After black-market dealing for approximately two years in relative anonymity, the secretive Silk Road drug-dispensing site was targeted by U.S. federal authorities and was subsequently shut down. Its alleged owner and operator was arrested.
However, one lawyer and technology expert is claiming that the FBI is lying about how it found the Silk Road server that allowed authorities to seize the site as well as millions of dollars in cyber coinage. It is a complicated question of computer evidence, one which the courts may not be capable of fully understanding.
As the worlds of cybercrime, criminal law, economics, and evidence continue to collide, the technological war between law enforcement and crypto-criminals is requiring prosecutors to enter a new realm of trial advocacy and courtroom tactics – one in which tech experts and computer specialists are vital for judicial clarity and jury instructions.
At a time when iron bars and jailhouse walls can do little to stop crimes and communications from
taking place over the intangible and worldwide web connections, stopping cybercrime is one thing, but explaining it to a judge or jury is a much different task.
From Drug Money to Bonafied Bitcoins
Earlier this month, after Silk Road 2.0’s alleged owner and operator, Blake “Defcon” Benthall, was arrested by the FBI, the defendant reportedly began tweeting, just hours after his arrest, from jail and requesting bitcoin donations. Many law enforcement officials didn’t even know what this meant or
what the defendant was soliciting.
Bitcoin is a form of cryptocurrency that has garnered international recognition in the last couple of years after it was revealed to be the form of monetary tender used to purchase drugs from the original Silk Road website.
However, the currency also opened the eyes of legitimate businessmen, economists, and financial experts as well – some of whom believe that bitcoin and other cryptocurrencies could become the money form of the future. Our BullsEye blog examined the world of bitcoins in a March 2014 article entitled “What The #!$% Is Bitcoin?”
Three months after that article’s publication, the U.S. Marshal’s Service held an online auction and sold nearly 30,000 of the bitcoins it had seized from Silk Road. At the time, the value was approximately $18 million. They were purchased by American venture capitalist Tim Draper, who has just brought in former SEC Chairman Arthur Levitt as an advisor for his new bitcoin-investor platform rebranded as “Mirror.”
The FBI, however, claims that the auctioned bitcoins that Draper purchased represent less than a quarter of those seized from Silk Road and its alleged mastermind Ross William Ulbricht. Thirty-year-old Ulbricht, of Austin, Texas, is alleged to be the original Silk Road founder, who called himself “Dread Pirate Roberts,” named after the sword-wielding character in the movie The Princess Bride.
In a September 2013 interview with Forbes magazine, the libertarian-minded Dread Pirate Roberts is quoted as saying, “We’ve won the State’s War on Drugs because of Bitcoin.”
Ulbricht was arrested in San Francisco just days after the article was published. He was charged with money laundering, computer hacking, conspiracy to traffic narcotics, and attempted murder of witnesses. His federal trial is expected to begin in January in Manhattan.
The FBI said that it is holding on to the 144,342 bitcoins seized from Ulbricht’s computer until after the resolution of the criminal trial. Presumably, if Ulbricht is convicted and the seizure is deemed valid, the bitcoins will be auctioned off to the public. The approximate value of that cache of bitcoins is over $56 million today.
Cybercrime Confusing Courts
Expert witness and attorney Joshua J. Horowitz, however, claims in court documents released last month that the FBI is lying about how it accessed the Silk Road back-end server. In an 18-page declaration filed with the U.S. District Court for the Southern District of New York, Horowitz writes about “Nginx access logs,” “tarball mtimes” and “phpmyadmin virtual host site configurations,” claiming that he can show that the FBI could not have infiltrated Silk Road via the manner that it claims in the indictment and other court documents.
“[B]ased on the Silk Road Server’s configuration files provided in discovery, former Special Agent [Christopher] Tarbell’s explanation of how the FBI discovered the server’s IP address is implausible,” Horowitz states.
However, much of Horowitz’s technologically sophisticated declaration is unreadable and incomprehensible to an average attorney or jurist. With many of these issues being evidentiary in nature, the question of whether certain physical evidence is admitted at trial will be left up to one judge.
How will a federal judge – many of whom were middle-aged well before Steve Jobs and Steve Wozniak began tinkering away inside a garage in 1976 – be capable of ruling on these evidentiary issues based on court documents and legal arguments that are communicated in a specialized, seemingly foreign, language?
“The critical configuration lines from the live-ssl file are: ‘allow 127.0.0.1; allow 126.96.36.199; deny all;.’ These lines tell the web server to allow access from IP addresses 127.0.0.1 and 188.8.131.52, and to deny all other IP addresses from connecting to the web server.… Based on this configuration, it would have been impossible for Special Agent Tarbell to access the portion of the .49 server containing the Silk Road market data, including a portion of the login page, simply by entering the IP address of the server in his browser,” Horowitz writes, seemingly in an attempt to “dumb down” the explanation of the process.
While the Kentucky-born, Yale-educated U.S. District Judge J. Paul Oetken is very young compared to his life-appointed colleagues, to assume that the 49-year-old jurist (or even his law clerk) can understand even the basics of Horowitz’s argument is unlikely. In order for him to rule on these evidentiary issues properly, one would assume that technology experts will need to be hired by the courts to examine the specific allegations and pretrial disputes.
Unlike the decision to admit or deny expert witnesses in federal court, during which the judge must determine whether the witness is qualified enough to proffer evidence to the jury, the decision to entirely admit or deny the actual physical evidence that was searched and seized is solely up to the judge. In the case of the Ulbricht prosecution, one would assume that allowing the FBI’s evidence gathered from the Silk Road site to be admissible at trial would be far more critical than any other
issues presented before the jury once the evidence is deemed admissible.
This will not be an easy decision for the judge.
“The active phpmyadmin configuration file contained in Item 1 of discovery contains the following lines: ‘listen 80; root /usr/share/phpmyadmin; allow 127.0.0.1;.’ These lines direct the phpmyadmin virtual host to listen on port 80, which is the standard port for web traffic, and also tells Nginx to serve files from the phpmyadmin folder. The absence of ‘deny all’ means that it would be possible for an IP address outside the Tor network to connect to the .49 server. However, an IP address outside the Tor network would have been able to access only the login page for phpmyadmin and the files contained in the phpmyadmin folder, not any part of the Silk Road market or even the login screen, as claimed in the Tarbell Declaration,” Horowitz explains further.
If Judge Oetken thinks this is confusing, just wait until the experts start explaining what a bitcoin is.
When it comes to complicated technological issues that are procedural in nature and that are therefore not intended for the jury, will courts now need to hire experts to explain and inform judges? Or do today’s judges really have no business making these highly specialized decisions on evidence?