The US government has taken down another alleged leaker. Joshua Schulte, a former NSA and CIA operative, had his apartment raided by the feds last March. The raid targeted documents showing Schulte had leaked CIA hacking tools to Wikileaks (the "Vault 7" collection). But it uncovered a whole lot of child porn -- 10,000 images on Schulte's personal computer and his file-sharing server that held another 5 terabytes of data.

The first criminal complaint [PDF] by the DOJ contained nothing but child porn charges. It suggests the former government spook didn't practice much opsec when not on the clock. One IRC chat shows Schulte's aware encryption is sometimes only a temporary deterrent if the government really wants to find out what's been sent or shared. But then he apparently went on to provide the government with some easily-accessible evidence.

Based on my review of those Google Searches, I have learned, among other things, that on a number of occasions in or about 2011 and in or about 2012, SCHULTE appeared to search the Internet for child pornography. For example: (i) on or about April 9, 2011, SCHULTE conducted a Google Search for "child pornography" on at least three occasions; (ii) on or about October 15, 2011, SCHULTE conducted Google Searches for "movie where father videos daughter and friend sex" and "movie where father videos child porn"; and (iii) on or about May 15, 2012, SCHULTE conducted a Google Search for "female teenage body by year."

The recently-released superseding indictment [PDF] really starts stacking the charges. In addition to the child porn charges carried over from the original complaint, the government adds charges related to the leaked hacking tools, including unauthorized access with the intent of gathering classified info and theft of government property.

Then the charges get interesting. Schulte is charged with "causing transmission of a harmful computer program" for allegedly altering an intelligence agency "computer system" to give himself access to restricted areas of the system and cover up any evidence he had accessed these files. Apparently, this alteration resulted in other users being denied access.

There's the expected "lying to the feds" charges (making false statements, obstruction of justice) which show Schulte was very cooperative when being questioned about the child porn but apparently not so much when asked about purloined CIA data.

Rolling past the copy-pasted child porn charges, one reaches the most unexpected charge in the indictment: criminal copyright infringement.

From at least in or about September 2015, up to and including at least in or about August 2017, in the Southern District of New York and elsewhere, JOSHUA ADAM SCHULTE, the defendant, unlawfully, willfully, and knowingly did infringe copyrights by the reproduction and distribution, including by electronic means and by making it available on a computer network accessible to members of the public, during a 180-day period, of ten and more copies and phonorecords, of one and more copyrighted works, which had a total retail value of more than $2,500, to wit, without authorization, SCHULTE maintained a computer server that housed thousands of copyrighted movies, television shows, and audio recordings, which SCHULTE shared with others by electronic means and using the Internet.

This appears to refer to the server Schulte set up for IRC chat buddies. It's mentioned in a couple of chat transcripts and was, until 2017, accessible at cryptm.org. There's plenty archived at the Wayback Machine [click at your own risk, I suppose] but this server seems to be the source of the copyright infringement charge. Whether or not any of these files were actually downloaded isn't clear, but they were uploaded and accessible to site visitors. This short list of a small portion of the files hosted by Schulte on his server was put together by Jason Koebler and Lorenzo Franceschi-Bicchierai of Motherboard.

An archived version of his page there shows that he had files related to chess, an episode of South Park, a copy of The 40 Year Old Virgin, textbooks, C Programming textbooks, and a folder called “Facebook Convos.”

Speaking of Facebook, Schulte was apparently maintaining a diary of his criminal justice system experience. (Spoiler alert: it's unpleasant and broken.) The documents are worth reading for a firsthand look at the federal arraignment process and the unpleasant realities of being sentenced to house arrest (with no internet access privileges) while still supposedly an "innocent" person in the eyes of the Constitution. It does get a little weird when he claims he's only been charged with "victimless" crimes given what he's been charged with (leaking CIA hacking tools, child porn). But nothing's been proven beyond a reasonable doubt at this point, so maybe only the copyright infringement charge that will make the final cut.

As Parker Higgins points out on Twitter, this supremely weird addition should be viewed with apprehension. Copyright infringement happens all the time. Much of it has zero profit motive, but the government is apparently more than willing to selectively enforce this law if it seems it might push someone towards a plea deal and save it the trouble of having to prove its case.