The National Attorneys General Training & Research Institute
Cybercrime Newsletter February 2019
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
The FTC voted not to make changes to the CAN-SPAM Rule after it solicited public comments as to whether changes were needed. The agency received 92 comments on CAN-SPAM, saying that the majority of the submissions favored keeping the rule with no alterations.
Greenway Health, a Florida-based developer of electronic health records software, will pay $57.25 million to resolve False Claims Act allegations that it caused its users to submit false claims to the government by misrepresenting the capabilities of its Prime Suite product.
Google introduced a new Chrome extension called Password Checkup which can automatically check whether a user’s password(s) were exposed to a data breach. The service will check any login details against a database of approximately four billion usernames and passwords, alerting users to any match.
The U.S. District Court for the Southern District of California reversed its earlier decision and found that an allegedly fraudulent Blockvest initial coin offering was a security and subject to securities laws.
The Department of Defense released a new cloud strategy which will move many of its IT functions to the cloud, following the issuance of a draft request for proposals for a $9 billion office services cloud contract.
The New York State Department of Financial Services released new guidelines that will now allow life insurers to use social media data and other forms of information to help set premium rates. The companies will be permitted to incorporate this information into their processes as long as they can prove their algorithms are not biased against any marginalized groups.
The HHS Office of Inspector General issued an audit report on the National Institutes of Health (NIH), finding that opportunities exist for NIH to strengthen and monitor the controls on its sensitive data. NIH did not concur with the findings as to its security framework, but did agree to ensure that security policies remain current with the evolving threat landscape.
The President signed an Executive Order on Maintaining American Leadership in Artificial Intelligence which lists six objectives for federal agencies to follow, including an emphasis on AI education and the reduction of barriers to their implementation. It did not mention funds for AI research and development. At the same time, DOD released the summary of its AI Strategy, including accelerating the adoption of AI and enabling decentralized development and experimentation.
A London Magistrates’ Court ruled that the U.K.’s National Crime Agency had no duty to return the computers and hard drives it confiscated from Laurie Love, a British man charged with hacking into U.S. government websites. Love v. National Crime Agency.
Recent State Court Opinions
In Lewis v. State, an Arkansas Court of Appeals ruled that the defendant’s Fifth Amendment right against self-incrimination was not violated by a detective’s comments during his testimony because the detective’s comments, made in response to a question about his process in extracting information from a phone, was in no way an impeachment of some explanation the defendant had offered at trial, and it was not a manifest intent to comment on the defendant’s refusal to give his cellphone password. AAG Adam Jackson represented the State.
In State v. Roy, the Maine Supreme Court found that the trial court did not rely on stale information when issuing a search warrant in the defendant’s child pornography case and, as such, evidence seized from the defendant’s computer was not subject to suppression because given that only 13 days passed between the download and the request for a warrant, the court had a substantial basis on which to conclude that the file identified in the affidavit would still be in the defendant’s possession on his computer.
In Commonwealth v. Green, a Pennsylvania Superior Court ruled that a search of the defendant’s electronic devices was not suppressed because a warrant only allowed a search for child pornography; a magistrate did not have to see a photo described in an affidavit showing probable cause to believe a device containing pornography was at his home; and it was not stale.
Recent Federal Court Opinions
In U.S. v. Brewer, the Seventh Circuit found the district court did not err in finding that the government met its threshold burden of authenticating the surveillance footage of defendant’s presence in a bank a few hours before the robbery.
In U.S. v. Adkinson, another Seventh Circuit case, the court found that the defendant’s Fourth Amendment rights were not violated because he consented to the provider collecting and sharing his cell site information.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail email@example.com.