The National Attorneys General Training & Research Institute
Cybercrime Newsletter April 2019
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
The Colorado Supreme Court found that officers did not breach the Fourth Amendment when they used a suspect’s phone passcode, which he gave to them so they could call his girlfriend, to search the entire phone. People v. Davis.
Facebook has agreed to overhaul its ad-targeting systems in order to settle a series of lawsuits alleging it enabled advertisers to illegally exclude certain users by age, gender or zip code from seeing their job, housing and credit ads. The suits were brought by several plaintiffs, including the ACLU and the National Fair Housing Alliance. Facebook still faces an administrative complaint filed by HUD over the housing ads.
European Union regulators fined Google 1.49 billion euros or $1.7 billion for antitrust violations for the third time in less than two years. EU investigators found that Google inserted exclusivity clauses in its contracts that barred third party websites from running similarly placed ads sold by Google’s rivals.
Microsoft revealed it had obtained a court order allowing it to seize 99 websites believed to be run by an Iranian hacking group that tricked visitors into revealing sensitive information by pretending to be affiliated with the company and other well-known tech brands.
Harold Martin, a former National Security Agency contractor, pled guilty in the U.S. District Court for the District of Maryland to stealing classified information. Agents uncovered an estimated 50 terabytes of electronic documents at his home as well as in his vehicle.
The Administration launched a website to share artificial intelligence initiatives from within the federal government, listing initiatives from NIH on biomedical research and a report from the Department of Transportation on autonomous vehicles. The plan for the website was initiated during President Obama’s administration.
The Office of the Inspector General for the Department of Justice issued a report finding that legal issues surrounding an early 1990s DEA collection of bulk phone records were never completely dissected. The report recommends a full assessment before launching like efforts.
The European Data Protection Supervisor released an opinion on an agreement between the EU and the U.S. on cross-border access to electronic evidence for criminal investigations. The Supervisor supports the European Commission’s assessment that the EU has an interest in a comprehensive agreement from the perspective of protecting privacy and data protection as well as security interests.
Recent State Court Decisions
In State v. Brown, the Connecticut Supreme Court ruled that because the record was clear that the State obtained the defendant’s historical cell site location information (CSLI) in the absence of a warrant supported by probable cause, the disclosure of the records violated his Fourth Amendment rights, and the State failed to sustain its burden that the inevitable discovery exception to the exclusionary rule applied because it did not present any evidence that the defendant would have cooperated in the absence of being confronted with the illegally obtained CSLI.
In Commonwealth v. Feliz, the Massachusetts Supreme Court found that the Commonwealth’s reasons for imposing GPS monitoring on the defendant did not outweigh the inherent privacy invasion, as nothing showed he posed a risk of re-offense or other probation violation, and GPS monitoring was not necessarily a reasonable search for all individuals convicted of a qualifying sex offense. The court noted the fact that the defendant signed a probation contract agreeing to GPS monitoring did not change the analysis, In Commonwealth v. Johnson, the Massachusetts Supreme Court ruled that data retrieved without a warrant from a GPS device that the defendant agreed to as a probation condition was admissible, because GPS monitoring was a reasonable search given his criminal history, and governmental interests outweighed the intrusiveness on his diminished privacy expectations. Special AAG Sarah Joss submitted amicus briefs in both cases for the Attorney General.
In State v. Page, the New Hampshire Supreme Court ruled there was probable cause to search the defendant’s cell phone for photographs, as the affidavit set forth claimed incidents by the defendant that could have caused injuries to the victim, any of which could be documented by photograph. Senior AAG Peter Hinckley represented the State.
In People v Worrell, a New York Supreme Court Appellate Division affirmed the denial of the defendant’s motion to suppress the physical evidence because the defendant had no reasonable expectation of privacy in the downloaded computer files where he did not produce any evidence demonstrating that the files were not accessible by all other users of the peer-to-peer file sharing network.
In Sayles v. State, a Tennessee Court of Criminal Appeals affirmed a lower court ruling that the Riley decision did not apply retroactively because Riley did not place primary individual conduct beyond the power of criminal lawmaking authority to proscribe, as it addressed the procedural requirement that law enforcement obtain a warrant before searching the contents of a cell phone. AAG Courtney Orr represented the State.
Recent Federal Court Decisions
In U.S. v. Hood, the First Circuit found the defendant unsuccessfully challenged the denial of his motion to suppress since the government’s warrantless acquisition from a smartphone messaging application of the IP address data at issue in no way gave rise to the unusual concern the U.S. Supreme Court identified in the Carpenter decision, and the defendant did not have a reasonable expectation of privacy in the information that the government acquired from the application without a warrant.
In U.S. v. Wanjiku, the Seventh Circuit affirmed the district court’s denial of the defendant’s motion to suppress photographs and videos recovered from his cell phone, laptop and external hard drive during a warrantless border search at an airport because the agents acted in good faith when they searched the devices with reasonable suspicion to believe that a crime was being committed, at a time when no court ever required more than reasonable suspicion for any search at the border.
In U.S. v. Beattie, the Eighth Circuit found that the defendant initially lied about the iPhone’s owner and told multiple stories about the phone, and his false statement was material and warranted an obstruction of justice enhancement.
In U.S. v. Korte, the Ninth Circuit held that the warrantless placement of a GPS tracker on the defendant’s car did not violate the Fourth Amendment because the State’s need for electronically monitoring a parolee’s movements outweighed the privacy interests at issue.
Utah Governor Gary Herbert signed HB 57 into law, which requires law enforcement to obtain a warrant for electronic information or communications, effective May 2019.
Cyber Initiatives in the Attorney General Community
Texas Attorney General Ken Paxton filed an amicus brief defending the State’s criminalization of revenge pornography law and asking the Texas Court of Appeals to overturn a lower court ruling that the law impinged on free speech.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.