The National Attorneys General Training & Research Institute
Cybercrime Newsletter August 2018
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
New Developments to Note
The FBI issued a PSA which contained updated statistical data on Business E-mail Compromise and E-mail Account Compromise, sophisticated scams targeting businesses and individuals performing wire transfer payments. There has been a 136 percent increase in losses from these scams, with the real estate sector continuing to be the most heavily targeted sector.
The Department of Defense issued a meme banning the use of geolocation apps and devices in operational areas, citing security concerns. The memo effectively prohibits the use of such devices as fitness trackers and smartphone apps that track location for all deployed troops.
Google has banned apps that mine for cryptocurrency from the Google Play Store, as noted in its updated policy page. The ban pertains only to the Google Play Store, and Google still allows programs that manage cryptocurrency mining services operating elsewhere.
The U.K. National Cyber Security Centre issued a report, "The Cyber Threat to UK Legal Sector," about cybersecurity at law firms and other legal organizations. The report noted that 11 million pounds of client funds were stolen due to cybercrime in 2017, and 60 percent of law firms reported an information security incident last year, an increase of 20 percent over the previous year.
The National Telecommunications and Information Administration filed a Petition for Rulemaking with the FCC to update the rules governing Wireless Priority Service (WPS), a program that enables wireless emergency calls to get through if networks are congested. The petition seeks to align the FCC’s rules with current practices and capabilities, as well as permit WPS voice calls for high priority WPS users and extend priority services to include data, text and video.
The U.K. government confirmed plans for a new court in London specifically designed to address cybercrime and fraud. To be developed in partnership with the City of London Corporation and the judiciary, the new court is expected to be open by 2025 and will house 18 courtrooms.
The Center for Strategic and International Studies issued a report, "Low Hanging Fruit: Evidence-Based Solutions to the Digital Evidence Challenge," which found that 30 percent of law enforcement authorities surveyed said their biggest challenge to accessing digital evidence is identifying the ISPs holding the data. The report called for a new national digital evidence office to address the problem.
The RAND Corporation released a research report,” Using Social Media and Social Network Analysis in Law Enforcement,” which is based on the outcome of a panel of experts convened by the National Institute of Justice to identify high priority needs for law enforcement’s use of social media and social network analysis. The report includes business cases for their use; security, privacy and civil rights protections; and an agenda for their use in law enforcement.
The National Counterintelligence and Security Center released a report, "Foreign Economic Espionage in Cyberspace," which finds that China, Iran and Russia continue to be the most active nations tied to economic espionage. The report also finds that software supply chain infiltration and new foreign laws threaten the critical infrastructure sector and threaten U.S. companies.
Three law firms and nine tech companies have partnered to develop the Agreements Network, a blockchain-based network that will aid in the creation, use and sale of smart contracts for lawyers. The network is currently being tested and is expected to launch in October 2018.
The Defense Department issued a solicitation for cloud services indicating it is considering moving some of its Acropolis cyber defense system, which collects, processes and analyzes data from Department computers and external systems, to the cloud. The solicitation is a sources sought notice, meaning that the Department is gathering information from potential vendors but has not committed to formal bids as yet.
The Dubai International Financial Centre Courts have partnered with the United Arab Emirates-funded Smart Dubai initiative to explore the use of blockchain technology to verify court judgments. Future goals for the partnership are to investigate handling disputes arising out of private and public blockchains with regulation and contractual terms encoded within the smart contract.
North Carolina Governor Roy Cooper signed HB 128 into law, which prohibits the use of drones over prisons and jails. It is Chaptered as 2-17-179.
The U.S. House passed HR 4881, which would require the FCC to establish a task force for meeting connectivity and technology needs for U.S. agriculture, including identifying gaps in broadband Internet access service. The House also passed H.R. 883, which addresses the challenges faced when tracking suspects online by lengthening the period of time during which the recipient of an administrative subpoena is prohibited from disclosure.
Recent State Cases of Interest
The New Hampshire Supreme Court ruled that the affidavit for a search warrant sufficiently alleged conduct that could constitute identity fraud, as the government email addresses at issue were “personal identifying information” in that they revealed the full name and employer of the individual who owned the address, and the statutory definition did not require that a third person be defrauded. In re Search Warrant for 1832 Candia Road, Manchester, New Hampshire. AAG Elizabeth Woodcock represented the State. The court also found in another case that the magistrate issuing the search warrant did not have probable cause for finding there was a fair probability that child pornography would be found on defendant’s computer, as defendant’s possession of pornographic images of adult women, girls in sundresses and teenagers in cheerleader outfits was insufficient to support the inference that he would commit the crime of possession of child pornography and that his electronic devices would contain such images. State v. Norman. AAG Katherine Triffon represented the State.
The Oregon Supreme Court held state law and due process did not make the State get a victim’s Internet searches because the SCA did not let a provider disclose it without due process, so the State did not “control” it, defendant could show the victim consulted the Internet and issuing process to the provider was not the only way to get the searches. State v. Bray. AAG Jennifer Lloyd argued the case for the State.
The Pennsylvania Superior Court ruled that the lower court properly denied defendant’s motion to suppress the stop and search of the vehicle, as the facts established that the officer received information regarding the robbery and responded to the scene within minutes of receiving the call, and the victim gave the officer a detailed description of his assailants and the stolen items, including his iPhone. Commonwealth v. Milburn.
Recent Federal Cases of Interest
The Second Circuit affirmed defendant’s conviction for misdemeanor computer intrusion because the computer intrusion statute was not unconstitutionally vague, and defendant’s conduct in hacking into thousands of computers and taking information fell squarely and unambiguously within its core prohibition. U.S. v. Gasperini.
The Second Circuit reversed, finding the Franks standard should have been used on the motion to suppress the wiretap evidence based on the allegedly defective application to determine if the defects were material and if there was sufficient other support for a finding of probable cause to issue a wiretap warrant. U.S. v. Lambus.
The Eighth Circuit ruled that defendant’s girlfriend was acting as a private citizen, not a government agent, when she retrieved the phone from his vehicle, and thus the Fourth Amendment did not apply. U.S. v. Highbull.
Cybercrime Initiatives in the Attorney General Community
Nine Attorneys General sued and were granted a preliminary injunction to block a federal government action that gives public access to downloadable, untraceable and undetectable 3D printed weapons.
Washington Attorney General Bob Ferguson’s office signed an agreement with Facebook in which the social media company agreed to significantly change its advertising platform by removing the ability of third party advertisers to exclude ethnic and religious minorities, immigrants, LGBTQ individuals and other protected groups from using their ads. AAGs Marsha Chien and Dan Davies handled the case.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.