I wouldn't jump to speculating the technique was illegal. The fact of the matter is that in a criminal trial the US Constitution gives those being prosecuted the right to face their accuser as well as examine tools the accuser used in an investigation. In this particular case the software which presumably uncovered their identity can come under scrutiny from the defense in the form of a source-code review. Without question the defense has the right to a source code review in an attempt to understand how the solution works and if it is trustworthy. Because it's the primary driver of the case and there is no case without it, the choice by the prosecution is to either hand over the source-code or drop the case. In this particular case they are valuing the closed source more than the criminal prosecution, likely to assure an analysis isn't leaked and provided to those who could patch against whatever exploit they are using.