Judge Crotty Declares a Mistrial in Joshua Schulte Case

This morning, Judge Paul Crotty declared a mistrial in the Joshua Schulte case. Jurors found Schulte guilty on the two least serious charges — false statements and contempt — but didn’t even find him guilty of obstruction, to say nothing of the Espionage and CFAA charges tied to his alleged theft of the CIA’s hacking tools. A sentence on those two charges would not even amount to the time he has already served since being jailed in December 2018.

This is an absolutely stunning rebuke for the government on the most serious Espionage case in years, and an unbelievable success for Schulte’s lawyers, especially Sabrina Shroff.

The two sides will have a conference on March 26 to decide what to do. The government will certainly push to retry Schulte; Sabrina Shroff asked for an extended deadline to file motions. She may try to do something further about the government’s late notice that Michael, a key witness, got put on paid leave last August (though the government has argued compellingly that Michael’s underlying lack of candor has been noticed to the defense throughout). She also may make yet another bid to get more access to the forensics, something I’ve argued that the government should have permitted in the first place.

That said, I think the government’s failure in this case stemmed largely from too much focus on the CIA and too little focus on the (abundant) evidence against Schulte. In addition, they do not appear to have shown — via the abundant evidence available to them — that Schulte is a compulsive liar, and that exhibits that show Schulte offering alternate theories of the theft all fall flat.

Plus, there were problems with two jurors, problems that I think Judge Crotty did not adequately manage.

That is, I think the government can learn from its failures in this case. I wouldn’t be surprised, either, if the vaunted SDNY is forced to add a cybersecurity prosecutor to their team, to ensure that the forensic case is presented more clearly to jurors.

I highly doubt Schulte can pull this off a second time. If he can, it will be a remarkable comment on the government’s ability to obtain justice against insider threats.

21 replies
  1. JonKnowsNothing says:

    The problem will remain that the pool of jurors won’t know the difference between ROOT and ROOTKIT. I doubt the attorneys know the difference either because they would have presented things a lot differently if they did.

    TY MW for undertaking analysis of an important and complex case.

    • bmaz says:

      People say that about juries all the time. “Oh shit, this is just too complex!” No, it is not.

      By using good experts and competent attorneys walking them through it, they can always understand, and pretty much always do.

      The very first google response to “root versus rootlet” is:

      “The term rootkit is a connection of the two words “root” and “kit.” Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool.”

      Yeah, I think that can be conveyed to a jury just fine. This stupid hacker shit is not all that special. Juries have been figuring out extremely complex stuff since long before either you or I were born. They will be fine. This is on the prosecutors and their expert presentation. It can be done just fine.

      • P J Evans says:

        It could have been worse. I heard that in DEC v Data General, back in the 80s, the Data General people wanted a jury with no knowledge of computers, and disqualified one woman because her daughter had taken a keypunch class.

      • Desider says:

        “root” = superuser
        “root kit” lets a hacker become superuser – some software tools

        the administrator will often *not* work as superuser, to avoid bigger mistakes.

        hackers will delete log files and use other tricks to keep from being detected.

        hackers find weaknesses in web pages, mail & other services to either become superuser directly, or steal superuser passwords
        (e.g. via the password file, detecting key strokes, or “sniffing” characters going across the internet connection)

        As an example of how simple it can be explained.

      • Rugger9 says:

        It’s an attitude that also assumes that jurors aren’t engineers, etc. in real life which ain’t so. I knew one of the jurors in the Samsung patent case and he’s a long experienced signals engineer. The case was simple to him, what was hard was figuring the right level of damages to assign.

        • bmaz says:

          Very true. But you pray there are one or two of such that can guide them in deliberations, but have to tell the story to the jury as if there are none. Get the least educated person informed enough, and work from there.

  2. JonKnowsNothing says:

    Yes, computer concepts are “concepts” that can be explained to anyone. I am not sure juries are allowed to “google-fu” for definitions or information outside of what is presented in court.

    What is clear is that 30 years of lawyering does not include information on computer concepts anymore than 30 years of computer work prepares one for legal issues. A specialist in one area may not be duplicated in others.

    “Hack”, “Hackers” and “Hacking” are broad terms with moveable definitions which change frequently and applied as idioms in various computer fields and others.

    What is more important is that the legal team presents an intelligible review of what happened or what is claimed to happen.

    A root user maybe authorized or may gain authorization. Given the frequency of data breaches and exfiltration of information, gaining root access is a priority for anyone who wants to get to the “good stuff”.

    People employed by companies and governments who specialize in doing this all know how and what methods they would need to get it. It’s a lot easier when the passwords are guessable. Most passwords are easy and the one published was not only unwise to be published but also showed a lack of due-care in its creation and would have been easy enough to uncover.

    We can only hope that if the government brings in Team2, they bring in a better set of dual-area specialists.

    ht tps://en.wikipedia.org/wiki/Hack_(horse)
    to hack, hacking, hack, a hack, hacked

    Hack within the activity of equestrianism commonly refers to one of two things: as a verb, it describes the act of riding a horse for light exercise, and as a noun, it is a type of horse used for riding out at ordinary speeds over roads and trails.[1] The term is sometimes used to describe certain types of exhibition or horse show classes where quality and good manners of the horse are particularly important

    ht tps://en.wikipedia.org/wiki/Diceware
    ht tps://en.wikipedia.org/wiki/Password_strength
    ht tps://en.wikipedia.org/wiki/Random_password_generator
    (url fractured to prevent autorun)

    • emptywheel says:

      I would hope they bring in one of NSD’s better hacking prosecutors.
      But I don’t think it’s *just* hacking, bc the charges related to sending stuff to Shane Harris didn’t involve any of that.

  3. punaise says:

    Basic layperson’s procedural question: how can a mistrial be declared after a verdict is rendered?

  4. PeterS says:

    Aren’t highly technical/scientific patent cases decided in front of juries in the US? I can’t see why this case is more problematic.

    (O/T in most other countries patent trials are before specialist judges, not juries, so I may be arguing both ways here)

  5. JonKnowsNothing says:

    I am sure that most juries could and would decide a finding provided the information is presented in a way they can understand. That means the person doing the presenting has to have some concept even if they are not themselves experts. Like asking the a question in a way that the answer is clear (when possible).

    Rootkit or Jailbreak? (which is not knocking out walls with a armoured truck…)

    re: “hackers will delete log files….”
    There are lots of folks who delete log files and they are not hackers. There are a tonnage of log files and most get deleted on a regular basis. Roll backs and Roll forwards are common too and very common in software development. What appears to have been under-explained is why these logs and those rolls were unusual. Nearly every SysAdmin does it. Just as nearly every corporation has a least one boss-type that insists they “cannot remember the password it’s too complicated” and demands an easy one instead.

    There are so many logs it would not matter if an unexpected roll was done, the tracers are there. Maybe the CIA just didn’t want to “burn anymore” by exposing it.

    • Desider says:

      1) combining law speak and tech speak can clutter an explanation – watch # if syllables
      2) I think they made obvious the certain logs that shouldn’t disappear.
      3) pinning the disappearance 100% on Schulte, as malicious pre-planned act?
      Prosecutors may have believed their own pizzazz too much, assumed jury didn’t need convincing. Office politics? Young bored hipsters goofing around? Or criminal acts? Could they imagine a Snowden in Schulte’s behavior? Or just someone who disrespected authority because that authority was obviously a self-pretentious mess?

  6. Mathias the Younger says:

    Just my personal take, having taught a wide variety of people basic computer skills for a number of years: I have difficulty imagining any explanation of most computer exploits that would hold up to any sort of determined attempts at obfuscation or confusion from a 12 year old, much less a defense lawyer.

    I have little to no legal knowledge, so I recognize that you guys probably have seen this more than I, but even for intermediate level programmers and such, some of the more complicated hacks I’ve seen might as well involve elves and Santa Claus for their ability to tell truth from fiction, much less feel confident enough in their understanding to find guilt without a reasonable doubt

  7. TomA says:

    I wonder if jury nullification may have played a role in this case. A large part of the population is becoming increasingly aware of the extinction of privacy that exists in most EC activities (e.g. the booming market for identity theft protection services). It is also well known now (thanks to Snowden and others) that the US Federal Government is one of the most egregious abusers of personal privacy on the planet. Perhaps these jurors were sending a message to NSA via this protest verdict (similar to what the OJ jury did).

    • Mathias the Younger says:

      The complaints from the jury itself about two of its members would lend a certain amount of credence to this idea

Comments are closed.