A federal judge has refused to dismiss a recorded confession and computer evidence collected in the case of a former Reuters employee accused of conspiring with members of Anonymous to hack his former employer.
Matthew Keys, 26, sought to throw out his confession on the grounds that he was on an antidepressant when he confessed to the crime, and thus wasn’t in his right mind to waive his Fifth Amendment right to remain silent. He also accused investigators of exceeding the scope of their search warrant to trawl through his computer to gather evidence.
But U.S. District Judge Kimberly Mueller ruled that the affidavit authorities used to obtain a search warrant for Keys computers was sufficiently particular in its description of the things to be seized and that because authorities believed his computer was used to commit the alleged crime it was justifiably seized.
She also ruled that Keys’ confession and waiver of his Miranda rights were voluntary and involved no improper influence or coercion by authorities, and that his statements during the interrogation were “rational, articulate, cooperative, and polite,” negating subsequent assertions that the drug adversely affected his judgment.
Keys’ defense attorney, Jay Leiderman, asked a U.S. District Court judge in Sacramento in January to suppress the confession and the information seized in the search (.pdf).
Keys was online social media editor for the Reuters news agency when he was indicted in 2013 for allegedly providing a username and password to members of Anonymous to gain access to the server of his former employer, the Tribune Company. Keys allegedly encouraged the hackers to use the credentials to “go fuck some shit up.”
The credentials were then used by a prankster who hacked into the website of the Los Angeles Times, which is owned by the Tribune Company, and changed the headline of a story.
Keys was indicted last March in the Eastern District of California with three counts — including conspiracy and the transmission of data to damage a computer.
According to authorities, during a recorded FBI interview with Keys in October 2012 at his home, prior to his indictment, he “admitted to his involvement in the hacking of the L.A. Times, and to sending a series of disparaging, sometimes threatening e-mails” to a former employer.
Keys waived his Miranda rights at the time of the interview and was concerned that the case not be publicized.
“My concern is this eventually getting out there under my name, um, and I know that there are ways that, you know, like calling me a cooperating witness or, or something like that,” Keys told the FBI, according to a transcript filed in the case. “There’s, whatever in your ability to minimalize [sic] … the impact.”
His attorney asserted, however, that although Keys waived his Miranda rights, he did not do so “knowingly, intelligently, and voluntarily” because earlier on the morning of his raid, he had taken double his prescribed dose of an antidepression medication called Trazodone and had only slept four hours before the FBI woke him to search his residence.
Judge Mueller, however, wrote that “no part of the transcript suggests defendant was so affected by Trazodone or his abrupt awakening that he was incapable of waiving his rights. Defendant also was given the choice to conduct the interview elsewhere, but he chose to stay in his home.”
She further noted that “even if defendant felt compelled to confess because of Trazodone’s effects, the absence of evidence of police overreaching dooms his attempt to suppress his statements.”
At the time of the interview, authorities used a search warrant to seize a laptop and two external hard drives from Keys.
But his attorney argued that the search warrant was unconstitutionally broad and that investigators used it to rummage through Keys’ files and seize more than they needed.
Leiderman told WIRED that authorities could have done a keyword search of the computer using the names of the relevant suspects — members of the Anonymous hacking collective that Keys is alleged to have communicated with — but didn’t.
“They can go to a search window and type in and search the whole computer for ‘Kayla’ or ‘Sabu’ or ‘Sharpie,’ and they can find out where all the info they want is and walk off with a thumb drive, preserving the other information,” he said in January when he filed the motion. “The fact that they didn’t do that, and a year and a half later are still in possession of his computer makes this search unreasonable under the Fourth Amendment.”
The government argued, however, that it took only items specified in the warrant, which authorized agents to “search, copy, image and seize” the devices. Authorities say they needed to conduct a broad search of Keys’ laptop because the computer itself had been used in the alleged crime, and investigators were concerned that Keys might have moved or hidden evidence (.pdf). They cited a child pornography case as precedent for why broad searches are sometimes needed when the computer is part of the crime.
Leiderman asserted, however, that the child porn case was not analogous because Keys was a working journalist. He said that Keys had used his computer to send information about his case to journalist Parmy Olson of Forbes, for a book she wrote about Anonymous. In March 2011, Keys also served as a source for Gawker for a piece that was published about Anonymous. Gawker described him as “a journalist who infiltrated” Anonymous.
In his motion to suppress, Keys’ attorney cited a 9th U.S. Circuit Court of Appeals ruling in August 2009, in which the judges found that the government had exceeded the scope of a search warrant when seizing the drug-testing results of 104 professional baseball players. Investigators had a warrant to obtain the records for just 10 players for whom they had probable cause to believe had tested positive for steroids.
The case involved the Bay Area Lab Cooperative, known as BALCO, that was suspected of providing steroids to professional baseball players. The government was granted authority to seize various computers or computer hard drives and related storage media from a testing facility in Long Beach. The warrant, however, included significant restrictions on how the seized data should be handled to ensure that data beyond the scope of the warrant would not fall into the hands of investigators.
Federal agents serving the search warrant on the testing lab, however, copied an entire directory, which contained an Excel spreadsheet with the results of every player that had been tested, including 104 players who had tested positive, even though their records were not cited in the warrant.
The appellate judges saw no reason to suppress the properly seized materials but ordered investigators to throw out the other evidence and suggested set guidelines for conducting future computer searches (.pdf) in ways that protect the Fourth Amendment privacy rights of suspects.
Under the guidelines, the government would target only the specific data indicated in the search warrant, rather than copy an entire drive. If that wasn’t possible, investigators were supposed to employ an independent third party who would work under the court’s supervision to sift through the files for the specific information the government sought, and provide only the specified data to the government.
The government was so distraught by the ruling that it asked the court to reconsider the case with a full panel of all 27 of its judges. “In some districts, computer searches have ground to a complete halt,” the authorities wrote. “Many United States Attorney’s Offices have been chilled from seeking any new warrants to search computers.”
The guidelines were nullified in 2010 in a new ruling.
