At the latest evidentiary hearing in the Lacey/Larkin case, the defense's forensics expert said Backpage's computer system had been 'irretrievably broken' by the FBI's mishandling of the evidence.
At an hour and a half-long evidentiary hearing in Phoenix’s federal court on December 2, computer forensics expert Tami Loehrs testified that the FBI had shattered vital defense evidence in the criminal case against veteran journalists Michael Lacey and Jim Larkin into “a million pieces,” rendering the data provided to the defense by the bureau “completely unusable.”
Still under oath from an October 25 appearance, Loehrs told U.S. District Court Judge Susan Brnovich that a recent meeting between herself and FBI forensics examiner Matthew Frost “didn’t solve anything.” Nor did the meeting change her initial impression that the data handed over by the prosecution was not produced in an “industry standard format” and was not “forensically sound.”
Read: A defense summary of testimony in the evidentiary hearing.
Loehrs said the status of the data — culled by the government from a handful of the 106 computer servers that once kept the listings giant Backpage.com up and running — led her to conclude that Backpage’s computer system had been “irretrievably broken” by the government. The website’s system of servers “has to be completely rebuilt” for it to be of use to the defense.
The Wages of Censorship
The FBI seized Backpage on April 6, 2018, eradicating it from the internet in an egregious act of direct government censorship. Once a rival to Craigslist.org, Backpage hosted millions of classified ads posted by its users for everything from dog sitting to autos for sale.
Website users also posted adult ads for escorts, dominatrixes, fetishes, phone sex and the like. Though the website’s rules prohibited ads offering sex acts for money, the prosecution alleges that Backpage was a vehicle for illicit sex work, contending that the adult ads were thinly-veiled solicitations for prostitution.
Lacey and Larkin, who sold Backpage in 2015, now face 100 federal counts of conspiracy, money laundering and promoting prostitution across state lines under the federal Travel Act. Four other current and former Backpage employees and execs also face charges in relation to the site. A trial is currently scheduled for May 5, 2020.
Given the nature of the allegations, the most important evidence in the case is the website itself and databases from the site’s 106 servers, which were located in Dallas, Tucson and Amsterdam. From jump, attorneys for the defense requested access to the databases in a functional and operational format, as they existed when the FBI confiscated them.
Loehrs said she had no way of accurately validating the data that the FBI used to craft the cumbersome database it gave to the defense; she added that the data was still “unusable in its current form.”
These databases contain exculpatory information, like how many ads were blocked or moderated, how they were paid for, and if the ads were reported to law enforcement or the National Center for Exploited and Missing Children (NCMEC), which serves as a clearing house for such reports.
The FBI had an obligation to preserve this evidence, but the three-day evidentiary hearing revealed that the government did not take the necessary steps to maintain data on the site as it had been found.
Federal agents testified that they could have made the system read-only in Tucson and left it operational, just as the government has done in other high-profile criminal cases involving interactive websites. But the feds chose not to.
Rather, they disconnected the servers and hauled them off without making a record of their IP addresses or noting how they were interrelated — information necessary to rebuild the site.
Frost’s ‘Big Puzzle’
On the stand in October, Frost, who was assigned to the case after Backpage’s seizure, explained that the Tucson servers were a “big puzzle” to him and that he had hoped to put a duplicate set of Backpage servers in Amsterdam in read-only mode and leave them operational. But Dutch authorities would not allow it and the servers were dismantled without documenting the information necessary to rebuild the site.
In response to defense demands, the government eventually coughed up 56 hard drives, which they said contained copies of databases representing five of the 106 servers. Subsequently, it produced a few more. (In total, the prosecution clams the defense should have hard drives of databases representing 10 or 11 of the 106 servers involved.)
The FBI claims to have used a boot CD containing specially-bundled software to help extract data on the servers. From this data, Frost created a complicated, difficult-to-navigate database, which the FBI then turned over to the defense.
Loehrs previously testified that she examined the hard drives and found that “some of them were readable, some of them were not.” The November 19 meeting between her and Frost was meant to address Loehrs’ inability to access the data. She selected a sample of 11 hard drives for the meeting from the dozens that the government had turned over to the defense.
Frost was only able to access eight hard drives, with three being physically defective. In his account of the meeting, made in an affidavit filed with the court, Frost said he would replace the three damaged hard drives. He asserted that he’d been able to access the raw data on the other hard drives with open-source software.
“If pressed to move forward given the circumstances, the defense would be literally fighting the case with one hand tied behind its back.” — Richard Gaxiola, veteran Phoenix defense attorney
According to Frost affidavit’s, the 90-minute meeting went swimmingly, with Loehrs supposedly telling him that, “my presentation had cleared up everything from her perspective.”
Loehrs challenged this characterization. Though Frost “could show me what he did” to access the data, the manner in which he had done so was “not industry standard,” and he had not used “forensic tools that had been validated.” The data was still “unusable in its current form.”
She also said she had no way of accurately vetting the data that Frost used to craft the cumbersome database the FBI gave to the defense.
Gerken and MegaUpload
In Loehrs’ opinion the system needed to be rebuilt, and, “the only person who could rebuild it is the person who put it together.”
This was a reference to the site’s architect, Wil Gerken, the chief technology officer for DesertNet, a software and hosting provider located in Tucson, which helped build Backpage and hosted the site.
During testimony given on Oct. 3, Gerken, who helped the government power down the servers, testified that it would have been “very easy” for the government to take Backpage offline, secure it in place and use it in a read-only capacity. This would have frozen the data in time “exactly as it existed the moment you put it into read-only mode.”
“The court finds no fault with Ms. Loehrs’ credentials or qualifications as an expert,” federal Judge Kathleen Cardone wrote in her order, noting that the government had “made no attempt to contest them.”
Gerken informed the court that he could have made a read-only system in “a day or two.” He even could have created extra copies of the read-only version for the defense, but the FBI never asked him.
Which is mind-boggling. In the infamous federal case against the online storage website MegaUpload.com, which the U.S. Department of Justice seized in 2012, there were over 1,100 servers involved, more than ten times the amount Backpage had.
But the government chose not to confiscate MegaUpload’s servers, instead, it took MegaUpload’s servers offline to copy them, leaving them on-site.
Gaxiola Weighs In
After reviewing pertinent filings in the Lacey and Larkin case, veteran Phoenix criminal attorney Richard Gaxiola told Front Page Confidential that if the government failed to adequately preserve server data, the consequences for the defense could be immense.
“This would prevent the defendants from being afforded their constitutionally protected right to a fundamentally fair trial,” Gaxiola said. “If pressed to move forward given the circumstances, the defense would be literally fighting the case with one hand tied behind its back.”
Gaxiola added that the possibility the feds severely mishandled or destroyed key evidence calls into question the government’s credibility, and raises “considerable issues for appeal,” if the defendants are found guilty.
“The defendants are entitled under the law to evaluate any evidence lodged against them,” he said. “That is the foundation of our criminal justice system.”
The prosecution’s uber-coiffed, wannabe Lord Valdemort, Assistant U.S. Attorney Kevin Rapp, continued his cross-examination of Loehrs at the beginning of the December 2 hearing, and spent much of his time needlessly attacking her reputation.
Rapp’s effort came off as vindictive. Not only can Loehrs boast of having conducted more than 1,000 forensic exams for criminal cases in state, federal and international courts, she has been particularly successful in challenging the government’s digital evidence in child porn cases, often forcing the prosecution to dismiss charges against defendants.
Her work has been written about by ProPublica, the Tucson Weekly and others. The website for her company, Loehrs Forensics, features a list of cases in which her analysis has resulted in positive outcomes for the defense, along with praise from some of the judges involved. And Loehrs has been accepted as an expert under the Criminal Justice Act by federal judges in Arizona and other jurisdictions.
Rapp homed in on a handful of negative opinions that Loehrs has received over the years from judges. He also cherry-picked language from other rulings to suit his purposes.
For instance, in the Oct. 25 hearing, Rapp quoted selectively from a 2012 order in U.S. vs. Certantes-Perez, which Loehrs worked on. However, that order was actually a split decision, with federal Judge Kathleen Cardone limiting Loehrs testimony on a matter of law.
What Rapp didn’t mention was that otherwise, Cardone was willing to accept Loehrs’ testimony.
“The court finds no fault with Ms. Loehrs’ credentials or qualifications as an expert,” Cardone wrote in the order, observing that the government had “made no attempt to contest them.”
As Larkin’s defense attorney Whitney Bernstein pointed out in her re-direct of Loehrs on Dec. 2, Loehrs is currently doing work on behalf of another client in U.S. v. Gonzales, which is before Judge David Campbell in Phoenix’s federal court. The government similarly challenged Loehrs’ opinions in that case, but Campbell wasn’t buying.
Bernstein observed that in a February 2019 order, Campbell rejected the government’s attempt to undermine Loehrs, writing that he “found Loehrs credible at the evidentiary hearing” in the case and had no basis for excluding her opinions.
Campbell went a step further, granting Loehrs access to the U.S. government’s proprietary software in the case, known as Torrential Downpour, which the government uses to search the internet for people trading in child pornography. The prosecution in Gonzales wanted the court to deny Loehrs access to the program.
Certainly, Campbell’s decision in that case contradicts Rapp’s insincere assertion that Loehrs’ credentials are somehow suspect.
Rapp’s behavior is just the latest in a long line of dubious actions by the government in the prosecution of Lacey and Larkin. A recent defense filing catalogued testimony from witnesses in the evidentiary hearing, showing a pathological pattern of bad faith on the part of the feds.
No wonder the prosecution, which continues to stonewall the defense on access to the servers, did not want this evidentiary hearing to occur. Without it, the court would never have heard that testimony.
At the close of the hearing, Judge Brnovich took the matter under advisement. Her decision seems likely to affect the course of the trial.