Did the FBI bollix Backpage's computer servers on purpose or is incompetence to blame? ( Tim Dorr via Flickr

An October 25 evidentiary hearing in Phoenix federal court before U.S. District Court Judge Susan Brnovich offered additional proof of the government’s bad faith in its prosecution of Michael Lacey and Jim Larkin, the erstwhile owners of the online classifieds site Backpage.com.

Witnesses at the hearing testified that when the federal government seized Backpage on April 6, 2018, the FBI failed to take proper steps to preserve the website as evidence. And though the FBI turned over to the defense what it claims are mirror images of the hard drives from a handful of Backpage’s 106 servers, much of the data on those hard drives has proved unusable in its current form.

The four-hour hearing on Oct. 25 was the continuation of an ongoing pre-trial donnybrook over evidence that began with an all-day court session earlier in the month. The initial Oct. 3 hearing revealed that government agents had bungled the preservation of valuable server evidence, inexplicably opting not to leave Backpage in an easily-searchable, read-only mode after taking it offline.

Whether or not the data on Backpage’s servers has been irrevocably corrupted remains in dispute. Since the beginning of the case, the defense has informed the prosecution that it needs access to the databases on those servers in the same condition as when they were seized. In a motion to compel discovery filed in June, defense attorneys argued that only when they had such access could they “search, view, and analyze information about the website and its actual operations.”

The motion to compel emphasized that the server data was “critical to defendants’ ability to prepare their defense.” Indeed, the server data went to the crux of the allegations against Lacey, Larkin and their four co-defendants, who face 100 counts of conspiracy, money laundering and facilitating prostitution across state lines.

Before the government eradicated Backpage from the internet, users posted many millions of ads on the site for everything from puppy sales to rooms for let. There were also listings for legal, adult services, including ads for dating, escorts, massage, fetishes, phone sex, etc. Ads offering sex for money were banned from the site, but prosecutors claim all of the ads actually were advertisements for illicit sex masquerading as lawful adult ads.

Prosecutors also argue that Lacey and Larkin, who sold Backpage to company CEO Carl Ferrer in 2015, are vicariously responsible for any illegal acts that may have been connected to the ads. The government’s superseding indictment cites 50 specific adult advertisements from Backpage as the basis for the allegations against the defendants.

When the website was functional, it allowed for simple, administrative searches of a treasure trove of historical information, including ad moderation, payment methods and whether an ad was referred to the National Center for Missing and Exploited Children (NCMEC), a semi-governmental agency that farms out such reports to law enforcement.

But now the website no longer exists.

Imaging Garbage?

Tami Loehrs, a digital forensics expert employed by the defense, testified toward the end of the Oct. 25 hearing. She told how the government would only let her eyeball the physical, confiscated servers stored at FBI facilities in Idaho and Phoenix. She wasn’t allowed to boot the servers up or even photograph them.

Rather, the FBI has provided defense attorneys with what it says are “imaged” copies of the hard drives from 10 or 11 Backpage servers. The first batch delivered to the defense were in three boxes containing 56 hard drives that supposedly represented five of the site’s 106 servers.

But when the defense expert inspected these hard drives, she found that “some of them were readable, some of them were not.” She utilized a variety of industry-standard tools in an attempt to tap into the data and largely ended up with bupkis.

Loehrs tried using the forensic software that the FBI says it employed to create mirror images of the servers: FTK Imager, a product of the Utah-based company AccessData, but this didn’t work for her either.

Then at the Oct. 3 hearing, the defense expert learned through the testimony of Matthew Frost, a forensic examiner for the FBI, that Backpage had used FreeBSD, an open-source software, as its operating system.

Under direct questioning from defense attorney Whitney Bernstein, who along with attorney Thomas Bienert represents defendant Larkin, Loehrs explained how she researched the software involved and contacted AccessData for support.

AccessData told her that FTK Imager “is not validated to image FreeBSD.” She said she then “installed FreeBSD on another virtual machine and tried to actually use FreeBSD to access” the data on the hard drives. But the process was unsuccessful.

There were other complications, the defense expert explained. For instance, Frost testified that he was unaware there had been encryption on the servers. But in emails recently released by the government through the discovery process, Loehrs learned that the servers were “equipped with self-encrypting drives.”

Loehrs explained that if the server’s hard drives remained in the server’s chassis — i.e., the metal box that stores them — the information would “automatically decrypt.” However, if you remove the drives from the chassis, “you’ve just scrambled all the data.”

What would happen, Bernstein asked, if someone mirror-imaged an encrypted file?