Monday, April 20, 2009

Boston College Case

Maybe you’ve read about this: On March 30, Kevin Christopher, a Detective for the Boston College Police Department, executed a search warrant at a BC dorm room that was occupied by Riccardo Calixte.

If you want to know more about the warrant and why it was issued, the Electronic Frontier Foundation has information about the search, including court filings, on its website.

As we’ll get to in a minute, Calixte has moved to quash the search warrant. According to a memorandum filed in support of that motion, on January 27 a Boston College
a Boston College police officer filed a report regarding two students who were having `domestic issues.’ The complaining student was identified . . ., and the other student was identified as . . . Calixte. . . . Christopher was familiar with the reporting student because he had been a reliable witness in another unnamed investigation. . . . The day after the `domestic issues’ incident . . . Christopher met with the student. . . .
Memorandum in Support of Motion for Emergency Relief to Quash the Warrant and for Return of Property, In Re Matter of Search Warrant (Mass. Trial Court – Newton Division Docket No. 0912SW03) (hereafter, “Memo in Support”).

According to the Memo in Support, the informant told Christopher the following things about Calixte; he was a computer science major who a “`master of the trade’” and had a “reputation” as a “hacker;” he had “at some unspecified time and place” hacked the College computer system professors use to change grades and had illegally downloaded movies, music and software on his computer. The informant also told Christopher that Calixte “uses two different operating systems” (Windows and Linux) to “`hide his illegal activities.’” Memo in Support, supra. Finally, the informant said he suspected “Calixte was somehow causing the student’s computer to `crash’”. Memo in Support, supra.

In early March, the student who’d been involved in the “`domestic issues’” matter with Calixte was the subject of a mass email sent to the Boston College community
in which he was reported to be gay and coming out of the closet. A profile from a gay-oriented website (`’) including a photograph of the student was attached to the emails. The emails were sent from Google’s gmail service and Yahoo! mail to a Boston College email list. . . . The student suffered stress due to these emails, so a non-police Administrator asked Boston College Director of Security David Escalante to try to find out who sent the emails. Mr. Escalante advised the Detective that he traced the emails back to Calixte.
Memo in Support, supra.

Detective Christopher used this and other information to get the warrant to search Calixte’s dorm room. Application for Search Warrant (Mass. Trial Court – Newton Division, Docket No. 0912SW03). The warrant authorized the officers to search for and seize the following items (among others): all objects capable of storing digital data in any form; all computer system documentation, including “access codes, passwords and/or protocols”; and “[a]ll evidence of ownership of, access to, and/or control over the Computer System” on March 1 and 7, 2009. Application for Search Warrant, supra. As I noted above, they executed the warrant on March 30. They seized Calixte’s cell phone, iPod, computers and disks. Memo in Support, supra.

On April 10, Calixte filed his motion to quash the warrant, as I noted earlier. He argues that the warrant issued in violation of the 4th Amendment and therefore was invalid:
The March 30th search and seizure were illegal, and the ongoing retention and analysis of Mr. Calixte’s property . . . violate his . . . constitutional rights. . . . Therefore, this Court should issue emergency relief by (1) quashing the warrant (2) ordering officers to cease searching and analysis the items seized (3) order the return of all property and data seized and (4) order that any stored copies of Mr. Calixte’s data be deleted.
Memo in Support, supra.

Calixte is claiming the warrant was invalid because it was not based on probable cause to believe he had committed a particular crime or crimes(s). If the warrant was not based on probable cause, then it did not comply with the requirements of the 4th Amendment, which means that the search of Calixte’s dorm room and the seizure of his property violated the 4th Amendment. In other words, if the warrant was not based on probable cause, the officers in effect searched his dorm room and seized his property without having ANY 4th Amendment authorization to do so.

Was the warrant based on probable cause? Well, I’m not really sure.

In the warrant application, Christopher says he’s looking for property that is (i) evidence of criminal activity and/or (ii) has been used as in committing a crime. He also says he has “probable cause to believe” that the items he seeks authorization to search for and seize “all constitute evidence of the crime of `Obtaining computer services by Fraud or Misrepresentation’ . . . and `Unauthorized access to a computer System’” Application for Search Warrant, supra. Both are crimes under Massachusetts law, so this is a state search, not a federal one.

So to be valid, the application for the warrant had to demonstrate that there was probable cause to believe evidence of either or both crimes would be found in Calixte’s dorm room. As Wikipedia notes, probable cause is evidence that is sufficient to justify a reasonable person’s belief that evidence of a crime will be found in a particular place. It is a lower standard of proof than the preponderance of the evidence (more likely than not) test used in civil trials, and a much lower standard than the beyond a reasonable doubt test used in criminal trials. The purpose is to ensure that a search warrant is not based on the perhaps subjective conclusions of an officer who is actively involved in an investigation; instead, it must be issued by a magistrate who must make the probable cause determination himself or herself, based on the information the officer seeking the warrant has provided.

That brings us back to Christopher’s application for the Calixte search warrant, which relies heavily on the allegations made by the student informant, the ones outlined above. It’s perfectly proper for an officer to rely on information from an informant in seeking a warrant, but when the officer relies on an informant, he has to be able to show both that the informant is credible and that he has good reason to know what he’s talking about. Since Christopher doesn’t identify the student informant, we don’t know if he’s a credible person or not; the magistrate can’t assume credibility in making her determination. The officer has to provide facts showing the informant is credible.

Here, Christopher relied on the investigation Escalante conducted, in which he traced the “suspect e-mails” to Calixte’s dorm room computer. Application for Search Warrant, supra. In the memorandum he submitted in support of his motion to quash the warrant, Calixte does not challege “the veracity of” Escalante’s conclusion or the investigation that led him to that conclusion. Memo in Support, supra. So we’ll assume Escalante correctly identified Calixte as the person who sent the emails that claimed the student informant was gay.

The results of Escalante’s investigation therefore corroborate what the student told Christopher, which both supports the student’s credibility (he was right) and shows he knows what he’s talking about. Since the focus of the investigation seems to be those emails, I can see a good argument that the warrant was supported by probable cause. Calixte’s attorneys argue that it was not, for two reasons: One is that the informant “has an ax to grind” with Calixte, which gives him a reason to lie to the officer. The other is that the corroboration of the student’s information did not extend to his claims that Calixte altered grades or was a hacker. Memo in Support, supra.

I’d argue that even if the student does have an ax to grind, the corroboration showed Calixte sent the emails that are the focus of the investigation. Since those emails are the focus of the investigation (at least that’s what I gather from the affidavit in support of the application for the search warrant), it’s immaterial that the other claims were not corroborated. (And even though they weren’t, a magistrate might be justified in finding that since the informant was right about the emails, he is likely to have been right about the other things, as well.)

Calixte’s lawyers spend most of their time arguing that nothing in the facts establishes probable cause to believe Calixte obtained computer services by fraud or gained access to a computer without being authorized to do so. Memo in Support, supra. I really don’t know enough about the facts in this case to say whether they’re right or not, but I can see a theory under which Calixte (assuming he did what he’s alleged to have done) can be held liable for committing either crime: If he used an alias to send out the emails in question, that may constitute fraudulently obtaining service from a commercial computer service. And the same premise could (I’m not saying it does, I’m saying could) support the charge that he gained access to the system without being authorized to do so; under this theory, the argument would be that even though Calixte was authorized to use the system under his own name because he was a BC student, he was not authorized to use it while employing an alias.

As I said, I don’t know -- and don’t have the facts to be able to determine -- if the evidence Christopher sought can support either or both charges. I can, though, see that as a possibility, which I think forecloses the court from granting Calixte’s motion and quashing the warrant at this point in the proceedings.

Before I quit, I want to address a claim I’ve seen in some stories, i.e., that “using Linux is a crime at Boston College.” According to the warrant application, the computer Calixte registered on the BC network and the computer that sent the emails both “ran the Ubuntu Linux operating system” which “is an uncommon operating system on the BC network.” Application for Search Warrant, supra. Escalante found that in “the five days prior to the incident only two users in [Calixte’s dorm] had computers running Ubuntu Linux.” Application for Search Warrans, supra. So his use of Linux is not being defined as a crime; instead, it’s simply evidence that connects Calixte to the emails at issue.


Onideus said...

Oh, btw, I decided to do a blog entry on you:


Susan Brenner said...

I didn't, and wouldn't say it's a crime to say someone is gay . . . because it's not, it should not be and it cannot be under the First Amendment.

My point is that the state MAY have an argument that sending the email was a crime because Calixte MAY have violated the terms of use of the system. If so, that could possibly give rise to charges for unauthorized access, etc.

Onideus said...

1. violating the ToS of a computer system is not a crime. And if it were it would exploited in so many different directions it'd make your little head spin.

2. Once again, there is *NO* way to know with *ANY* degree of absolute certainty, or even reasonable certainty that posts, e-mails, etc are coming from the source depicted within log data.

3. There is just as much evidence "proving" that Calixte's roomate used Calixte's computer to send the messages out and even to implant data on his computer in an effort to set him up and frame him.

4. Simply put...there is no evidence. PERIOD!

Susan Brenner said...

1. No, it wouldn't make my head spin. I'm quite aware of how easy it is to violate TOS, have written on it, including on this blog. If you'll do some research, you'll find out that violating TOS can be prosecuted as exceeding authorized access and, in some instances, as unauthorized access. For one example of that theory, check out the federal indictment in the Lori Drew, Megan Meier suicide case in LA.

2. Goes to evidence, i.e., whether the government can prove its case, not to whether something is a crime.

3. Ditto (and I never said there was).

4. Ditto.

Anonymous said...

Boring.. Nothing will come of this.. Their is no case from what I can see.. Hence why the EFF is helpin out..

Susan Brenner said...

As you maybe have seen, the judge in the case recently held there was no probable cause for the search, and so ordered everything the police seized to be returned to its owner:

Anonymous said...

Susan, no analysis or comment on the outcome? Just one sentence tagged-on as a comment, that probably no one will see. I'm also surprised that virtually no news outlets have written about the outcome, given the coverage the case received earlier.

Susan Brenner said...

I'm surprised, too, which is why I didn't post much about the ruling quashing the search warrant.

The judge's decision is available on the EFF site, via the link I posted earlier.

The judge essentially quashed the warrant for three reasons: One is that the officer who obtained the warrant, Detective Christopher, did not provide the magistrate with evidence showing the informant he relied on was a reliable source. As I noted in my post, when an officer uses information from a third party to get a warrant, he has to show that that person is credible and his information is reliable. This judge found, correctly, I think, that Christopher had not done this with regard to this informant. If an officer doesn't show the person is credible and reliable, then that information can't be used to get a warrant.

Another reason was that it was on January 28 that the informant (Bennefield) told Christopher Calixte was hacking into the grading system BC professors used to change student grades. One of hte requirements for evidence used to establish probable cause is that it not be stale, i.e, not be too old to be relevant. The judge noted that Christopher didn't seek the search warrant "until March 20 2009, two months later, and the affidavit does not reveal any effort to verify or follow up on any of the complaints, even by asking Bennefield for further details."

Finally, the judge found there was "a significant issue about the sufficiency of hte nexus between" the places to be searched -- Calixte's computer and other deices -- and "evidence relating to this unauthorized access charge." The judge noted that on January 28 Bennefield said he'd seen Calixte hack the system but Bennefield didn't say where he was when he saw that or what computer Calixte (allegedly) used to do this. The judge found, again correctly in my view, that this did not create probable cause to believe evidence of the crime of unauthorized access into the BC computer system would be found on Calixte's laptop.

Jennifer Granick said...

The opinion specifically rejects the theory that sending the email could have been a computer crime under Massachusetts law even if there were a terms of service prohibiting such a transmission.

"The Commonwealth argues that the affidavit establishes probable cause to believe that Calixte was involved in three sorts of criminal activity: he allegedly sent the two false emails; downloaded illegal files; and gained unauthorized access to the BC grading system. The first two types of alleged criminal conduct do not require substantial discussion. As the judge observed, the sending of emails from public email services does not seem to constitute the crimes of obtaining computer services by fraud or misrepresentation, or unauthorized access to a computer system. The Commonwealth's claim that such an email might be unlawful because it violates a hypothetical internet use police maintained by BC both goes well beyond the reasonable inferences that may be drawn from the affidavit, and would dramatically expand the appropriate scope of G.L. c. 266 sec. 120F."

Term Papers said...

This is cool, I would love and a link back to your Blog of course.

Term Papers said...

I really enjoyed reading this article.