Last heard, Robert William Erdely was employed at the Indiana County District Attorney’s office as an investigator. He is retired from the Pennsylvania State Police. Erdely is what would be considered a confidence man by some. Perhaps one of the most successful in recent times.
One of his goal’s seems to be the destruction of due process in cases involving the software suite known as Roundup , mainly the Torrential Downpour modules. To achieve conviction by accusation. Essentially by stating that the only evidence needed to convict is he and his cohorts secret tools. And a claim of having “seen” or “received” downloads of child pornography. As such most of this article will be referring to Mr. Erdely’s relationship with Torrential Downpour.
He was also the main, if not only so-called “authority”, concerning the COPS, ICACCOPS database. Up until the mid to late 2010’s he was supposedly the sole administrator of the database. Though this alleged authority is self-made as neither he nor anyone else involved in the production and use of these tools appear accountable to any level of oversight.
“As the lead instructor of this investigative software and a user of the software (TD). . . "
~ Affadavit of Robert Erdely, Case 3:17-cr-00095-SLG Document 215-4. File 09/27/19.
~ Robert-Herz,-Jeff-Fishbach_Webinar-Materials-081120.pdf. Page 78 / 488.
~ “NACDL - Challenging Digital Evidence Obtained through Roundup and Torrential Downpour.” NACDL - National Association of Criminal Defense Lawyers, 19 Nov. 2020, https://www.nacdl.org/Content/Webinar-Challenging-Digital-Evidence-Obtained-thro .
Particularly, Mr. Erdely has been credited with his involvement into the Roundup Software Suite as it being “the culmination of his efforts”, U.S. v OWENS, No. 18-CR-157, U.S. District Court Eastern District of Wisconsin Dec. 18, 2019. Also in Owens, Erdely declared himself as one of the developers of at least certain parts of the software.
He, and others, are inherently biased as their careers, finances, reputations, and egos depend on the supposed validity of the tools they themselves are salesmen for. Yet, he has been repeatedly inserted as a witness within criminal cases to testify to the alleged greatness of this software and it’s accompanying modules.
NOTE: The below information will likely be moved/integrated into the Torrential Downpour section upon release.
The amazingly insane and contradictory nature of Erdely’s existence has mostly strengthened over time, up until U.S. v. Schwier. In fact, within U.S. v. Schwier (2020), the judge originally notioned to the defense that all their testing of Torrential Downpour might be rendered invalid if the defense didn’t record their testing. This being that the defense testing, once completed, may not be usable as it would not meet Daubert standards without packet captures and possibly audio/video recording. The defense made a few rebuttals including the ones below.
…there is no other area of science where the reliability of the science is dependent on audio and video recording or capturing of the actual testing. See U.S. v. Schwier (2020).
…the reliability standard is addressed simply by the expert testifying about the procedures, the scientific procedures that were utilized in conducting the tests. See U.S. v. Schwier (2020).
Those same requirements almost placed on the defense’s testing, or any requirements at all, have ever been placed on the government at any point in the software’s history. The endless length’s the government will go through in order to have what many people know as “two sets of rules, one for you and one for us.”
Of course, all charges the government was attempting to put forth from the use of Torrential Downpour were dropped before the defense was able to conduct their testing. This allowed the government to continue to safeguard Torrential Downpour from scrutiny.
It should be repeatedly brought to light that the government, and Erdely as it’s face-man, refuses to allow anyone to challenge Roundup/TD/TDR. Anyone should think it would only benefit the government’s arguments if they allowed the testing so needed. Having third-parties verify work gives substance to reliability. However, this only works when information is shared. Which has been the absolute opposite stance of the government and Erdely.
That same exact judge in Schwier, as well as every judge to date, seems to sidestep any questions of validity by simply not imposing any requirements on the government or Erdely. Allowing pure testimony of Erdely or another agent to stand on it’s own. Which amazingly has been taken as “fact” despite absolutely no acceptable testing being done by third parties on the Roundup Tools. The government, at every level and office, absolutely refuses to meet it’s own alleged requirements, and has likewise refused to open their software to unbiased testing. Only occasionally, does Erdely provide a very carefully practiced “demonstration” of Torrential Downpour for the defense in an attempt to curtail any further seeking of discovery. Again, see U.S. v. Schwier in full to rebut such a paltry attempt to stifle truth; no one is interested in seeing Erdely’s sale pitch.
One argument from Erdely and the government is that the software is tested with “every investigation” undertaken with it. That simply, because law enforcement allegedly “can” produce arrests when using said Roundup software, this means ipso facto that Roundup has been properly and sufficiently tested.
The logic of Erdely’s argument is horribly flawed for at least three reasons.
The first reason is because the software must be fully available to all who wish to conduct testing. This applies even when third party intellectual property is involved as to constitute proper testing even in such a “black-box” fashion. Much like testing any other proprietary software, it’s components will none the less be made fully available. Such availability provided in the hope that such testing will verify the creator’s claims of input and output (this includes paid-for software). Black box testing by only a single group, especially by an inherently biased group, is by far one of the greatest shams. Such is the nature of the snake-oil salesmen, as it seems apparent that neither Erdely nor the government at large is capable of understanding basic scientific principles. To reinforce my own position arrived at even before U.S. v. Schwier:
“I see no scientific or investigative value to utilizing precious resources repeating Mr. Erdely’s ‘validation’ here in California. On the contrary, I refuse to be associated with the propagation of ‘junk science,’ as dictated by an apparently biased actor, who clearly doesn’t understand scientific method or computer security.”
“I have been working with sensitive files for a quarter-century. Many of the procedures used by the FBI today were first used and instructed by me.”
~ Expert Jeffrey Fischbach, U.S. v. Schwier 2020. Just two of many excellent pieces of information available from Schwier.
The second reason is because failure rates of cases originating from the use of this software are hidden at all cost. The only information given from “official” sources regarding the cases seem to provide only positive information. Information regarding failures in prosecution are only ever available, if at all, for a very short time-frame before being sealed by the court, redacted, and removed from publication by news agencies. It’s known that investigations using software such as Roundup, CPS (Child Protection System, alternative to Roundup), and Excipio (in copyright cases) have provided failed results. Those resulted in either no arrest, arrest which ended with dismissals or acquittals, or failed civil suites (Excipio). That information gathered from drudging through archives finding such failures in prosecution where that information hadn’t been completely eliminated yet. What isn’t known is the real numbers of such instances:
“But, what we don’t know – there’s sort of confirmation bias here. What we don’t know is how many log files are generated that don’t result in prosecution, or how many warrants are executed that don’t result – based on those log files that don’t result in prosecutions. We don’t have access to that information so there’s – we don’t have a way of evaluating whether the system is accurate in general or not.”
~ Expert Peyton Engel, U.S. v Owens 2019, e.g. U.S. v. Schwier 2020.
The third reason is a contradiction of rulings from the courts; whether those rulings be from ignorance, laziness, or corruption is immaterial. Take for example a particular argument being used by some defendants and rightfully should be, given Erdely’s likewise “ipso facto” argument that the software works as claimed. Essentially, that the government’s continuous refusal’s to allow the Roundup software to be acceptably tested proves ipso facto the government’s knowledge of flaws or features which violate Constitutional rights.
I add the implication of the governments recurring actions of dropping charges when defendant’s are successful at discovery to that standing. Despite the similarity of the arguments, judges have ruled to date that this argument is fine when used by Erdely and the government. However, a defendant that uses such an argument is shot down quickly.
Typically the rebuttal against the defendant is that it’s “more likely” the government simply wants to safeguard their software from falling into the wrong hands and “escaping into the wild.” There is of course a lie somewhere. The government’s claim is that, with the exception of performing ‘sole-source’ downloads, the software has no differences compared to publicly available BitTorrent software. If the software did what was claimed, and ONLY what was claimed (that being only performing sole source downloading), then there is absolutely no reason to keep it hidden.
Concerning Torrential Downpour and Torrential Downpour Receptor, the BitTorrent protocol is openly available. If Torrential Downpour adhered to that protocol there can be nothing to hide as the entire protocol is publicly known. Along the same point there is also no danger in having defendants learn how to “avoid being caught” by having the software tested. Every piece of both Roundup and CPS are easily avoidable with minimal learning and little to no monetary investment for those willing to use any search engine to find out how.
A second typical argument the government and Erdely love is to claim that their database contents would somehow leak out if someone would have access to the software therefore hindering investigations. This also has some lies somewhere as the database is not part of the software itself. Presumably this argument is focused around the collection of hash values used to identify contraband.
Even if someone were to have a full copy of their database it would make no difference to the world. Everything the government has collected in that database will have been in circulation before they would know about it, and those items aren’t going anywhere.
For discussion using the developers own logic from their publications, people wanting to find illegal material with lower technical literacy will not be affected by such a leak as they won’t know or won’t care.
“…these crimes are not committed by persons with great savvy. . .”.
“Anyone can trivially circumvent the has match, yet millions did not.”
“…we expect that generally application developers will not help unsavvy criminals nor aim to thwart tagging mechanisms.”
~ Liberatore, Marc, et al. “Strengthening Forensic Investigations of Child Pornography on P2P Networks.” Proceedings of the 6th International COnference, Association for Computing Machinery, 2010, pp. 1–12. ACM Digital Library, https://doi.org/10.1145/1921168.1921193 .
While people with higher technical literacy won’t be using anything like standard BitTorrent to conduct criminal activites as it’s long been associated with law enforcement investigations. In terms of BitTorrent, the most which could happen is that a global concensus would need to be reached by every person agreeing to abandon ALL current torrents - create ALL new torrents - and then begin circulating everything anew. Even if that impossibility were to happen, the government would simply keep Roundup running and have the new torrents added to the database.
Keeping the above in mind concerning access to the governments database it must also be said that to perform a true and complete testing - access to all parts of the system is required. A definitive examination would require a source code review. Consequently, Erdely has mostly retreated into silence since U.S. v Schwier was published and promoted by the NACDL at the end of 2020. Likewise for anyone following the news releases of alleged internet sex crimes - they would have noticed a significant shift away from cases involving P2P investigations beginning around the same time. The new golden goose is NCMEC reports provided by third-parties such as Google, Facebook, Yahoo, Dropbox, etc.