Judge Crotty Declares a Mistrial in Joshua Schulte Case
This morning, Judge Paul Crotty declared a mistrial in the Joshua Schulte case. Jurors found Schulte guilty on the two least serious charges — false statements and contempt — but didn’t even find him guilty of obstruction, to say nothing of the Espionage and CFAA charges tied to his alleged theft of the CIA’s hacking tools. A sentence on those two charges would not even amount to the time he has already served since being jailed in December 2018.
This is an absolutely stunning rebuke for the government on the most serious Espionage case in years, and an unbelievable success for Schulte’s lawyers, especially Sabrina Shroff.
The two sides will have a conference on March 26 to decide what to do. The government will certainly push to retry Schulte; Sabrina Shroff asked for an extended deadline to file motions. She may try to do something further about the government’s late notice that Michael, a key witness, got put on paid leave last August (though the government has argued compellingly that Michael’s underlying lack of candor has been noticed to the defense throughout). She also may make yet another bid to get more access to the forensics, something I’ve argued that the government should have permitted in the first place.
That said, I think the government’s failure in this case stemmed largely from too much focus on the CIA and too little focus on the (abundant) evidence against Schulte. In addition, they do not appear to have shown — via the abundant evidence available to them — that Schulte is a compulsive liar, and that exhibits that show Schulte offering alternate theories of the theft all fall flat.
Plus, there were problems with two jurors, problems that I think Judge Crotty did not adequately manage.
That is, I think the government can learn from its failures in this case. I wouldn’t be surprised, either, if the vaunted SDNY is forced to add a cybersecurity prosecutor to their team, to ensure that the forensic case is presented more clearly to jurors.
I highly doubt Schulte can pull this off a second time. If he can, it will be a remarkable comment on the government’s ability to obtain justice against insider threats.
Good. It is exactly what Crotty should have done.
The problem will remain that the pool of jurors won’t know the difference between ROOT and ROOTKIT. I doubt the attorneys know the difference either because they would have presented things a lot differently if they did.
TY MW for undertaking analysis of an important and complex case.
People say that about juries all the time. “Oh shit, this is just too complex!” No, it is not.
By using good experts and competent attorneys walking them through it, they can always understand, and pretty much always do.
The very first google response to “root versus rootlet” is:
Yeah, I think that can be conveyed to a jury just fine. This stupid hacker shit is not all that special. Juries have been figuring out extremely complex stuff since long before either you or I were born. They will be fine. This is on the prosecutors and their expert presentation. It can be done just fine.
It could have been worse. I heard that in DEC v Data General, back in the 80s, the Data General people wanted a jury with no knowledge of computers, and disqualified one woman because her daughter had taken a keypunch class.
“root” = superuser
“root kit” lets a hacker become superuser – some software tools
the administrator will often *not* work as superuser, to avoid bigger mistakes.
hackers will delete log files and use other tricks to keep from being detected.
hackers find weaknesses in web pages, mail & other services to either become superuser directly, or steal superuser passwords
(e.g. via the password file, detecting key strokes, or “sniffing” characters going across the internet connection)
As an example of how simple it can be explained.
Yes.
It’s an attitude that also assumes that jurors aren’t engineers, etc. in real life which ain’t so. I knew one of the jurors in the Samsung patent case and he’s a long experienced signals engineer. The case was simple to him, what was hard was figuring the right level of damages to assign.
Very true. But you pray there are one or two of such that can guide them in deliberations, but have to tell the story to the jury as if there are none. Get the least educated person informed enough, and work from there.
Yes, computer concepts are “concepts” that can be explained to anyone. I am not sure juries are allowed to “google-fu” for definitions or information outside of what is presented in court.
What is clear is that 30 years of lawyering does not include information on computer concepts anymore than 30 years of computer work prepares one for legal issues. A specialist in one area may not be duplicated in others.
“Hack”, “Hackers” and “Hacking” are broad terms with moveable definitions which change frequently and applied as idioms in various computer fields and others.
What is more important is that the legal team presents an intelligible review of what happened or what is claimed to happen.
A root user maybe authorized or may gain authorization. Given the frequency of data breaches and exfiltration of information, gaining root access is a priority for anyone who wants to get to the “good stuff”.
People employed by companies and governments who specialize in doing this all know how and what methods they would need to get it. It’s a lot easier when the passwords are guessable. Most passwords are easy and the one published was not only unwise to be published but also showed a lack of due-care in its creation and would have been easy enough to uncover.
We can only hope that if the government brings in Team2, they bring in a better set of dual-area specialists.
ht tps://en.wikipedia.org/wiki/Hack_(horse)
to hack, hacking, hack, a hack, hacked
ht tps://en.wikipedia.org/wiki/Diceware
ht tps://en.wikipedia.org/wiki/Password_strength
ht tps://en.wikipedia.org/wiki/Random_password_generator
(url fractured to prevent autorun)
Lol. Thanks for dropping by. Anything else Mr. Rootkit?
I would hope they bring in one of NSD’s better hacking prosecutors.
But I don’t think it’s *just* hacking, bc the charges related to sending stuff to Shane Harris didn’t involve any of that.
Basic layperson’s procedural question: how can a mistrial be declared after a verdict is rendered?
The jury was hung on the other 8 charges.
Got it, thx.
Aren’t highly technical/scientific patent cases decided in front of juries in the US? I can’t see why this case is more problematic.
(O/T in most other countries patent trials are before specialist judges, not juries, so I may be arguing both ways here)
I am sure that most juries could and would decide a finding provided the information is presented in a way they can understand. That means the person doing the presenting has to have some concept even if they are not themselves experts. Like asking the a question in a way that the answer is clear (when possible).
Rootkit or Jailbreak? (which is not knocking out walls with a armoured truck…)
re: “hackers will delete log files….”
There are lots of folks who delete log files and they are not hackers. There are a tonnage of log files and most get deleted on a regular basis. Roll backs and Roll forwards are common too and very common in software development. What appears to have been under-explained is why these logs and those rolls were unusual. Nearly every SysAdmin does it. Just as nearly every corporation has a least one boss-type that insists they “cannot remember the password it’s too complicated” and demands an easy one instead.
There are so many logs it would not matter if an unexpected roll was done, the tracers are there. Maybe the CIA just didn’t want to “burn anymore” by exposing it.
1) combining law speak and tech speak can clutter an explanation – watch # if syllables
2) I think they made obvious the certain logs that shouldn’t disappear.
3) pinning the disappearance 100% on Schulte, as malicious pre-planned act?
Prosecutors may have believed their own pizzazz too much, assumed jury didn’t need convincing. Office politics? Young bored hipsters goofing around? Or criminal acts? Could they imagine a Snowden in Schulte’s behavior? Or just someone who disrespected authority because that authority was obviously a self-pretentious mess?
Just my personal take, having taught a wide variety of people basic computer skills for a number of years: I have difficulty imagining any explanation of most computer exploits that would hold up to any sort of determined attempts at obfuscation or confusion from a 12 year old, much less a defense lawyer.
I have little to no legal knowledge, so I recognize that you guys probably have seen this more than I, but even for intermediate level programmers and such, some of the more complicated hacks I’ve seen might as well involve elves and Santa Claus for their ability to tell truth from fiction, much less feel confident enough in their understanding to find guilt without a reasonable doubt
I wonder if jury nullification may have played a role in this case. A large part of the population is becoming increasingly aware of the extinction of privacy that exists in most EC activities (e.g. the booming market for identity theft protection services). It is also well known now (thanks to Snowden and others) that the US Federal Government is one of the most egregious abusers of personal privacy on the planet. Perhaps these jurors were sending a message to NSA via this protest verdict (similar to what the OJ jury did).
I suspect it’s likely. The evidence against him was quite strong.
The complaints from the jury itself about two of its members would lend a certain amount of credence to this idea