Wednesday, April 04, 2012

DDoS Attacks, “Unfair Prejudice” and Proffers

After a jury convicted him of “computer fraud in violation of 18 U.S. Code § 1030”, Bruce Raisley appealed, arguing, in part, that the district court judge who presided over his trial made three “erroneous evidentiary rulings” that required the reversal of his conviction.  U.S. v. Raisley, 2012 WL 753745 (U.S. Court of Appeals for the 3d Circuit 2012). 
To understand the arguments Raisley made on appeal, it is necessary to understand a little about how the case arose and evolved.  According to this opinion, Raisley was once

a volunteer for the organization `Perverted Justice.’ The group uses the internet to seek out sexual predators and expose them to the public. Group members assume fake online personas, pretending to be minors, and then conduct explicit online conversations with adults. Once the adult is identified, Perverted Justice posts the individual's identity and a copy of the text of the online chats on the group's website.

Eventually Raisley began voicing his disapproval of the group's `vigilante’ tactics. The group's founder, Xavier Von Erck, responded by using those very tactics against him. Von Erck posed as a woman named `Holly,’ started an explicit online relationship with Raisley, and convinced Raisley to meet `Holly’ one day at the airport. When Raisley arrived, flowers in hand, he was met with photographers. Von Erck posted pictures of the encounter and Raisley's conversations with `Holly’ online.

U.S. v. Raisley, supra.

The opinion explains that in September 2006 and July 2007, Radar and Rolling Stone magazines published “articles about Perverted Justice and its questionable methods, specifically mentioning Raisley and his ordeal with Von Erck.”  U.S. v. Raisley, supra.  According to the Court of Appeals, Raisley responded to “this embarrassing publicity” by taking “matters into his own hands.”  U.S. v. Raisley, supra. 

Armed with a background in computer programming, Raisley created a `malware’ program and introduced it to the internet where . . . it spread to thousands of computers worldwide. Raisley then used this infected network of computers to launch `Distributed Denial of Service’ (`DDOS’) attacks against websites that published the Radar and Rolling Stone articles. A DDOS attack uses multiple computers simultaneously to request information from a website. If done on a large enough scale, the requests overwhelm the website, take the victim server off line, and render the site inaccessible.

The websites for Rolling Stone, Radar, and the Rick A. Ross Institute of New Jersey (`RRI’), among others, published copies of one or both of the articles about Perverted Justice and Raisley and later experienced DDOS attacks. As a result, the websites became disabled or the content became unavailable due to overwhelming attempts to access the sites.

U.S. v. Raisley, supra.

In November of 2007, RRI “communicated with the FBI to complain about the DDOS attacks.”  U.S. v. Raisley, supra. The FBI investigated and executed a search warrant at Raisley's home, where they “seized computers, portable computer storage, and a Rolling Stone magazine containing the article about Raisley”.  U.S. v. Raisley, supra. 

Raisley told the agents executing the warrant that: (i) everything they needed “`was on the thumbdrive [they] had recovered from his home,’” (ii) he wrote the “code that `was on that thumbdrive,’” (iii) he used the code to “`attack’ `the websites’” and  (iv) he “`didn't mean to hurt anybody, he just wanted them to take his name off their sites.’”  U.S. v. Raisley, supra.  When the FBI searches Raisley's computers and the thumbdrive, they found “substantial evidence linking him to the DDOS attacks, including the malware program and its source code.”  U.S. v. Raisley, supra.

In August of 2008, Raisley and his defense attorney “attended a proffer session with the Government.”  As I explained in an earlier post, In federal criminal practice a “proffer” (also known as a “proffer letter” or “proffer agreement”) is a written agreement between a prosecutor and someone suspected of committing federal crimes. Defense attorneys use proffers to try to negotiate plea bargains or immunity for their clients, but they can be tricky.  As this article explains, the proffer lets the suspect “tell the government about [his] knowledge of crimes, with the supposed assurance that [his] words will not be used against [him]” in any subsequent prosecution.  During his proffer session, Raisley admitted that “he launched DDOS attacks against, but he failed to reach an agreement with the Government.”  U.S. v. Raisley, supra.

Raisley was charged with and, as noted above, convicted of one count of computer fraud in violation of 18 U.S. Code § 1030U.S. v. Raisley, supra. The district court judge sentenced Raisley to 24 months in prison followed by “3 years of supervised release” and ordered him to pay $90,386.39 in restitution.  U.S. v. Raisley, supra. (I don’t understand why the opinion refers to “computer fraud” rather than transmitting code and damaging a protected computer in violation of 18 U.S. Code § 1030(a)(5)(A).  From comments in Raisley’s brief on appeal, I get the impression he was charged with the § 1030(a)(5)(A) crime. Brief of Appellant, U.S. v. Raisley, 2011 WL 5045508.)

Raisley’s first challenge to the district court judge’s evidentiary rulings at trial argued that the judge abused his “discretion by allowing evidence of his contemporaneous DDOS attacks against websites other than the RRI's website.”  U.S. v. Raisley, supra. When the issue came up at trial, Raisley object to the prosecution’s “opening up the case beyond the actual charged count, arguing that taking focus away from the central issue and introducing extraneous information would lead to an unfair and impartial trial.”  Brief of Appellant, U.S. v. Raisley, supra.  The government claimed the evidence was “highly probative” because it corroborated

the attack on; showed how the DDOS attack worked; showed Raisley's method in configuring and launching this attack; showed the effects of the DDOS attacks; and showed the common motive behind all the attacks -- Raisley's desire to destroy any website that posted the articles.

Brief of Appellee, U.S. v. Raisley, 2011 WL 5845083. 

In making this argument, Raisley relied on Rule 403 of the Federal Rules of Evidence, which states that the trial judge can “exclude relevant evidence if its probative value is substantially outweighed by a danger of one or more of the following:  unfair prejudice, unfair prejudice, confusing the issues, misleading the jury, undue delay, wasting time, or needlessly presenting cumulative evidence.” U.S. v. Raisley, supra.

Raisley claimed that the probative value of “this evidence of uncharged crimes” was “`substantially outweighed by the danger of unfair prejudice.” U.S. v. Raisley, supra.  Rule 403 is a restriction on Rule 402 of the Federal Rules of Evidence, which says (i) relevant evidence “is admissible unless” admitting it is inconsistent with the Constitution, a federal statute, another of the Federal Rules of Evidence or a Supreme Court decision and (ii) “irrelevant evidence is not admissible.” 

The Court of Appeals found the evidence was “highly probative” because it (i) corroborated the attack on the RRI's website, (ii) showed how a DDOS attack worked, Raisley's method in configuring and launching an attack and the effects of the attacks and (iii) showed that the “common motive” behind the attacks was Raisley’s “desire to destroy any website that posted the embarrassing articles about him.”  U.S. v. Raisley, supra.  It also found that the district court judge “obviated any danger of unfair prejudice by repeatedly instructing the jury that it could consider the evidence of the other attacks only for the very limited and proper purposes it explained.”  U.S. v. Raisley, supra.  

And, in dictum, it found that, “given the overwhelming evidence that Raisley attacked the RRI's website, any conceivable error in admitting evidence of [his] simultaneous DDOS attacks on similar victims was harmless.”  U.S. v. Raisley, supra. 

Next, Raisley argued that the district court judge

erred by excluding certain evidence about his feud with Von Erck, specifically his belief that Von Erck used a picture of Raisley's son to lure online pedophiles and that Von Erck sent a pipe bomb to Raisley's home.

U.S. v. Raisley, supra.  Here, the Court of Appeals found that the trial judge correctly applied Rules 402 and 403 “in determining . . . that these areas were irrelevant to the core issue of whether Raisley attacked the RRI's website and were likely to cause confusion, prejudice, and time-consuming mini-trials.”  U.S. v. Raisley, supra.  In other words, it found that the evidence was irrelevant and therefore inadmissible under Rule 402 and that even if it was relevant its probative value was substantially outweighed by the three negative factors noted above. 

Finally, Raisley argued that the district court judge abused his “discretion by admitting his statements, made during his proffer with the Government, that he attacked the RRI's website.”  U.S. v. Raisley, supra.  According to his brief on appeal, the government sought to introduce three statements from the proffer session:

First, according to the proffer statements, Raisley told the government that [the system administrator for the site] was attacking his site because of the attack he made against . . . The government contended that the statement was admissible because it was inconsistent with the theory of defense. 

Second, the government wanted to introduce Raisley's knowledge that the virus had infected computers in Greece. Finally, the government sought to introduce statements about Raisley's acknowledgment that the virus spread via a USB device.

Brief of Appellant, U.S. v. Raisley, supra.  

The Court of Appeals began its analysis of this issue by noting that “[p]roffer agreements are contracts, and their `terms must be read to give effect to the parties’ intent.’”  U.S. v. Raisley, supra (quoting U.S. v. Hardwick, 544 F.3d 565 (3d Circuit 2008)).  It then found that the district court judge did not err in interpreting the proffer agreement, which

provided that `[t]he government may use [Raisley's] statement and any information provided by [him] to cross-examine [him] and to rebut any evidence or arguments offered on [his] behalf.’ We have explained that the terms of an identical waiver provision are `expansive[,]’ and that they allow the use of proffer statements `to rebut any evidence or arguments’ offered on a defendant's behalf. . . .

During his proffer, Raisley admitted he attacked the RRI website. In his opening statement at trial, however, his defense counsel told the jury that `Raisley did not attack the Rick Ross website.’ Because of the clear contradiction between Raisley's proffer statement and his opening statement at trial, the District Court did not abuse its discretion by admitting Raisley's proffer statement.

U.S. v. Raisley, supra (emphasis in the original). 

The court also rejected Raisley’s argument that “admission of the proffer statement is inconsistent with his right to a fair trial because he could not assert any defense at trial without opening the door to the proffer session.”  U.S. v. Raisley, supra.  It pointed out that, he “could have argued that the `facts put in evidence by the prosecution are insufficient to permit the jury to find the elements of the crime proved.’” U.S. v. Raisley, supra (quoting U.S. v. Barrow, 400 F.3d 109 (U.S. Court of Appeals for the 2d Circuit 2005)). 

In other words, the court said Raisley could have defended himself by arguing that the government had not proven the elements of the crime beyond a reasonable doubt, which would not have “triggered the waiver” in his proffer agreement.  U.S. v. Raisley, supra.

For these and other reasons, the Court of Appeals upheld Raisley’s conviction and sentence.  U.S. v. Raisley, supra.

1 comment:

Anonymous said...

I actually feel bad for Raisley after reading this. While Raisley took the law into his own hands, the using of his sons picture to lure predators (assumingly without Raisleys permission) would probably find Von Erck in the hospital and the parent with assault charges in many situations. That evidence obviously was too prejudicial for the stated offense, but the whole situation seems worthy of a one hour TV special somewhere. Thank you for sharing.