U.S. District Judge Robert Bryan ordered the FBI to produce the full code of its malware.

The government refused.

I’m not making that up.

A federal judge told the government to do something and the FBI essentially said, “How you gonna make me?”

This is not good.

I thought Apple had a really solid argument for refusing to help the government hack into one of their phones that was used by the San Bernardino shooter. The government eventually figured out how to do it without Apple’s help, but I don’t think a company should be forced to break its own system.

Same goes for the government. I don’t think the government should be compelled to reveal its code for catching criminals. Don’t get me wrong, I do think the government should be compelled to reveal that it has a code or a hack or some malware that allows it to spy on us. I think they should have to explain in plain English how it works, and I think we should be able to have a national, public conversation about whether or not we want to the government to have this kind of power. But I see limited upside in forcing the government to reveal the actual code for its software, if it doesn’t want to and reasonably believes that revealing the code would do real harm.

However, there are consequences to that position. If the government obtains evidence against you, you have the right to know how they did it. If the government doesn’t want to reveal that to you, well, then you get to take a walk. That might sound “unfair” to the vast majority of Americans who would trade seemingly all their liberties for a little enhanced security, but the Fourth Amendment is there to protect you from the government even when you don’t know you need protecting.

All of these competing interests are coming to a head in a Washington case involving an alleged child pornographer. The FBI obtained evidence against Jay Michaud, a local teacher, by placing malware on a Tor site frequented by “dark web” users.

Michaud’s attorneys would like to see the code used by the government to gather evidence against their client. Normally, that’s a pretty standard and reasonable request. Unfortunately, other dark web users would also really like to know how the FBI is catching them. Getting their hands on the code would be huge. Even if the code is produced in “sealed” documents, we can’t pretend that we live in a leak-free world.

U.S. District Judge Robert Bryan ordered the FBI to produce the full code of its malware.

The government refused.

I’m not making that up.

A federal judge told the government to do something and the FBI essentially said, “How you gonna make me?”

This is not good. This is a borderline constitutional crisis. In response, Judge Bryan tossed the evidence against Michaud obtained by the malware, but allowed the case to continue. On Simple Justice, Scott Greenfield has written passionately about how Judge Bryan caved to pressure from the executive branch.

(Judge Kneels And Welcomes His Governmental Overlords link)


I don’t think the FBI should be compelled to release its code. I’m reminded of when the Allies broke the Enigma code, a story recently popularized in the movie The Imitation Game. Once we broke the German code, we didn’t stop every attack we knew was coming. Preserving the hack was more important than preventing individual losses. People died because we didn’t want to reveal what we had. There were consequences to our decision.

Here, Judge Bryan should have tossed the whole case against Michaud. That should be the consequence of the FBI’s decision. Yes, that means one alleged child pornographer and teacher goes free. Yes, that is unfortunate. But if the FBI really wants to protect its code, then they should be willing to give up this one guy for all of the information they are getting through using this hack.

It’s a difficult decision, but if the FBI and Judge Bryan don’t want to make it, they should get into the cupcake business and leave the balancing of liberty and security to sterner men and women.

Prosecute the alleged criminal under the agreed upon rules that are there to protect all of us, or do not. There is no try.