I'm curious what a legal case would look like around steganography. "Trust that our system says that this string is embedded". Or would the prosecution be obliged to divulge the algorithm.

I believe it would be enough to demonstrate the functioning of the system in action - there was a crude UI that you could use to extract the string from the input document, so it would be easy to demonstrate the PDFs uploaded by the attacker to a given service do in fact contain that strings.

But in this particular point it wasn't even necessary. After a couple of months it turned out that the person who had been uploading the unprotected versions made a mistake and was located as a 20-something living with his parents in a small house in the East Coast. It was enough to notify them and the malicious activity stopped. The company wasn't interested in extracting every penny from the the kid (or his poor parents), they just wanted him to stop, and one letter from a lawyer was enough. If they wanted to go full steam, they would have involved the police and I'm sure they would have found quite a lot of incriminating evidence on his computer, but they were clear ruining someone else's life was not their aim.