What is Roundup Torrential Downpour?

Roundup Torrential Downpour is a forensic investigative version of BitTorrent client software that law enforcement uses to police the Internet in search of suspects that are exchanging child pornography. Roundup is a "suite" of software that covers several other peer-to-peer file exchange networks, Including Gnutella, eMule, Ares, in addition to BitTorrent. Torrential Downpour is the name of the tool for monitoring BitTorrent.

Recent criminal cases reference "Torrential Downpour Receptor." This piece is the software component that is used by law enforcement officers in a specific jurisdiction to perform a "single source download." This name is most likely to differentiate it from the distributed monitoring art of Torrential Downpour that tracks the BitTorrent traffic on the Internet [1] from centrally managed servers spread across the cloud.

Does Torrential Downpour hack my computer?

No. The BitTorrent protocol was not designed for privacy but to incentivize filesharing. Roundup Torrential Downpour monitors the unencrypted traffic of BitTorrent users looking to share known files of child porn with other users. Once the monitoring framework has identified a suspect by their IP address, followup is assigned to nearby law enforcement, based on geo-locating the IP address.

Next, Local law enforcement uses Torrential Downpour Receptor to perform a "single source download" by taking advantage of a feature of the protocol that periodically volunteers a piece of the desired file to any peer who wants one–regardless of whether they have shared pieces of the file or not!

Relevant Legal Cases

There are two court decisions that are often discussed with respect to Roundup software:

  • Katz v. U.S., 389 U.S. 347 (1967) – "For law enforcement activity to constitute a "search" under Katz it must violate an individual’s "reasonable expectation of privacy" in a place or thing. To have a reasonable expectation of privacy under Katz, I must subjectively believe a place is private and society must accept my belief as objectively reasonable" [2].
  • Kyllo v. U.S., 533 U.S. 27 (2001) – "The Court held that it is a 4th Amendment "search" to (i) use technology that is not in general public usage (ii) to detect information from inside a home" [2].

Since the purpose of the BitTorrent protocol is to share and disseminate files, law enforcement simply needs to monitor the public Internet activity to assimilate evidence. Courts generally consider this evidence to have been collected in "plain view" much like a police officer walking a beat [3].

While the basic legal principle is well established, that does not mean that every legal case involving BitTorrent is cut and dried. In reality, there are various technical hurdles that law enforcement needs to cross to make a strong case for the distribution or even the possession of child pornography, despite pre-trial posturing. In these complex cases, proper technical expertise is essential to preserving justice.

Can I get a copy of the Torrential Downpour Software?

No, it is not possible to obtain a copy of the Roundup Torrential Downpour Software unless you are a registered member of law enforcement. Defendants in multiple cases have attempted to get a copy via discovery, but courts have quashed these demands with one notable exception—United States V. Gonzales. In this case, the defense expert was granted an opportunity to review the software at the law enforcement facility but was not permitted to disclose anything proprietary about the software [4].

How does Torrential Downpour Work?

Torrential Downpour functions just like any other BitTorrent client except that it will only download pieces and will not share pieces to other peers in the swarm. According to public information, Torrential Downpour was forked from the original open-source BitTorrent client and now includes additional instrumentation to write logs as law enforcement uses the tool during an investigation.

According to the original creators [3], Torrential Downpour must implement the BitTorrent Protocol as written, so as not to violate the principle from the Kyllo case. Therefore, the "single source download" capability leverages a provision of the protocol called an "optimistic unchoke" whereby a normal BitTorrent client will occasionally offer a "piece" of the file to see if remote peer will reciprocate by sharing a piece that the BitTorrent client does not have [1]. Torrential Downpour does not reciprocate, lest that would be participation in the crime of distribution of child pornography.

Can you help me?

Yes, please contact me if you are a defense lawyer or are a part of law enforcement. I have intentionally limited my services so as not to enable the crimes of the distribution or possessing of child pornography in any way.

[1] BitTorrent & Digital Contraband
[2] Kyllo and "A Forensic Software Program"
[3] Strengthening Forensic Investigations of Child Pornography on P2P Networks
[4] United States v. Gonzales

Comments are closed.