Cybercrime Newsletter July-August 2017
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
Developments in Cyberspace Law
· An international law enforcement operation shut down AlphaBay, a “dark net” web site providing an anonymous marketplace for illegal goods operated by Alexandre Cazes, a Canadian citizen who reportedly committed suicide after his arrest. When the site was taken down, there were more than 250,000 listings for illicit drugs and toxic chemicals and another 100,000 listings for other illegal goods and services.
· Forty percent of adults have personally experienced online harassment, and two thirds of them consider it to be a major problem, according to a Pew Research Center survey of 4,248 U.S. adults. The survey found that although some of those harassments could be ignored or shrugged off as a nuisance of online life, nearly one in five surveyed have been subjected to severe forms of harassment, such as physical threats or stalking.
· American Airlines and the TSA are teaming up to test a new 3D scanner at Phoenix Sky Harbor International Airport that will allow passengers to keep liquids in their carry-on bags. The scanner has an x-ray camera that can rotate the images so bags can be more thoroughly analyzed.
· The U.S. Supreme Court held without dissent in Packingham v North Carolina that a North Carolina statute banning registered sex offenders from accessing social networking sites that allow minors to become members violates the First Amendment’s Free Speech Clause.
· The Ninth Circuit Court of Appeals affirmed a district court order denying petitions brought by phone network operator Credo Mobile and cloud distribution provider CloudFlare to set aside information requests and nondisclosure requirements in national security letters that the FBI issued to them. The court concluded that the nondisclosure requirement, which bars service providers from telling users about the government request, is a content-based restriction on speech that is both subject to and withstands strict scrutiny, and therefore does not violate the Constitution. Under Seal v. Sessions.
· The Canadian Supreme Court ruled that Google must deindex the website of Datalink Technology Gateways, a company found by a lower court to have unlawfully relabeled and sold a competitor’s products. The court said deindexing was the only practical way to prevent Datalink from defying the court’s orders. Google Inc. v. Equustek Solutions Inc.
· The SEC said in a report that “initial coin offerings” issuing digital tokens in exchange for money or digital currency may be subject to regulation under federal securities laws. The guidance was included in a report of investigation on the German group The DAO that used blockchain technology to raise $150 million, and although the SEC did not take enforcement action, it urged investors to be cautious.
· In other digital currency news, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a $110 million fine against digital currency exchange BTC and a $12 million fine against the exchange and operator Alexander Vinnik after unsealing an indictment in the U.S. District Court for the Northern District of California charging them with facilitating transactions for cybercriminals and reaping profits from their crimes.
· The U.S. District Court for the Southern District of New York sentenced Anthony Murgio, a restauranteur turned bitcoin fraud perpetrator, to 66 months in prison for his role in a criminal online operation. Murgio’s Coin.mx illegally exchanged millions of dollars for bitcoins, according to the indictment.
· A three judge panel of the Ninth Circuit Court of Appeals upheld the sentence of Matthew Keys, a former Reuters social media editor, who was convicted of violating the Computer Fraud and Abuse Act by helping hackers access the Los Angeles Times website. U.S. v. Keys.
· The Solicitors Regulatory Authority, the regulator for lawyers in England and Wales, issued a risk outlook report in which law firms reported a record number of cyberthefts in the first quarter of 2017, leading to losses of 3.2 million pounds ($4.2 million). The report highlighted the risks of phishing scams, malware, CEO fraud and identity theft.
Save the Date: Upcoming Webinar
The Multi-State Information Sharing & Analysis Center (MS-ISAC) is hosting a free webinar, “Sex, Lies and Mobile Devices: The Seedy Underworld of Mobile Security,” on August 17, 2017 at 3 pm ET (2 pm CT, 1 pm MT, 12 noon PT). It will address the level of personal data that is freely created by a mobile device; scenarios of how institutions plan to use or distribute your information without your consent; and prevention tactics to minimize your risk. Registration is required.
State Decisions of Interest
· The Florida Supreme Court ruled that the warrantless search of Christopher Carpenter’s cell phone violated his Fourth Amendment rights, and the good faith exception to the exclusionary rule did not apply because the intermediate appellate court case an officer relied on had been certified to the high court as a matter of great public importance, thus placing law enforcement officers on actual notice that the case was subject to further consideration. Carpenter v. State. Assistant Attorney General Virginia Harris represented the State.
· The New York Court of Appeals reversed, overturning Chris Price’s conviction because the People failed to establish the requisite authentication to render the photograph of Price holding a firearm and money admissible into evidence where 1) the victim could not identify the gun in the photo as the one held by the robber; 2) the photo was posted online several months before the robbery; 3) no witnesses testified the photo was a fair and accurate representation of the scene; and 4) the People failed to establish the website belonged to and was controlled by Price. People v. Price.
· An Ohio Court of Appeals found that defense counsel did not render ineffective assistance by refraining from filing a motion to suppress due to the lack of voluntary consent because Dezhane Dawson verbally consented to the search of her phone. State v. Dawson.
· Another Ohio Court of Appeals affirmed a lower court’s denial of Tony Pippin’s motions to suppress the contents of his cell phone because the “inevitable discovery” exception to the exclusionary rule applied. The court found even if an unlawful search occurred due to an unsigned warrant, the State proved by a reasonable probability that the videos on Pippin’s phone would have been, and in fact were, inevitably discovered due to the lawful subsequent warrant. State v. Pippin.
· A Texas Court of Appeals reversed, finding the trial court erred by granting substitute teacher Lauro Ruiz’ motion to suppress photographs, evidence and data obtained from the search of his cell phone by police officers because the school principal took possession of the cell phone with the intent to turn it over to law enforcement, which he did, and Ruiz failed to establish that the principal violated any law when he took possession of the phone. State v. Ruiz.
Federal Decisions of Interest
· The Tenth Circuit Court of Appeals reversed the U.S. District Court for the District of Colorado, finding the executing agents could reasonably rely on the magistrate judge’s authority to issue a warrant authorizing installation of software and the retrieval of information in the Eastern District of Virginia. U.S. v. Workman.
· The Fourth Circuit Court of Appeals found the U.S. District Court for the District of Maryland properly denied Russell Carrington’s suppression motion and admitted certain texts from his cell phone at trial because the phone was already in government custody pursuant to a lawful seizure, and the fact that the government did not review the texts on the phone until after the warrant’s expiration date was consistent with the warrant itself. U.S. v. Carrington.
State Legislative Update
· Connecticut enacted SB 975, a bill prohibiting municipalities from regulating unmanned aircraft. It is codified as Public Act no, 17-52.
· Connecticut also enacted HB 6041, which permits a nonprofit organization to sell or promote the sale of raffle tickets on the organization’s web site. It is codified as Public Act no. 17-161.
· Connecticut also enacted HB 7308, which establishes a task force to examine the use of body-worn recording equipment by police. It is codified as Public Act 17-225.
· Florida enacted HB 1027, which authorizes the operation of unmanned aircraft as personal delivery devices and is codified as Chapter 2017-150.
· Florida also enacted HB 699, which requires sexual predators and offenders to register each Internet identifier’s corresponding web site homepage or application software name with the Department of Law Enforcement, as well as report any changes. It is codified as Chapter 2017-170.
· Louisiana enacted SB 69, which provides that only the state can regulate drones. It is codified as Act 218.
· Michigan enacted HB 4427 which prohibits a recording made by a body-worn camera from disclosure under FOIA; requires such a recording to be retained for 30 days; and specifies that if a complaint against a law enforcement officer is made after the expiration of the retention period, there is no presumption that the recording would have provided corroboration of the litigant’s version of events. It is codified as Public Act 85 of 2017.
· North Carolina enacted HB 128, which prohibits use of an unmanned aircraft near a local confinement or state or federal correctional facility. It is chaptered as Ch. St. 153A-217, 15A-300.3
· Texas enacted <href="#navpanes=0">SB 2205, which implements minimum safety requirements and permits self-driving vehicles to operate on state roads, effective on September 1, 2017.
· Vermont enacted S. 72, which requires telemarketers to provide accurate caller identification information. It is codified as Act 66.
Federal Legislative Update
· The Senate passed S. 782, which would reauthorize the ICAC Task Force program. It has been forwarded to the House Judiciary Committee.
Cybercrime Initiatives in the Attorney General Community
· Thirty-four Attorneys General submitted an amicus brief asking the U.S. Supreme Court to review and reverse a lower court’s decision involving Microsoft data stored on a foreign server. The brief argues that the Supreme Court’s review is necessary to address the Second Circuit’s conclusion that a private company has unfettered discretion to shield evidence of a crime from law enforcement.
· Thirteen Attorneys General sent comments to the FCC in strong opposition to its proposal to repeal net neutrality rules, which allow consumers to access online content without interference or manipulation by an ISP.
· Arizona Attorney General Mark Brnovich announced that an Arizona Court of Appeals affirmed the convictions of Eric Stelljes and Laura Leinaar for operating an Internet café that was engaged in illegal sweepstakes gambling. Assistant Attorney Generals Todd Lawson and Maura Quigley handled the case.
· Colorado Attorney General Cynthia Coffman’s office is partnering with the Colorado Division of Homeland Security and Emergency Management’s READY Program to promote safe social media habits.
· Georgia Attorney General Chris Carr filed a lawsuit against Marvalay, dba “Spot Reservation” and “Rushcube,” accusing the company of defrauding consumers through misleading Internet advertising and deceptive sales practices. The company holds itself out as operating recreational activities nationwide, but in actually uses third party vendors for all bookings.
· Hawaii Attorney General Doug Chin announced that Shane Neal was indicted for electronic enticement of a child. The Hawaii ICAC Task Force investigated the case, which will be prosecuted by Attorney General Chin’s office.
· Idaho Attorney General Lawrence Wasden announced that ICAC Unit investigators arrested Stanley Schilling for alleged sexual exploitation of a child after receiving a CyberTip from NCMEC.
· Kentucky Attorney General Andy Beshear’s Cyber Crime Unit arrested Jeremy Summarell on four counts of possession of child pornography. Investigators found child pornography images and videos uploaded by Summarell onto a file sharing website.
· Louisiana Attorney General Jeff Landry’s Cyber Crime Unit arrested Cameron Fairley on 80 counts of possession of child pornography as well as 29 counts of child pornography depicting children under the age of 13.
· Massachusetts Attorney General Maura Healey announced that Sean Scully pleaded guilty and was sentenced to two and one half years in jail for possession of child pornography. The case was prosecuted by Assistant Attorney General Elizabeth Vasillades and investigated by State Police assigned to the Attorney General’s office, the Digital Evidence Lab and Granby Police.
· Minnesota Attorney General Lori Swanson filed a lawsuit against Louisiana-based phone, Internet and cable company Century Link for billing higher amounts than quoted to customers by sales reps for Internet and cable tv service. The suit claims the company refused to honor the prices quoted when consumers complained.
· Mississippi Attorney General Jim Hood announced that Darryl Warner III pled guilty to one count of child exploitation after being arrested in possession of child pornography by Cyber Crime Unit investigator Wayne Lynch. Special Assistant Attorney General Brandon Ogburn prosecuted the case.
· New Jersey Attorney General Christopher Porrino announced that Dimas Zuniga, who possessed 350 images and videos of child pornography, was sentenced to five years in prison for distributing child pornography. The case was prosecuted by Deputy Attorney General John Nicodemo and investigated by former Detective Tiffany Lenart and Detectives Richard DaSilva and Charles Pusloski with assistance from the State Police Digital Technology Investigations Unit and HST agents.
· New York Attorney General Eric Schneiderman announced a settlement with Alabama-based high school athletic scouting and recruiting company National Scouting Report (“NSR”) after an investigation found NSR’s website and ads contained false claims about their recruiting success. NSR has agreed to reform their advertising practices and pay $20,000 in restitution, penalties and costs. Assistant Attorney General Matthew Eubank handled the case.
· Pennsylvania Attorney General Josh Shapiro charged Thomas Orr with sexual abuse and corruption of a minor for making his victim perform sexual acts and sending them to him over social media. Senior Deputy Attorney General Barney Anderson will prosecute the case.
· South Dakota Attorney General Marty Jackley announced that Chaz VanOrman was arrested with the use of a remote operated tactical robot, which was equipped with multiple cameras, a light and two-way communications with the ability to listen to surroundings. The robot provided officers with the intelligence to safely enter the structure where VanOrman was hiding.
· Texas Attorney General Ken Paxton’s Child Exploitation Unit arrested Charles Baker on two counts of possession of child pornography following a CyberTipline report from NCMEC. Unit investigators then executed a search warrant at Baker’s residence and seized several devices which the Digital Forensics Unit will examine.
· Virginia Attorney General Mark Herring announced that Joel Kelley pled guilty to four counts of possession of child pornography and was sentenced to three and one half years in prison, with 31 and one half years suspended. After serving his sentence, he will be placed on supervised release indefinitely and must register as a sex offender. Assistant Attorney General Stacey Rohrs prosecuted the case.
· Wisconsin Attorney General Brad Schimel announced that the DOJ ICAC Task Force participated in Operation Broken Heart, a nationwide effort to identify and arrest suspected child sexual predators. The Task Force made more than 80 arrests and also trained 480 law enforcement and other professionals in techniques to investigate and prosecute ICAC-related cases.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.