Thursday, August 25, 2011

LoJack interception declared wiretap under ECPA

An Ohio district court recently found that using LoJack software to gain remote access to a stole computer may violate the Electronic Communications Privacy Act (ECPA).

In Clements-Jeffrey v. City of Springfield, Ohio, 2011 WL 3678397 (S.D. Ohio 2011), the school district was being sued for violation of the ECPA. After learning that the laptop was stolen, recover officers began to intercept email, record keystrokes, and capture screen shots. Ultimately, they were led to the new owner (a substitute teacher with the school) who did not realize the laptop had been stolen, but had purchased it from a student.

The court held that it would be okay to report IP addresses or geographic location, but that the wiretapping that occurred in this case was a violation of the ECPA. Further, "[t]he ECPA carves out no exception allowing a private entity to intentionally intercept electronic communications for the purpose of gathering information to facilitate recovery of a stolen laptop." The court also denied an existence of a good faith defense.

Monday, August 22, 2011

NY Bar releases best practices guide for E-Discovery

The New York State Bar Association recently released a best practices guide (PDF available here) to help practitioners better understand this often murky area. The guide is particularly helpful with regard to the form in which electronically stored information (ESI) should be produced as well as the steps a party should go through in a search for documents within a discovery request.

Thursday, August 18, 2011

9th finds evidence of sexual abuse not related to CP

A search warrant was executed on Dougherty's home seeking evidence of child pornography. The only evidence demonstrated by law enforcement in its showing of probable cause was evidence of the suspect's attempted child molestation charge. The officer stated that in his experience, the two were connected. However, the Ninth Circuit found that probable cause did not exist. But because the issue is a circuit split, the officers were entitled to qualified immunity. The case is Dougherty v. City of Covina, 654 F.3d 892 (9th Cir. 2011).

The Second Circuit has held that crimes involving sexual abuse of children do not relate to child pornography. United States v. Falso, 544 F.3d 110 (2d Cir. 2008). The Sixth Circuit concurs. United States v. Hodson, 543 F.3d 286 (6th Cir. 2008). The Eighth Circuit, however, has found "[t]here is an intutive relationship between" such acts. United States v. Colbert, 605 F.3d 573 (8th Cir. 2010).

Tuesday, August 16, 2011

911 to accept text messages, pictures, and video

The FCC announced a five-step plan to ultimately support acceptance of "emergency-related voice, text, data, photos, and video." But first, they plan to enable automatic retrieval of location data.

The benefits of this plan are profound. Suppose hostage victims are able to text but not make a phone call. Rather than having to send a text to a friend or family member to have it relayed, they can correspond directly with 911 - even sending pictures and videos of what is happening inside.

To take it a step further, what does it do to trial evidence? 911 phone calls are usually admissible under the present sense exception to the hearsay rule. Would multimedia messages including pictures and video be admitted as "a statement describing or explaining an even or condition made while the declarant was perceiving the event or condition, or immediately thereafter?" (FRE 803(1)).

Several local 911 programs already accept text messages such as Chicago and Black Hawk County, Iowa.

The FCC's press release is available here.

Friday, August 12, 2011

Cell site data denied to help execute arrest warrant

The government was denied cell site location information that would have helped it execute an arrest warrant because it was protected by the Fourth Amendment and not considered "electronic communication" under the SCA. In re United States ex rel. an Order Authorizing Disclosure of Location Information of a Specified Wireless Telephone, 2011 U.S. Dist. LEXIS 85638 (D. Md. 2011).

The court first analyzed the Fourth Amendment argument, finding that an individual has a reasonable expectation of privacy in their location and movement. Thus, a search warrant would be necessary. However, in order to get a search warrant to obtain this information, evidence showing risk of fight would be necessary. Other arguments denied were under Rule 41, the SCA (finding that the SCA does not govern cell site location data), and the All Writs Act.

"The government's arguments, if credited, would allow law enforcement to obtain location data on any subject of an arrest warrant ... [whether] charged with a misdemeanor or a felony ... so long as law enforcement had reason to believe that the source of the location data ... was in the possession of the subject. Some might say that this is an appropriate use of a new technology in the service of more efficient and effective law enforcement. Others might say it is an unnecessary use of a new technology in a society already subjected to pervasive surveillance. The Court understands the tension. Regardless of individual views, the law does not currently sanction the requested acquisition of location data in these circumstances."

Wednesday, August 10, 2011

SNS printout authentication attempt struck down

In State v. Eleck, 23 A.3d 818 (Conn. App. Ct. 2011), the defense sought admission of a Facebook messaging conversation between the defendant and a witness for the prosecution. The witness admitted that the messages were sent to her account, but she was not the author. Rather, her account had been hacked. The defendant claims that he was removed as the witness's Facebook friend days later, but the witness claims she still did not have access to her account. Ultimately, the trial court found that the messages were not properly authenticated and were thus inadmissible.

The appellate court affirmed, finding that there was not enough circumstantial evidence to authenticate the printout. Citing a variety of cases from other states (the issue was one of first impression for the court), the court essentially made it impossible to admit any evidence from an Internet source without an admission from the author.

Barring discovery and financial issues, here are some ways it possibly could have been authenticated:
  • Internet cache connecting the postings to the witness's computer. (Commonwealth v. Purdy, 945 N.E.2d 372 (Mass. 2011))
  • Facebook representative testimony connecting the messages to witness's IP address at the time. Griffin v. State, 2011 Md. LEXIS 226 (2011)
  • Unique information others would not have been aware of. (Commonwealth v. Purdy, 945 N.E.2d 372 (Mass. 2011); Commonwealth v. Amaral, 78 Mass. App. Ct. 671 (2011))
UPDATE: The Connecticut Supreme Court has since granted defendant's appeal with regard to this issue (302 Conn. 945 (2011)).