It has been a fairly long time since I last posted a blog entry (October 2013, ironically also about SilkRoad), but I anticipate posting more content in the near future. Last Wednesday (March 25, 2015) was the monthly NOLASec meeting where I gave a brief talk (it has been pointed out to me that my ‘brief’ talks end up having a 4:1 ratio between real time and the time I allegedly was limited to) on some legal and technical issues in the SilkRoad / Ross Ulbricht / Dread Pirate Roberts trial.
(My slide set can be found on my Academia.edu page: https://www.academia.edu/11741266/Legal_and_Tech_Analysis_of_SilkRoad_Trial)
One of the biggest challenges with discussing SilkRoad is the secretive nature of the investigation. When SilkRoad was shut down, and Ross Ulbricht was arrested as DPR, there was a lot of speculation that the SilkRoad servers were located through Parallel Construction in the wake of the Edward Snowden leaks. As I noted in my talk, the Icelandic based server was the initial entry point into the SilkRoad infrastructure, and all of the resulting warrants and other court orders concerning the investigation cited it as the basis for their issuance (which lead, e.g., to seizing backup servers in the US). The Defense initially sought to have the Icelandic server evidence and all other evidence gained as a result of its seizure suppressed under the Fruit of the Poisonous Tree doctrine. (The doctrine is essentially a public policy doctrine that disincentives law enforcement from playing fast and loose with constitutional protections by suppressing evidence obtained in an impermissible way).
The hiccup, as the Court noted in its order denying the motion, is that the Fruit of the Poisonous Tree requires asserting a 4th amendment privacy interest which cannot be asserted vicariously. That means, in order to move forward with that argument Ross Ulbricht would have to admit to ownership of the servers which would compromise his alternate-DPR-defense theory. Because he did not assert such an ownership, the Court did not reach the merits of his suppression argument so we do not know how that would have played out.
The government’s filings, including the infamous Tarbell declaration, have painted a more peculiar picture in which the investigating agents claim to have typed “miscellaneous” inputs into the SilkRoad login screen and observed the CAPTCHA leaking the server’s public IP address. The explanation is very vague as to the details, but does assert that the SilkRoad front page was accessible from the public IP address (i.e. it was accessible outside the TOR network). This proposition has been widely criticized as implausible. One set of evidence released in the case contained the server configuration files for the SilkRoad site itself as well as a phpmyadmin site installed on the same server. Without going into detail, the configuration files do not support the investigators’ explanation. (See http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-fbis-story/ for a good write up).
There were multiple concurrent investigations concerning SilkRoad and it, at times, seems like the different geographical groupings were in competition. Most of the investigatory work presented at Ulbricht’s trial came from the New York investigation. As part of my review in preparing the NOLASec talk, I had an opportunity to review three days of trial transcript from the Ulbricht trial that were crowdfunded from Reddit. The transcripts (days 4, 5, and 6) contained testimony of the investigating agents and included testimony on the day of the arrest and forensic “triage” of Ulbricht’s laptop. During the cross-examination of agent Der-Yeghiayan by Ulbricht’s attorney Mr. Dratel, there was a peculiar line of questioning that did not quite make sense out of context. The testimony extends from page 714 to 724 of the January 20, 2015 trial transcript and discusses differences and concerns between the different investigatory groups. Take, e.g., the following snippet of the cross-examination (emphasis added):
11 Q. Now, as we’ve discussed, this investigation was being
12 pursued by a number of different agencies in a number of
13 different locations in the U.S., right?
14 A. It was.
15 Q. And internationally, too, right?
16 A. Yes.
17 Q. And is it fair to say that there was some competition among
18 agencies with respect to this investigation?
19 MR. TURNER: Objection; relevance.
20 THE COURT: Sustained.
21 Q. Weren’t different agencies — withdrawn.
22 HSI was pursuing it in Chicago, right?
23 A. Yes, we were suing Silk Road in Chicago.
24 Q. And also HSI Baltimore was pursuing it, right?
25 A. There was also an investigation of Silk Road within HSI
2 Q. And the Secret Service was involved in that, right?
3 A. There was a task force, yes.
4 Q. And HSI Baltimore and HSI Chicago didn’t always see eye to
5 eye, correct?
6 MR. TURNER: Same objection.
7 THE COURT: Overruled.
8 A. Can — there was differences, but I mean, it was both going
9 after similar targets at the same time.
10 Q. Right. But there were differences in how to do it and
11 differences on who would get credit for it, right?
12 A. Well, there was differences on the work that we were
13 putting in and how we were going after the targets. There’s a
14 different method for investigating — they had different
15 methods than what we did.
16 Q. And Chicago, and you in particular, were concerned that by
17 giving out information to other locations, whether it’s HSI or
18 task force or others, would be compromising that information
19 because it might be used in a way that would impair the
20 confidentiality of the investigation?
21 A. There were concerns over how information would be
22 disseminated if it was disseminated properly or if it or if it
23 would be shared in ways that was outside of our knowledge.
24 Q. In fact, Chicago and Baltimore even had a meeting to try to
25 resolve differences, correct?
1 MR. TURNER: Objection; relevance.
2 THE COURT: Sustained.
3 Q. Well, the differences in how to proceed between Chicago and
4 Baltimore were so dramatic that there had to be a meeting,
5 right, to try to resolve it?
6 MR. TURNER: Objection; relevance.
7 THE COURT: Sustained.
Ross Ulbricht was ultimately found guilty on all counts. As of this writing, the defense filed a post-trial motion seeking a new trial and reurging its suppression motion – all fairly standard procedure. Yesterday brought a significant new development which may have substantial repercussions for the trial as well as the other pending charges in the related murder for hire incidents. A criminal complaint was filed on Monday, March 30, 2015 against two agents involved in the SilkRoad investigation (former DEA special agent Carl Force, and former Secret Service agent Shaun Bridges). As I mentioned, most of the work discussed at trial came from the New York group, but Force and Bridges were part of the Baltimore investigation. Reading through the complaint against Force and Bridges puts the line of questioning about inter-agency difficulties in a much different light. (See https://www.scribd.com/doc/260391158/Criminal-Complaint-Force-Against-Bridges-and-Force).
To put it in a very high level tl;dr summary – two agents involved in the Baltimore based SilkRoad investigation are being prosecuted for corruption stemming from their allegedly dipping into SilkRoad’s bitcoins in the course of the investigation, potentially tampering with evidence or compromising their investigation notes, and actively obstructing the investigation. How this will impact Ulbricht’s motion for new trial remains to be seen – the government disclosed the investigation to Ulbricht under seal in November 2014. Today, the government informed the Court that the criminal complaint against Force and Bridges had been unsealed and asked the Court to unseal the previously disclosed documents.
(See https://www.scribd.com/doc/260502698/Ulbricht-Rec-Doc-226 letter to the Court regarding the unsealed complaint).
(See https://www.scribd.com/doc/260502699/Ulbricht-Rec-Doc-227-main letter to the Court regarding sealed documents).
(See https://www.scribd.com/doc/260502700/Ulbricht-Rec-Doc-227-1 copy of the unsealed documents).
I am still reviewing the unsealed documents. The three days of trial transcripts I had access to certainly paint an interesting picture, but the full record will not be available on PACER until sometime in May.