Featured Paper: Quis Custodiet Ipsos Custodes?

I'd like to highlight a new student paper by Craig Roush, a law student at Marquette University Law School. The full title is: Quis Custodiet Ipsos Custodes? Limits on Widespread Surveillance and Intelligence Gathering By Local Law Enforcement After 9/11. Craig analyzes the changes in intelligence and surveillance gathering after 9/11 and in particular, the way in which local law enforcement has become intricately involved in the process. He goes on to identify the implications of such practices on civil liberties, and concludes by offering...

Read More

11th Circuit finds reasonable a 25-day delay in submitting warrant application to search computer

In United States v. Laist, the Eleventh Circuit held that a government delay of 25 days from the defendant's revocation of consent to search a computer until a search warrant application was submitted did not violate the Fourth Amendment. The distribution of child pornography was tracked to the defendant's home, and law enforcement went to search. Upon arrival, the defendant admitted to possession of child pornography and signed a consent form allowing the search and seizure of his computer. A week later, the defendant withdrew his consent by...

Read More

$299 software allows decryption of volumes with FireWire attack or the computer's hibernation or memory dump file

Software developer Elcomsoft has released a $299 software package claiming to be able to decrypt BitLocker, PGP, and TrueCrypt volumes. The software is able to obtain encryption keys from the computer's hibernation file or memory dump file and can also perform a FireWire attack if the encrypted volume is mounted. Here's their description of how the keys are obtained: Generally, the choice of one of the three attacks depends on the running state of the PC being analyzed. It also depends on whether or not installation of a forensic tool is possible...

Read More

Vermont Supreme Court upholds search warrant conditions requiring screening in computer search

The Vermont Supreme Court has held that a judge may attach ex ante conditions to a search warrant in an attempt to protect privacy of those searched. The judge issuing the warrant had specified that a search of electronic devices had to be conducted through a third party and restricted evidence of crimes unrelated to the specified crime of identity theft from being shared with investigators. The court did, however, strike down a condition prohibiting the use of the plain view doctrine. In re Application for Search Warrant (2010-479), 2012...

Read More

Fifth Circuit strikes down Mississippi law making "non-harmful" caller ID spoofing illegal

In Teltech Systems, Inc. v. Bryant, No. 12-60027 (5th Cir. 2012), the Fifth Circuit held that a Mississippi law making it illegal to spoof caller ID information was preempted by a federal law which only made spoofing for harmful purposes illegal. In 2010, Mississippi enacted the Caller ID Anti-Spoofing Act which made it a misdemeanor for a person to spoof the identity or phone number of a caller. A federal law enacted later that year made it illegal to spoof such information "with the intent to defraud, cause harm, or wrongfully obtain...

Read More

Jones II: District court holds that SCA's lack of suppression remedy and the good faith exception allows admission of CSLI

In the continuing saga of the case against Antoine Jones, the DC district court has held that the use of Jones's cell site location information does not violate the Fourth Amendment. United States v. Jones, No. 05-0386 (D.D.C. 2012). In January, the Supreme Court ruled that location information acquired as a result of law enforcement placing a GPS device on Jones's car could not be used at trial as it violated the Fourth Amendment. During the initial investigation, law enforcement obtained both GPS data and cell site data but only sought...

Read More

Maryland appellate court applies good faith exception to GPS use because of prior adoption of Knotts rationale

The Court of Special Appeals of Maryland recently held that the good faith exception to the exclusionary rule from Davis applies to pre-Jones GPS use because of the state's adoption of the Supreme Court's decision in Knotts. Kelly v. State, Nos. 2479 & 2679 (Md. Ct. Spec. App. 2012). In case you're in need of a criminal procedure refresher, I'll go over what all of that means. First, we know that the Fourth Amendment generally requires a probable cause search warrant in order to conduct a search. Thus, we have to know what is...

Read More

WI Governor calls for GPS tracking of individuals with domestic violence restraining order against them

Since we talk a lot about GPS tracking, I thought this was an interesting proposal. As the article states, the recent Azana Salon shooting here in Wisconsin was committed by an estranged husband with a domestic violence restraining order in place. With the rash of recent shootings here in Wisconsin (Azana Salon and Sikh temple shooting), as well as the tragedy in Newtown, it appears politicians have been compelled to act. The question always remains, does the legislation or proposal alleviate the issue it is trying to achieve, or is it an overreaction...

Read More

WSJ releases study of website user data sharing with third parties

The Wall Street Journal has compiled a list of 70 popular American websites that require registration and analyzed them based on how they share user data. For each entry, they report whether the user's e-mail address, name, username, age, and zip code are shared and to which website(s) that information is given. Each entry also contains a response from the website as well as the recipient websites if they company responded to the WSJ's inquiry. In the study, they learned that the Wall Street Journal itself was sharing e-mail addresses and names...

Read More

Eighth Circuit holds testimony that adults rarely seek actual minors online can be impeached, affirms conviction

In United States v. Grauer, No. 11-3852 (8th Cir. 2012), the Eighth Circuit affirmed the conviction of a man for enticement of a minor and possession of child pornography over multiple arguments from the defendant. As part of an ICAC investigation, an Iowa deputy sheriff, pretending to be a 14-year-old girl, engaged in multiple instant messaging conversations with the defendant. The conversations were often of a sexual nature and involved the defendant sending pornography to the "girl," and the two ultimately decided to meet. The defendant was...

Read More

Anonymous announces plans to "destroy" Westboro Baptist, releases personal contact information for members

Hacktivist group Anonymous announced today the start of an attack on Westboro Baptist Church with the release of e-mail addresses, phone numbers, home addresses, and more for over fifty of the church's members. The announcement is in response to Westboro's announced plans to picket funerals in the wake of Friday's school shooting in Newtown, Connecticut. In a video released along with the contact information, the group announced: Since your one-dimensional thought protocol will conform not to any modern logic, we will not debate,...

Read More

Fifth Circuit surprises no one with decision that accessing another's text messages on their cell phone doesn't violate SCA

In Garcia v. City of Loredo, Texas, No. 11-41118 (5th Cir. 2012), the Fifth Circuit held that a person accessing text messages and images on the cell phone of another does not violate the Stored Communications Act (SCA). Those of you who have ever studied the SCA are certainly not surprised. Garcia worked as a police dispatcher, and the wife of a coworker took Garcia's phone from her locker at work. After finding text messages and photos that showed department policy violations, the coworker's wife set up a meeting with the deputy assistant city...

Read More

FBI job applicant fails polygraph, admits to CP possession, and asks if it would slow his application. It did.

Working for the Federal Bureau of Investigation is a dream of many Americans. The famed agency has - rather understandably - a difficult hiring process including a polygraph. I'm assuming questions concern possible crimes the job candidate has committed as well as generally making sure they are not a threat to national security. When Dominick Pelletier appeared for a job interview with the FBI, he was escorted to the polygraph room where the types of questions were explained to him. Pelletier became nervous about the potential for questions about...

Read More

Austrian Tor node operator's home searched in child pornography investigation

An Austrian man's home was recently and his computers seized in an investigation related to child pornography distribution. His involvement concerned the operation of Tor on his computer, which allowed others to hide their Internet activity by having their data encrypted and transmitted through others' computers.  Mr. Weber, likely to be charged with child pornography crimes, never actively possessed such files if this is true, though they may have been sent through his computer. In the Tor network, files are transferred along a...

Read More

Weindl: Why the court got it right, and the FBI agent/father shouldn't be viewed as a government agent

You'll have to forgive my co-blogger and me for turning our blog into a blog almost entirely about this Weindl case (United States v. Weindl, No. 1:12-CR-00017 (D.N.M.I. 2012), but as you're probably well-aware by now, it's an important case on the issues presented - and one likely to be appealed to the Ninth Circuit after the trial. It's not often that Justin and I disagree. But in this case, while I find noble his attempt to argue for strengthened privacy rights under the Fourth Amendment, I cannot say that I find his reasoning...

Read More

Weindl (FBI agent's spyware vs. principal) - Why the court got it wrong

In this second post, I will explain my reasons for believing the court's reasoning in Weindl was flawed. The Weindl case, as a quick recap, involved a principal (Weindl) who was caught with child pornography after using a laptop assigned to the son of an FBI agent (Auther); the laptop was returned by Auther with spyware on it. For my original write-up of the facts of the case, see: Principal caught with CP when FBI agent returns son's school laptop with spyware still on it; court denies suppression. I also wrote a quick follow-up...

Read More

District court upholds CSLI order with erroneous phone number, finds defendant doesn't have standing

In United States v. Cannon, No. 6:11-cr-02302 (D.S.C. 2012), the court held that a typographical error did not violate an order for cell site data and that the defendant's failure to prove he had an interest in the phone removed his ability to challenge the search for lack of standing. The defendant had been charged with multiple crimes related to the distribution of drugs. As part of the investigation, law enforcement obtained GPS data from his cell phone company. He filed a motion to suppress, arguing that the data was obtained in violation...

Read More

Weindl - FBI agent spyware v. principal attracts attention and misinformation

Since I wrote about United States v. Weindl on November 28th, Principal caught with CP when FBI agent returns son's school laptop with spyware still on it; court denies suppression, the story was picked up by Kashmir Hill at Forbes (by way of Eric Goldman), An FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn Searches, and from there spread like wildfire to various other sites. Today, Robert X. Cringely, on his Infoworld blog "Notes from the field" highlighted the story as well - School...

Read More

Cal. Court: Sex offender registration for CP but not statutory rape does not violate Equal Protection

In People v. Gonzales, No. E054886 (Cal. Ct. App. 2012), the Court of Appeals of California held that it is not a violation of the Equal Protection clause to require sex offender registration for child pornographers but not statutory rapists. The defendant pleaded guilty to possession of child pornography. The defendant had argued that the sex offender registration requirement violated the Equal Protection Clause because it did not require those convicted of statutory rape to register. The motion was denied during sentencing, and he was ordered...

Read More

Seventh Circuit develops rules for CP restitution cases, requires classification of offenders for calculation

In United States v. Laraneta, No. 12-1302 (7th Cir. 2012), the Seventh Circuit held that child pornography defendants who simply possessed images are only liable for restitution based on the limited amount of damage they caused. Distributors, however, are liable for the entire damages. Further, defendants may not seek contribution from others. The defendant had pled guilty to seven counts related to child pornography. The defendant was sentenced to thirty years in prison and ordered to pay over $4 million in restitution to two victims. The Seventh...

Read More

Highlighted Paper: Orin Kerr, The Mosaic Theory of the Fourth Amendment

This week I would like to draw attention to Orin Kerr's new article on Mosaic Theory, a theory which gained notoriety after the GPS tracking case United States v. Maynard and was later implicitly accepted by some justices of the Supreme Court in United States v. Jones. I have a personal interest in this topic, since my law review article, Car-ving out the Notions of Privacy: The Impact of GPS Tracking and Why Maynard is a Move in the Right Direction, focused on Maynard and Mosaic Theory as well. This blog has also discussed...

Read More

Principal caught with CP when FBI agent returns son's school laptop with spyware still on it; court denies suppression

This case will be discussed in two posts. In United States v. Weindl, __ F.Supp __ (D. N.M.I. Nov. 20, 2012), a Northern Mariana Islands federal district court denied suppression of evidence obtained when spyware installed on school-owned laptop (assigned to an FBI agent's son and later used by the principal) sent child pornography (CP) reports (alerts) to the FBI agent - evidence that led to charges against the school principal (two counts of receiving CP and two counts of possession of CP). There are three relevant issues in the case: (1) whether...

Read More

Government appeals GPS case to Third Circuit; groups file amicus arguing that warrant is required

As frequent readers of this blog have become well-aware, an interesting fight occurring throughout American courtrooms concerns the interpretation of the Supreme Court's Jones decision and the application of the good faith doctrine to that opinion. Some patterns have appeared, but there are many exceptions to each of them. One decision, United States v. Katzin, followed a pattern. Typically, if the jurisdiction of the search did not have binding precedent, the good faith exception does not save the search, and the evidence is suppressed. In...

Read More

Fifth Circuit reissues en banc CP restitution opinion, retains substance of the opinion

In October, the Fifth Circuit, in an en banc opinion, held that a victim of child pornography is not limited to recovery for losses proximately caused by the defendant. In re Amy Unknown, No. 09-41238 (5th Cir. 2012) (en banc). Under the opinion, victims can be awarded the full amount of damages from any individual defendant - even if he only came into possession over the Internet. The decision, which I discussed in a previous post, vacated and remanded the combined cases for the district court to reconsider damages. Each had been heard...

Read More

District court case provides road-map for what not to do under the Fourth Amendment

In Hatfield v. McDaniel, 2012 U.S. Dist. LEXIS (M.D. Ala. October 19, 2012), the court allowed the plaintiff's case alleging violations of section 1983 resulting from two illegal searches to proceed. The defendants were law enforcement officers and state/local entities that were party to the alleged Fourth Amendment violations. This is the closest case I've ever seen of what not to do under the Fourth Amendment: 1.  Facially invalid searchwarrant - check 2.  Search of computer (pursuant to facially invalid search warrant), which...

Read More

First Circuit holds that use of Yahoo!'s CP reports at trial requires author testimony under the Confrontation Clause

In United States v. Cameron, No. 11-1275 (1st Cir. 2012), the First Circuit held that certain reports prepared by Yahoo! and NCMEC as part of a child pornography investigation were testimonial, requiring the defendant to have the opportunity to confront the authors of those reports under the Sixth Amendment's Confrontation Clause. The court also held that Yahoo!'s investigation after an anonymous tip did not make it a government agent under Fourth Amendment law. The defendant was charged with multiple child pornography crimes after law enforcement...

Read More

Thanks!

Just wanted to write a quick note to thank all of you for reading Cybercrime Review. Justin and I are very appreciative for you continuing to read and for your encouragement, and we hope you'll continue to come back as we have some great things planned for Cybercrime Review's future. Happy Thanksgiving to all of you, and be sure to be extra careful deep frying your turk...

Read More

Congratulations to Jeffrey - he won 2nd place (and $2500) in the Shannon Bybee Scholarship Award

Please join me in congratulating Jeffrey on his latest achievement. He was informed yesterday that he was awarded runner-up in the International Association of Gaming Advisors (IAGA) competition for the Shannon Bybee Scholarship Award. His paper entitled "Cyber Thieves in Online Casinos" was determined by a committee of IAGA member attorneys to be of "outstanding merit," a fitting description which brings with it the honor of publication on the IAGA's website. Along with the publication, Jeffrey will receive a check for $2500. Congrats Jeffr...

Read More

"Egregious spoliation conduct" of plaintiff, who used various pieces of software to scrub his computer, results in claim forfeiture

Update: I've placed a link to the case in the write-up In Taylor v. Mitre Corp., 2012 U.S. Dist. LEXIS 162854 (E.D. Va. September 10, 2012), the plaintiff in an employment related suit (FMLA and ADA claims), through "egregious spoliation conduct" - use of CCleaner, Evidence Eliminator, and a sledge hammer - had his suit tossed out and forfeited his claims. The action was brought before the court on a Motion for Sanctions, filed by the defendant, after Mitre Corp. discovered (through a court ordered forensic examination of the plaintiff's computer)...

Read More