United States District Court, D. Arizona
ORDER
Honorable Susan M. Brnovich, United States District Judge.
Pending
before Court is Defendants Motion to Compel Discovery. (Doc.
643., “Mot.”) The Government filed a Response,
(Doc. 696, “Resp.”), and Defendants filed a
Reply, (Doc. 717, “Reply”). Oral argument
concerning the manner and usability of the Government's
discovery disclosures was held on October 3, 2019, (Doc.
789), October 25, 2019, (Doc. 800), and December 2, 2019
(Doc. 832). At the hearings, the Court heard testimony from
Special Agent J. Patrick Cullen, William Gerken, Special
Agent Matthew Frost, Agent Richard Robingson, and Tami
Loehrs. The Court will deny the Motion because, as explained
below, the Court finds that the disclosure of electronic data
in this case was made in a reasonably useable format.
I.
BACKGROUND
Defendants
are former executives and employees of a classified ad
website charged with conspiracy and facilitation of an
unlawful activity under the Travel Act, Backpage.com
(“Backpage”). The charges are outlined in a
100-count superseding indictment. (Doc. 231,
“SI”.) At issue in this discovery dispute is the
form and functionality of the disclosure of Backpage server
data previously seized by the Government.[1]
a.
The Backpage Website
The
viewing of Backpage ads on the Website involved cooperation
among various types of servers running on FreeBSD Unix
operating systems.[2] (See generally Doc. 789 at 61-73;
82:5-8.) In a nutshell, web servers facilitated
Backpage users' viewing requests by connecting
database server information with image
server information and displaying it in users' web
browsers. (Id. at 63:24-64:17.) These web servers
comprised a majority of Backpage's overall servers and
evenly distributed requests by helper servers to
ensure no particular server was overloaded by user traffic.
(Id. at 63:19-22; 64:22-25; 65:1-5.)
Backpage
used four database servers-one “master” and three
“replicates”- containing identical information to
store its website data. (Id. at 62:1-4, 22-25.)
Images associated with ads were separately stored on three
image servers[3] because it was not as “efficient to
store them in a database.” (Id. at 63:5-6.)
The “master” database was “where data would
get written to, ” while “the other [three
databases] would replicate that information.”
(Id. at 62: 6-10.) “For example, “if
somebody [were] posting an ad, . . . the data that
they're posting gets saved to that master server [and]
[i]f somebody is viewing an ad, the data that is being
retrieved to view that ad comes from the replicated
[server].” (Id. at 62:11-15.) By virtue of
this replication, “[a]ll four servers would have the
same information on them.” (Id. at 62:6.)
In
addition to holding identical information, each database
server contained (1) market databases and (2) a central
database. (Id. at 70:2-14.) Each central database
“stores a subset of [an] ad across all of those market
databases, ” (id. at 70:10-12) and permits an
individual to “find a subset of ads or . . . where a
user had posted different ads among the different
geographical regions, ” (id. at 70:5-9). After
looking in the central database, an individual “could
go to the market databases for the particular [geographical]
region and find all the information about the ads
posted[.]” (Id. at 71:10-13.)
With
access to both the database and image servers, a party can
use SQL “to access the information that was contained
on [Backpage] before it was seized, ” (id. at
83:13-17), and “[a]ll of the content related to the ad,
” (id. at 69:6-7). See Id. at 79:8-9
(“With just the database server and an image server,
all of the data for an ad is there. So it is possible to
query those databases, to pull up the information you need
for an ad and to also retrieve the images that you need for
that ad.”)). In other words, even “if you got
[Backpage] totally back[] [sic] up and running, . . . it
might be more convenient to look at the data, but there
wouldn't be any additional data than just what you could
obtain from the manual queries[.]” (Id. at
80:15-24.)
Aside
from what the Backpage servers contained, how the server data
is also relevant. That is, the language and software Backpage
utilized to operate bears on an assessment of the
Government's current disclosure. The Backpage servers
themselves employed an operating system ran a UNIX operating
system called FreeBSD. (Id. at 18:1-5.) As its name
suggests, FreeBSD is an open-source operating system
available for download free of charge. (Id. at
170:1-3.) Operating systems manage the various hardware and
software functions of a server, coordinates the servers'
needs and allows it to function. An individual Backpage
server, in turn, housed multiple physical hard drives that
contained Backpage databases. The Backpage system also used
“virtual machines” called “jails.”
(Id. at 82:5-14.) “Jails” virtually
group databases together and allowed an administrator to
easily move a group from server to server if required.
(Id.) The Backpage databases used a ZFS file system.
(Id. at 173:17-22.) This open source program
controls how the data is stored within the database and
allows the FreeBSD operating system to interact with that
data. (Id. at 82:15-17.) As with the jails system,
the ZFS file system similarly allowed data on hard drives to
be grouped into something called “Z pools.”
(Id. at 174:14-22.)
b.
Seizing Backpage's Servers
The
Government seized Backpage's servers from three
locations-thirty-two in Tucson, Arizona, nine in Amsterdam,
Netherlands, and five in Dallas, Texas. (Doc. 643-5 at 2-3.)
The Amsterdam and Phoenix servers contained almost identical
information.[4] If the Phoenix servers failed, then the
Amsterdam servers would act as a failsafe and ensure Backpage
remained operational. FBI Special Agent J. Patrick Cullen
assisted with seizing the Tucson servers on April 6, 2018 at
Login Data Center (“Login”) pursuant to an
authorized seizure warrant. Although the servers were housed
at Login, DesertNet operated them. Upon arriving at Login,
Special Agent Cullen was informed DesertNet's assistance
was required to conduct an orderly shutdown of the Backpage
servers. (Doc 789 at 17:1-19, 24:3-6.) Will Gerken and a
DesertNet system administrator arrived to assist.
(Id. at 17:1-2.) As DesertNet's founder, Chief
Technology Officer, and the lead software developer who
created Backpage, Gerken is intimately familiar with
Backpage's servers and the software they employed. Gerken
conducted a “soft shutdown”[5] of both the
Tucson and Amsterdam servers, safeguarding the integrity of
the data they contained. (Id. at 25:1-12, 75:17-20,
76:13-19.) After properly identifying and documenting
Backpage's servers and Gerken's “soft shutdown,
” the Government transported the Tucson servers to a
controlled facility in Phoenix. (Id. at 25:3-8.)
Although the Government did not document how the Backpage
servers interacted with one another before seizure, there is
no indication that any Backpage data was altered or damaged
in any way.[6] (See Id. at 27:1-3, 76:13-19.)
Additionally, Gerken testified that he did not have a
schematic drawing for the servers. (Id. at 86:24-25,
87:1-4.)
Since
seizing the Tucson servers, the Government has also seized
Backpage's Dallas and Amsterdam servers.[7] The FBI
transferred servers from these locations to various Special
Agents for forensic examination-including Special Agent
Matthew Frost-for processing, analysis, and production of
discovery [production] pertinent to this case. (Id.
at 158:12-18.) Special Agent Frost was called in because he
has experience working with Linux/Unix systems. Frost made
forensic images-exact, verified copies used for
investigation-of Backpage's hard drives and databases,
and provided them to Defendants. (Id. at 159:
10-11.) Special Agent Frost constantly engaged Gerken
throughout this process to improve his understanding of
Backpage's servers. (Id. at 219:14-16.)
c.
Procedural Background
At a
September 13, 2019 hearing set to address a variety of
discovery disputes, Defendants argued the Government's
discovery was not reasonably usable by comparing Exhibit
J-raw Backpage ad data organized in a large spreadsheet-with
Exhibit K-the administrator view of a Backpage ad from the
fully-functional website referred to as an “object
editor”-to demonstrate the inadequacy of the
Government's discovery. (Doc. 761 at 32:1-19.) Repeating
an argument from their Motion, Defendants proffered Exhibit J
demonstrated the manifest issues with the Government's
disclosure. Represented as the Government's disclosure of
imaged data for a single Backpage ad, Defendants showed the
Court a “series of spreadsheets, containing more than
500 data fields and cross-references to information and
images contained in other files.” (Mot. at 6.) Given
the divergent, intransigent positions of both parties,
[8] the
Court ordered an evidentiary hearing to determine the form
and functionality of the Governments disclosure.
(See Doc. 761 at 32-47.)
Three
days of evidentiary hearings followed. (See Doc.
789, “Oct. 3 Hearing”; Doc. 800, “Oct.
25th Hearing”; Doc. 832, “Dec. 2
Hearing.”) Both parties' witnesses broadly
testified concerning the seizures of the Backpage servers,
how they operated, the Government's form of disclosure,
and alternative forms of disclosure.
II.
...