As the parties are aware, Schulte is accused of stealing and disclosing classified information from DEVLAN, an isolated, highly secure CIA computer network used to develop cyber tools. The ESXi and NetApp servers are two of the three servers that constitute DEVLAN. In addition to the role these two servers are alleged to have played in the events at issue here, each contains significant amounts of classified information entirely unrelated to Schulte's work at the CIA and the charges he stands accused of.

For the reasons set forth below, the motion is DENIED. However, the Government is reminded of its disclosure obligations under, inter alia, Fed. R. Crim. P. 16(a)(1)(E), Fed. R. Crim. P. 16(a)(1)(G), and Brady v. Maryland, 373 U.S. 83 (1963).

On July 22, 2019, months prior to the 2020 Trial, the Court issued an order (the “CIPA § 4 Order”) pursuant to Section 4 of the Classified Information Procedures Act, 18 U.S.C. App. 3 (“CIPA”) and Fed. R. Crim. P. 16(d)(1). (CIPA § 4 Order, Dkt. 124.) This order was the product of extensive CIPA § 4 briefing and other written submissions regarding discovery disputes, joint discovery conferences, ex parte hearings with the Government, ex parte meetings with defense counsel to learn about Schulte's defense and discovery needs, and the Court's own review of specific materials withheld in discovery—including information from and relating to the ESXi and NetApp servers. (See id.) Throughout this process, the Court placed itself “in the shoes of defense counsel, the very ones that cannot see the classified record, and ... with a view to their interests” to determine whether the withheld data might be relevant and helpful to the defense. United States v. Amawi, 695 F.3d 457, 471 (6th Cir. 2012).

In the CIPA § 4 Order, the Court reviewed and endorsed the Government's methodology for identifying and excluding irrelevant and classified materials, along with the Government's resulting decision not to produce a complete forensic copy of DEVLAN encompassing the ESXi, NetAPP, and Stash servers. (CIPA § 4 Order at 10.) In denying Schulte comprehensive access to DEVLAN, however, the Court added that it would consider ordering additional production of forensic data “if Schulte submits a more tailored request and provides good reason for further forensic discovery in a motion to compel.” (Id. at 12.)

The parties do not ask the Court to reconsider the CIPA § 4 Order, nor to undertake a fresh, full-fledged ex parte review of the materials Schulte seeks in the instant motion. The Court thus refers the parties to its analysis in the CIPA § 4 Order, and herein addresses the specific justifications Schulte offers in pursuit of comprehensive access to the ESXi and NetApp mirror images, which the Court finds no more compelling than the prospect of permitting Schulte unfettered access to DEVLAN.

At the outset, as this Court noted in the CIPA § 4 Order, both sides have strong interests in forensic discovery. (CIPA § 4 Order at 12.) Schulte's interest in disclosure of relevant forensic evidence is significant: rebutting the Government's own use of forensic evidence taken from DEVLAN, including the ESXi and NetApp servers, to support the theory that Schulte was responsible for the theft and disclosure of the leaked data. The Government's interest, on behalf of the public, in protecting against the flow of classified information pertaining to national security is also significant. CIPA was “designed to establish procedures to harmonize” these two interests. United States v. Pappas, 94 F.3d 795, 799 (2d Cir. 1996). Guided by CIPA, the parties have collaborated in identifying and exchanging what the Court in its CIPA § 4 Order characterized as an “unprecedented volume of classified discovery.” (CIPA § 4 Order at 11.) Further, the Court has advised Schulte of the relief he may seek when he believes this process has resulted in under-disclosure: while he is not entitled to comprehensive DEVLAN access, he may move this Court for more tailored discovery. (See id. at 12.)

The instant motion is no more meaningfully tailored than Schulte's prior request for a full forensic copy of DEVLAN. The Court's concern with the prior request was not simply that he was seeking unfettered access to all DEVLAN servers, but also that he was seeking unfettered access to each individual DEVLAN server in its entirety. In this respect, the instant motion is no different. Schulte seeks mirror images—or exact copies—of two of the three servers that constitute DEVLAN. Although Schulte has assuredly shaved one server, the Stash server, from his prior DEVLAN disclosure request, he still articulates no specific rationale for why he should be entitled to mirror images of two entire servers containing troves of classified material with no relevance to this action whatsoever. The ESXi server contains data related to an array of classified programs with no relationship to Schulte's work at the CIA, much less the charges against him. Likewise, the NetApp server contains folders for individual employees’ work product, final cyber tool products, and daily backups of DEVLAN's components, the vast majority of which are unrelated to this case. To be sure, the servers do also contain materials of significance to this case, and to that end, the parties have coordinated the disclosure of a substantial volume of classified and unclassified data.

Schulte insists he is entitled to more, He contends that, because the Government's expert in the 2020 Trial was given access to these mirror images, he is per se entitled to the same access. He argues that the ESXi server and NetApp server constitute a significant portion of the “forensic crime scene” in this case and that he cannot be denied free rein to investigate that crime scene. (Def. Letter at 1, Dkt. 488.) But these assertions paint an incomplete picture. The cases Schulte relies upon in support of his equal access theory are not CIPA cases. See, e.g., United States v. Ganias, 824 F.3d 199 (2d Cir. 2016) (tax evasion); United States v. Shrake, 515 F.3d 743 (7th Cir. 2008) (child pornography); United States v. Kimoto, 588 F.3d 464 (7th Cir, 2009) (fraud); United States v. Hill, 322 F. Supp. 2d 1081 (C.D. Cal. 2004), aff'd, 459 F.3d 966 (9th Cir. 2006) (child pornography). Because none involve classified information, they do not implicate any of the national security factors that constraint discovery in cases like Schulte's, nor any of the dangers to the public of over-disclosure—particularly where, as here, the party seeking that disclosure is accused of stealing the very same kind of information, and indeed has already been convicted of violating this Court's protective order regarding classified discovery. The Court therefore finds these cases inapposite to resolving the instant motion under CIPA, which directs the Court to “balance[e] the ‘public interest in protecting the flow of information against the individual's right to prepare his defense.’ ” United States v. Mostafa, 992 F. Supp. 2d 335, 338 (S.D.N.Y. 2014) (quoting Roviaro v. United States, 353 U.S. 53, 62 (1957)).

While the Court is not unsympathetic to Schulte's concerns, under CIPA, it simply cannot authorize the wholesale sifting of haystacks of irrelevant, sensitive national security information based on the speculative, theoretical hope of discovering an as-yet-undisclosed needle of relevance. See Mostafa, 992 F. Supp. at 338 (S.D.N.Y. 2014); United States v. Yunis, 867 F.2d 617, 623–24 (D.C. Cir. 1989). As the Court has previously held, to do so would be to undermine the fundamental purpose of CIPA.

Nevertheless, the Court notes that in his filings, Schulte has detailed observations and opinions offered by the Government's expert in the 2020 Trial and claimed that a lack of disclosure precluded Schulte from meaningfully challenging that testimony. (See Def. Mistrial Mot. at 8–12.) The Court takes these concerns seriously, and cautions the Government of its disclosure obligations under, inter alia, Fed. R. Crim. P. 16(a)(1)(E), Fed. R. Crim. P. 16(a)(1)(G), and Brady. Should the Government fail to meet these obligations, the Court again leaves open the possibility of ordering additional production of forensic data if Schulte submits, and can justify, a more tailored request.

The Clerk of Court is directed to terminate the motions at ECF 420 and ECF 328.[2]

SO ORDERED

Because prospective disclosure of the ESXi and FS01 servers has been discussed at several points throughout Schulte's criminal proceedings, for administrative ease, the Court here documents the primary relevant docket entries. Schulte's mistrial motion at ECF 328, based on these and other grounds, was opposed by the Government at ECF 329, prompting Schulte's reply at ECF 331. Schulte renewed his request for disclosure of the CIA servers at ECF 420, the Government again opposed at ECF 423, and Schulte again replied at ECF 431. Schulte has subsequently submitted letters at ECF 488 and ECF 504 that again address the matter.

As the Court noted earlier, Schulte previously raised the ESXi and NetApp server discovery issue in the context of his mistrial motion filed during the 2020 Trial. (Def. Mistrial Mot. at 8–12.) At the conclusion of that trial, Schulte was convicted of two counts and a mistrial was granted on the remaining eight counts for which the jury was unable to reach a verdict. Because Schulte's original mistrial motion is therefore moot, as Schulte acknowledges in the instant motion (Def. Mot. at 1 n.1), the Clerk of Court is also directed to formally terminate the mistrial motion at ECF 328. Any outstanding issues raised in the motion at ECF 328 that were not mooted by the resolution of the 2020 Trial or resolved by the instant Order may be refiled.