Tuesday, January 31, 2012

Tech Watch: Facebook Timeline creates security issues, possible phishing scams

For months, the Internet has been abuzz about Facebook's new Timeline feature. In addition to the redesigned profile, Facebook now gives you the ability to backdate posts - allowing you to add life events and tag them with an older date. As you can see at right (click for larger view), Facebook is asking for information about your relationships, children, pets, and more - even when you lost weight, had your first kiss, or moved into a new home. I...

Inventory search reveals evidence on digital camera; flash drive found under spare tire

The Court of Appeal of California has found an inventory search reasonable after police looked at images on a camera during the inventory. People v. Haraszewski, 203 Cal. App. 4th 924 (2012). A police officer was headed to lock the gate at a public beach, but was notified that a car remained there. The officer was notified that a 911 call reported a man and boy at the nude beach that "did not seem right." As he was driving to the parking...

Monday, January 30, 2012

6th Circuit affirms conviction under Sarbanes-Oxley for erasing Internet tracks

In United States v. Kernell, the Sixth Circuit held that by deleting evidence of defendant's hacking activities, he violated 18 U.S.C. § 1519 of the Sarbanes-Oxley Act. 667 F.3d 746 (6th Cir. 2012). The defendant used the forgotten password feature to obtain access to then-Governor Sarah Palin's personal e-mail account. Kernell was charged with, among other counts, violating § 1519, and he appealed that conviction. After Kernell obtained access to the account, he publicly posted the login information to 4chan. Soon thereafter,...

Technology companies partner to stop CP, phishing scams

Two recent partnerships of technology companies are working to combat cybercrime in the areas of phishing schemes and child pornography. Here's a brief overview of what they are doing. PhotoDNA Microsoft began working with NCMEC in 2009 to create software that could create a hash value for images of child pornography and then track that image despite being edited. The PhotoDNA technology divides the photo into a grid and develops...

Saturday, January 28, 2012

Ban of adult pornography struck down by 2nd Circuit

One of the most common conditions of supervised release to be vacated on appeal is one related to a ban of pornography - adult or child. In United States v. Magner, 455 Fed. Appx. 131 (2nd Cir. 2012), the Second Circuit vacated and remanded a condition that prevented access to "any 'website depicting images of nude adults or minors.'" Noting that this could forbid access to, for example, "art museum websites," the appeals court found it too vague. In a Sixth Circuit case (discussed here in a previous post), the court struck down a ban on any...

Friday, January 27, 2012

Sixth Circuit vacates release conditions in CP case

In United States v. Inman, 666 F.3d 1001 (6th Cir. 2012), the court vacated and remanded a supervised release conditions in connection with a conviction of possession of child pornography. The court reviewed the conditions for plain error and found the following mistakes: Forbiddance of drinking alcohol and requirement of reporting all prescription drugs to the probation officer was not warranted as there was no history of alcohol or drug dependence. Also, the statute does not allow a total ban of alcohol. Ban for life of "any device capable...

Fifth Amendment held not violated by forced disclosure of unencrypted drive

The Colorado District Court is the latest to weigh in on the popular issue of whether a person can be forced to disclose a password or unencrypted files. In United States v. Fricosu, the court found that the defendant's Fifth Amendment right is not implicated by requiring production of an unencrypted version of the files. 2012 U.S. Dist. LEXIS 11083 (D. Colo. 2012). After law enforcement seized six computers from the defendant's home, they were unable to break the encryption on one of the computers. The defendant refused to provide the password,...

Thursday, January 26, 2012

Panel compares use of file-sharing program to leaving box of treats in a common area

A common issue for appeal in child pornography sentencing cases is whether the "thing of value" requirement under U.S.S.G. § 2G2.2(b)(3)(B) can be satisfied by showing simply that the defendant (1) had images of child pornography and (2) used file-sharing software. The five-level enhancement is applicable if the defendant distributed child pornography, but some courts hold that proof of distribution is not necessary as long as those two elements are met. (Read a prior post here concerning this dispute in the 8th and 11th Circuits.) Eighth...

Wednesday, January 25, 2012

Missouri appellate court finds reasonable expectation of privacy in text messages, adopts Warshak

The Missouri Court of Appeals has adopted the reasoning of the Sixth Circuit in Warshak, finding a reasonable expectation of privacy in text messages held by a third party. State v. Clampitt, 2011 Mo. App. LEXIS 1741 (Mo. Ct. App. 2012). The defendant, James Clampitt was charged with involuntary manslaughter after a car accident. Investigators used subpoenas (apparently under a state statute as opposed to the SCA) to obtain his text messages and phone records beginning with the date of the accident and for a few weeks thereafter, hoping...

Arguments that just don't cut it (Part II)

Here's the second installment of the bad arguments collection. It's not that they are entirely implausible, but just that courts are not likely to believe and use as evidence, for example, that dogs can sense the act of wiretapping. Plaintiff claimed he knew that HP was checking his voicemail in violation of the Wiretap Act when his "German shepherd, Duke, had his ears perked and was staring wildly at Plaintiff's Motorola router." Dunahoo v. Hewlett-Packard...

Tuesday, January 24, 2012

June 6 announced as IPv6 launch day

Many major Internet companies have joined efforts in pursuit of the move to IPv6, announcing June 6, 2012 as the world launch day. This is, however, simply a launch and not a full move. In order for companies to participate, they must meet certain requirements depending on the nature of their business. ISPs must enable IPv6 for at least 1% of their customers Equipment manufacturers must enable IPv6 by default in their products Websites must permanently...

Monday, January 23, 2012

SCOTUS rules on GPS usage by law enforcement, finds practice to be a Fourth Amendment search

The Supreme Court ruled today in United States v. Jones (2012 U.S. LEXIS 1063) that installation and use of GPS by law enforcement to track a vehicle constitutes a search under the Fourth Amendment and requires a warrant if the search would otherwise be unreasonable. That part is unanimous. However, the majority's ruling is very narrow, finding the search occurred because of physical trespass rather than finding a violation of Jones's reasonable expectation of privacy. The Court did not determine the reasonableness...

Sunday, January 22, 2012

Tech Watch: TrueCrypt provides open source file encryption, hidden drives

In 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries. TrueCrypt is open source software that provides file and drive encryption. Their website claims that cracking the password "could take thousands or millions of years." The program enables a user to create hidden volumes, hidden operating systems, use pre-boot authentication, and virtual...

Friday, January 20, 2012

Judge denies discovery request for Facebook data

A federal magistrate has denied a motion to compel Facebook records in a slip and fall case. The plaintiff claimed back injuries, but the defendant suggests the plaintiff might be faking some of her injuries (they have a surveillance picture of her pushing a grocery cart). Tompkins v. Detroit Metro. Airport, 2012 U.S. Dist. LEXIS 5749 (E.D. Mich. 2012). The court found that the Facebook data is not relevant because the plaintiff is not alleging that damages that prevent her from, for example, pushing a grocery cart. "If the Plaintiff's...

Eleventh Circuit decides interstate commerce proof debate, disavows Tenth Circuit opinion

The Eleventh Circuit has weighed in on a developing circuit split - specifically whether the prosecution must prove that a defendant's particular copy of an image of child pornography was obtained over the Internet and therefore traveled in interstate commerce. Finding that the "particular images" approach was an inaccurate interpretation of federal law, the court affirmed the judgement because the original images had been created in another state. United States v. Schaff, 454 Fed. Appx. 880 (11th Cir. 2012). The defendant had attempted to delete...

Thursday, January 19, 2012

Illinois court determines e-mail with five images of CP only allows one count

In a recent Illinois case, four counts of child pornography possession were vacated on appeal. The defendant had received five images in a single e-mail. Under the appellate court's interpretation of state law, this amounts only to one violation of the relevant statute. People v. McSwain, 964 N.E.2d 1174 (2012). Many states would allow for five counts in this situation. See, e.g., Commonwealth v. Davidson, 938 A.2d 198 (Pa. 2007)....

Court finds camera not a closed container, search incident to arrest was unconstitutional

An Oregon federal court has found that a search incident to arrest violated the Fourth Amendment because exigent circumstances did not exist. Schlossberg v. Solesbee, 2012 WL 113746 (D. Or. 2012). The plaintiff argued in a Section 1983 claim that his rights were violated by his arresting officer when the officer searched his camera. Closed Containers First, the court evaluated whether a camera is a closed container. If you are unfamiliar with the debate, this often comes up with cell phones. If the phone is considered a closed container,...

Wednesday, January 18, 2012

Court reverses identity theft conviction for stolen wallet

The Washington Court of Appeals has reversed a conviction of identity theft, finding that no evidence was presented to prove the defendant would use an identification card and credit card to commit a crime. State v. Williams, 2012 Wash. App. LEXIS 57 (2012). The defendant had stolen a wallet containing a credit card, identification card, and over $200 cash. Subsequently, he was charged with identity theft and theft. On appeal, the court...

Hard drive abandoned after owner left it in his home for an extended period of time

The conviction of an Ohio man has been reinstated after the Ohio Supreme Court found his hard drive to be abandoned and thus not protected by the Fourth Amendment. State v. Gould, 2012 Ohio 71 (2012). In December 2005, the defendant moved his belongings into his mother's house. He left his hard drive with her and told her not to "let anybody get their hands on it." When he moved six months later, he took all of his things except the hard drive....

Nebraska court allows father visitation rights in prison after attempted sexual assault conviction

The Nebraska Court of Appeals reversed a custody order that forbade in-prison visitation rights to the father after he was incarcerated for possession of child pornography and attempted sexual assault. Robey v. Robey, 2012 Neb. App. LEXIS 9 (2012). The victim of the attempted assault was a neighborhood child. While it is known that the children were in the room when the act occurred, it appears the children were unaware it was happening. At...

Tuesday, January 17, 2012

The Pirate Bay to abandon torrents, provide magnet links

The Pirate Bay, a popular torrent website, will stop providing users with torrents next month. Instead, they will only offer users magnet links. For some time now, P2P users had to download a torrent in order to then download their content of choice (be it legal or not-quite-so legal). The torrent file contained metadata about the intended download that allowed the software to connect to other users with the file. This metadata includes...

Monday, January 16, 2012

6th Circuit vacates sentence after judge "splits the difference" in enhancement dispute

In United States v. Johnson, 446 Fed. Appx. 798 (6th Cir. 2012), the Sixth Circuit vacated and remanded the sentence of a man convicted of transportation, transfer, and possession of child pornography. In 2001, the defendant was convicted of transmitting child pornography and using a facility in interstate commerce to attempt to persuade a minor to engage in sexual activity. As it turned out, the minor was an FBI agent. Upon release from prison and completing two years of supervised release, the defendant showed that he hadn't quite learned...

Sunday, January 15, 2012

Appellate court addresses multiple issues in CP case

A recent Eleventh Circuit case presents a myriad of issues. In United States v. Cray, the defendant appealed his convictions of receipt and possession of child pornography. 450 Fed. Appx. 923 (11th Cir. 2012). He had subscribed to a website providing child pornography for $79.99 per month, and law enforcement tracked his actions on the site back to his ISP account. Among his arguments for reversal were: An argument that obtaining his IP subscriber information was a violation of the Wiretap Act, and thus suppression of...

Wednesday, January 11, 2012

11th Circuit vacates sentence, finds swapping CP on P2P network not per se "for valuable consideration"

The Eleventh Circuit has vacated and remanded a sentence that included a five-level enhancement because it found the defendant had not received "a non-pecuniary thing of value" in exchange for sharing child pornography on a peer-to-peer network. United States v. Spriggs, 666 F.3d 1284 (11th Cir. 2012). The defendant pled guilty to receipt of child pornography, and a five-level enhancement was applied "for distribution of illicit images for the receipt, or expectation of receipt, of a non-pecuniary thing of value" at sentencing. The court...

Tuesday, January 10, 2012

Judge finds guidelines flawed, Sixth Circuit vacates sentence

The Sixth Circuit has vacated and remanded the sentencing of a defendant after the district court imposed one day in jail and ten years supervised release for possession of child pornography because the judge objected to the sentencing guidelines. United States v. Bistline, 665 F.3d 758 (6th Cir. 2012). After pleading guilty to the possession of 305 images and 56 videos of child pornography, the district court refused to follow the guidelines range of 63 to 78 months' imprisonment because it felt "that 'the guidelines for possession of child...

Monday, January 9, 2012

Chats between defendant and minors found inadmissible in sexual exploitation of minors case

A North Dakota man has been charged with attempted sexual exploitation of his two minor stepdaughters. Videos reveal that he used his cell phone to record the girls showering. The defendant claims he was videoing them because "he was concerned that they were taking nude pictures of themselves and texting them to friends." United States v. Rambough, 2012 U.S. Dist. LEXIS 1781 (D.N.D. 2012). At issue is whether chat logs should be admissible where defendant, claiming to be a 19-year-old woman, communicated with both minors and adults....

Friday, January 6, 2012

Tracking computer usage, free credit monitoring, and digital forensics guides from corporations

I have collected several random stories recently that do not deserve their own post alone, but that I thought should be shared. From Lifehacker, this post shows you how to see if someone has been using your computer when you were not around. Using the Windows Event Viewer, users can see system logs detailing each time the computer boots or wakes from sleep or hibernation. This isn't an endorsement nor do I really know much about this service, but Lifehacker did an article about Credit Karma, a credit monitoring service that notifies you of changes...

Thursday, January 5, 2012

Malware steals credit card info, hides charges in online banking

As Mashable reports, new malware can steal your credit card information when you make purchases online, and after using it for fraudulent purposes, it can also hide those charges from your bank statement when you check your account online. Sounds like some pretty advanced stuff. Here's the video for slightly more info (apologizes for the embedded commercial). ...

Tuesday, January 3, 2012

UK study reveals 33% of divorce petitions cite Facebook as a problem

In a study conducted by Divorce Online in the United Kingdom, 33% of divorce petitions filed in 2011 used Facebook posts as evidence of behavior that led to the breakup (up from 20% in 2009). There were three main reasons that Facebook was mentioned: Inappropriate messages to members of the opposite sex.  Separated spouses posting nasty comments about each other.  Facebook friends reporting spouse’s behavior. I'm sure that we have all seen our Facebook friends posting horrible things about their spouses, but I'm also sure that...

Sunday, January 1, 2012

New year presents new challenges

The year 2011 brought about many new or advanced challenges in the cybercrime field. Some of the big headliners included: With the closing of Reddit's "jailbait" section, many websites have begun to move away from semi-anonymous postings. Several have integrated Facebook to require users to post to sites within their Facebook accounts. Of course, websites are protected by the Communications Decency Act, but making the swap certainly brings much less headache. The group "Anonymous" began attacks as early as 2006, but their acts expanded greatly...

Ninth Circuit finds standing to challenge government's alleged communications dragnet

In a lawsuit alleging "widespread warrantless eavesdropping" in violation of the Foreign Intelligence Surveillance Act, the Electronic Communications Privacy Act, and the Stored Communications Act, the Ninth Circuit has reversed and remanded the lower court dismissal on standing grounds. Jewel v. NSA, 673 F.3d 902 (2011). The suit, backed by the Electronic Frontier Foundation, alleged "that the government[] operated a "dragnet collection" of communications records by 'continuously soliciting and obtaining the disclosure of all information...