The State v. Justin Ross Harris won’t be the first nationally infamous trial to rely heavily on evidence gleaned from the defendant’s own electronic devices. Case after case has shown how the ubiquitous digital trail we leave can lay bare the most private reaches of our lives, preserving what we might wish to obscure or obliterate — and might have in the pre-digital age.
A letter stashed at the bottom of a drawer is easily burned or thrown away; its digital counterpart may exist not only on your hard drive but on servers across the country. Incriminating information culled from a book in the library stacks leaves no trace; an Internet search does. And even if something is deleted, it’s not really deleted until new data writes it over. It’s like the initials you carve into cliff at the seashore, leave behind and soon forget: They remain until the wind and tide scour them away.
In fact, the massive power of digital forensics has become a burden as well as a boon to prosecutors. Just as a “CSI effect” has produced juries that expect iron-clad DNA evidence every time, a digital-trail effect is taking hold.
“The more people realize that they are leaving a data trail, the more they expect of prosecutors,” said Craig Nolan, a federal prosecutor who successfully used digital evidence to unravel a horrific murder plot in Vermont. “It’s just another area where the defense can say, ‘Look, the prosecution hasn’t shown you any of this type of data or that type of data.’”
At the end of the day, a computer investigation, like any police work, is only as good as the people who do it and their tools. Pitfalls are many, and missteps can have catastrophic consequences.
If the science is ever perfected it will be in part because of learning from mistakes made on a national stage, with people’s lives at stake.
A case gone wrong
A singularly disastrous computer investigation in the annals of modern crime was also one of the most famous: the trial of Casey Anthony, the young Florida woman accused of murdering her two-year-old daughter, Caylee. Some issues came to light only long after the trial.
Circumstantial evidence swirled around the death: The mother’s lies and seeming nonchalance about her daughter’s disappearance; her car’s smell of decomposition; duct tape found with her daughter’s remains. But how to show that Caylee’s death was intentional, that Casey didn’t merely allow the disposal of the body after the child accidentally drowned?
Investigators turned to the computer in the home Casey shared with her father. Prosecution witnesses testified that someone had performed 84 searches for the word “chloroform” on that computer.
But then, mid-trial, the developer of the forensic software used to tease out that information found a flaw in his product. There had been just one search for “chloroform,” not 84. He tried to alert the prosecution but they didn’t tell the jury. Anthony’s defense team did, though.
On July 5, 2011, the jury found Anthony not guilty of murder, unleashing a wave of public outrage. The few jurors who came forward struggled to emphasize that “not guilty” does not mean “innocent.” They said the process reduced them to tears, that their own verdict — the only one possible, given gaps in the evidence — made them “sick to our stomachs.”
Then, a year later, an Orlando news station, WKMG, released the work of two hobbyist sleuths who had procured the Anthony browsing history under Florida's open records law. Their analysis delved into something the police had not found: that on the day of Caylee Anthony's disappearance, someone had searched "fool-proof suffication" on a browser primarily used by Casey Anthony.
The hobbyists determined that the search happened while Casey’s cellphone was pinging a tower closest to home, at a time when her father said he was at work. One minute later, someone logged into MySpace, a website used frequently by Casey and not by her father.
Anthony’s lawyer was also aware of the search, but he interpreted the timestamps in a different way, which suggested that Casey Anthony’s father had performed it. The lawyer did not return a recent call about the issue from The Atlanta Journal-Constitution.
WKMG also reported that Orange County investigators missed 98 percent of the search records on the computer for the day Caylee died, because they didn’t look in Firefox, Casey’s newly favored browser.
Orange County Sheriff’s officials told WKMG they still had confidence in the detective who did the search: After all, she was never told to search the word “suffocation.”
In interviews with the AJC, the hobbyists, Isabel Humphrey and John Goetz, marveled that she didn't just search the word "Google," which would bring up all Google searches. Neither did she break down all Firefox search results from the day of the disappearance and scroll through them, as they did.
“She said, ‘They never asked me to,’” Humphrey recalled.
Best-case scenario
The Vermont case was, if anything, even more bizarre and convoluted. Nolan and his colleagues spent the last six years on the 2008 rape and murder of a 12-year girl, piecing together a trail of evidence that probably would not have existed in the days before computers.
Prosecutors believed that one man, Michael Jacques, had used cell phones and his home and work computers to create multiple characters, whom he put forth as members of a powerful organization. Communicating through them with a child he knew, investigators said, Jacques convinced the girl, from the age of nine, to volunteer as his sex slave for fear of having her family killed. The fake organization became an integral part of her life for years.
When the child became a young teen, Jacques turned his attention to his 12-year-old niece, Brooke Bennett. Prosecutors said he used the fake organization to convince the first girl that Bennett was a threat. He persuaded the girl to help lure Bennett into a situation where she could be abducted and killed.
When police questioned the first girl, she told them she had received paper letters from the organization, introducing itself and claiming responsibility when she came home one night to find a pet dog hanged. But those pieces of paper were long gone.
What remained were digital records on Jacques’ computer, in email services and in business records. Slowly and painfully, police were able to use those records to free Jacques’ young accomplice of the delusion that the organization existed.
A civilian computer professor and a police trooper specializing in computer forensics formed the core of the small state’s multi-agency team for the work, and the FBI took on some out-of-state tasks.
In time, the computer evidence filled the bulk of a 60-page prosecution document filed with the court this year, supplemented by physical evidence, all the bits and pieces placed in a cohesive narrative.
Some of the jewels: “organization” email accounts accessed from an IP address in Denton, Texas, at a time when Jacques was on a work visit there; patterns of accessing more than one of those email accounts in quick succession from the same locations; and a data fragment on Jacques’ laptop reading, “To put it bluntly, Miss Bennett will cease to exist…You will not be required to participate in the actual termination, but you will participate in events leading up to it.”
The computer investigation was “spectacular,” said Nolan, the assistant U.S. attorney in Vermont who oversaw that part of the case. “They did everything right.” He was ready to take the case to trial and seek the death penalty.
But to help a jury understand the computer evidence, he also needed the testimony of the ravaged girl, who desperately wanted to avoid appearing in court.
Jacques was allowed to plead guilty. In May he was sentenced to life in prison plus 70 years, with no possibility of parole.
“Nothing’s a silver bullet,” said Nolan.
