"Boystown" forum: BKA relies on IP catching in the Telefónica network

When tracking down the operators of the Boystown platform, which was considered to be the world's largest hub for child sexual abuse, law enforcement agencies used a very far-reaching and legally controversial investigative method in 2020 known as IP catching. The aim of the tool is to find out which people have used a certain service on the internet. According to criminal law experts, all IP addresses of the users of the respective service are collected for this purpose. In a second step, the Internet identifiers obtained in this way are assigned to specific persons via the inventory data information.

The extraordinary surveillance measure, which ultimately led to the identification of a suspected operator of Boystown, was ordered by the Frankfurt am Main district court on December 17, 2020. According to ARD research, the investigators were able to assign an administrator of the platform to a mobile phone connection in the Telefónica Deutschland network. The network operator was therefore ordered by the court to record for up to three months which customer connects to a server previously specified by the Federal Criminal Police Office (BKA).

According to the report, Telefónica ended the measure after the suspect was exposed by the surveillance after a few days. Data of unsuspicious persons was immediately deleted in the course of the analysis and not transmitted to the prosecutors. The Public Prosecutor General's Office in Frankfurt am Main had explicitly dubbed the large-scale online trap it had initiated as IP catching. At that time, the company, whose core brand is O2, had a total of almost 43 million mobile customers.

The fact that potentially millions of customers of a national telephone and internet provider can be shadowed for this purpose raises "many unresolved legal questions", explained Dominik Brodowski, Professor of Digitalization of Criminal Law at Saarland University, to the ARD reporters. "To put it charitably", according to him, it is "a highly creative approach by the investigating authorities." In the process, "various bases for intervention in the Code of Criminal Procedure are being cheerfully thrown together". In its concrete form, this "at least" pushes the boundaries of what is legally permissible, if they have "not even been exceeded". Considering the intensity of the intervention, the scope and the potential for abuse of IP catching, the legal scholar calls for at least a clear legal basis for this.

Tip on "phantom" from foreign authority

Benjamin Lück from the Gesellschaft für Freiheitsrechte (GFF) also considers the process to be a "far-reaching encroachment on the rights of innocent parties", which must be expressly regulated by law. IP catching is approaching a constitutionally sensitive "data retention light". The law enforcement authorities involved did not wish to comment on the chosen instrument. According to the report, the competent district court followed the application of the public prosecutor's office on the grounds that the measure was still proportionate due to the seriousness of the criminal offenses with which the suspect was charged, even if there was an "unavoidable third-party impact" on innocent O2 customers. Telefónica emphasized that it is obliged to implement such court orders and to cooperate with the authorities "within the framework of the applicable legal and data protection regulations".

Boystown was accessible via the darknet from 2019 until it was shut down in April 2021. More than 400,000 user accounts from all over the world are said to have been set up on the platform. Recordings in an associated online forum showed some of the most serious sexual violence against children. After more than a year of unsuccessful investigations, the BKA received a tip from a foreign authority, according to the ARD investigation. According to the tip, the administrator, who called himself "Phantom", used a Telefónica mobile phone connection for Internet access. The BKA then apparently developed a plan to filter out the suspect from all Telefónica customers. The surveillance led to the arrest and indictment of Andreas G. from North Rhine-Westphalia. He was sentenced to more than ten years in prison with subsequent preventive detention by the Frankfurt Regional Court in 2022, primarily for the gang-related distribution of child and youth pornographic content. The verdict is not yet final.

(vbr)