Cybercrime Newsletter May-June 2017
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
Recent Developments in Cybercrime Issues
· Ninety-five percent of organizations have employees who seek to bypass security and web browsing restrictions, according to the 2017 Dtex Systems Insider Threat Intelligence Report. Examples of such bypass activities included the use of anonymous web browsers such as TOR, anonymous VPN services and vulnerability-testing tools such as Metasploit. The report is based on an analysis of risk assessments conducted by a sample of the Dtex customer base.
· NASCIO released Blockchains: Moving Digital Government Forward in the States, the first in a series of briefs on blockchain technology for state chief information officers and other state officials. NASCIO’s advice to state governments is to prepare for blockchain now and ask key questions on its applicability to one’s own organization. NASCIO is also offering a free webinar after registration on blockchains in state government on Thursday, June 22, 2017 at 3 pm ET.
State Court Rulings on Cybercrime Issues
· The New Jersey Supreme Court reversed the imposition of a total computer and Internet ban upon a sex offender subject to community supervision for life, holding that arbitrarily imposed Internet restrictions that are not tethered to promoting public safety, reducing recidivism or fostering an offender’s reintegration into society triggers due process concerns. J.I.. v. New Jersey Parole Board. Assistant Attorney General Lisa Puglisi represented the State at oral argument.
· The Massachusetts Supreme Court held the Commonwealth could not obtain the content of text messages without a warrant, reasoning that such a search implicates privacy interests, just as the Commonwealth cannot intercept private phone calls or written communications without a warrant. Commonwealth v. Fulgiam.
· The New York Court of Appeals held there was no search or seizure as the defendant had no reasonable expectation of privacy in either his license plate or the information lawfully obtained and accessible through the DMV database. The People v. Bushey.
· A Tennessee Court of Criminal Appeals held that the trial court correctly denied defendant Alex Goodwin’s motion to suppress text messages from his cell phone because the victim told police that Goodwin had been texting someone all day, and the text messages between defendants showed they were attempting to rob the victim. State v. Goodwin. Assistant Attorney General Zachary Hinkle represented the State.
Federal Court Rulings on Cybercrime Issues
· Google.’s motion to quash a search warrant for user content stored overseas was denied by the U.S. District Court for the Northern District of California, holding that the request is a domestic application of the SCA, and Google must produce all responsive information that is retrievable in the U.S., regardless of where it is stored. In the Matter of the Search of Content Stored at Premises Controlled by Google Inc. and as Further Described in Attachment A.
· The DC Court of Appeals vacated the FAA’s drone registration rule to the extent it applies to model aircraft, finding the FAA does not have the authority to regulate such aircraft under the FAA Modernization and Reform Act. Taylor v. Huerta.
· The Ninth Circuit Court of Appeals denied an appeal seeking to halt enforcement of a Berkeley, California ordinance requiring cellphone retailers to warn customers about radiation risks, finding the ordinance survives First Amendment scrutiny since it is related to a substantial government interest in protecting consumers’ health and safety. CTIA-The Wireless Association v. City of Berkeley.
· The Sixth Circuit Court of Appeals found fugitive Montai Riley’s motion to suppress was properly denied, because he had no reasonable expectation of privacy against the government’s tracking of his GPS location, so such tracking did not amount to a Fourth Amendment search. U.S. v. Riley.
· The Second Circuit Court of Appeals ruled that the issuance of the pen/trap orders that the government used to monitor IP address traffic to and from defendant Ross Ulbricht’s home router did not violate the Fourth Amendment because Ulbricht had no reasonable expectation of privacy in the IP address routing information. <href="#xml=http://www.ca2.uscourts.gov/decisions/isysquery/0d108e1a-1d2b-4c0e-b698-61180713dcb2/4/hilite/">U.S. v. Ulbricht.
· The U.S. District Court for the Southern District of Mississippi imposed substantial sentences on three Nigerian nationals who participated in an Internet fraud scheme involving romance scams. Oladimeji Ayelolan was sentenced to 95 years in prison; Rasaq Raheem, 115 years; and Femi Mewase, 25 years.
· The Eleventh Circuit Court of Appeals affirmed a lower court judgment that defendant Robert Grant, Jr. voluntarily consented, orally and in writing, to the search of his cell phones because he voluntarily signed a consent form for the search and gave law enforcement the password, with no evidence of coercion. US v. Grant.
Legislative Action on Cybercrime Issues
· The Alabama Legislature passed SB301, a bill creating the crimes of sexting and electronic solicitation of a child. It has been forwarded to the Governor.
· Colorado HB 1070, a bill authorizing a study and pilot program for the use of drones by public safety agencies, was signed into law.
· Colorado HB 1302, a bill creating the crime of sexting by a juvenile, was signed into law.
· Indiana SB299, a bill establishing certain Class A misdemeanor offenses involving drones, including use of a drone by a sex offender, interfering with public safety, voyeurism and remote sexual harassment, was signed into law as Public Law 107.
· Montana HB147, a bill providing that a search warrant is required for a government entity to access any electronic device unless informed consent is obtained, was signed into law.
Cybercrime Initiatives in the Attorney General Community
· Alabama Attorney General Steve Marshall announced the State and the FTC obtained a temporary restraining order and preliminary injunction to halt a technical support scam that tricked consumers into believing their computers were infected with malware and then charged them for unnecessary repairs.
· Arizona Attorney General Mark Brnovich announced that Danny Lee Wallace was sentenced to eight years in prison and lifetime probation after creating a fake profile as a woman on Facebook in order to entice a teen girl. Assistant Attorney General Todd Lawson prosecuted the case.
· Arkansas Attorney General Leslie Rutledge will host a summer cyber series of regional trainings on Internet safety for teachers and parents using the Digital You training program by Common Sense and AT&T.
· Florida Attorney General Pam Bondi filed three complaints, including one filed jointly with the FTC, against companies allegedly involved in operating tech support scams.
· Hawaii Attorney General Doug Chin announced that Andrew Patyjewicz was sentenced to 18 months in jail and five years of probation for possession and dissemination of child pornography. As a condition of probation, he must register as a sex offender and have no contact with minor children.
· Idaho Attorney General Lawrence Wasden’s ICAC Unit investigators arrested Aron Anthony for allegedly enticing a child through the Internet.
· Illinois Attorney General Lisa Madigan announced a settlement with wireless phone company PlatinumTel Communications after it abruptly shut down. Under the settlement, customers will have an opportunity to obtain refunds for unused wireless services they purchased, and the company is also prohibited from soliciting or selling prepaid services.
· Kentucky Attorney General Andy Beshear announced that Robert Jackson pleaded guilty to possession and distribution of child pornography.
· Massachusetts Attorney General Maura Healey announced that Thomas Sheehan pleaded guilty and was sentenced to two and one-half years in the House of Correction for creating multiple fake online profiles of women on an adult website and soliciting acts of kidnapping, rape and assault. Assistant Attorney Generals Allyson Portney and Kristen Stone prosecuted the case.
· Mississippi Attorney General Jim Hood announced that Mickey Luter was arrested and charged with online child exploitation and possession of child pornography. Special Assistant Attorney General Brandon Ogburn will prosecute the case.
· New Jersey Attorney General Christopher Porrino announced that Fabian Espinosa was sentenced to five years in prison, including two and one-half years of parole ineligibility, for distributing child pornography on the Internet. He was arrested during Operation Statewide, a child pornography sweep.
· New York Attorney General Eric Schneiderman’s office reached a settlement with Safetech Products LLC and its owner, Ryan Hyde, over the sale of insecure Bluetooth-enabled doors and padlocks. Under the settlement, Safetech has agreed to encrypt all passwords and electronic keys in its devices, prompt users to change the default password upon initial setup of wireless communication and establish a comprehensive security program. Bureau of Internet and Technology Deputy Bureau Chief Clark Russell handled the case.
· Ohio Attorney General Mike DeWine and the FTC filed a joint lawsuit against Repair All PC, the operators of an alleged computer repair scam that tricked customers into paying for unnecessary computer support services and security software.
· Pennsylvania Attorney General Josh Shapiro filed criminal charges against former county jail warden Timothy Lewis for soliciting an underage girl through Facebook. Deputy Attorney General Patrick Schulte is prosecuting the case.
· Rhode Island Attorney General Peter Kilmartin announced that the state Senate Judiciary committee will hear legislation to criminalize revenge porn and sextortion filed at his request.
· South Dakota Attorney General Marty Jackley announced that Christian Thomas was found guilty of online sexual exploitation of a minor and possession of child pornography.
· Utah Attorney General Sean Reyes announced that Emilio Chavez was sentenced to two to 30 years in prison for distribution of child pornography. Assistant Attorneys General Cynthia Poulson and Kent Burggraaf prosecuted the case.
· Vermont Attorney General Thomas Donovan announced that Timothy Hanson was sentenced to five to six months in prison, all suspended, and was placed on two years probation for attempted dissemination of indecent material to a minor over the Internet.
· Virginia Attorney General Mark Herring announced that James Crump, Sr. was sentenced to four and one-half years in prison, with an additional 40 years and six months suspended, for possession of child pornography. Assistant Attorney General Stacey Rohrs prosecuted the case.
· Washington Attorney General Bob Ferguson reached an agreement with Uber to prohibit their practice of sending unsolicited text messages to consumers. Uber agreed to provide opt-out instructions to consumers who do not consent to receive texts. Assistant Attorney General Andrea Alegrett handled the case.
· Wisconsin Attorney General Brad Schimel announced that the Wisconsin ICAC Task Force arrested 16 alleged child sex predators and traffickers during Operation New Hope, an operation that included participation from more than 30 federal, state and local law enforcement agencies and advocacy groups.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.