MalwareTech Prosecution Appears To Be Falling Apart As Gov't Plays Keep Away With Documents Requested By Defense

Legal Issues

from the piling-up-fatal-errors? dept

Marcus Hutchins, a.k.a. MalwareTech, went from internet hero (following his inadvertent shutdown of the WannaCry ransomware) to federal government detainee in a surprisingly short amount of time. Three months after saving the world from rampaging malware built on NSA exploits, Hutchins was arrested at the Las Vegas airport as he waited for his flight home to the UK.

When the indictment was published, many people noted the charges didn’t seem to be backed by much evidence. The government accused Hutchins of creating and selling the Kronos malware, but the offered very little to support this claim. While it’s true much of the evidence against Hutchins will be produced in court, the indictment appeared to be stretching legal definitions of certain computer crimes to their limits.

The government’s case appears to be weak and reliant on dubious legal theories. It’s not even 100% clear that creating and selling malware is an illegal act in and of itself. The charges the government brought rely heavily on proving Hutchins constructed malware with the intent to cause damage to computers. This isn’t so easily proven, especially when the government itself is buying malware to deploy for its own purposes and has yet to bring charges against any of the vendors it buys from. Anyone selling exploits to governments could be said to be creating malware with intent to cause harm. That it’s a government, rather than an individual, causing the harm shouldn’t make any difference — at least not if the government wants to claim selling of malware alone is a federal offense.

The case appears to be even weaker now that more paperwork has been filed by both parties. If the government has a lot of evidence to use against Hutchins, it has yet to present it to Hutchins’ lawyers. What’s detailed in the motion to compel recently filed by Hutchins’ defense team shows the government is either playing keep-away with crucial information or simply does not have much evidence on hand.

Marcy Wheeler digs into the motion to compel [PDF] and notes it appears to show the government’s case is incredibly weak. And if sketchy, minimal evidence doesn’t undo the government’s case, the actions of the FBI agents involved might.

First, there are some questions about the circumstances surrounding Hutchins’ detainment at the Las Vegas airport. As the motion points out, there’s a good chance Hutchins was in no condition to consent to an interrogation, having been up late the night before drinking and celebrating the wrap-up of the conferences he had attended.

The defense needs all communications and materials related to the surveillance and arrest of Mr. Hutchins to help establish that his post-arrest statements were involuntary and in violation of Miranda. The defense intends to argue that the government coerced Mr. Hutchins, who was sleep-deprived and intoxicated, to talk. As such, his decision to speak with the agents was not knowing, intelligent, and made in full awareness of the nature of the right given up and the consequences of giving up that right, as the law requires. Coleman v. Hardy, 690 F.3d 811, 815 (7th Cir. 2012).

The Seventh Circuit recognizes that intoxication is relevant to the voluntariness—legally, in terms of a statement’s admissibility, and factually, in terms of the weight to be given to an admissible statement—of post-arrest statements. See, e.g., United States v. Carson, 582 F.3d 827, 833 (7th Cir. 2009). The defense believes the requested discovery will show the government was aware of Mr. Hutchins’ activities while he was in Las Vegas, including the fact that he had been up very late the night before his arrest, and the high likelihood that the government knew he was exhausted and intoxicated at the time of his arrest.

Note the mention of the Miranda warning. This poses its own problems for a couple of reasons. As the motion points out, it’s unclear how (or when) [or if] Hutchins was Mirandized. The FBI could have given Hutchins the actual Miranda warning, which makes it clear arrestees have both the right to remain silent and the right to an attorney. Or the agents could have decided the UK version was more applicable for the British citizen. This version does not guarantee the right to an attorney and notes remaining silent can be used against you in court.

Given the fact Hutchins is being prosecuted in the US, it’s likely agents would have given him the American version. But there’s no way to tell which version Hutchins received because the FBI’s recording of the interrogation doesn’t contain any recording of a Miranda warning being delivered.

After Mr. Hutchins was taken into custody, two law enforcement agents interviewed him at the airport. The memorandum of that interview generically states: “After being advised of the identity of the interviewing Agents, the nature of the interview and being advised of his rights, HUTCHINS provided the following information . . .” A lengthy portion of Mr. Hutchins’ interview with the agents was audio recorded. Importantly, however, the agents did not record the part of the interview in which they purportedly advised of him of his Miranda rights, answered any questions he might have had, and had him sign a Miranda waiver form.

If the government plans to introduce the interrogation recording as evidence, the lack of a recorded Miranda warning or signed Miranda waiver should weigh against the admissibility of any incriminating statements Hutchins might have made. Combine that with Hutchins’ alleged mental state (exhausted, intoxicated) at the time of the questioning and the FBI may have proactively destroyed a substantial amount of first-hand testimony.

The motion to compel goes on to point out there’s plenty of information the government has yet to turn over to the defense. Hutchins’ defense still hasn’t seen anything related to his alleged co-conspirator (who still remains at large) — not even the information the government apparently received as the result of an MLAT (Mutual Legal Assistance Treaty) request sent to the co-conspirator’s home country.

The defense also wants more info on the FBI’s witness known only as “Randy.” The government is trying to have it both ways here. “Randy” appears to be a witness, but the government has downgraded “Randy” to a mere “tipster” to avoid turning any info over on “Randy” to the defense. Informant confidentiality can be maintained under some circumstances, but not if the government is hoping to use this informant as a witness.

Here, the government’s refusal to disclose even the identity of “Randy’s” attorney is apparently the result of miscategorizing an important witness as a mere tipster. “Randy” is a cooperating witness, one whose provision of information to law enforcement was facilitated by consideration—proffer immunity, at the least—from the government. This circumstance alone weighs against continuing confidentiality because “Randy” surely knows his cooperation will be revealed…

The defense expects “Randy” to testify at trial because he is alleged to have had extensive online chats with Mr. Hutchins around the time of the purported crimes in which Mr. Hutchins discussed his purported criminal activity. Any communications and materials relating to “Randy” are therefore material to defense preparations.

Wheeler speculates the hide-and-seek nature of the government’s handling of “Randy”-related material has something to do with “Randy’s” possible lack of usefulness. Hence the last-minute downgrade of “Randy’s” stature and the ongoing refusal to produce documents.

I’m guessing if the government were required to put “Randy” on the stand they’d contemplate dismissing the charges against Hutchins immediately. I’m guessing the government now realizes “Randy” took them for a ride — perhaps an enormous one. And given how easy it is to reconstitute chat logs — but here, it’s not even clear “Randy” has the chat logs, but just claimed to have been a part of them, in an effort to incriminate him — I’m guessing this part of the case against Hutchins won’t hold up.

The defense is also seeking discovery of the grand jury instructions. As noted earlier in this post, the government set a high bar for itself, offering up charges that require it to prove intent to harm, rather than simply the creation and distribution of malware. As the government appears to have only limited evidence related to proof of intent, it may have secured the indictment by glossing over the “intent” part of the charges. If the instructions were insufficiently clear, the indictment itself might be in trouble.

Wheeler suggests now might be the time for government to cut its losses and give Hutchins back his freedom. But, as she notes, the government prefers to double-down when on hole-digging in these situations. If the government is realizing its case against Hutchins is bullshit, it may dig in and impede discovery efforts just to make the accused pay for daring to fight back.

Filed Under: doj, evidence, fbi, kronos, malware, malwaretech, marcus hutchins