Mozilla Corp. asked the Feds to share details of a Firefox vulnerability that was used in exposing a child pornography website, but U.S. authorities turned down the plea.
The uncomfortable answer came from U.S. District Judge Robert Bryan, who recently denied Mozilla's attempt to learn which part of Firefox is vulnerable.
The company filed the papers in Tacoma, Washington, hoping to get more information on a security flaw found in the Tor browser. Tor is based on Firefox and is considered one of the safest and anonymity-friendly web browsers available. Predictably, it is sometimes used for ill purposes.
In February last year, the FBI seized computer servers for Playpen, a child porn site that operated on the Tor network. The authorities then ran the website from its own servers for two weeks between Feb. 20 and March 4.
This allowed them to deploy the Network Investigative Technique (NIT), which enabled them to track down the IP addresses site users. Specifically, the NIT infects a computer with malware, which outputs targeted data any time a user logs in.
Jay Michaud, a school administrator, is one individual who is being investigated by the FBI in the case.
Judge Bryan previously ruled that the FBI had to communicate to Michaud's lawyers which flaw from the browser led to his arrest. Mozilla aims to fix possible security breaches in its browser and asked Bryan to rule that the feds give the company the same information they were going to deliver to Michaud.
Meanwhile, Bryan was summoned by the Justice Department, which convinced the judge to go back on Michaud's request. The Justice Department quoted national security as the reason behind the suggestion. Bryan obliged, which means that prosecutors had no obligation to let Michaud in on the security flaw.
This basically makes Mozilla's request void of context.
"Mozilla's concerns should be addressed to the United States," Bryan notes.
The company stated that the government can ensure safety for its citizens by letting developers know of the flaw, so it can be fixed.
The Justice Department refused to make any official comments on the case.
No less than 137 persons are being charged with using the child pornography site Playpen. The people were identified because of the undisclosed vulnerability in the Tor network and browser. The number of Playpen users is unfortunately way higher. Authorities reached out to a Virginia judge in order to secure a search warrant that would help them identify the 214,898 members of the child pornography site.
Following the scandal, many people are being investigated both in the United States and abroad. It should be noted that a Massachusetts court rejected the evidence in the case of two defendants, declaring that the warrants used were not in order.
"Based on the foregoing analysis, the Court concludes that the NIT warrant was issued without jurisdiction," the court order reads.
It is the first time when a judge shuts down evidence coming from a federal hacking investigation.
The FBI also refused to respond to Mozilla's inquiries about how the browser flaw was discovered.