Police blotter: Alleged al-Qaida hacker goes to court

Man accused of being a "sleeper agent" hacker working for Osama bin Laden seeks transfer from military custody.

Declan McCullagh
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
5 min read
"Police blotter" is a weekly CNET News.com report on the intersection of technology and the law.

What: Man designated by President Bush as "enemy combatant" who allegedly entered the United States to disrupt computer networks fights charges.

When: U.S. District Judge Henry Floyd in South Carolina rules on Aug. 8.

Outcome: Court rejects defendant's request.

What happened, according to court documents: Ali Saleh Kahlah al-Marri is a Qatari national who earned a bachelor's degree in business administration from Bradley University in Peoria, Ill., in the 1990s. On Sept. 10, 2001, he legally returned to the United States with his wife and children, saying he was going to obtain a master's degree from Bradley in computer science.

Three months later, the FBI arrested al-Marri in Peoria and held him as a "material witness" until he was indicted on Feb. 6, 2002, and again on Jan. 22, 2003. The charges include making false statements to the FBI, making false statements in a bank account application and using a fake ID for a bank account. Al-Marri has pleaded not guilty.

On June 23, 2003, President Bush designated al-Marri an "enemy combatant" and ordered that he be held in a military detention facility. Al-Marri was transported to the Naval Consolidated Brig in Charleston, S.C., and apparently is still being held in solitary confinement there today.

In July 2004, al-Marri's attorney filed a legal request for a "writ of habeas corpus," which would direct the military to produce its prisoner in open court. The Bush administration opposed the motion and submitted a declaration classified "secret" prepared by Jeffrey Rapp, the director of the Joint Intelligence Task Force for Combating Terrorism at the Defense Intelligence Agency.

Rapp's remarkable 16-page declaration (PDF), which is partially redacted, is what makes this case relevant to Police Blotter.

Rapp's declaration says al-Marri "met personally" with Osama bin Laden and was dispatched to the United States to "explore computer-hacking methods to disrupt bank records and the U.S. financial system." In addition, Rapp claims, "al-Marri was trained by al-Qaida in the use of poisons and had detailed information concerning poisonous chemicals stored on his laptop computer."

"Al-Qaida instructed al-Marri to explore possibilities for hacking into the mainframe computers of banks with the objective of wreaking havoc on U.S. banking records," Rapp said. The FBI reported that a probe of al-Marri's laptop showed bookmarks to Web pages describing how to make potassium cynanide, hydrogen cyanide and other poisons.

Finally, the declaration claimed, al-Marri's laptop had "numerous computer programs typically utilized by computer hackers; 'proxy' computer software which can be utilized to hide a user's origin or identity when connected to the Internet; and bookmarked lists of favorite Web sites apparently devoted to computer hacking." The FBI also reported finding a list of 36 stolen credit card numbers on the laptop.

Normally, that kind of written someone-told-me declaration would be considered "hearsay" and not directly admissible in a criminal proceeding. But U.S. District Judge Henry Floyd ruled that in the Hamdi v. Rumsfeld case, the Supreme Court said proceedings against alleged enemy combatants can be reworked to permit hearsay evidence.

Floyd ruled that the test would be this: Whether al-Marri's lawyers had "more persuasive evidence" than that presented by the Department of Justice, a reversal of the normal burden of proof that says defendants are innocent until proven guilty.

For their part, al-Marri's attorneys objected to this (PDF), saying "Rapp has no personal knowledge of any asserted facts" and that their client has the right to call witnesses on his behalf. (Rapp's declaration said only that the information in it was "derived from specific intelligence sources" that are "highly classified.")

In a normal criminal proceeding, al-Marri's lawyers would have had a good argument. There's not much difference between computer hacking and computer security research, after all, and plenty of graduate students in computer science are intellectually curious about these topics. What's more, the names of Web sites al-Marri allegedly had bookmarked weren't even divulged in the declaration, nor did his attorneys have a chance to review the laptop for themselves.

In the end, Floyd sided with the Bush administration. He ruled that al-Marri "has received notice of the factual basis supporting his detention and has been afforded a meaningful opportunity to rebut that evidence," and he denied the writ of habeas corpus.

Excerpt from Judge Floyd's opinion: Hamdi, then, clearly permits the introduction of the Rapp declaration by respondent at this initial stage of the enemy combatant proceeding...Having determined that Hamdi authorizes the consideration of hearsay evidence at the initial stage of this enemy combatant proceeding, the court need go no further. Whether the Rapp declaration would be admissible during the later phases of such a proceeding is not a question before the court today.

Hamdi provides that once the government has offered evidence in support of its continued detention of an alleged enemy combatant, the detainee must be permitted "to present his own factual case to rebut the government's return." In so doing, the detainee must present "more persuasive evidence" to overcome the facts offered by the government.

As summarized by the magistrate judge, the petitioner asserts:
A. He is a civilian who came to the United States lawfully to pursue a graduate degree at Bradley University.
B. He denies he came to the United States as an al-Qaida "sleeper agent" or he was otherwise a member of, or affiliated with, al-Qaida.
C. He generally denies the allegations contained in the Rapp declaration as well as his designation as an "enemy combatant."
D. He denies he entered the United States to commit "hostile or warlike acts," including acts of terrorism, or he is otherwise a member of, or affiliated with, al-Qaida.

Despite being given numerous opportunities to come forward with evidence supporting this general denial, petitioner has refused to do so. Instead, he stated, "petitioner respectfully declines at this time the Court's invitation to assume the burden of proving his own innocence, a burden that is unconstitutional, unlawful, and un-American."

As the magistrate judge noted, this stance by petitioner ignores his responsibility to prosecute this habeas action...Petitioner also neglects his burden of persuasion on this habeas petition. Most importantly--and most critically for petitioner--petitioner's refusal to participate at this stage renders the government's assertions uncontested. This leaves the court with "nothing specific...to dispute even the simplest of assertions (by the government), which (petitioner) could easily" refute, were they inaccurate. This puts petitioner in an untenable position.