The State circumvented discovery rules via “national security”

For those following this case, it is now obvious from comments from the jury foreman that Brad Cooper was convicted based on computer evidence of an alleged Google search of the location where Nancy Cooper’s body was later found. It is clear there are many uncertainties about this evidence because while the computer was in police custody forensic protocols weren’t followed, files were altered, passwords were changed, the computer’s time was changed and the drive was not even hashed until several weeks later. Evidence of tampering was found by defense experts and one of the biggest issues of the trial was the judge not allowing the defense experts to testify about their findings.  Hearing from these experts would have made it impossible for a jury to convict. One thing that hasn’t been discussed in much detail is the clear discovery (Brady violations) involved in the computer evidence.

The computer “evidence” was found in October ’08 by Agent Johnson, FBI.  As of May ’09, the defense still hadn’t received a copy of the computer’s hard drive.  This is the description of the request for the evidence by the defense:

On May 22,2009, Mr. Kurtz contacted Special Agent Johnson by telephone.  During that conversation, S A Johnson informed Mr. Kurtz that he had completed the copies  of DECE 1A and DECE 4 and agreed that Mr. Kurtz could pick them up at the FBI office that afternoon at 4 PM.

Within 2 hours of that agreement, Det. Daniels called Mr. Kurtz and told him that Mr. Cummings (ADA) had told SA Johnson that he was not to give Kurtz the images.  Kurtz called Mr. Cummings and expressed his concern that exculpatory and evanescent evidence was being withheld.  He also pointed out that it was evidence that the State had agreed to provide and evidence to which the defense was clearly entitled.

On May 27, 2009, Mr. Cummings told Mr. Kurtz that he could not tell Kurtz when he would be given the drive, that he could not tell Kurtz why he was not providing the drive immediately and that he could not explain why it was that he could not answer the preceding questions.

It is clear that the State is not providing the requested information in a timely fashion and that resorting to the Court is the only viable alternative to seek relief.

The defense filed a motion to compel at that time and shortly after that I believe they received a copy of the hard drive, but none of the other requested items, such as the procedures used to locate the Google files, bench notes from the investigators, and the master file table. All of this was necessary for the defense expert to adequately assess the findings.  He would need to compare the extracted files to verify the data and it would be important to use the same extraction method as the FBI.

Here are some of the responses from the prosecutors to one of the defense motions to compel discovery of the FBI’s procedures, notes and the MFT of the computer – the document can be found here, pages 112-114.

7. That the FBI has provided the defendant with an image copy of the seized computers.

8. That the defendant can, with an expert, conduct an independent examination of identical copies of the hard drives that the State examined.

9. That reports of examinations from FBI SA Johnson and Durham police task force agent C. Chappell have been provided to the defendant.

10. That if there is an issue of fact between evidence the FBI examiner purports to have recovered and the defense expert’s examination, that the Defendant can cross examine the agent on their report.

15. That, according to the attached affidavit of James R. Durie, the FBI routinely asserts that privilege when the CART (computer analysis response team) Standard Operating Procedures (SOP) and other policies are sought, because such disclosure could lead to the development of countermeasures to FBI investigative techniques.  Such countermeasures could defeat law enforcement’s ability to obtain forensic data in criminal cases. 

16. That the FBI’s SOPs and policies are the same techniques and tools that are used in counter-terrorism and counter-intelligence investigations, meaning that their disclosure could adversely affect the national security of the United States. 

19. That the requested discovery is not Brady material, and is not favorable to the defendant.

And here are sections of James Durie’s affidavit to make the case that turning over the information could jeopardize national security:

6. The FBI has always asserted that the documents and materials requested by the defense from the FBI are exempt from discovery pursuant to the “law enforcement sensitive” qualified evidentiary privilege. See In re U.S. Department of Homeland Security, 459 F.3d 565, 569-71 (finding that “in today’s times the compelled production of government documents could impact highly sensitive matters relating to national security.  Therefore, the reasons for recognizing the law enforcement privilege are even more compelling now than when prior cases on the 5th district were decided (several other court cases are listed and you can read the rest here, pages 118-122.

7. The FBI routinely asserts this privilege because the CART Standard Operating Procedure and other policies sought by the defendant are a step-by-step list of procedures on how the FBI deploys investigational tools in a computer forensics investigation.  The examiner’s bench notes essentially track the SOP’s step-by-step.  Given the nature of these materials, a computer savvy defendant, criminal enterprise, or foreign power should they gain access to the notes, could determine the FBI’s techniques, procedures and capabilities in this area.  This knowledge could lead to the development and employment of countermeasures to FBI tools and investigative techniques by subjects of investigations and completely disarm law enforcement’s ability to obtain forensic data in criminal investigations.  This, in turn, could completely prevent the successful prosecution of criminal cases involving digital evidence, including pornography, computer intrusion, financial fraud, and a variety of white collar crimes.

8.  Adding to the sensitive nature of the FBI’s SOP’s and policies in ordinary criminal cases, the same techniques and tools are often used in counter-terrorism and counter-intelligence investigations.  Thus, the compromise of the FBI’s investigational tools and methods in a criminal case could have a significant detrimental impact on the national security of the United States.

9.  Here the FBI provided to the defense an image copy of the seized computers, and the defendant can hire his own computer forensic defense expert to perform his own independent investigation.  If there is an issue of fact between evidence the FBI examiner purports to have recovered and the defense expert’s examination, that can be fully explored at trial by the defense under cross-examination of the FBI agent, or through direct examination of his expert.  Access to the SOPs and bench notes will not aid in this avenue of approach, as it will be the defense expert’s own examination that provides the basis for the defense’s questions and evidence.

The police didn’t have to use the FBI to analyze the computers.  They could have used the state SBI or other forensic specialists.  Using the FBI allowed them to in essence hide the computer evidence from the defense.  This sets a dangerous precedent!  This means that anytime the State wants to convict someone on digital evidence, all they have to do is have the FBI do the analysis and they won’t have to provide full discovery.  I believe the State should be forbidden from contracting the FBI to analyze evidence if it’s going to be used in a way to limit the defense’s abilities to fully address the evidence.

With so many red flags surrounding the computer evidence to begin with, isn’t it suspicious that it went even one step further with the use of “national security” to hide the details of the analysis?  I think it is incredibly suspicious.  Still, the judge could have ruled against it and ordered the information be provided to the defense but he didn’t.  Here is a news article referencing his ruling.

This was not a terrorism case.  These are alleged Google searches on a computer.  Further, the tools used to extract the data are fairly common.  Forensic toolkit is one of them.  Likely the FBI used this or something similar and should have provided their methods, bench notes and SOP’s for the defense.  It is quite difficult to cross examine a witness with files extracted by a different technique, but that is what the defense was forced to do.

The defense was expected to accept the FBI’s report as proof and not expected to ask to see how they obtained it.  They did the best they could with the limited information given and they had a network security expert fully capable and qualified to testify about exactly what he found on the computer, but the judge wouldn’t allow him to testify about anything forensic related because the State felt he didn’t have enough forensic training.  Therefore, he was unable to testify about the signs of tampering and evidence that the Google files were planted on Brad Cooper’s computer. One important point that must be considered is that it’s a challenge for a defendant to find someone with forensic expertise in computers who isn’t strongly aligned with law enforcement.  This becomes an issue because many firms are very hesitant to even take a case that could implicate law enforcement of wrongdoing.

Most who followed the case know that the defense did try to get a second expert to testify.  A forensic examiner was prepared to testify after verifying the first expert’s reports and findings.  The State again objected – this time they felt they didn’t have enough time to prepare to cross examine him and they said he wasn’t on the original witness list.  So that essentially removed all hope for Brad getting acquitted. However, he did testify as an offer of proof for appeal purposes only.  The jury didn’t get to hear this testimony, but the rest of us did and it was compelling.

One more point about this, it turned out that exculpatory evidence was revealed by the FBI agent during questioning.  He testified that he searched for evidence of an automated phone call (another unproven allegation) and was unable to find any evidence of this on the computer.  Please watch the trial testimony videos to see the discussion of the Brady violations and the exculpatory evidence that was never disclosed to the defense.

Edited to add:  The supreme court just overturned a conviction because prosecutors failed to turn over exculpatory evidence.  The Cooper case had at least 3 instances of this – 1) Bella Cooper saw Nancy Cooper that morning, yet police never provided discovery on that and the judge refused to demand that they do.  2)The FBI found evidence that the computer did not have any evidence of an automated call.  3) The FBI procedures, bench notes and the master file table were not provided to the defense.

“Using brevity as a blunt instrument, the Supreme Court spent very little effort Tuesday in ordering the New Orleans district attorney’s office to provide a new trial in a murder case because prosecutors — using a tactic several times challenged before the Justices — had failed to hand over evidence that could have helped in defending a murder suspect.  In a spare four-page opinion, less than two pages of which were legal reasoning, the Court nullified the conviction of Juan Smith of New Orleans for an alleged role in the murder of five people in 1995.”  

13 thoughts on “The State circumvented discovery rules via “national security”

  1. An outstanding summary of the discovery violations in the case. The good news is that these are the events that will most certainly lead to a successful appeal of Brad Cooper’s conviction. Perhaps the most frightening aspect of all of the above and the part that should cause all observers pause is the sheer weight of the power of the state when it is dead set to win a guilty verdict on a citizen who is supposed to be “innocent until proven guilty”. No proof was actually provided in the Cooper case. Much speculation, that is “theories” of how the defendant “may have” committed murder and “may have” spoofed a call is what the state gave the jurors. Andy Gilbert, jury foreperson states it was the FBI testimony about the computer Google map search that drove them to their verdict of guilty. Herein lies the problem. Zero proof was offered that Brad Cooper conducted that search and in fact much was offered to dispute that likelihood, especially the common sense notion that a through search for where to dump a body is not conducted in 42 seconds with a two second “look” at the final spot. This is what seems to be the most important problem in our jury system. They believed in the “speculation” proffered by the government authorities without requiring proof. All of us would like to believe in our police and other government agencies. Doing so confirms our sense of safety and well-being in our communities that they are they protecting and serving. It is my hope that this case and others across the nation where prosecutors have simply become criminal in their pursuits of “conviction at any cost”will cause the American people to wake up to the dangers they face from their OWN government. In particular, citizens need to carefully examine the impact of one Judge Paul Gessner, the prosecutor’s friend and the champion of policemen everywhere. This one man, who simply by being elected to office is caused to be addressed as “honorable” has made a mockery of what we want in our legal system. We citizens want truth in justice and a fair and even playing field Guilty people MUST be punished for their crimes, but innocents should never find themselves convicted. Judges are the custodians of the “level playing field” ensuring that every accused gets a fair trial. Judge Gessner, on video and in page after page of damaging rulings disgraces himself in his bias toward a sham prosecution of an innocent man..


  2. Well said, Jim. I agree with all of it. It’s so frustrating that this process moves so slowly, that the transcript is not even complete. This was such an enormous injustice on so many levels.


  3. Great, thorough, and informative article about the fictitious “procecutorial reasons” the DA’s office gave as to why the digital forensic methods/findings were not given to the defense by the prosecution.

    All who watched and are informed of what occured daily in the courtroom of Gessner – actually witnessed something more resembling a complete witch hunt void of any rythme, reason or shred of fairness to the defendant or our forefathers who put these judicial rules in place to avoid what we saw happen with our very own eyes and heard with our ears…a COMPLETE miscarriage of justice.

    This trial was nothing more than a 2-1/2 month sham showing how in Wake County and Gessners venue – that you are most definetly GUILTY until proven innocent – which the proven innocent part also was not allowed due to Gessners asinine rulings, along with the DA’s office and Cary police detectives multitude of lies, deceptions, half truths, woulda, coulda, and shoulda speculations to the Cooper jury about what might have happened, with nothing remotely resembling real evidence to back up these baseless accusations was ever presented. When the parade of supposed prosecution witnesses were done – they had zero, nada, nothing close to “beyond reasonable doubt” or even a shred of evidence implicating Brad Cooper, in fact most of the prosecutions witnesses eneded up casting more doubt on who really was the abused spouse and victim of domestic abuse – because it certainly wasn’t Mrs. Cooper.

    In keeping with that view of the lack of evidence presented, in one of the daily courtroom trial camera feed’s in which Gessner must have thought the feed was cut, you can clearly overhear him quietly asking on a side bar with frustration and incredulance to the prosecution “is that all ya got?” No it wasn’t – they had one thing left – the fabricated, undefensable (due to another of Gessners idiotic rulings) 42 second Google search for the jury to decide to vote “guilty or not guilty” that they hung their entire case upon So 2-1/2 months of testimony and rebuttal came down to that – they had nothing else as most all they threw out there was disproved (ie; spoofed call from home, missing shoes, broken foyer ducks,…etc)

    I guess in hindsight Gessner did Brad a favor unwittingly by continuing to cover for the sloppy police investigation, and the case put on by the DA’s office by his absurd rulings – all of which will be the foundation of Brads appeal.

    God help any of us that may ever get caught in the spider web known as the “Wake County Judicial System”


    • Seriously? That was your takeaway from reading this? Actually, this post was more about prosecutorial and judicial misconduct for allowing the discovery violations. Maybe you should go back and read it again.


  4. Catch 22 isn’t it. CPD and SBI accused of being inept and destroying evidence or tampering. FBI is respected and not accused of tampering. Fbi offered to help with the computers. How dare they.


    • I’m not accusing the SBI of being inept, only the CPD. The SBI has done that for themselves in plenty of other cases. Do you not realize that the FBI agent told CPD to verify the “Google search”? CPD was in contact with Google for other computer related evidence, so WHY didn’t they verify the alleged search with the cookies? THE SMOKING GUN? The cookies are like a tracking device and would have verified the IP address, the time, the date, etc. CPD did request verification of searches using cookies in other cases, so Albert please explain a reasonable explanation for disregarding the FBI’s request.

      Did you know that, of all the searches on that computer, and all the many, many cookies on that machine, the cookie related to this one particular search was mysteriously missing. Was it missing because it would have proven that Brad didn’t do the search? In my opinion, yes.

      Using the FBI to circumvent discovery rules was unfair. If you were on trial, I think you would agree. The government is very private and secretive now and they are supposed to be transparent. To be at the point where the government can spy on us and then take us to trial and say “here’s my report. We found that you did this, but don’t try to question it or anything. And don’t ask me for notes or records or methods” is clearly violating rights to full discovery and it should never be allowed. That you aren’t equally outraged is the biggest concern here.


  5. Why is the FBI needed anymore in this country….don’t they have terrorists to catch instead? The laws need to be changed so nothing is hidden. An independent examiner who is not working for either side is the only way to go. Otherwise there will be bias.


    • Yes, an independent examiner would have been the best way to go. The analysis should have been recorded, notes taken and shared with both sides, completely open.

      Then, the defense should have received a copy of the hard drive as soon as the evidence was found. Instead the State waited to hand it over until it was too late to have the search verified through Google because Google will only provide that information for up to 9 months as part of their privacy policy. They stalled for no explainable reason AND got away with it. They did anything they wanted because Judge Gessner had their back.


      • I’ve never heard of an independent examiner in a court case. I guess the SBI and FBI are supposed to be independent. I remember in the Duke Lacrosse case, the prosecutor used a private examiner, but that examiner conspired with the (now dis-barred) prosecutor to hide evidence. Is there truly a concept of an independent examiner in the US legal system?


        • I think with digital evidence, it would be fair and reasonable to select someone to do the forensic work that both sides agree to and it should be videotaped. Now that’s easy to request in a case that is clearly a computer evidence case, ie. employee suspected of embezzlement, computer hacking, etc. This was not known to be a computer evidence case.

          Even if police use their own officers to do the work or the SBI, it should be videotaped and all notes provided to both sides. I don’t like what happened in the Cooper case regarding this evidence. In fact, the agent who did the forensic exam didn’t even testify about it. Isn’t that a bit odd too? Officer Chappell testified about the Google search and said he was there when Johnson (FBI) found it, but there is no proof that he was because no bench notes or documents or recordings of it were ever shared with the defense. For this reason, a reasonable judge should grant a new trial with the understanding that the evidence can not be handled by the FBI. If you can’t share and document everything, you can’t use the FBI to do the work. That seems logical to me.


Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s