Examining a Leaked Criminal Warrant for Apple iCloud Data in a High Profile Case – Part 3

Inadvertently Disclosed Warrant Application Against Apple in a Criminal Investigation Against Retired Marine General Reveals Latest DOJ Search Procedures, the Dangers of Pacer and Too Much Court Record Transparency, and Much More – Part Three

This article is Part Three of the blog Examining a Leaked Criminal Warrant for Apple iCloud Data in a High Profile Case. See here for Part 1 and Part 2. This last part of this blog will conclude the Application review, focus on the dangers of too much information, the dangers of Pacer, suggestions for its reform, the complex transparency of online court records, privacy rights and speculation on how the leak to the API in this case could have happened. That’s a lot to cover, so let’s get going and move fast.

Information To Be Seized by the Government

In Attachment B to the Application, Section III, paragraph 11, entitled Information to the Seized by the Government, the DOJ describes what its search team will be permitted to seize from the three iCloud accounts. It refers back to prior Information To Be Disclosed by the Provider Section II, and states.

All information described above in Section II.10.a. that constitutes evidence, contraband, fruits, or instrumentalities of violations of the Foreign Agents Registration Act , 22 U.S.C. 611, et seq., restrictions on former officers of the Executive Branch, 18 U.S.C. 207(f), obstruction of justice , 18 U.S.C. 1512(c), aiding and abetting, 18 U.S.C. 2(a), and conspiracy, 18 U.S.C. 371, namely:

i. Information relating to who created, accessed, or used the SUBJECT ACCOUNT, including records about their identities and whereabouts.

ii. Information relating to meetings, messages, conversations, or other interactions with:

– foreign governments or any agency of a foreign government, and their officials, representatives, or agents;

– U.S. government officials or members of Congress;

– Imaad Zuberi, Richard Olson, Ahmed Al-Rumaihi, John Sandweg, or Martin Van Valkenburg; and

– employees or agents of Spark Cognition, Fifth Dimension, or any overseas business entities.

Then, just to be safe and clear, they add to the seizure list all of the items listed previously in Section II, Information to be Disclosed by the Provider.

Fifth Dimension – A Predictive Analytics Company

Although I’m rushing along here, a slight diversion is warranted. Don’t you just love the names of these businesses in the alleged bribery money flow: Spark Cognition and Fifth Dimension? I did a little digging into that last one, for the solid reason of liking the thought and sounds of the Fifth Dimension (three dimensions are so confining for explaining reality). It is an Tel Aviv, Israel, based software security company that seems interesting to me. CTech describes them as a predictive analytics company and that recently closed down.

Sound familiar? The predictive analytics part. Many of the best companies in ediscovery, very solid and honest ones indeed, would describe themselves in a similar fashion. Eh, Sherlock?

Although the Fifth Dimension website is closed, http://www.5dimension.com, and, as far as I know, has nothing to do with ediscovery, their LinkedIn description is still up and explains who they say they are, or were:

Fifth Dimension, founded by a group of former intelligence executives and data scientists, helps Law enforcement agencies to make the utmost use of their mass scale data. Leveraging advanced big data, AI and deep learning technologies, Fifth Dimension created an investigation and insight-driven platform for transforming customers’ data and challenges into true value.

With advance deep learning technologies such as text analysis, speaker recognition, computer vision, classification, pattern recognition and more, Fifth Dimension goes beyond solving specific business challenges- reaching core issues and creating game-changing value for its customers. Fifth Dimension empowers various customers across verticals including: intelligence agencies, border control organizations, law enforcement agencies and more.

Apparently these are the kind of things our defendants were hustling to Qatar and others. Would have loved to have heard our defendants’ pitch for their AI based service. According to News Net Daily’s interpretation of the facts in sworn Application by the FBI agent:

The record suggests that General Allen also sought other forms of payment. An Israeli security firm, Fifth Dimension, had agreed to pay him $10,000 a month plus a 1.5% commission on any new business he generated, and he credited himself for persuading Qatar to sign a $72 million contract with the company over the same weekend. trip – potentially earning him a fee of over a million dollars.

News Net daily

Not bad for a weekend’s work at Rick’s Cafe. A lot better pay than ediscovery and honest lawyering. Although, personally, I kind of doubt the general ever got paid. I’m sure that’s one of the key things the FBI is now using predictive analytics and other search tools to try to find out. Data trails are everywhere, not just in Apple’s cloud. There are lots of good ESI sniffing, AI-based blood hounds can help smart people to find them. Even if the trail leads to a fictional cafe in Hollywood’s version of WWII Casablanca.

Provider Procedures

The last thing we are going to look at in the Application is Section IV, Provider Procedures, set out in paragraphs 12 and 13. The provider, here Apple, is given only a ten day deadline. Ten days to deliver all of the information requested, which pretty much means forensic copies of the entire contents of these three iCloud accounts. We do not know what happened after Apple was served, whether they found anything and met the deadline.

After providing the deadline, warrant orders Apple to provide the name and contact information for all employees who conduct the search and produce the records responsive to this warrant. The Application goes on to order Apple, including of course all of these Apple employees, to keep this Application secret.

The PROVIDER shall not notify any person , including the subscriber(s) of each account identified in Attachment A, of the existence of the warrant, until further order of the Court, until written notice is provided by the United States Attorney’s Office that nondisclosure is no longer required, or until one
year from the date this warrant is signed by the magistrate judge or such later date as may be set by the Court upon application for an extension by the United States. Upon expiration of this order, at least ten business days prior to disclosing the existence of the warrant, the PROVIDER shall notify the agent identified in paragraph 12 above o f its intent to so notify .

Application, para 13

There is no reason to think that Apple did not fully comply with this confidentiality restriction. Instead, it looks like the DOJ itself, or the District Court Clerk for the Central District of California, did not keep the Application sealed when it was filed on April 15, 2022 in Case No. 2:22-MJ-1530. The style of this case, by the way, is:

In the Matter of the Search of: Information stored within the iCloud Account associated with DSID/Apple Account Number 1338547227 and/or email address rickscafedxb@yahoo.comat, Apple Inc., One Apple Parkway, Cupertino, CA 95014

Application at page 1 of 77

To understand this further we need to turn to the case itself, filed in the most populated United States District Court area in the country, the Central District of California.

Speculation That the Secret Application Was Disclosed Due to Limited Court Technology, Inevitable Human Error in Any Complex System, and the Novelty and Complexity of E-Filing Court Documents, Especially Criminal Warrants

The U.S. Magistrate Judge assigned to this case, In the Matter of the Search of: Information stored within the iCloud Account, Case No. 2:22-MJ-1530, is Margo A. Rocconi. She is located in Los Angeles, the Court’s Western Division of the Central District. Judge Rocconi was appointed on March 19, 2021. She previously served for over 25 years with distinction as a Deputy Federal Public Defender. First of all, let me say right away, that there is no reason to believe that Judge Rocconi, or any other judge, was in any way involved in the disclosure of this Application to API. There is nothing political about Judge Margo Rocconi at all, she is a hardworking, dedicated attorney and scholar. She has a terrific reputation. There is no reason to think that any of the judges here made any mistake at all, much less intentionally leaked the Application to the press.

Judge Rocconi’s local rules guidance, Judge’s Procedures, which are the rules that all attorneys are required to follow to the letter, including especially DOJ attorneys in criminal matters, at paragraph 17, states:

17. Law Enforcement Submissions: Federal law enforcement agents and the U.S. Attorney’s Office are encouraged to advise the CRD in advance of the anticipated submission of warrants, criminal complaints, and other applications for the Court’s review.

Honorable Margo A. Rocconi, Central District of California, official web page.

The abbreviation CRD stands for the Courtroom Deputy Clerk assigned to assist the judge. I am also not saying this rule was not followed, that an AUSA attorney or FBI did not contact the CRD. I do not know. I am noting here that this “encouragement” – not an rule exactly – is included for good reason. It is a type of quality control suggestion to try prevent mistakes, to prevent leaks of confidential information. Mistakes that may have happened in this case. Whenever humans are involved in following complex instructions, errors are possible, even among the best of us. To err is human, to forgive is divine.

What I do know is that the attorneys, clerks and other courtroom professionals, including the CRDs, Baliffs, USAs, AUSAs and Judges, all of them involved in the judicial process, are a cut far above average. They are top notch professionals, well known in the Bar for their integrity and honesty. I do not think that any of them would intentionally leak the secret warrant in this case to the API, or anyone. That would be a blatant violation of their duties.

Instead, I suspect human error is to blame, a simple, but unfortunate accident. Aside from the universal good character and honesty of these persons, consider the complexity of the combined paper and e-filing tasks. Although filing an application for a warrant is a daily occurrence in most every federal court, especially one as busy as the court in Los Angeles, it is still very complex. In any complicated system like this, especially one equipped with lowest-bid technology, far from state of the art, it is easy to happen. It is often just too complicated for people having to act fast under a lot of pressure. Mistakes happen. That is why pilots and surgeons all use checklists. Lives are at stake.

Federal court technology has always been underfunded, so has staffing. The technology has relatively few built in computer quality controls to prevent or catch mistakes like this. Mistakes can only be reduced and controlled, in any system, never eliminated entirely. Even with the best controls and unlimited budges, mistakes happen when high volumes of complex tasks are involved. Again, LA District Court is one of the busiest courts in the country.

To better understand the complexity and potential confusion, consider Paragraph 19 of Judge Rocconi’s procedures on point to this discussion, which states:

Document Duty E-Filing Requirements: In accordance with General Order 19-01, counsel, after receiving the necessary notification email from the Clerk’s office, shall inform chambers that a criminal duty matter has been filed and is ready for review by sending an email to the appropriate criminal duty email address MAR_CrimDuty@cacd.uscourts.gov (link sends e-mail), which is different from Judge Rocconi’s Chambers email address. Counsel should follow the procedures outlined below:

a. Title and Content of Counsel’s email: The title of the email should include the case number(s), and the email should also include the contact information for the AUSA and agent. If you are sending an agent with documents filed in more than one case, the title of your email must identify the case number for each case e.g., “U.S. v. Search Warrant, 99-MJ-99999 and 88-MJ-88888”. The Judge is not aware of cases that are filed unless you identify the case number assigned to those cases in the title of your email(s) to her criminal duty email address.

b. Attachments: Courtesy copies in .pdf format of all documents for the Judge’s review.

c. Timing: Do not email chambers before being notified by the Clerk’s Office that access has been granted to the sealed docket.

d. Sending the Agent: If an e-filed matter requires an agent’s signature, chambers’ staff will notify the AUSA and/or agent when the agent should come to chambers. If conformed copies are needed, the agent should bring the necessary copies. Further instructions may be obtained by downloading the Criminal Duty Matters Electronic Filing Pilot Project User Manual located on the Clerk’s Office website under E-filing.

Honorable Margo A. Rocconi, Central District of California, official web page.

Other rules apply here as well, not only Judge Rocconi’s, but also the rules of the Central District Court of California. See for instance the Court’s Rules on Sealed Documents. Consider especially this portion of the original that is in bold.

If you believe you have e-filed a document incorrectly, resulting in a confidential document being publicly filed, please contact both the Court Room Deputy and the Help Desk (213-894-0242 or ecf-helpdesk@cacd.uscourts.gov (link sends e-mail)), explaining the error.  Then, if you have not already done so, e-file an Application for Leave to File Under Seal pursuant to Local Rule 79-5.2.2.

There are many other rules in the court that can apply. One in particular is instructive, E-Filing Criminal Duty Matters. E-filing is a challenge for everyone. These instructions for Criminal Duty matters is just one of many e-filing instructions. This is complex and mistakes are easy to make with even simple e-filing tasks. There are seventeen Q&As regarding technical compliance included on the court page for Criminal Matters. Here is one, for example:

Question: For a search warrant application, should the notification email include a Word cover sheet and affidavit in one attachment?

Answer: No. Under General Order No. 19-01, it is generally not necessary to attach any documents to the notice email. However, you should check your judge’s Procedures and Schedules. If your judge requires that copies be emailed, the warrant and application should be emailed to chambers as flattened, single PDF documents. First, you would send one flattened (not fillable) PDF document that includes the warrant, attachments A and B, and the affidavit, if appropriate. Second, you would send one that has the application, attachments A & B, and the affidavit. This would be done instead of sending chambers the face page as one document and the affidavit as a different one. A sealing application and proposed order must also be sent as flattened PDF documents.

This should make apparent to most anyone the complexity of the e-filing system and how easily mistakes can happen. Reform to make the system easier would, I suspect, require significant expenditures in money for improved technology and for more personnel, including the hiring of many more Assistant United States Attorneys. It would also require greater educational efforts, perhaps requirements, of training for the whole Bar. Maybe someday robots will take over these perfunctory, technical filing tasks. See: my article on Robophobia.

Pacer Is Too Transparent And Does Not Do Enough to Protect Litigants’ Privacy Rights

I conclude the Application was filed online by accident, but that still does not explain how the API got it. My guess is a chance encounter, or perhaps the result of diligent research. Someone outside of the government, maybe the API directly, happened to see a new matter popped up on Pacer, saw it was hot, and downloaded or printed it. See: PACER: How Journalists Mine Records (National Press Foundation, 3/7/22.) Also see: Data in the Court: Judicial analytics in practice (Harvard Law School, Center on the Legal Profession) (Interview with Robert Ambrogi and others).

If it was not the API themselves who found the court information, then perhaps another entity, maybe one politically motivated found it, and they told API about it. The mentioned National Press Foundation page on Pacer is filled with Pacer related information, including reference to Lexis and West, and one tool I had not heard of, Sqoop. It supposedly allows journalists to track when new suits are filed. Does not look like it to me, but that’s what the Press Foundation says.

I have personally looked for this Allen case, or a related case, on Pacer via Lexis in a number of ways. I could find no trace. But that just shows it was later removed from Pacer, not that it was never on Pacer and thereby Lexis. So unless API comes forward and volunteers this information, highly unlikely, this will probably remain a mystery.

False Claims Act Case Have Sealed Records Too – My Story With Clerk Confidentiality Errors

Although I am not a criminal lawyer, I am, in addition to ediscovery, a False Claims Act lawyer. See eg. my website, FraudIsBad.com. Government fraud whistleblower complaints are filed under seal. Sometimes, if the government intervenes on a private relator filed case, criminal subpoenas, Grand Juries and criminal indictments happen. Fraudulent billing of the government is a crime.

Like all Qui Tam lawyers, I understand the importance of secrecy to fraud investigations. That is one reason the law permits us to sue someone for fraudulent billing under the False Claims Act, and not serve the complaint against the defendants. It is kept secret so that the government can evaluate the private relator’s evidence, and gather its own, if they deem warranted, and decide to take the case over, or not. They do this without any input from the defendants or even notice to them. They do this before the fraudsters have a chance to cover it up.

I have personal experience with mistakes in sealing documents in these types of cases and with keeping them off of Pacer entirely, which they should be, at first at least. Most Qui Tam lawyers probably do. One experience is from many years ago and another this year, 2022. The first one was back in the day when all District Court clerks in Florida were not too familiar with Qui Tam actions (they are now). One clerk simply decided, quite erroneously, to unseal it. They had never seen a False Claims Act case before and still were in the paper records sealing mindset. Not bad faith or anything, but a significant mistake none the less. The judge was not involved.

Wax Sealed Official Record

I found out about it very soon thereafter, and after a few curse words yelled loudly for stress release, I immediately prepared and filed a motion to have it resealed. When the motion finally got to the judge to decide a few days later, my motion was immediately granted. No harm no fowl. My relator client’s case, and my secret complaint against a major corporation, were sealed back up again, nice and tidy. Yet for almost a week anyone who cared to snoop around Pacer, and that was much harder to do back then, could have seen it. Someone could have been a hero to the big business I had sued by telling them about it. But nobody saw it, the odds of that happening back then were very remote. Not now.

Pacer was much less transparent and harder to access just a few years ago. So I was lucky. When the complaint was later unsealed after the government intervened, this big company was unpleasantly surprised. We had the evidence we needed to get them. A few years later (these cases move slowly), my client and I were paid handsomely, a share of the government’s recovery, for reporting the fraudulent billing. That happy ending could have been crushed by the Clerk’s Pacer blooper.

Pacer as an Information Governance Challenge

Pacer is now much more accessible than ever before. There are many more people just snooping around Pacer in certain topic areas. Some for legitimate reasons, some are probably just digging for dirt, sensational stories like we see in this case against General Allen. Using the language of the EDRM standard Risk and Security Reduction Model, the current Pacer system has far too much built in risk of exposure. This is especially true for confidential, supposedly sealed, electronic documents. The system is in need of reform, both policies and procedures. The current court system needs better, less complex, quality controls.

Looking at this problem from the information governance perspective, where another excellent EDRM model applies, there is a high risk of accidental disclosures in Pacer. The security protections, again both policies (court rules and Pacer rules) and procedures, need to be improved. Pacer and the federal court system need to improve their information governance. There needs to be a fair balance between judicial disclosure and privacy. Who will make these decisions? Who is in charge? Too many cooks, I suspect.

Like many law firms today, I have several standing searches where Lexis alerts me whenever certain kinds of cases are filed, or even whenever certain word patterns are used in any Pacer filing. See eg. LexisNexis, Search Court Dockets Online With Lexis Courtlink. That’s how I found out about the Seinfeld case. Many firms use this kind of Pacer watch service to compete with other firms for new cases when one of their past or current clients are sued. Kind of old hat marketing by now, since everybody does it. But it was once quite flashy and effective.

By accident in the past year I came across two new Qui Tam cases that had not been properly sealed. Had they been against one of my firm’s clients, I am not so sure what I would have done. (That’s not why I was searching. I just wanted to stay current on the latest developments in False Claims Act law.) If that did find an oops like that, involving a secret suit against a firm client, that would raise some challenging ethics questions. I will research that if and when the time ever comes (I hope never). In the two cases I’ve seen so far, which I talked to Lexis about, no clients were involved, and I did virtually nothing. All I did was look again later and see that the mistakes were quickly corrected, as I had hoped they would. If not, I probably would have informed the listed attorneys of the error. It’s the right thing to do.

That kind of ad hoc, random, review by individual attorneys and researchers is obviously an inadequate privacy risk protection system under any model of information governance. It is the opposite of governance. Can we afford that kind of chaos in online court filings and disclosures?

Pacer Needs to Be Tightened up To Protect Legitimate Privacy Rights

I can easily imagine that something like what happened to me in False Claims cases is what happened here in this criminal case. Maybe it was a chance discovery, or maybe it was discovered by some news corporation digging for a story. They and other organizations, some nefarious, perhaps foreign intelligence, must also have all kinds of standing searches of Pacer. Spies have always been digging for dirt against enemies to use against them or disrupt their society. Perhaps that is what happened here? Who knows, for instance, what portfolios Putin has on world leaders. You can bet the KGB has multiple standing searches on Pacer. They are other intelligence services are happy to exploit our open society, something not possible under totalitarian regimes.


I know this goes against the grain, but this case suggests that we should tighten up and reform Pacer. We should, at least, impose more quality controls with confidential documents. We should also give more leeway, more time, for the quality controls and correction of human errors to kick in before Pacer publication. Otherwise, as this case shows, unexpected, harmful consequences can all too easily follow. But see: Lynn Lopucki, Court System Transparency (Sept. 2007 Iowa Law Review 94(2)). This is out of balance right now and should be corrected. I am all for Pacer and judicial transparency, but this needs to be balanced against privacy rights. We need to guard the legitimate privacy rights of all litigants, including alleged criminals and fraud investigators, both public and private.

Pacer leaks can cause real damage. For instance, if the retired general, ex-President of Brookings is found innocent, or worse, is found to have been framed, then this error and Pacer openness could have ruined his life. Any person’s honor and integrity is priceless, especially that of a Four Star Marine General hero, one who put his life on the line for all of us many times. We need military heroes right now to defend our Constitution. In the United States of America we don’t swear an oath to an individual or a political party. General Allen swore an oath to “defend the Constitution against all enemies, foreign and domestic.” In our country, alone among all others, we swear an oath to a document, one guaranteeing our freedom, our life, liberty and justice. For me and the vast majority of Americans, that includes the right to government by the people, not despots, and privacy rights of all kinds.

All lawyers who are members of the Bar, and, of course, all judges too, make a similar, solemn oath of allegiance to uphold and protect the Constitution. We all take that seriously, well, almost all. Sometimes this means we have to keep our technology under control to protect our waning privacy rights. Even Superman needed privacy to change outfits. For us today, where there are no phone booths, no wax seals, and where so much is online, this means reform and better controls of online information, including Pacer, to protect our rights.

To bring this full circle, back to the Casablanca movie theme of nefarious government agents and allegiances, check out this stamp and recall the famous line, “Here’s looking at you, kid.” Pacer is a gold mine of public information, but litigants have privacy rights too, including the right to obtain lawful criminal warrants and do so, as the law provides, in secret. Criminal investigations have to start in private, so long as they are transparent when concluded. Then, they need to be looked at. The prosecution has strict disclosure duties at that time. Many other litigants have legitimate privacy rights that should be protected too. For example, this includes the rights of corporations to sue each other for trade secrecy violations without losing those secrets. They should be able to file trade secret information under seal to prove their case with confidence that foreign agents, or others, won’t be able to look at them. This means outside of the watchful eyes of Pacer. Don’t kid yourself Pacer. The bad guys, foreign governments and others with nefarious intent, are looking at you. Let’s do the right thing here and tighten up Pacer.

One Response to Examining a Leaked Criminal Warrant for Apple iCloud Data in a High Profile Case – Part 3

  1. […] after a hearing and due process. Sometimes this disclosure is accidental, as discussed in Examining a Leaked Criminal Warrant for Apple iCloud Data in a High Profile Case – Part 3, Part 2, and Part 1. Before the warrant, I have included an excerpt of Judge’s ruling that […]

%d bloggers like this: