WikiLeaks, DDoS Attacks and Pretrial Release Issues

On July 13, 2011, fourteen defendants were indicted on 15 counts “of conspiracy to cause damage to a protected computer and aiding and abetting causing intentional damage to a protected computer, in violation of 18 U.S. Code § 1030.”  U.S. v. Collins, 2012 WL 3537814 (U.S.District Court for the Northern District of California 2012).  

As you may already know, the fourteen defendants are Dennis Collins, Christopher Wayne Cooper, Joshua John Covelli, Keith Wilson Downey, Mercedes Renee Haefer, Donald Husband, Vincent Charles Kershaw, Ethan Haindl Miles, James C. Murphy, Drew Alan Phillips, Jeffrey Puglisi, Daniel Sullivan, Tracey Ann Valenzuela and Christopher Quang Vo.  U.S. v. Collins, supra.

The opinion notes that the indictment

alleges that in retribution for PayPal, Inc.'s termination of WikiLeaks.org's donation account, the defendants and other members of a group calling itself Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal's computer servers using the `Low Orbit Ion Cannon’ open source computer application the group makes available for free download on the internet.

According to the indictment, in late November 2010, WikiLeaks released a large amount of classified United States State Department cables on its website. Citing violations of the PayPal terms of service, and in response to WikiLeaks' release of the classified cables, PayPal suspended WikiLeaks' accounts so that WikiLeaks could no longer receive donations.

U.S. v. Collins, supra.

On September 1, 2011, the defendants were arraigned and consented to pretrial release

under a number of conditions, including conditions that each defendant (1) not participate in or accessing Internet Relay Chats (`IRCs’); (2) not use or access Twitter; (3) designate the computer or computers that would be used while on release; (4) not delete any internet history; and (5) make available any designated computer for inspection by Pretrial Services.

U.S. v. Collins, supra.

In this opinion, the U.S. Magistrate Judge who has the case is ruling “a variety of disputes regarding the release conditions and discovery.” U.S. v. Collins, supra. We are going to review the judge’s analysis of and ruling on three of those disputes.  U.S. v. Collins, supra.

The first issue was “various” defendants’ request that the court modify the “condition in its release orders that each “defendant make available for inspection by Pretrial Services any computer designated for use.”  U.S. v. Collins, supra. Their request was a response to “various reports from Pretrial Services” that their officers in 9 of the 13 judicial districts responsible for supervising the defendants could not effectively implement the inspection condition as ordered without installing monitoring software.”  U.S. v. Collins, supra.

These [Pretrial Services] officers explained that, in the absence of any monitoring program installed on the computer's hard drive or by USB drive, they could only enforce the inspection condition by manual searches. 

The officers further explained manual searches were subject to a host of limitations, including the time to conduct the search, potential inconsistencies from search to search, and an overnight drop-off requirement in some districts that conflicted with the release order provision that each defendant be permitted to be present during any inspection.

The defendants object to any hard drive installation of the software, arguing that installed monitoring software unduly burdens their privacy and that if the inspection condition is appropriately maintained at all, it should be enforced only by a USB drive loaded with `Fieldsearch,’ a scanning program supplied by the National Law Enforcement and Corrections Technology Center (“NLECTC”).

The defendants also urge the release conditions be modified to clarify that only `intentional’ deletion of internet history is prohibited.

U.S. v. Collins, supra.

After noting that the government did not object to the defendants’ “use of anti-virus software” but did argue that the defendants’ computers needed to be monitored “in light of the” charges against them, the judge held that the original order would be modified so that the “restriction on each defendant’s deletion of Internet history shall . . restrict only intentional deletion.”  U.S. v. Collins, supra.

The judge was not so sympathetic to the defendants’ request that the Pretrial Services officers use Fieldsearch.  U.S. v. Collins, supra.  He noted that while the

experience reported by Cooper's supervisory officer in the Southern District of Alabama suggests that Fieldsearch can be an effective tool, the literature about the program supplied by Cooper identifies a number of limitations. For one thing, while Microsoft Windows and Apple Macintosh versions are available, the program may not be used on any computer running the Linux operating system. 

For another, the program is supplied with training materials necessary for even basic instruction that have not yet been made available in this district. 

U.S. v. Collins, supra. 

The judge therefore found the “better course” was to delegate to Pretrial Services in this

and other districts the discretion to inspect each defendant's designated computer as it deems appropriate -- whether by Fieldsearch, hardware installation of an alternative program, or manual searching -- so long as it is . . .`reasonably calculated to fulfill’ the purpose of the condition. . . .

[T]he court will modify the inspection condition largely as proposed by Pretrial Services. At the same time, and `complementary to that delegation,’ Pretrial Services is under `a continuing obligation to ensure not only the efficiency of computer surveillance methods used, but also that they remain reasonably tailored so as not to be unnecessarily intrusive.’ While the court is mindful of the defendants' legitimate privacy concerns, as arrestees they enjoy a lesser privacy interest than the general population.’

U.S. v. Collins, supra (quoting Haskell v. Brown, 677 F.Supp.2d 1187 (U.S. District Court for the Northern District of California 2009)).

The second issue was the “prohibition against participation in or accessing of IRC and use of or access to Twitter.” U.S. v. Collins, supra.  Kershaw argued that the restrictions

violate[] his right to freedom of speech under the 1st Amendment. The crux of Kershaw's argument is that the restriction unduly burdens his right to engage in political discourse by these means. Kershaw points out that the ban denies him tweets issued by President Obama and other national figures and prevents him from engaging in Twitter Town Halls.

Kershaw makes similar points regarding the ban on use of IRC and notes that the monitoring condition provides a sufficient means to assure that his Twitter and IRC activities do not threaten public safety or somehow facilitate his flight from prosecution.

U.S. v. Collins, supra.  The government responded with a

proffer that the conspiracy in which each defendant is alleged to have participated was coordinated by IRC and Twitter communications. The government further notes that the IRC and Twitter restrictions leave available to Kershaw and the other defendants any number of alternative means of engaging in political discourse.

U.S. v. Collins, supra. 

The judge found there was “no constitutional deprivation” in the IRC deprivation:

While any limitation on free speech must be imposed cautiously, and each defendant retains the presumption of innocence during the pretrial period, the IRC restriction . . . furthers a compelling government interest in protecting the public from further crimes coordinated through a means specifically addressed by the grand jury in the language of the indictment. The condition operates in a content-neutral fashion.

The condition does not restrict political or any other discourse by any other means, even by use of other internet services such as email, blogging services such as Tumblr, chat other than IRC, or social networks such as Facebook or Google+.

All of this suggests to the court that a restriction on IRC use, while permitting substantial internet use for purposes that include political discourse, strikes a reasonable balance between the legitimate and yet competing interests of the parties.

U.S. v. Collins, supra. 

The judge also noted that the indictment does not mention the use of Twitter and that the government had proffered noting linking any defendant to criminal activities involving its use. U.S. v. Collins, supra.  He therefore deleted the condition restricting the defendants’ access to the use of Twitter, noting that any illicit use of it could be addressed “by the monitoring approved elsewhere” in his order. U.S. v. Collins, supra. 

The third issue went to the fact that “several months before the indictment in this case, the government executed 27 search warrants by which it seized from the defendants over 100 computers and other digital devices (including storage media).”  U.S. v. Collins, supra. 

“Various” of the defendants asked the government to “segregate all information within the scope of the warrants” noted above, “distribute that information to all defendants in accord with a protocol agreed to by the parties, and return all devices and non-targeted data to the defendants from whom they were seized without further delay.”  U.S. v. Collins, supra. 

The judge noted, first, that “the government is precluded from keeping seized documents that are outside the scope of the warrant.” U.S. v. Collins, supra.  He also noted that

[m]any of the warrants in this case specifically acknowledge the government's return obligation by providing that `[w]ithin a reasonable period of time, but not to exceed 60 calendar days after completing the forensic review of the device or image, the government must use reasonable efforts to return, delete or destroy any data outside the scope of the warrant unless the government is otherwise permitted by law to retain the data.’

While the government emphasizes the final clause of this provision, even if the law ultimately permits the forfeiture of a given device as discussed above,  . . .the law does not permit the retention of data on that device that has not been shown or even alleged to have been an `instrumentality’ of the alleged crimes.

U.S. v. Collins, supra (emphasis in the original).

The judge therefore ordered that

by some other reasonable effort that minimizes the government's exposure to non-targeted documents, no later than 30 days from the date of this order, the government must endeavor to give back to the defendants data outside the scope of the warrants. 

U.S. v. Collins, supra.