The National Attorneys General Training & Research Institute
Cybercrime Newsletter July 2018
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
A divided Supreme Court ruled 5-4 that the government ordinarily needs a warrant to access historical cell site location information, finding that the location data deserves more stringent protection than other customer information held by ISPs. Carpenter v. U.S.
In other Supreme Court news, the Court granted cert in Apple, Inc. v. Pepper over whether iPhone users can seek treble damages under the Clayton Act based on their claim that Apple has monopolized the distribution of iPhone apps, where the users were injured only to the extent that third party app developers passed on Apple’s commission in setting prices. The Ninth Circuit said they could.
Apple announced it is planning an iPhone update that will effectively close the technological loophole allowing law enforcement to access iPhone devices. The update would disable the phone’s charging data port one hour after the phone is locked, so a password would be required before data could be transferred to or from the device using the port.
The Massachusetts Clean Energy Center was duped into wiring $93,679 in public funds into a cyberscammer’s account, according to the State Auditor's report. The agency also failed to report the incident to its board of directors for seven months.
A New Jersey appeals court vacated a $1.1 million personal injury award to a man who claimed he was disabled in an auto accident, ordering a new trial after ruling that the trial court should have allowed cross examination about his social media photos showing him in workout clothing. Angeles v. Nieves.
DHS and the FBI issued a joint Malware Analysis Report warning of hackers supported by the North Korean government who are using malware known as TYPEFRAME. The malware is disguised as harmless software but is designed to damage computer systems and make them vulnerable to future attacks.
The Department of Veterans Affairs Strategic Acquisition Center issued a request for industry input on the potential for using blockchain technology to streamline its contract administration and closing process. Responses are due on July 31, 2018.
The Federal Acquisition Regulatory Council posted a notice in the Federal Register of an interim rule banning federal agencies from using products developed or provided by Kaspersky Labs. The rule requires federal contracting authorities to include a clause banning the use of Kaspersky products in all future solicitations.
Randall Tucker, aka the "Bitcoin Baron," was sentenced to 20 months in prison for directing denial of service (DDoS) attacks against the computer networks of Madison, Wisconsin. The attacks had impacted first responders’ ability to connect with the 911 center through the Internet-connected emergency communications system.
Law firm Foley & Lardner’s 2018 Cryptocurrency Survey found that the majority of cryptocurrency industry executives and investors believe their industry should be regulated at the federal level. The areas most cited in the survey as needing regulation are initial offerings of cryptocurrencies, ongoing purchases and sales of cryptocurrencies and paying for goods and services.
In other cryptocurrency news, the SEC is seeking public comment on a proposed rule change filed by Cboe BZX Exchange that would list and trade VanEck SolidX Bitcoin Trust, an exchange-traded fund backed by bitcoin that would cost $200,000 per share.
The U.K. Financial Conduct Authority sent a letter to banking executives advising them to increase their scrutiny of clients who trade in cryptocurrencies or invest in initial coin offerings. Their concern is that cryptoassets can be abused because they offer potential anonymity and the ability to move money between countries. In addition, the Bank of England sent a letter to banks and investors expressing similar concerns.
This Issue’s Cyber Tips
There are right ways to delete data, as discussed in this Kennedy-Mighell Report podcast on "How to Delete Data Safely." Dennis Kennedy and Tom Mighell discuss best practices in deleting and destroying data and review what it looks like to effectively get rid of data that is no longer needed.
Recent State Cases of Note
A Florida Court of Appeals found that defendant was illegally accessing a third party’s WiFi network by attaching an antenna to his motor home in order to capture the WiFi signal and, by doing so, was able to hide his identity while downloading child pornography. McClelland v. State. AAG Bilal Faruqui represented the State.
A Georgia Court of Appeals found that despite the initial warrantless download of information from defendant’s cell phone, his motion to suppress was properly denied because the contents were not searched until a search warrant was obtained, and the warrant was not based on any information derived from the download. Stephens v. State.
The New Jersey Supreme Court ruled that neither exigency nor the hot pursuit doctrine justified the officers’ warrantless entry into defendant’s home following a cell phone being stolen, but defendant’s brother’s actions of finding the phone in the house and giving it to police did not constitute state action and were sufficiently attenuated from the unlawful police conduct to preclude application of the exclusionary rule to the evidence. DAG Steven Yomtov represented the State. In the Interest of J.A.
Colorado Governor John Hickenlooper signed HB 1200 into law, which criminalizes as a cybercrime the stealing of information from, or placing different information on, a credit card magnetic strip without permission and with intent to defraud. The Governor also signed HB 1314 into law, which prohibits the use of unmanned aircraft systems to obstruct public safety operations.
Connecticut Governor Darrel Malloy signed HB 5229 into law, which expands a grant program that reimburses a municipality for the cost of dashboard cameras and digital storage devices or services. He also signed HB 5475 into law, amending statutory provisions concerning a police officer’s viewing of a recording from body-worn cameras under certain circumstances.
The Ohio House passed HB 425, which would declare that body-worn camera recordings were not public records.
Cybercrime Initiatives in the Attorney General Community
Nevada Attorney General Adam Paul Laxalt’s office and the FTC obtained a judgment against the parties behind the revenge porn website, MyEx.com, which requires them to destroy the images posted and bans them from operating the website. Senior DAG Laura Tucker represented the State.
New Mexico Attorney General Hector Balderas’ office sent a letter to Giganews pursuant to its investigation into the use of technology to distribute pornography, requesting information about the company and users’ practices regarding child pornography. The letter was signed by DAG Sharon Pino.
Washington Attorney General Bob Ferguson filed lawsuits against Facebook and Google, alleging the companies failed to maintain legally required information for state political advertising on their online platforms. The suits seek penalties and injunctive relief. Senior AAG Linda Dalton and AAG Todd Sipe are handling the cases.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.