The National Attorneys General Training & Research Institute
Cybercrime Newsletter March-April 2018
The following is a compendium of news reports, case law and legislative actions over the latest bi-monthly period that may be of interest to our AG offices that are dealing with cyber-related issues. Neither the National Association of Attorneys General nor the National Attorneys General Training & Research Institute expresses a view as to the accuracy of news accounts, nor as to the position expounded by the authors of the hyperlinked articles.
Cyber Developments to Note
The FBI’s Internet Crime Complaint Center (IC3) issued a PSA with updated guidance regarding tech support fraud, noting it continues to be a problematic and widespread fraud. IC3 notes that it received 11,000 complaints related to the fraud last year, and claimed losses amounted to $15 million, an 86 percent increase over losses in 2016.
The Pennsylvania Supreme Court struck down evidence obtained from the warrantless search of defendant’s flip cell phone, finding that the U.S. Supreme Court’s decisions in Riley v. California and U.S. v. Wurie confirmed that law enforcement is required to obtain a warrant to search a cell phone. Commonwealth v. Fulton.
In a case of first impression, the Third Circuit affirmed a ruling by the U.S. District Court for the Eastern District of Pennsylvania allowing evidence obtained from a search warrant, even though the court found the magistrate judge overstepped her authority by allowing the FBI to use malware to identify suspects in a large child pornography sting. U.S. v. Werdene.
The ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 480 explaining the limitations the Model Rules of Professional Conduct place on lawyers who blog or engage in other social commentary related to a representation. It warns against using hypotheticals when blogging when there is a “reasonable likelihood” that a third party might ascertain the identity or situation of the client from the facts of the hypothetical.
In other ABA news, the ABA House of Delegates approved a draft uniform law on the regulation of virtual currency businesses drafted by the National Conference on Uniform State Laws. According to the act’s prefatory note, it is intended to create a statutory structure for regulating virtual currency business activity. To date, the draft legislation has been introduced in Hawaii and Nebraska.
The State Bar of Texas issued Ethics Opinion 671, in which it stated that lawyers cannot hide their identities in order to contact alleged online defamers to establish their location and determine whether a Texas court has jurisdiction to order a deposition. The prohibition also applies to an attorney’s agents, including paralegals.
The California Department of Motor Vehicles (DMV) announced approval of regulations that would permit fully driverless testing. A public notice was posted on the DMV website on March 2, 2018 which started a 30-day clock before the first permits were issued on April 2, 2018. Companies can apply for three types of permits: testing with a safety driver, driverless testing and deployment.
The Massachusetts Secretary of the Commonwealth issued consent orders pertaining to initial coin offerings by five firms that purportedly use blockchain technology to immediately stop the offering and selling of unregistered securities. The five firms are 18moons, Across Platforms, Mattervest, Pink Ribbon and Sparkco.
The FTC released a report finding that the lag in releasing security updates on some mobile devices has made those devices vulnerable to malware. The report is based on information the FTC requested from eight mobile device manufacturers on how they issue security updates. It recommends that mobile device manufacturers release more “security only” updates rather than waiting to bundle security patches with general software updates.
The financial services sector incurs higher costs due to cybercrime than any other sector, according to the Cost of Cyber Crime Study by Accenture and the Ponemon Institute. The study found that the average cost of cybercrime to this sector globally increased from $12.97 million per firm in 2014 to $18.28 million per firm in 2017.
The SEC suspended trading in three companies amid questions concerning their involvement and acquisition of cryptocurrency and blockchain technology. Suspension orders were issued for Cherubim Interests, PDX Partners and Victura Construction Group. The SEC cited concerns about their business operations and the value of their assets.
The Government Accountability Office denied a protest made by Micro Technologies which claimed that the Air Force had ignored an outside firm’s financial report when it awarded a $105.6 million cyber defense contract to Telos Corporation. Matter of: Micro Technologies, LLC.
The U.S. District Court for the Eastern District of New York issued an opinion granting standing to the Commodity Futures Trading Commission to exercise its enforcement power over virtual currency fraud. Commodity Futures Trading Commission v. McDonnell.
State Cases of Interest
In Lewis v. State, the Delaware Supreme Court found the denial of defendant’s motion to suppress was proper, as the search warrant affidavit clearly contained the necessary quantum of evidence for a judicial determination that probable cause existed for installation of the GPS tracking device on defendant’s vehicle.
In State v. Marquis, the Maine Supreme Court ruled the lower court properly denied defendant’s motion to suppress statements and digital evidence obtained by the police after they entered his home because there was sufficient evidence that defendant consented to the officers’ entry and did not ask them to leave or indicate their presence was unwelcome.
In Sewell v, State, the Maryland Court of Special Appeals reversed defendant’s conviction and remanded for a new trial because the trial court erred in admitting into evidence text messages between defendant and his wife that were privileged communications.
In Commonwealth v. Fredericq, the Massachusetts Court of Appeals ruled that defendant’s motion to suppress evidence obtained as a result of a warrantless search of his cell phone was properly granted as to his statements and to the money found in his room because his consent to search was tainted by police exploitation of the illegally obtained information.
In People v. Taylor, a New York Supreme Court Appellate Division ruled that the historical cell site location information related to defendant’s cell phone could not be suppressed, even if there had been an SCA violation.
In State v. Hendon, an Ohio appeals court found defendant failed to show error in the admission of evidence from his GPS monitoring during any non-curfew time frame because his active GPS monitoring was not limited to the sole purpose of ensuring his compliance with curfew and therefore was not restricted to gathering data for that purpose.
In State v. Betancourth, the Washington Supreme Court ruled defendant’s cell phone records were admissible under the independent source doctrine because the text messages were required to be produced under a valid warrant, and although the police did not physically re-seize the phone records, such failure was merely technical.
In State v. McKee, a Washington Court of Appeals reversed the conviction, determining that the warrant to search the cell phone violated the particularity requirement of the Fourth Amendment because it authorized the police to search broad categories of data stored on the cell phone without limitation.
Federal Cases of Interest
In U.S. v. Molina-Isidoro, the 5th Circuit affirmed the U,S. District Court for the Western District of Texas’ decision, finding a search of ride-sharing and texting applications on defendant’s smartphone made by U.S. border agents was supported by probable cause, and substantial evidence made it highly likely that the defendant was engaged in drug trafficking and created a fair probability that the phone contained information to refute the nonsensical story she provided.
In U.S. v. Wallace, the 5th Circuit ruled that the good faith exception applied to the alleged violation of the SCA because the officers interpreted its plain language to mean they could obtain a court order granting them access to defendant’s E911 data, instead of a search warrant.
In U.S. v. Perales, the 5th Circuit affirmed, finding that there was no evidence that the agent used verbal threats or intimidation to obtain defendant’s consent to search which accompanied the agent’s placing of defendant in the front seat of his patrol unit while the agent facilitated computer checks.
In U.S. v. Curry, the 6th Circuit ruled the U.S. District Court for the Eastern District of Michigan was correct in finding that a search warrant for defendant’s residence was supported by probable cause because the information was not stale and the crimes of sex trafficking of children and production of child pornography were the subjects of an ongoing investigation.
In U.S. v. Johnson, the 6th Circuit affirmed the U.S. District Court for the Eastern District of Michigan’s denial of defendant’s motion to suppress evidence obtained from the search of his cell phone, finding an agent’s affidavit specifically linked defendant to the cell phone and to criminal gang activity.
In U.S. v. Pacheco, the 10th Circuit affirmed the U.S. District Court for the District of Kansas’ denial of defendant’s motion to suppress evidence gleaned from a cell phone recovered by officers at the scene of his arrest because the phone was legally seized pursuant to the totality of the circumstances parolee exception to the warrant requirement, and the subsequent search of the phone fell under the good faith exception as officers acted in reasonable reliance on the digital search warrant.
The Arizona Legislature passed HB 2244 which provides an allegation that the victim is not actually a minor under the age of 15 is not a defense to a crime against a minor.
Kentucky HB 22 became law without the Governor’s signature, prescribing the permitted and prohibited uses of drones and prohibiting the use of evidence obtained by a drone in violation of the stated prohibitions.
The Kentucky Legislature passed HB 373, which provides that body-worn camera recordings are governed by the state Open Records Act. The legislation provides exceptions for when a public agency may elect not to disclose such recordings and specifies procedures for requesting the recordings.
The Michigan Legislature passed HB 5494, which specifies that the operator of an unmanned aircraft is criminally liable for any activity for which he or she would be criminally liable directly. It also bans knowingly and intentionally operating an unmanned aircraft that interferes with the official duties of certain public employees.
Nebraska Governor Pete Rickets signed LB 198 into law which repeals the Crimes Against Children Fund. The Fund was originally created in 1990 to reduce expenses incurred by county attorneys in handling crimes against children cases but has not been funded since 2004.
The New Mexico Legislature passed HM 104 which authorizes a study of law enforcement body camera issues.
The Oklahoma Senate passed SB 1491, a bill which prohibits the operation of drones over certain property.
Pennsylvania Governor Tom Wolf signed SB 560 into law which provides exceptions for when a law enforcement agency can elect not to disclose an audio or video recording as well as procedures for requesting such recordings from law enforcement.
The Tennessee Legislature passed SB 1593, which prohibits the exclusion from a criminal trial of certain out-of-court statements made by a child under 12 years of age that describe any sexual act or act of physical violence directed against the child.
Utah Governor Gary Herbert signed HB 265, into law, which provides that recordings made by law enforcement officers while wearing a body-worn camera may not be retained by a private entity if that private entity has authority to withhold the recording or prevent its accessor disclosure.
The Vermont Legislature passed H. 615, which prohibits the use of drones near correctional facilities.
Washington Governor Jay Inslee signed SB 6408 into law, which provides that destruction of body worn camera recordings must be in accordance with the applicable records retention schedule and makes public records act provisions applicable to all law enforcement agencies that deploy body-worn cameras.
West Virginia Governor Jim Justice signed HB 3005 into law, which creates a felony criminal offense for operating a drone equipped with a lethal weapon or for operating a drone with the intent to cause damage or disrupt the flight of an airplane. The Governor also signed HB 4607 into law which requires drone operators to register before using a drone within state parks, forests and rail trails. In addition, Governor Justice signed SB 451 into law, which prohibits the use of a drone to wound, harass or transport wildlife.
The Wisconsin Legislature passed AB 855, a bill governing the operation of drones,. It prohibits a political subdivision from regulating ownership or the operation of a drone. It also prohibits the operation of a drone over a state correctional facility, prohibits the use of a drone with the intent to photograph or record in a place where an individual has a reasonable expectation of privacy and prohibits the operation of a drone that interferes with police or emergency services activity.
On the federal side, the CLOUD Act was signed into law as part of the omnibus spending bill, confirming law enforcement’s ability to obtain probable cause-based warrants for electronic communications stored abroad. It also provides an alternative to the current process for sharing Internet user information between countries, called MLAT, or a mutual legal assistance treaty. See NAAG letter signed by 36 Attorneys General in support of the Act and note under Attorney General initiatives in this newsletter.
The U.S. Senate passed H.R. 1865, previously passed by the House, which would make it a federal crime to use or operate a website to promote or facilitate prostitution. It would modify the Communications Decency Act to allow state attorneys general to prosecute such conduct under state laws that mirror federal prohibitions. See NAAG letter of August 16, 2017 signed b 50 Attorneys General urging Congress to amend the Act,
Attorney General Initiatives to Combat Cybercrime
Fifty-five Attorneys General sent a NAAG letter to U.S. House leadership urging them to pass a bill now that would make it easier for victims of child pornography to receive timely and meaningful restitution.
Forty-four Attorneys General filed an amicus brief in the U.S. Supreme Court supporting South Dakota in South Dakota v. Wayfair, Inc. South Dakota asks the Court to overturn its 1992 ruling preventing states from requiring out-of-state online retailers to collect sales tax owed on retail goods.
Thirty-six Attorneys General sent a NAAG letter to Congressional leaders to endorse the Clarifying Lawful Overseas Use of Data Act (“the CLOUD Act). The letter states their belief that passage of the Act should remain independent of other efforts to amend ECPA.
Twenty-three Attorneys General filed a petition for review in the D.C. Court of Appeals to block the FCC’s rollback of net neutrality.
Nineteen Attorneys General filed a brief urging a federal court in New Jersey to reject an unfair class action settlement against WTSO.com (Wines ‘Til Sold Out.com). The class action alleged misleading pricing on the website. The proposed settlement provides for a $1.7 million cash payout for the attorneys bringing the case, while the more than 200,000 consumers in the class only get a restrictive coupon for $2 off on purchases on the site.
Alabama Attorney General Steve Marshall announced a partnership between his office and the State Superintendent of Education’s office to provide cyber safety training for parents and school faculty on safe online practices for students.
Idaho Attorney General Lawrence Wasden’s Internet Crimes Against Children task force conducted a joint operation involving federal, state and local authorities and resulting in the arrest of five individuals who are each charged with online sexual enticement of a minor.
New Jersey Attorney General Gurbir Grewal and his Division of Consumer Affairs announced that the Bureau of Securities has issued an emergency cease and desist order to stop Bitcoin B2G, an online cryptocurrency-related investment entity, from fraudulently offering unregistered securities. The action was handled by Deputy Bureau Chief Amy Kopleton, Director of Examinations Stephen Bouchard and Bureau of Securities Legal Officer Delfin Rodriguez.
Utah Attorney General Sean Reyes announced that gambling organizations ITM Management, LLC and WC Management, LLC were each convicted of five misdemeanor counts each of promoting gambling and possessing a gambling device. Both were fined $10,000 and ordered to remove all gambling devices from the state. The investigation was led by Special Agent James Russell and the case was prosecuted by Attorney General Reyes’ Special Prosecutions Section.
Washington Attorney General Bob Ferguson filed charges against Salvador Sahagun, owner of several Tacos Guaymas restaurants, for allegedly using illegal “sales suppression” software for cash transactions to avoid remitting sales taxes.
Hedda Litwin is the Editor of the Cybercrime Newsletter and may be reached at 202-326-6022. The Cybercrime Newsletter is a publication of the National Association of Attorneys General. Any use and/or copies of this newsletter in whole or part must include the customary bibliographic citation. NAAG retains copyright and all other intellectual property rights in the material. For content submissions or to contact the editor directly, please e-mail firstname.lastname@example.org.