Attorney-Eyes-Only Disclosure of Heuristics Used by Government in Analyzing Blockchain Transactions

17 views 3:25 pm 0 Comments July 5, 2024

From Thursday’s decision by Judge Randolph Moss (D.D.C.) in U.S. v. Sterlingov, which holds that defendant Roman Sterlingov should be barred from “personally reviewing” “the sensitive, supplemental heuristic information that was created by the government’s expert (for the benefit of the defense) and provided to the defense in September 2023,” which is to say that only his lawyers should have access to it:

Here, good cause exists for limiting access to the sensitive, supplemental heuristic material in the manner that the government proposes. As government counsel persuasively explained at the November 13, 2023 hearing, the material at issue is neither evidence against the defendant nor is it exculpatory evidence. Instead, the information is best understood as a supplemental expert disclosure. It was provided to the defense, at the Court’s urging, to ensure that the defense was fully apprised of the heuristics used in Chainalysis’s Reactor software, which the government’s experts, Luke Scholl and Elizabeth Bisbee, used to cluster certain blockchain transactions at issue in the case. This supplemental expert disclosure did not exist at the time either of the government experts prepared their reports, and the government itself came into possession of the material from Chainalysis only as an intermediary, before passing it along to defense counsel.

The government also explained that the sensitive, supplemental heuristic information provides a more granular account of the behavioral heuristics that Reactor employs than the account previously disclosed to Sterlingov, defense counsel, and an array of defense experts in Bisbee’s expert report and appendices. That additional detail includes “exactly how” specific behavioral heuristics are “implemented and weighed,” and, significantly, it “includes information about the kickouts”—that is, “what behavior would cause Chainalysis not to cluster” a given address. Armed with this information, those bent on preventing the government (or its expert) from clustering addresses, and thereby identifying their owners and connecting them to potentially illicit transactions, could readily adjust their conduct to evade detection.

By way of analogy, consider criminal enterprises that engage in sophisticated bank robberies. Imagine that the government can identify those enterprises by tracking down shell companies that have engaged in certain behaviors—say, opening a new bank account within x hours of a robbery and making deposits into that account between one and y hours post-robbery and then never again. Imagine further that the government has studied the behavior of particular criminal enterprises and knows that for Enterprise A, “x” equals 48 hours and “y” equals 12 hours, but that for Enterprise B, “x” equals 24 hours and “y” equals 6 hours. Armed with details about their behavioral patterns, the government would be able to identify which criminal enterprise likely robbed a particular bank. And were that information ever to be made public, both Enterprise A and Enterprise B would be able to evade detection by changing their distinctive behaviors.

As the government explains it, the defense—including Sterlingov—has long had access to the general methodology that Chainalysis uses. To continue the analogy, they know that the government pays attention to the timing of account openings and deposit patterns. But what the sensitive, supplemental heuristic information discloses is the precise temporal windows—the x and y values—used for each of the services, and darknet marketplaces, at issue.

The testimony elicited during the multiple Daubert hearings in this case confirm that the sort of cat-and-mouse dynamic described above is far from hypothetical. To take just one example, services like Chainalysis (as well as defense expert, Ciphertrace) rely on the fact that when multiple addresses contribute bitcoin to fund a single transaction, the contributing addresses are likely owned by the same entity. {This phenomenon is often referred to as the “co-spend” or “common spend” heuristic, and its origins can be traced back to the white paper on bitcoin authored by its pseudonymous inventor [Satoshi Nakamoto].} That is because, in order to contribute bitcoin to a transaction, an individual must have the private key to the address that originally held the bitcoin in question. Private keys are like bank account passwords—for obvious reasons, account owners are unlikely to share them with strangers. “Coinjoin” services, however, permit individuals to contribute bitcoin to each other’s transactions, without sharing their private key information with one another, thereby defeating (or at least frustrating) the assumption that when multiple addresses fund a single transaction, they are controlled by one entity. In response to the advent of coinjoin services, law enforcement clustering products like Chainalysis’s Reactor and Ciphertrace’s Inspector, in turn, have developed (or have attempted to develop) methods of detecting the presence of coinjoin services.

In this manner, each disclosure of how the government (or its experts) cluster or track bitcoin transactions ups the ante in the detection-evasion, cat-and-mouse game. Indeed, the government alleges that Bitcoin Fog, a bitcoin mixing service, was itself designed and employed to help bitcoin users avoid clustering and tracing of their on-chain activities. Against this backdrop, the Court finds that the government’s concern regarding providing Sterlingov, the alleged administrator of Bitcoin Fog, with personal access to the granular behavioral heuristics used by Chainalysis is both valid and substantial.

At the November 13, 2023 hearing, the Court inquired whether the granular heuristics in the sensitive, supplemental information remain confidential and in use today, given the speed with which technology develops. In response, the government assured the Court that these heuristics “are still used for clustering … being actively built and tested by Chainalysis now” and that the government is relying on this clustering “in very significant criminal cases and significant national security cases where [the government has] a very important and compelling interest [in] not allow[ing] [the government’s] adversaries to … contravene those measures.” In short, the measures and details at issue are neither inactive nor obsolete.

The Court also inquired whether at least portions of the sensitive, supplemental information might be disclosed without posing a risk to ongoing criminal or national security investigations. In response, government counsel stated:

Your Honor, we did review in the Court’s opinion and order the suggestion that we look at whether there [are] things that may be less sensitive. What we found [is] that really anything that was less sensitive was really in the prior report and if we went through to try and redact out what would be considered active and sensitive, we would essentially … be eliminating [from the attachments] the additional columns that were added to this report[,] so it would put [the] defense pretty much back at what the original attachments [to the Bisbee report] were.

And[,] then[,] with the report[ ] itself, we would—it would look like a series of black boxes without anything really in the way of substantive information that would be of any sort of use to the defendant.

Defense counsel, who have had access to the sensitive, supplemental material for several weeks now, did not disagree with this assessment or with the government’s more general representation that disclosure of the information would permit those engaged in illicit bitcoin transactions to evade clustering or tracking.

Rather than take issue with the government’s characterization of the sensitive, supplemental information or with the risk that disclosure might undermine ongoing law enforcement and national security activities, the defense argues that the government’s request is impermissibly premised on the assumption that Sterlingov is guilty of the crimes with which he is charged (and that, as such, he cannot be trusted to comply with the supplemental protective order, and he has the means and the motive to use the supplemental heuristic information to evade clustering in the future). The defense is, of course, correct that every criminal defendant is presumed innocent unless and until the government carries its burden of proof beyond a reasonable doubt. But that does not mean that the Court is required to ignore the government’s concerns regarding ongoing criminal and national security investigations.

This concept is not novel. Indeed, it is the very premise of the Classified Information Procedures Act (“CIPA”) that, at times, it is appropriate to limit a criminal defendant’s access to sensitive information that his or her counsel can review, notwithstanding the presumption of innocence. And, although CIPA deals with uniquely sensitive information, it does not stand alone; to the contrary, it is not unusual for courts to limit access to sensitive information to defense counsel alone, barring access by the defendant himself. Finally, the defense ignores the fact that a grand jury has made a finding of probable cause in this case, which, in other contexts, has been deemed sufficient to trigger significant, adverse consequences, such as an arrest or temporary loss of employment.

The Court, accordingly, finds (1) that the government has carried its burden of demonstrating good cause for limiting the disclosure of the sensitive, supplemental heuristic information to counsel and qualified experts who are needed to assist counsel and who are prepared to sign a reasonable protective order, and (2) that this good cause extends to the entire sensitive, supplemental production….

The Court must also consider whether Sterlingov’s need for access to the sensitive, supplemental information is sufficient to trump the government’s showing of good cause … or, more significantly, whether denying Sterlingov the requested access would violate his rights under the Fifth or Sixth Amendment to the Constitution. The facts of this case do not support his request ….

In its prior decision, the Court raised the question whether Sterlingov was seeking access to the sensitive, supplemental information so that he could actively assist in his own defense or was merely positing that he, like every other criminal defendant, is entitled to have access to any and all information pertaining to the case against him. At the November 13, 2023 hearing, which was held in part so that counsel could answer just this question, Sterlingov’s counsel made clear that he was pressing only the latter contention. Counsel made no mention of any special expertise or knowledge that Sterlingov might bring to bear, and counsel has failed to take the Court up on its invitation to seek leave, if necessary, to make any such showing in an ex parte submission….

Nor can the Court discern any reason why, as a matter of constitutional law, Sterlingov needs access to the highly technical information at issue. As noted above, the information is not evidence that the government intends to offer against Sterlingov, nor did it even exist at the time Sterlingov was charged. Rather, the information simply provides more granular detail about the behavioral heuristics (referred to by Chainalysis as “Heuristic 2”) used by Reactor to cluster and attribute addresses that, according to the government’s experts, show that Bitcoin Fog was used to launder large amounts of cryptocurrency associated with certain darknet sites.

Notably, moreover, the parties seem to agree that the information at issue has no bearing on the core question of whether Sterlingov operated Bitcoin Fog. And, even with respect to the question of how many transactions (and thus how much money) traveled from addresses affiliated with darknet sites to Bitcoin Fog, and vice versa, the parties seem to agree that many (although not precisely how many) such transactions occurred. As the Court observed at the hearing—without disagreement from the defense—the defense’s own expert, Jonelle Still of Ciphertrace, seemed to concede at her Daubert hearing that a substantial portion of Bitcoin Fog’s activity involved darknet customers. The dispute is only about how big a portion that was.

To be sure, it is possible that the magnitude of Bitcoin Fog’s transactions with darknet sites might have some bearing on whether the jury believes that the Bitcoin Fog administrator was aware that Bitcoin Fog was being used to launder illicit gains. But the Court has no reason to believe that the more detailed behavioral heuristics described in the sensitive, supplemental information will shed substantially more light on that question than the large quantity of less sensitive expert disclosures already have. Given ample opportunity to show otherwise, the defense simply reverts to ipse dixit, asserting: “To the extent the government is maintaining that it’s not important to the defense, we just disagree with that” for “reasons [that] are obvious.” The Court does not doubt that thorough preparation for trial will include review of this supplemental information, which may (or may not) include detail useful to counsel for cross-examination of the government’s experts regarding the magnitude of Bitcoin Fog transactions traceable to the darknet. But, beyond that, the value of the information is far from obvious.

Finally, the Court notes that Sterlingov has long had access to reams of information relating to Chainalysis’s efforts to connect hundreds of thousands of darknet bitcoin transactions to Bitcoin Fog. All that is at issue here is the most granular detail regarding the assumptions used in one category of heuristics (Heuristic 2) that Chainalysis employed to draw those connections. It is important that defense counsel (with the assistance of an expert, if necessary) have access to that more detailed information to ensure that no stone is left unturned in preparing Sterlingov’s defense. But, as defense counsel conceded after having reviewed the sensitive, supplemental material, he is unsure whether or how he will make use of the information in cross-examining the government’s expert, nor has he identified (at the hearing or in any ex parte filing) anything in the supplemental material that Sterlingov himself needs to review in order to assist counsel in preparing the defense.

The Court, accordingly, concludes that Sterlingov has failed to identify any reason why he personally needs to review the sensitive, supplemental information, which might overcome the government’s showing of good cause.