Cybercrime Newsletter June 2018
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
The Supreme Court also unanimously upheld the conviction of two men who distributed drugs, despite law enforcement’s use of a wiretap outside the jurisdiction of the issuing court. The Court held that where the only evidence introduced at trial was communications within the court’s territorial jurisdiction, a federal court does not need to suppress communications obtained under wiretap orders that contained a sentence authorizing interceptions outside the issuing court’s jurisdiction. Dahda v. U.S.
The New Jersey Supreme Court affirmed a lower court decision, ruling that the one-year statutory limitation to sue over a defamatory Internet article can be reset if the original article has been substantially modified. The court also noted that fair and accurate information is not defamatory. Petro-Lubricant Testing Laboratories, Inc. v. Adelman.
The California Supreme Court ruled that social media companies can be required to give posts that users have been made public to criminal defendants. The companies had argued that the SCA bars them from doing so. Facebook, Inc. v. The Superior Court of the City and County of San Francisco.
The Eleventh Circuit affirmed, 2-1, the conviction of a US citizen who entered the country with laptops containing child pornography, ruling the Fourth Amendment does not require reasonable suspicion for border agents to conduct a forensic search of electronic devices at the border. US v. Touset.
DOD issued a policy memo prohibiting mobile devices that transmit, store or record data from being brought inside areas within the Pentagon or nearby buildings that deal with classified information. Such devices must be powered off and stored in daily-use containers outside those secure areas.
Apple issued its biannual transparency report on government and private party requests for customer information covering the latter half of 2017, noting that they received between 16,000 and 16,249 national security requests from the federal government during that period. According to the report, this was the largest number of requests ever received.
Chicago trader Joseph Kim pled guilty to misappropriating $2 million in Bitcoin and Litecoin from his firm, Consolidated Trading. This is the first criminal prosecution regarding cryptocurrency trading in Chicago, and Kim faces up to 20 years in prison.
The SEC obtained a court order halting a fraudulent initial coin offering operated by Michael Stollaire, a self-described “blockchain evangelist” and president of Titanium Blockchain Infrastructure Services. An SEC complaint alleges that Stollaire lied about business relationships with the Federal Reserve and dozens of well-known firms, including PayPal, Verizon, Boeing and The Walt Disney Company.
A jury convicted Latvian resident Ruslan Bondars of charges related to his operation of "Scan4you," an online counter-antivirus service that helped computer hackers determine whether the computer viruses and other malicious software they created would be detected by antivirus software. According to evidence presented at trial in the U.S. District Court for the Eastern District of Virginia, Scan4you had thousands of hacker users.
The European Commission proposed new measures to facilitate electronic document filing and judicial cooperation in cross-border civil and commercial cases throughout the EU. The updated rules would make it obligatory for courts to exchange documents electronically cross-border.
Recent State Cases of Interest
In People v. Guzman, a California Court of Appeals affirmed, finding that careful supervision of defendant’s use of his electronic devices was necessary to ensure compliance with his probation conditions and to protect the public, especially vulnerable children, from the dangerous behavior that gave rise to his current sentence. AAG Jeffrey Laurence and Deputy AGs Seth Schalit and Laurence Sullivan represented the People.
In Everett v. State, the Delaware Supreme Court affirmed defendant’s conviction, ruling that he did not have a reasonable expectation that the Facebook posts he voluntarily shared with the detective’s fake profile and other “friends” would not be disclosed. DAG Martin O’Connor represented the State.
In Lamb v. State, a Florida appeals court affirmed, finding the State sufficiently authenticated a social media video when it presented the digital forensic examiner’s testimony regarding how the video was obtained and its distinctive characteristics. AAG Jessenia Concepcion represented the State.
In People v Ellis, a New York Supreme Court appellate division reversed, finding the indictment charging defendant with failure to register or verify as a sex offender, based upon defendant’s nondisclosure of the use of a social media website, was jurisdictionally defective because the social media website did not constitute an “Internet identifier.”
In State v. Grady, a North Carolina Court of Appeals reversed, finding the State failed to prove that satellite-based monitoring (SBM) was a reasonable search under the Fourth Amendment, and while the trial court’s findings addressed the nature and purpose of SBM, they did not address the extent to which the search intruded upon reasonable privacy expectations by providing continuous, dynamic location data. Special DAG Joseph Finarelli represented the State.
In Commonwealth v. Byrd, the Pennsylvania Superior Court reversed, finding the trial court erred in granting defendant’s motion to suppress all recordings of his jail visits because no Pennsylvania Wiretap Act violation occurred because a recording stating the visit “may be monitored or recorded” was played, and defendant’s fiancée acknowledged she heard that message and still chose to speak with him.
In Commonwealth v. Knoble, the Pennnsylvania Superior Court affirmed the denial of defendant’s motion to suppress the video evidence obtained during a second search of his cell phone, as a search warrant authorized the subsequent search and obviated the need for the Commonwealth to obtain another warrant.
In State v. Roberts, the Utah Court of Appeals affirmed the lower court’s denial of defendant’s motion to suppress because the police officer, while searching defendant’s residence for a missing cell phone and its SIM card, electronically applied for a second search warrant to search for prescription drugs. Assistant Solicitor General William Hains represented the State.
In Neal v. Fairfax County Police Dept., the Virginia Supreme Court reversed, finding that on the record it was unable to determine whether the police department’s retention and passive use of information generated by automated license plate readers could be classified as an “information system” governed by the Government Data Collection and Dissemination Practices Act.
Recent Federal Decisions of Note
In U.S. v. Kolsuz, the Fourth Circuit affirmed, ruling that despite the temporal and spatial distance between the off-site forensic analysis of defendant’s phone and defendant’s attempted departure at the airport, the justification for the border exception to the warrant requirement was broad enough to reach the search of the phone.
In U.S. v. Moberg, the Eighth Circuit affirmed the district court’s denial of defendant’s motion for judgment of acquittal, finding that the government presented evidence that in order for the thumbnail images to be present in the thumbnail database cache, a computer user must purposely save or download a file onto the computer’s hard drive.
The Colorado Legislature passed HB 1314, which prohibits the use of unmanned aircraft systems to obstruct public safety operations.
The Connecticut Legislature passed HB 5229, which would expand a grant program that reimburses a municipality for the cost of dashboard cameras and digital storage devices or services. The Legislature also passed HB 5475, which would amend statutory provisions concerning a police officer’s viewing of a body-worn camera recording under certain circumstances.
South Carolina Governor Henry McMaster signed into law S. 176 making it unlawful to operate an unmanned aerial vehicle near a Department of Corrections facility without written consent and providing penalties for a violation.
The Tennessee Legislature passed SB 1993, which would add assessing the presence of other obstructions for the purpose of maintaining clearances of utility easements as a lawful capture of an image by an unmanned aerial vehicle.
The U.S. Senate passed a resolution reversing the FCC’s repeal of net neutrality rules, which stops the FCC’s order from becoming effective on June 11, 2018. More than 20 states have filed lawsuits to retain net neutrality or establish net neutrality rules within state borders.
Cybercrime Initiatives in the Attorney General Community
Arizona Attorney General Mark Brnovich announced that a grand jury indicted Lisa Corn on 24 felony counts after she allegedly sent pornographic pictures of herself to a 14-year-old boy she met in an Xbox video game chat room.
California Attorney General Xavier Becerra’s office charged four alleged owners and/or operators of website Mugshots.com with extortion, money laundering and identity theft. The site mines data on defendants’ names, booking photos and charges from law enforcement websites, republishes it online without the defendants’ consent and charges a “de-publishing” fee to remove it. The Northern California Computer Crimes Task Force led the investigation, and General Becerra’s office will prosecute the case.
Maryland Attorney General Brian Frosh’s Securities Division issued a Summary Order to Cease and Desist and Order to Show Cause against cryptocurrency investment firm Browsers Lab as part of “Cryptosweep,” an international crackdown on fraudulent Initial Coin Offerings (ICOs) and cryptocurrency-related investment offerings.
New Jersey Attorney General Gurbir Grewal’s Bureau of Securities issued three Cease and Desist Orders to stop online cryptocurrency-related investment entities from fraudulently offering unregistered securities. The orders were issued against Bullcoin Foundation a/k/a Bullcoin Gold, Trident d/b/a Trident Crypto Index Fund and Springcryptoinvest.
New Mexico Attorney General Hector Balderas joined Comcast Senior Vice President and Chief Diversity Officer David Cohen and Albuquerque Mayor Tim Keller to announce an Internet Essentials partnership to educate seniors, parents and children about online risks. The initiative will include PSAs, free training programs and educational resources and a Comcast grant program for nonprofits specializing in Internet safety education and research.
Wisconsin Attorney General Brad Schimel’s Internet Crimes Against Children (ICAC) Task Force held its 2018 Wisconsin ICAC Conference where law enforcement officers and prosecutors received specialized training on investigating and prosecuting online crimes against children.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.