More than a year after federal agents arrested 14 people accused in a cyberattack on PayPal, the high-profile prosecution has ground to a standstill over the handling of computers seized in the investigation. Searches carried out in a dozen states targeted computers, hard drives, and other digital devices, resulting in an avalanche of electronic material for investigators to sift through.
But intermingled with potential evidence of a crime were millions of irrelevant files, like e-mails, photographs, medical records, downloaded articles and Internet search histories.
Just how far prosecutors must go to segregate and purge such extraneous material is a question that could derail the federal hacking case, U.S. v. Collins, and test the limits judges place on electronic searches.
The defendants are each charged with conspiring to launch a cyberattack on PayPal’s servers to protest a decision by the California-based money transfer company to cut ties with online publisher WikiLeaks.
A team of defense lawyers, including some with their own radical stripes, have taken issue with prosecutors keeping full copies of their clients’ computers and hard drives, saying the devices contain personal information the government has no right to hold under the Fourth Amendment’s limits on searches and seizures.
The conflict has been raging since February with two orders from U.S. Magistrate Judge Paul Grewal, of Calif. siding with the defense that the irrelevant information should be purged. A hearing on an appeal of that ruling was set for Oct. 11.
“They’re not entitled to keep that information — period,” said attorney Thomas Nolan Jr., who represents an Ohio man charged in the case. “That’s what this battle is about.” Prosecutors and the FBI are “trying to justify keeping everything they take and we’re trying to say no.”
Since nearly every criminal case from child pornography to tax evasion involves the seizure of computers or other digital materials, the issue has implications far beyond cybercrime cases, lawyers said.
“It’s permeating criminal investigations,” said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation. “What the government is arguing is that people increasingly use computers to further their crime and we have to search through everything, because criminals don’t label their contraband.”
Prosecutors accuse the defendants of taking part in a distributed denial of service, or DDoS, attack on PayPal’s computer servers, a crude form of hacking which bombards a computer network with outside communications until it can no longer function.
According to prosecutors, the online collectivist group Anonymous coordinated the attack in December 2010 after PayPal suspended accounts used by WikiLeaks to receive online donations from supporters. Anonymous dubbed the attack “Operation Avenge Assange,” referring to WikiLeaks founder and editor Julian Assange, prosecutors allege.
Defense lawyers say their clients don’t belong to an organized political movement or even know one another. Solo James McNair Thompson, of Los Gatos, Calif., likened the DDoS attack to a virtual sit-in on PayPal. A real world sit-in might result in misdemeanor charges, but here the defendants face potential 10-year prison terms.
Nolan and Thompson are leading the protest over the government’s handling of evidence.
In seeking a warrant to search the Napa home of Thompson’s client, Tracy Ann Valenzuela, government lawyers made the standard promise demanded in such cases. If they seized computers or other digital devices to review off-site, government agents would, within 60 days of a forensic review, “use reasonable efforts to return, delete or destroy any data outside the scope of the warrant unless the government is otherwise permitted by law to retain such data.”
Such language, referred to as a protocol, is a typical feature of modern search warrants. Though not all the warrants issued in the case contained the same wording, the principle is the same, Thompson said. The government “has no business” under the Fourth Amendment maintaining copies of irrelevant personal files such as letters and photos, he said. “There’s no way they can argue they need photographs of someone’s girlfriend or family to prove their case,” Thompson said.
At a hearing in July, the prosecutors said the government had fully complied with the “reasonable efforts” protocol in the search warrant by returning computers and other devices with their full contents to each defendant. Meeting defense demands to also purge the extraneous files from the government’s copies would be unduly burdensome and could compromise evidence. Prosecutors told the judge that the task could take “literally thousands” of government employee hours and might harm the government’s case.
Grewal, who is known as one of the district’s most tech-savvy magistrates, sided with defense lawyers. “I thought the warrant requirement was pretty clear that you have to take what you’re entitled to and give the other stuff back,” he said.
Fakhoury, of the Electronic Frontier Foundation, said there is no national standard for protocols in electronic searches. Prosecutors should be wary of pushing the limits, he said.
“The law doesn’t give prosecutors leeway to take whatever they want and keep it as long as they want,” he said. “The government is trying to expand its search and seizure powers, and I hope that judges are going to be resistant.”•