the FBI to know that you found the web site as a result of one of their email lures and didn't stumble upon it some other way having no original intention to visit a child porn site?  Have you ever found yourself on a porn site or some other site that you weren't expecting as a result of a mistyped URL, unintended mouse click, or deceptive web site?  Sure you have! 

The article mentions another real possibility of accessing the site via an unsecured wireless connection.  Could you frame your neighbor with the dog that barks all day that you don't like by jumping on his open wireless network and surfing to this mousetrap site?  What if a bot on your PC was emulating clickthroughs to the site in an attempt to throw authorities on a wild goose chase?

I agree with the author where he states that this potentially sets a dangerous precedent if this type of surveillance continues to be allowed to stand up as evidence.  Granted, we've all heard the "someone must have been using my wireless network" and "I must have had malware on my PC" defenses before, but this situation could have some serious federal level consequences.  Sounds dangerous to me!