Thursday, June 3, 2021
What Does the Supreme Court's Interpretation of the Computer Fraud Statute Mean for Cybersecurity
The Supreme Court issued the Van Buren case this morning, providing a strict interpretation to the words "intentionally accesses a computer without authorization or exceeds authorized access." It's a 6-3 decision with an odd mix of the players. Writing the majority opinion is Justice Barrett, joined by Justices Breyer, Sotomayor, Kagan, Gorsuch, and Kavanaugh. On the dissent writing the opinion is Justice Thomas, joined by Chief Justice Roberts and Justice Alito. In summary, the opinion holds:
"In sum, an individual 'exceeds authorized access' when he accesses a computer with authorization but then obtains information located in particular areas of the computer - such as files, folders, or databases - that are off limits to him. The parties agree that Van Buren accessed the law enforcement database system with authorization. The only question is whether Van Buren could use the system to retrieve license-plate information. Both sides agree that he could. Van Buren accordingly did not 'excee[d] authorized access' to the database, as the CFAA defines the phrase, even though he obtained information from the database for an improper purpose. We therefore reverse the contrary judgment of the Eleventh Circuit and remand the case for further proceedings consistent with this opinion."
So the question will be asked whether the Computer Fraud and Abuse Act should be rewritten to cover this conduct? Or perhaps civil remedies may be more appropriate here? Or should this be left to employment law?
With the importance of cybersecurity today, and the importance of focusing on those breaking into crucial computer systems, it seems like both the government and private industry need to be important gatekeepers in protecting information. This decision lets everyone know what is criminal under the statute and what is not, and now it needs to be determined how to better manage computer security.
June 3, 2021 in Computer Crime | Permalink | Comments (0)
Saturday, April 3, 2021
Be Careful What You Ask For: Third Circuit Vacates Two Sentences For Defense Breaches Of Plea Agreement
In two cases consolidated for appeal, U.S. v. Yusuf and U.S. v. Campbell, the Third Circuit reversed downward variances based on defense breaches of the plea agreement. Both cases came out of the District of New Jersey and both involved plea agreements that recognized the sentencing court's ability to downwardly vary, but forbade the defense from arguing for a departure or variance below the recommended Guidelines range. The agreements also forbade the government from arguing for a departure or variance above the recommended range. Yusuf pled guilty to aggravate identity theft and conspiracy to commit bank fraud. Campbell pled guilty to felon in possession. Both cases involved mitigating circumstances that typically garner downward variances. Both cases involved sympathetic judges who all but encouraged defense breaches based on their searching inquiries during sentencing. Both cases stand for the proposition that there is a difference between defense counsel presenting the sentencing judge with all relevant facts about the defendant and the offense, including mitigating facts, and defense counsel asking for a downward variance, either directly or through questions to the client. This distinction is critical for defense counsel to keep in mind, even in response to questions for the court. In Campbell, defense counsel had the client ask the court for no jail time. In Yusuf, a much closer case in the Third Circuit's view, defense counsel suggested a sentence below the recommended Guidelines range. The Court distinguished defense counsel's sentencing hearing arguments in Yusuf from those of counsel for Yusuf's co-defendant Adekunle. (Adekunle's case was not on appeal and he had been sentenced by a different judge.) Adekunle's lawyer had reminded the sentencing court of its duty to consider proportionality, and the sentences handed down to co-defendants, but never asked for a downward variance and reminded the court twice that she was bound by the plea agreement: "I am constrained from arguing a below guideline sentence." The government also argued in Campbell that presenting character letters to the court asking for probation violated the plea agreement. The Third Circuit declined to reach this issue, which had not been preserved at sentencing, based on its finding that counsel's arguments alone constituted a breach. The Court cautioned district court judges at sentencing, "to be particularly mindful of the strictures on counsel when plea agreement provisions like the ones here are in place."
April 3, 2021 in Computer Crime, Defense Counsel, Fraud, Judicial Opinions, Prosecutions, Prosecutors, Sentencing | Permalink | Comments (0)
Friday, July 13, 2018
The 400 lb hacker?
Special Counsel Robert Mueller's Office has clearly been working to get to the bottom of the alleged Russian interference with U.S. elections. Today a D.C. federal grand jury handed down an Indictment against "12 Russian nationals for their alleged roles in computer hacking conspiracies aimed at interfering in the 2016 U.S. elections." The special counsel's website notes that "the indictment charges 11 of the defendants with conspiracy to commit computer crimes, eight counts of aggravated identity theft, and conspiracy to launder money. Two defendants are charged with a separate conspiracy to commit computer crimes." The Indictment is here.
There are some interesting lines in the Indictment including: "The Conspirators, posing as Guccifer 2.0, also shared stolen documents with certain individuals." It states,
"On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, received a request for stolen documents from a candidate for the U.S. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate's opponent."
The indictment speaks about how "[t]he conspirators, posing as Guccifer 2.0, also communicated with U.S. persons about the release of stolen documents." It notes how the conspirators "wrote to a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump ..."
The Indictment states that "[i]n order to expand their interference in the 2016 U.S. presidential election, the Conspirators transferred many of the documents they stole from the DNC and the chairman of the Clinton Campaign to Organization 1."
One thing is clear in reading this indictment - Mueller is running a legitimate and important investigation and it needs to continue.
July 13, 2018 in Computer Crime, Corruption, Current Affairs, Investigations, News, Prosecutions, Prosecutors | Permalink | Comments (0)
Sunday, February 18, 2018
Mueller's Investigation & Recent Russian Indictments
The speaking indictments of this past week provide a clear trail to Russian individuals and entities allegedly interfering in the 2016 Presidential election. The choice of charges, which include conspiracy to defraud, are no surprise. An indictment under section 371 can take one of two avenues: conspiracy to commit a specific offense or conspiracy to defraud the government. This is a classic case for the defraud statute to be used, as it is the U.S. election process that is alleged to be compromised here. Several questions to consider here:
- Why has it taken so long for this indictment? Answer - it hasn't. Actually Mueller's team is moving faster than we often see in white collar cases where the investigation can take many years. In less than a year, the Special Counsel's Office has accumulated several cases (see here). Computer related cases can take even longer as tracking items on the web are not easy, especially when a perpetrator tries to mask its origin.
- Can the U.S. prosecute extraterritorial conduct? Answer - Yes and No. You will notice that the alleged conduct in this indictment either took place inside the U.S. or had an "affect" here in the U.S. Under principles of "objective territoriality," the U.S. has, in many instances, prosecuted conduct occurring outside the U.S. that has an effect in this country. As one who has been somewhat critical of objective territoriality, I have been a strong advocate for using what I term "defensive territoriality." Interfering in a U.S. election would most definitely fit the bill of conduct that the U.S. needs to defend against. Over the past few years, the Supreme Court has wrestled with the issue of the application of different U.S. statutes for conduct occurring outside this country. A three-fold response here: 1) this is not extraterritorial conduct, 2) even if it is extraterritorial, there are enough acts in this country to allow for jurisdiction here, and 3) the U.S. needs to defend its election process.
- Can the government bring the charged Russians to the U.S.? Answer - It may be difficult here. Do we think that the Russian government will be turning over these individuals for a U.S. prosecution? Without a U.S.-Russian extradition treaty the chances of this happening are diminished. Perhaps one of them will travel to a country where the U.S. does have an extradition treaty (see here). Other methods exist, such as luring (see here), but the international community frowns on its use. Prosecuting these individuals/entities are less important than letting the public know that our election process has allegedly been the subject of attacks from Russia. Mueller's team definitely accomplishes this here.
The more interesting Information and Statement of the Offense relates to Richard Pinedo, a cooperating witness who has a plea agreement for a violation of section 1028. Although the Information has section 1028 on it, it also is termed identity fraud and speaks to an alleged violation of the wire fraud statute found in section 1343. The Information only speaks about a Count One. Whether there is another document with other counts is unknown. We saw this previously with the Informations of Michael Flynn and George Papadopoulos, so it is doubtful that the use of "1" without a "2" is significant. The special counsel's website has "et al" after Pinedo's name, but no other names listed. Other Indictments and Informations on the Special Counsel's website do not have "et al." (See Flynn, Manafort, Gates, and Papadopoulos). The Pinedo Information says it was filed on February 7, 2018, as "sealed." The header on the understanding for the plea is also marked sealed, but dated February 12, 2018. All of this may be nothing, but it is interesting to note. Finally, kudos to the special counsel's team for writing a plea that does not include offensive language such as a waiver of any possible claims of ineffective assistance of counsel. These documents go a step further to allow for such claims to be brought by the accused even though they are pleading guilty. Ethically, this is the way a plea should be written, but some past documents in some US Attorneys' Offices have not always done this. The Florida Ethics Board went so far as to issue an ethics opinion prohibiting waivers of ineffective assistance of counsel (see here). So Mueller's team taking the high road on the wording of its pleas, is nice to see.
What happens next? The Mueller team may know, but we don't. So stay tuned.
February 18, 2018 in Computer Crime, Current Affairs, Fraud, Prosecutions, Prosecutors | Permalink | Comments (0)
Saturday, May 3, 2014
Cyberstalking Statute Survives First Amednment Challenges in the First Circuit
Yesterday in United States v. Shawn Sayer, the First Circuit ruled that that a portion of the federal cyberstalking statute, 18 U.S.C. Section 2261A (2) (A), is constitutional as applied to defendant Sayer's actions and is not facially overbroad. The Court held that Sayer waived his void for vagueness challenge. The facts were undisputed and the case involved a multi-year effort by Sayer to harass his ex-lover by, among other things, posting their intimate sex tapes on pornographic web sites and inviting male strangers to contact her for sexual activity. The Court also approved the trial court's upward variance/departure.
May 3, 2014 in Computer Crime, Judicial Opinions | Permalink | Comments (0) | TrackBack (0)
Monday, April 22, 2013
Will the "Public Safety Emergency Exception" Apply in White-Collar Cases?
The government decision to delay Miranda warnings, and also the first appearance before a judge and the assignment of counsel, for Dzhokhar Tsarnaev, the surviving alleged Boston Marathon bomber, was a tactical one, no doubt based largely on an evaluation that any admission Tsarnaev makes is unnecessary to a government case (eyewitnesses, an admission, videotapes, possession of explosives, flight, etc.) which appears to be overwhelming.
The broad "public safety emergency exception" which the government asserts is a questionable Department of Justice attempt to expand the narrow exception announced in New York v. Quarles, 467 U.S. 649 (1984). The government's aggressive stance is based in part on a belief that Miranda does not prescribe a procedural requirement for police questioning, but is only a prerequisite for the admissibility at trial of statements made by a defendant. Under such reasoning, government agents are free to violate the dictates of Miranda (and perhaps other constitutional rights) with no harm to their case except a return to the status quo ante.
Aggressive law enforcement tactics against criminal suspects accused of particular heinous crimes, such as terrorism, murder, kidnapping and large-scale drug dealing, gradually work their way into the general law enforcement toolbox. Tactics used against drug dealers and organized crime figures, such as extensive electronic surveillance, undercover agents, forfeiture of assets and disallowance of attorneys' fees, and exceedingly high bail requests, for instance, are no longer uncommon in white collar cases.
I wonder whether the "public safety emergency exception" is so far off. If it is acceptable under this exception to allow the government to disregard Miranda and Federal Rule of Criminal Procedure 5(a)(1)(A) (requiring agents to bring one arrested before a court "without necessary delay") in order ostensibly to prevent future terrorist crimes, will it also become acceptable to detain for 48 hours and question without Miranda warnings, for instance, those who have provided inside information about unknown persons to whom they might have provided such information in order to deter imminent or future insider trading or those who have hacked computers about accomplices or others who might commit imminent or future computer crimes?
April 22, 2013 in Computer Crime, Current Affairs, Insider Trading, News, Privileges | Permalink | Comments (1) | TrackBack (0)
Thursday, March 7, 2013
AG Holder's Defense of Swartz Prosecution is Troubling
Attorney General Eric Holder yesterday defended the Department of Justice's treatment of Aaron Swartz, the 26 year-old internet activist who committed suicide three months before his scheduled trial in federal court in Boston. Specifically, Holder, in response to questioning by Sen. John Cornyn, a Texas Republican, defended the prosecution by citing the plea offer, stating, "There was never an intention for him to go to jail for longer than a 3-, 4- potentially 5-month range . . . . Those, those offers were rejected."
Holder's response troubles me in at least two regards. First is his implicit belief that a five-month jail sentence for Swartz was lenient. Swartz' alleged crimes were clearly based on a heartfelt belief that the public was entitled to free access to knowledge, specifically to academic journals. He would receive no personal benefit for his actions. Perhaps in these days, where sentences of years in double digits are commonplace, a sentence of five months seems to Holder like a trip to Disneyland, but five months in jail for a fragile young man acting out of humanistic belief and causing only comparatively light physical damage does not seem lenient to me. Apparently, Swartz did not see it as light.
Second is Holder's further implicit assumption that government decency is satisfied by a reasonable plea offer and available only to those who plead guilty. Swartz was indicted originally for crimes theoretically punishable by up to 35 years in prison. Later, a superseding indictment which ratcheted the potential sentence up to 50 years was filed. Had Swartz exercised his constitutional right to go to trial and been convicted, I would have been shocked if the government would have sought a sentence of five months or less. Rather, it undoubtedly would have sought a long sentence, most likely in the sentencing guideline range of approximately seven years.
I do not condemn the government for prosecuting Swartz. Perhaps prosecuting him was cruel, but prosecutions are often cruel to defendants. Despite his noble intentions, Swartz arguably violated the law, and I do not believe a victim should control the decision to prosecute, one way or the other. I do not, however, believe that Swartz' purported crimes deserved the full-blown zealous prosecution they received. A prosecutor in the appropriate case should charge less than the most serious crimes available and not always exercise her power to the "full extent of the law." Prosecutorial decency, or prosecution discretion, should not be confined only to plea offers.
March 7, 2013 in Computer Crime, Current Affairs, Prosecutions, Prosecutors | Permalink | Comments (0) | TrackBack (0)
Thursday, January 3, 2013
New Scholarship - Cloud Computing
James B. Baldinger & Charles P. Short of CarltonFields have a new article titled Uncertainty in the Cloud: Changing Requirements for Disclosing Customer Data.
January 3, 2013 in Computer Crime, Scholarship | Permalink | Comments (0) | TrackBack (0)
Tuesday, August 14, 2012
New York D.A. Brings State Prosecution After Second Circuit Vacates Federal Conviction
Sergey Aleynikov, a former Goldman Sachs programmer whose federal conviction for stealing source code from the firm's computers had been vacated by the Second Circuit on the grounds that the statutes under which he was prosecuted did not cover his conduct, has been charged by Manhattan District Attorney Cyrus Vance with state charges relating to the same activities.
Arguably, the Fifth Amendment double jeopardy clause does not apply here because the United States and the State of New York are separate "sovereignties." That "dual sovereignties" exception to the double jeopardy clause has been occasionally questioned but generally remains in force. One possible exception that may apply here since presumably the D.A.'s case will rely on the federal investigation and prosecution (the federal case agent signed the affidavit supporting the state complaint) is when the two governments are acting in concert.
Although there may be no federal constitutional bar because of the "dual sovereignties," New York statutory law does in some circumstances preclude a state prosecution after a trial for the same or similar offenses in another jurisdiction. See New York Criminal Procedure Law Article 40. Additionally, there is always the possibility that eventually the New York Court of Appeals, which recently has dusted off the New York State Constitution's equivalent of the Bill of Rights (Article 1, Section 6) in Fourth Amendment Cases, may apply the state's constitutional double jeopardy bar more broadly than federal courts have applied the federal constitutional bar.
A New York Times article (see here) about the case quotes Joshua Dressler, an Ohio State University law professor, as saying that this case provides "an exceptionally justifiable reason for the state prosecutor to use a state law to bring a prosecution." I disagree. Mr. Aleynikov has already undergone the trauma and expense and disruption of life that a criminal trial entails. He has already served almost one year in prison for a crime he did not commit. Even if convicted on state charges, I predict he will never serve an additional day in jail.
Thus, in some ways Mr. Aleynikov is a poster boy for application of the double jeopardy clause. This case does not involve a situation in which a dismissal or acquittal in the initial proceeding was tainted by misconduct or was so bizarre that it seems viscerally unjust. Rather, Mr. Aleynikov's case was reversed by a highly-respected court because a highly-respected prosecutorial office charged and convicted him and sent him to prison under statutes that did not apply. This is not the kind of case that justifies a prosecutorial end-run around the Constitution.
The Department of Justice's "Petite Policy" concerning federal prosecutions after state trials, as it has been applied, militates against a second prosecution after an unsuccessful prosecution in another jurisdiction when the first prosecution was generally fair. Apparently, the New York County District Attorney has no such policy.
August 14, 2012 in Computer Crime, News, Prosecutors | Permalink | Comments (0) | TrackBack (0)
Wednesday, April 11, 2012
Computer Use is Not Always Computer Fraud
The Ninth Circuit en banc issued an opinion in the case of United States v. Nosal (Download US v Nosal 9th Cir 2012-04-10). It is not often that we see opinions that interpret section 1030, the Computer Fraud and Abuse Act. But it is also likely that this will be a hot area of the law as Hon. Kozinski, who authored the opinion in this case, begins with the line "[c]omputers have become an indispensable part of our daily lives."
The government charged the defendant with violations of 18 U.S.C.s 1030(a)(4) for allegedly "aiding and abetting" a companies employees "in 'exceed[ing their] authorized access' with intent to defraud." The trial court dismissed certain counts and the government appealed. In affirming the trial court's dismissal, the 9th Circuit states, "[b]asing criminal liability on violations of private computer use polices can transform whole categories of otherwise innocuous behavior into federal crimes simply because a computer is involved." The court finds that "[t]herefore, we hold that 'exceeds authorized access' in the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use."
The Ninth Circuit makes a point of noting the jurisdictional split that exists with respect to this issue. The court states,
"[w]e therefore respectfully decline to follow our sister circuits and urge them to reconsider instead. For our part, we continue to follow in the path blazed by Brekka, 581 F.3d 1127, and the growing number of courts that have reached the same conclusion. These courts recognize that the plain language of the CFAA 'target[s] the unauthorized procurement or alteration of information, not its misuse or misappropriation.'"
The decision uses the Rule of Lenity and sends word to Congress that if it "wants to incorporate misappropriation liability into the CFAA, it must speak more clearly."
The court rejects an argument we often hear from the government - trust us - we won't prosecute cases that should not be prosecuted. The court noted that most individuals are unaware of the terms of service agreements of internet providers including one major company that until recently "forbade minors from using its services." The court stated, "we shouldn’t have to live at the mercy of our local prosecutor. . . And it’s not clear we can trust the government when a tempting target comes along."(citations omitted).
(esp)(hat tip to Evan Jenness)
April 11, 2012 in Computer Crime, Judicial Opinions | Permalink | Comments (2) | TrackBack (0)
Sunday, January 22, 2012
The Center on National Security at Fordham Law has a news source that provides "weekly news round-up of articles, information, and opinions about cybersecurity and the laws, policies, and challenges - both domestic and global - that define the cyber world week to week." For more information, see here.
January 22, 2012 in Computer Crime, News | Permalink | Comments (1) | TrackBack (0)
Sunday, May 1, 2011
U.S. Government’s Misdeal in Online Poker Indictments
Guest blogger Chris Flood
Our gambling laws make about as much sense as the government banning gin, but not vodka, during Prohibition.
Some laws allow gambling, some encourage it and some ban it. You can run an online business for people to bet on horse races, but not on a poker hand. So, instead of collecting taxes on the $30 billion that is bet in this country every year on online poker sites run by offshore companies, our government is investing tax dollars in an attempt to close down the games. It’s time to fix this absurd system.
While our nation’s leaders fret over our debt, there are millions of American poker players willing to throw coins into tax coffers in order to test their skills. But the national love for Texas Hold ‘Em brings in no taxes while our prosecutors pursue the dealers.
On April 15, a day the online poker world dubbed Black Friday, the Justice Department unsealed indictments against 11 players in the online poker world, including the founders of popular sites PokerStars, Full Tilt Poker and Absolute Poker. The government also, at least temporarily, seized and shut down the websites. Using the Unlawful Internet Gambling Enforcement Act, a law passed in 2006 but steeped in archaic concepts of virtue, the feds are looking to convict these defendants and reap forfeitures of some $3 billion.
To identify those forfeited dollars, prosecutors had to build a complex case based on how people paid to play, including securing restraining orders on 75 bank accounts. Now, they will have to prove these 11 defendants guilty beyond a reasonable doubt. This complicated and greedy grab by the Justice Department is totally unnecessary.
The government is spending millions of dollars on the chance of raking in $3 billion. Who is gambling now? Why not instead collect a steady stream of tax dollars on online poker, like many other countries do every day?
Because our laws now make some online gambling legal and other online gambling illegal, we have a likely unconstitutional Unlawful Internet Gambling Enforcement Act. We also have to appease leaders in other World Trade Organization member countries who are miffed at our illogical and short-sighted law that violates the treaty in spirit and has ensnared offshore companies that run online poker sites. It is likely that WTO countries will come after the U.S. again for the April 15 round up.
We need not make this a no-limit game. The estimated 2.5 million Americans who play online poker know there is some skill to the game, unlike other sports that can be rigged. There can be online safeguards built in to stop underage players and to warn and screen for problem gamblers, just like casinos do on a regular basis.
We don’t need more charges of bank fraud and money laundering against poker companies. Instead, we need to end this madness with a solid challenge to the constitutionality of the Unlawful Internet Gambling Enforcement Act, which is aimed at preventing financial services firms from processing funds for online gambling. It’s worth noting that Congress hasn’t targeted the online poker players in this country, where lawmakers know full well its popularity.
Forbeshas reported that in 2009, online poker took in revenue of about $1.4 billion in the U.S. with PokerStars and Full Tilt, whose founders are now indicted, bringing in about 70 percent of the total. Let’s stop taking a double hit here. Stop spending to prosecute under an inconsistent law and start taxing online poker sites under the proven model used by other countries.
The current poker prosecution echoes “the Noble Experiment” of Prohibition. It is an attempt to enforce a morality that average citizens don’t find immoral. Just as the 18thAmendment to the U.S. Constitution begat the 21stAmendment to repeal it, if Congress won’t legalize online Poker, we should go all in and let the U.S. Supreme Court take a good look at this cockeyed prosecutorial tool.
Chris Flood is a Houston-based white- collar defense attorney and former prosecutor who represented the owner of BetonSports.com in what was the largest online gambling case in U.S. history until last month.
May 1, 2011 in Computer Crime | Permalink | Comments (4) | TrackBack (0)
Monday, February 21, 2011
DOJ Budget Request - Financial Fraud and Transnational Intellectual Property
DOJ's requested budget focuses a good bit on national security. But there is also money for continued activity on financial fraud. In a DOJ Press Release it states,
"The FY 2012 budget also supports the continued efforts to crack down on financial fraud. From August through December 2010, the Attorney General’s Financial Fraud Enforcement Task Force brought charges against over 500 criminal and civil defendants for fraud schemes that have harmed more than 120,000 victims throughout the country, involving more than $8.0 billion in estimated criminal losses and more than $2.1 billion in estimated civil losses. In addition, the FY 2012 budget requests $3.0 million of program increases for the Criminal Division for transnational enforcement of intellectual property law."
February 21, 2011 in Computer Crime, Fraud | Permalink | Comments (0) | TrackBack (0)
Friday, November 12, 2010
Picking the Wrong Person - Palin's Email Account
According to a DOJ Press Release, after a trial by jury the court issued a sentence of "one year and one day in prison for intentionally accessing without authorization the e-mail account of former Alaska governor Sarah Palin." The sentence was also for a misdemeanor obstruction of justice conviction premised upon his "deletions of records and documents with the intent to impede an anticipated FBI investigation." This individual was found not guilty of wire fraud and the jury failed to "reach a verdict on the identity theft charge."
It is good to see a prosecution and punishment for computer related offenses for activity that infringes on the computer privacy of another. But one also has to wonder if there would have been any case but for the fact that the victim was Sarah Palin.
November 12, 2010 in Celebrities, Computer Crime | Permalink | Comments (0) | TrackBack (0)
Thursday, September 30, 2010
NACDL's 6th Annual Defending the White Collar Case Seminar – “iDefense: Strategic & Ethical Issues in the Digital Age,” Thursday, September 30, 2010
Guest Blogger: Debra A. Karlstein, Spears & Imes LLP (New York, NY)
Moderator: Gerald B. Lefcourt
Panelists: Elkan Abramowitz, Daniel K. Gelb, Mark R. Hellerer and Eric V. Mazur
The panel was moderated by Gerald Lefcourt and included defense lawyers Elkan Abromowitz, Mark Hellerer, Daniel Gelb, and Eric Mazur, a forensic expert from Navigant Consulting.
Gerry introduced the panel, speaking about the sea change in the law and life arising out of the explosion of technological changes such as smart phones that have us carrying our personal information about all our contacts, our emails, a GPS device that allow others to know where we are at all times, our photos, and a history of our web browsing.
Elkan Abromowitz addressed three issues. First, Elkan spoke about the Fourth Amendment’s prohibition on unreasonable searches of papers and effects in the modern age when people have all types of private information on their computers, desktops or blackberries. The Ninth Circuit has held that law enforcement can look at information on a laptop at a border search – for any person entering or leaving the country–even in the absence of reasonable suspicion. (By contrast, reasonable suspicion is still required for a personal search, even though most of us carry far more information on our laptops than on our physical bodies!).
Second, Elkan spoke about the Balco case, in which the Ninth Circuit restricted the ability of law enforcement to obtain subpoenas that would allow the government to obtain information on computers that go beyond what was actually sought. En banc, the Ninth Circuit removed certain guidelines set forth in the original opinion, leaving some uncertainty about the proper breadth of a reasonable search in the context of a subpoena for computer records.
Third, Elkan spoke about the Quon case in the Supreme Court, which held that an employer can review emails sent on work computers and mobile devices issued by the employer–regardless of whether the employee has a reasonable expectation of privacy–as long as there is a non-investigatory workplace reason to do so.
Eric Mazur spoke about the exponential increase in the amount of data available and the ability of forensic experts to retrieve it.
Mark Hellerer also spoke about the increase in data and its impact on electronic discovery. In civil cases, the Sedona Conference has met annually to try to develop guidelines and best practices. In criminal cases, companies are faced with the daunting task of trying to respond to extremely broad subpoenas. Mark noted that there are certain limits on the proper scope of a grand jury’s investigative powers, and courts have at times been willing to apply Rule 17(c)’s limitation to quash–or more likely modify–unreasonably overbroad and unduly burdensome subpoenas.
Daniel Gelb talked about the statutory and constitutional limits on the reach of law enforcement with respect to electronically stored information in GPS devices, social media websites, et cetera. He noted that there is no reasonable expectation of privacy in comments posted on social media sites such as Facebook, even if directed only to a limited group of individuals such as “friends.” In addition, the government can often circumvent the need to obtain a search warrant upon a showing of probable cause by issuing a subpoena to cell phone providers who now collect GPS tracking devices.
Finally, the panelists discussed a hypothetical (based on an actual case in Washington, DC) involving a law firm partner who was prosecuted for obstruction of justice, along with his registered domestic partner and roommate, in connection with a homicide. Although the defendants were acquitted, the wife of the deceased brought a wrongful death lawsuit and has sought emails sent and received by the law firm partner on the firm’s computers.
September 30, 2010 in Computer Crime, Conferences, Searches, Web/Tech | Permalink | Comments (1) | TrackBack (0)
Monday, July 12, 2010
Identity Theft Crimes Increase
The Bureau of Justice Statistics Website, in a Report authored by Katrina Baum and Lynn Langton, is reporting that 2007 statistics show that identity theft is increasing. Specifically they note that "[t]he number of households with at least one member who experienced one or more types of identity theft increased 23% from 2005 to 2007." One can only imagine what the figures will show for 2010.
(esp) (w/ a hat tip to Ted Gest)
July 12, 2010 in Computer Crime, Think Tank Reports | Permalink | Comments (2) | TrackBack (0)
Thursday, October 1, 2009
NACDL's 5th Annual Defending the White Collar Case Seminar - "Cyberspace - The Black Hole Where Ethics, Strategy, and Technology Collide," Thursday, October 1, 2009
Guest Blogger: Cynthia Hujar Orr, President, National Association of Criminal Defense Lawyers
Panel Moderator: Gerald GoldsteinPanelists: AUSA Joey Blanch, Blair Brown, Marcia Hofmann, Alexander Southwell
Gerald Goldstein grabbed the attention of the NACDL White Collar seminar telling us that each time we hit the send button on the internet a new government exhibit is created.
Blair Brown spoke about the Balco Investigation, Comprehensive Drug Testing, case and its ground breaking opinions. They answered many previously unanswered questions regarding the operation of the plain view doctrine and appropriate limits and procedures for the execution for computer search warrants. The Baseball Players Association conducted anonymous testing in order to determine whether comprehensive drug testing should be imposed on the sport. However, a search warrant issued for drug test results for specific athletes and promised to screen and limit the search of the computers to records of specific athletes through off site screening procedures. The government rejected assistance on site to produce just the records that the government sought. In fact, the case agent viewed all of the records under the theory that they were in "plain view." Three separate district judges found the government acted in an outrageous fashion, executing general warrants. Blair explained the appropriate limits and procedures that the Court held should have been followed instead.
Alexander Southwell explained the government's application of the Computer Fraud Abuse Act to the public's use of social networks in the context of the Laurie Drew case. Drew had created a fake "my space" account culminating in the suicide of a young woman distressed by the postings from the fake site. The government pressed charges for formation of a fake account, criminalizing the violation of the terms and conditions of a social network. Drew was convicted and the court entered a judgment of acquittal from which the government has taken an appeal. Therefore, the story has not been written on the sweep of the Computer Fraud Abuse Act (CFAA), 18 U.S.C. Section 1030. He explained the difficulty of the criminal law to keep up with technology and the importance for criminal defense lawyers to push back when the government attempts to apply the criminal law to current social practices.
Marcia Hofmann working for the Electronic Frontier Foundation, a techie ACLU. She encouraged defense lawyers to reach out to EFF when confronting technical issues in your criminal cases. She discussed the evolution of the CFAA covering the cases that were the vehicles that expanded its use. Her discussion opened eyes about conduct that was not traditionally addressed by the criminal law.
AUSA Joey Blanch discussed child pornography in the age of the internet. Cases are exploding and proliferating. Every section of society in every walk of life ends up with people committing these crimes because people think they are anonymous on line. Blanch told the white collar lawyers that they will have a client with a child pornography case and explained how it could arise. Importantly, she discussed the new child pornography offenses effective in October of 2009. She also discussed the circuit split on the Mona Lisa defense. One of the new crimes is the Child Pornography Enterprise offense which creates a 20 year mandatory minimum for participation in child pornography internet groups. That was just the tip of the iceberg.
Using a hypothetical containing common real life circumstances the group guided the audience through what counsel should do in tough circumstances.
October 1, 2009 in Computer Crime, Conferences, Legal Ethics, Searches, Statutes, Web/Tech | Permalink | Comments (0) | TrackBack (0)
Tuesday, September 22, 2009
It is good to see another press article warning of the need to focus on Identity Theft. See Nirvi Shah, Miami Herald, Identity theft growing, getting harder to stop DOJ here has taken a positive step with respect to educating on this crime, and developed a website that provides information such as how to protect yourself from being a victim of identity theft and what to do if you become a victim.
But more is clearly needed. With the increased use of computers, and with the downturn in the economy - identity theft is ripe for growth. As noted by the FBI, it even shows up in the mortgage fraud area. See here
Recognition needs to be given to the fact that computer crimes are difficult to investigate and prove. More money and resources need to be focused on this problem and specifically earmarked for this type of criminality. This is not a place for government shortcuts that merely add new legislation or diminish individual rights in an effort to solve the problem. Instead of increasing sentencing - just prosecute the individuals who are committing the crimes. It's an area that necessitates hard police work to find the perpetrators and proceed with prosecutions.
September 22, 2009 in Computer Crime | Permalink | Comments (1) | TrackBack (0)
Wednesday, September 16, 2009
NACDL’s Sept. 16, 2009, White Collar Crime CLE – “The Strategy of Secrets: The Use of Classified Information in White Collar Cases”
Guest Blogger: Michael Price, Coordinator for National Security, National Association of Criminal Defense Lawyers (NACDL)
This evening we had the privilege of spending the last two hours learning first-hand from the lawyers who defended Zacarias Moussaoui, AIPAC lobbyist Steve Rosen, Wadih El-Hage, Mohamed El-Mezain, David Hicks, and Dr. Ali al-Timimi. They discussed the use of classified information -- both defensively and offensively – in criminal proceedings. Attorney Joshua Dratel, an NACDL board member and an expert in issues related to the use of classified evidence in criminal proceedings, moderated tonight’s panel. The panel also included attorneys Abbe D. Lowell, a partner in the law firm of McDermott Will & Emery LLP and head of the Firm’s White-Collar Criminal Defense practice group in Washington, D.C., and Edward B. MacMahon, Jr., who serves as a member of NACDL’s National Security Committee and, like Joshua Dratel, as an attorney with the John Adams Project, a joint effort of NACDL and the ACLU. You can read more about these esteemed panelists by simply clicking their names and linking to their biographies.
The Classified Information Procedures Act (“CIPA”) establishes detailed procedures for “matters relating to classified information that may arise in connection” with a prosecution. In essence, it regulates the use of classified information in criminal cases. In practice, it almost exclusively prohibits it. The ever-broadening definition of “national security” together with the incentives for law enforcement to characterize criminal matters as implicating “national security” render “the prospects of otherwise ‘ordinary’ white collar cases involving classified information and CIPA significantly greater,” Dratel explained as he introduced the subject matter of tonight’s panel.
In today's world, the use of evidence the government would rather keep secret has started to, and will continue to, seep into a wide range of federal criminal prosecutions. This panel of highly experienced white collar defenders provided strategic guidance in how to respond when the government claims the evidence in your case is classified as well as when a defender might use CIPA to their own advantage.
In addition to providing practitioners with a primer on fundamental CIPA principles, the panel brought to bear their own experiences as counsel in some of the highest profile criminal matters involving CIPA-related issues, including an extensive discussion of lessons from criminal cases including those of Zacarias Moussaoui and AIPAC lobbyist Steve Rosen. The panelists provided detailed examples of how CIPA issues can arise in white collar matters as well as guidance on (i) how to defend against the government’s invocation of CIPA to withhold classified material and (ii) how to offensively use CIPA to capitalize on the real or possible presence of classified material in aid of the defense.
The panelists explained, in detail, how CIPA, which is not a discovery device, will rear its head in a criminal case, specifically delineating the three general contexts in which it arises in a criminal matter. Ed MacMahon explained how “the first thing that happens is the issuance of an order establishing procedures under CIPA.” The panelists clearly and forcefully emphasized that the constitutional issues that are at play in a criminal proceeding demand that defense counsel constantly be mindful of the importance of the record they are making as they proceed. That said, MacMahon emphasized the importance of counsel not being afraid of CIPA. Though, as Lowell explained, dealing with CIPA issues can be “a very difficult and cumbersome process.” Indeed, often “judges are intimated by the statute,” Dratel said, adding that therefore knowledgeable defense counsel “can be a very important part of the judge’s education.”
The challenges, of course, are significant. For example, the panelists discussed that while the government has the right to take interlocutory appeals of various CIPA-related decision, the defense does not share a parallel right. In addition, while counsel for the defense may be able to secure some level of security clearance to gain access to certain information, in most circumstances the defendant cannot.
In sum, the panelists provided invaluable insight into both the defensive and offensive opportunities presented by this statute. They also provided concrete, practical guidance for conducting a defense where classified information is at play, such as how to leverage different federal agencies’ perceptions of the nature of information in their custody.
As the summer comes to a close, so does NACDL's White Collar Crime CLE Summer Series. But don't fret, if you weren't able to make it to one or more of these outstanding programs, you can purchase a recording of any or all of them here.
September 16, 2009 in Computer Crime | Permalink | Comments (0) | TrackBack (0)
Monday, August 17, 2009
Hacking Indictment - How Many Times Can You Indict The Same Person
DOJ issued a press release concerning an indictment of an individual charged with "conspiring to hack into computer networks supporting major American retail and financial organizations, and [allegedly] stealing data relating to more than 130 million credit and debit cards." The indictment is for the crimes of conspiracy and wire fraud conspiracy. He is accused of using a "sophisticated hacking technique" "which seeks to exploit computer networks by finding a way around the network’s firewall to steal credit and debit card information." Several corporations are said to be the victims. The press release tells that this individual has pending charges from the US Attorney's Office in the Eastern District of NY and the District of Massachusetts. The present indictment is from the US Attorneys Office for the District of New Jersey. Three different U.S. Attorneys Office against one person - well maybe more since it is a conspiracy being charged. It is good to see action being taken in identity theft and computer related cases, but I am wondering why three US Attorneys Office are needed here. Even if there are victims in three different districts, won't one or two prosecutions be enough?
See also Tampa Tribune (AP), Prosecutors: Man tapped into 130 million credit accounts
August 17, 2009 in Computer Crime, Fraud, Prosecutions | Permalink | Comments (1) | TrackBack (0)