The prosecution of former NSA contractor Hal Martin continues. Martin somehow managed to exfiltrate sensitive documents and code for nearly 20 years without the NSA noticing. It finally started paying attention after its hacking tools and exploits made their way into the hands of the public via the “Shadow Brokers.” These tools then made their way into the computers of the public, wreaking worldwide havoc and giving the leaky agency — whose literal middle name is “Security” — another PR black eye.

Hal Martin was suspected of handing over tools to the Shadow Brokers but the charges against him are solely related to the mishandling of classified info, indicating the feds no longer believe Martin was involved. But this original suspicion was apparently enough to justify the FBI raid of Martin’s residence, according to the federal judge handling his case. The probable cause appears to have been generated by a tweet from Martin’s Twitter account, at least according to what can be gleaned from the redacted order [PDF] handed down by Judge Richard Bennett. Josh Gerstein of Politico has the details.

Passages in the decision from U.S. District Court Judge Richard Bennett were deleted from a version made public by the court, but the remaining details suggest that investigators believed Martin was offering sensitive information to someone online shortly before a nebulous internet-based entity, the Shadow Brokers, released NSA hacking tools in August 2016 through the attention-grabbing technique of an online auction.

“In these messages, @HAL_999999999 asked for a meeting with the [redacted] and stated ‘shelf life, three weeks,’” Bennett wrote, describing the government’s assertions in court filings still under seal. “The Defendant’s Twitter messages … were sent just hours before what was purported to be stolen government property was advertised and posted on multiple online- content-sharing sites, including Twitter.”

These details have been made public as the result of Martin’s attempt to suppress the evidence gathered against him. The court notes the tweet could have had a more innocuous meaning, but given the circumstances and the timing, it was not unreasonable for the FBI to believe Martin may have been involved in the leaking of classified NSA exploits.

That’s not the only rejection handed to Martin. The court also denies his request to have cell-site location info obtained without a warrant suppressed, noting that the government obtained this data before the Supreme Court handed down its decision in Carpenter.

However, a key bit of evidence is no longer the government’s to use: Martin’s own statements. The court says the government illegally obtained these statements by not properly Mirandizing Martin prior to questioning him. There is no doubt Martin was in custody at the time he was questioned without a Miranda warning. The government denies Martin was ever taken into custody, but the court points out a person who doesn’t feel they’re free to go is being held against their will, which is all it takes to define “custody.”

In this case, the facts demonstrate ~at a reasonable person in the Defendant’s position would have perceived a police dominated atmosphere before and during the interrogation. The Defendant was initially approached by nine SWAT agents dressed in protective gear, some of whom had their guns drawn at the Defendant… Multiple other officers were also on the scene, including eight FBI agents and three State Trooper vehicles – a fact that “goes a long way towards making the suspect’s home a police dominated atmosphere.” The Defendant was immediately placed face down on the ground and handcuffed, “demonstrating that the officers sought out [the Defendant] and had physical dominion over him.”

Although the Defendant’s handcuffs were removed prior to the interrogation, “the experience of being singled out and handcuffed would color a reasonable person’s perception of the situation and create a reasonable fear that the handcuffs could be reapplied at any time.”

Further, after his initial detention, the Defendant was interrogated by three agents for approximately four hours.ll During the interrogation, the agents confronted the Defendant with incriminating evidence discovered on his property, which may certainly cause a reasonable person to feel compelled to cooperate with the police. Moreover, the Defendant’s freedom of movement was significantly restricted during the interrogation. Indeed, he was only permitted to leave the interrogation space once — i.e., when he went to his home office to help Hajeski access his computer equipment — at which time he was accompanied by agents. In addition, the Defendant was isolated from his partner until the end of the interrogation — a tactic that the Supreme Court has recognized as one of the distinguishing features of a custodial interrogation.

[…]

Taken together, these facts demonstrate that a reasonable person in the Defendant’s position would have felt that he was not free to leave.

The government still records a win on most of the suppression motion. It’s difficult to tell how solid the underlying warrant affidavit actually is since it — along with several other filings — are still under seal. It’s also unclear how much ammo Martin’s defense had when mounting this challenge. If the government was granted the opportunity to engage in ex parte presentations of evidence, Martin’s team could be working blind.

His team may be working partially blind anyway. There’s reason to believe the government is now a whole lot more cagier about its classified/sensitive evidence after accused CIA hacking tool leaker Josh Shulte was found to be leaking documents from prison — documents he apparently obtained as part of the government’s discovery obligations. It will likely be months before the public sees any part of the government’s warrant affidavit. It may be years before anyone other than this court sees all of it. Still, an ambiguously-worded tweet seems like pretty thin probable cause, even if its timing seemed to align with the Shadow Brokers’ actions at the time the warrant was sought.

Permalink | Comments | Email This Story

Techdirt.