Wednesday, February 29, 2012

Fricosu's co-defendant provides law enforcement with encryption password

For those of you following the Fricosu drama, you'll be saddened to hear that it is now over. Fricosu's co-defendant recently provided law enforcement with the password for the encrypted drive, and Fricosu's attorney received a copy of the files from the drive today.

Here's a rundown of the history. A Colorado federal court ordered Fricosu to provide law enforcement with the password or an unencrypted copy of the files by February 29. Earlier this month, Fricosu's attorney suggested that she may have forgotten the password. She appealed to the Tenth Circuit, but they declined because there was no final judgment in the case. Last week, it was rumored that Fricosu's co-defendant (her ex-husband) had turned over the password.

Also last week, the Eleventh Circuit held that compelling disclosure of unencrypted files could violate a defendant's Fifth Amendment rights.

Tuesday, February 28, 2012

Indiana newspapers may be ordered to release commenter identity in defamation suits

I'm sure we all agree that one of the greatest achievements of the Internet has been to allow common folk to anonymously comment on newspaper articles. The good people of this country have managed to use that feature without resorting to bigotry or defamation, right? Well, maybe not in Indiana.

In In re Indiana Newspapers Inc. v. Junior Achievement of Cent. Indiana, the Indiana Court of Appeals addressed whether a newspaper can be compelled to disclose the identity of an anonymous commenter to a plaintiff in a defamation suit. 2012 WL 540796 (Ind. Ct. App. 2012). The court considered Indiana's Shield Law, which "provides an absolute privilege to the news media not to disclose the source of any information obtained in the course of employment," the Indiana Constitution, and the United States Constitution.

The court held:
Under our Shield Law, we hold that an anonymous person who comments on an already-published online story and whose comment was not used by the news organization in carrying out its newsgathering and reporting function cannot be considered "the source of any information procured or obtained in the course of the person's employment or representation of a newspaper" .... Under the United States Constitution, to strike a balance between protecting anonymous speech and preventing defamatory speech, we adopt a modified version of the Dendrite test, requiring the plaintiff to produce prima facie evidence of every element of his defamation claim that does not depend on the commenter's identity before the news organization is compelled to disclose that identity. With this test being called the most speech-protective standard that has been articulated and neither party advocating a different test, we adopt the modified version of the Dendrite test under the Indiana Constitution as well.

6th Circuit remands sentence of one day in custody for CP possession

In United States v. Robinson, 669 F.3d 767 (6th Cir. 2012), the Sixth Circuit vacated and remanded the sentence of a defendant who had been ordered to serve only one day in custody after pleading guilty to child pornography possession.

The defendant had possessed 7,100 images of child pornography including bondage, torture, and rape of prepubescent children and was sentenced to one day in custody, five years' supervised release, and a $100 special assessment.  Because of enhancements, the recommended sentence had been 78 to 97 months.

The court had been persuaded by psychologist testimony suggesting that the defendant was not addicted to pornography, did not have sexual fantasies or desires related to children, and did not appear to be a pedophile.  Citing the unlikeliness of recidivism, his employment history, age, attitude, and criminal history, the court imposed the downward variance, and the government appealed.

The Sixth Circuit found that the sentence was substantively unreasonable for multiple reasons. While child pornography is generally a serious crime, the number and content of the images made it even more so. Thus, it did not "reflect the seriousness of his crime, promote respect for the law, or provide just punishment for his offense." Also, the sentence "undermines the purpose of general deterrence" as it would not "meaningfully deter anyone else." Lastly, it is unreasonable due to the disparities that exist with sentences in similar cases.

Monday, February 27, 2012

FBI forced to remove 3,000 GPS devices after Jones

The Wall Street Journal reports that in the aftermath of the Jones decision (discussed here), the FBI was forced to remove about 3,000 GPS devices around the country because they had been placed without obtaining a search warrant. In some situations, the devices had been disabled and were thus lost, requiring the FBI to obtain a warrant in order to reactivate them and determine their location.

Limitations of the recent 11th Circuit compelled decryption case

One more post about encrypted drives, and then I promise I will move on. Many privacy advocates have been overjoyed by the recent Eleventh Circuit decision (discussed here), but as with all technology issues, we have to be careful with our understanding of the case. That decision can be much narrower than many think, and the evolution of technology is certain to restrict it.

First, the decision only applies to encrypted drives. Possibly only to drives protected by TrueCrypt or similar software. And, more importantly, it likely only applies to situations in which the password is text. "Passwords" that are entered with a fingerprint or facial scan are not likely to be protected under the Eleventh Circuit's ruling.

The Supreme Court has held, "The touchstone of whether an act of production is testimonial is whether the government compels the individual to use 'the contents of his own mind' to explicitly or implicitly communicate some statement of fact." Curcio v. United States, 354 U.S. 118, 128 (1957). Thus, "the Fifth Amendment privilege is not triggered where the Government merely compels some physical act, i.e., where the individual is not called upon to make use of the contents of his or her mind. The most famous example is the key to the lock of a strongbox containing documents."

Thus, the argument accepted by the Eleventh Circuit is that having to use the password to decrypt the files is not a "physical act" but uses the "contents of his or her mind." With fingerprints or retina scans, however, there would be no Fifth Amendment violation because it would be akin to providing a key (see Hubbell, 530 U.S. 27 (2000)).

Another restriction of this holding is that it does not apply if the government knows the contents of the drive. Suppose the browser history shows that files were downloaded to an external drive that does not appear when the drives are connected. Many courts would likely assume that the files were located on the inaccessible encrypted partitions. Thus, the government has the file name and content - they only need to show the possession. In this case, a password could likely be compelled because "the Government can show with
'reasonable particularity' that ... it already knew of the materials, thereby making any testimonial aspect a 'foregone conclusion.'" I have not seen this argument play out, but I would imagine at least some courts would agree.

Sunday, February 26, 2012

Why can't investigators just hack encrypted drives? With unlimited resources and time, they can

I blogged yesterday about the Eleventh Circuit case finding that compelling a defendant to provide an unecrypted copy of files would violate the Fifth Amendment. The drives in that case were encrypted using TrueCrypt (which I've discussed here).

To better understand the reason why law enforcement cannot simply "crack" the encryption, I wanted to better explain the situation. It can certainly be done through what is called a "brute-force attack" which would essentially develop a list of every possible password and try each one. The longer and more complicated the password, the longer it would take. Thus, adding length, capital letters, numbers, and symbols greatly increases the complexity. The type of security used also modifies the complexity. The attack will first attempt to use dictionary words, and the entire English language could be checked in a few minutes. Of course, there's the possibility that the password will be guessed early on, but there are no promises.

Suppose a drive was encrypted using a fairly average but secure password - 1 upper case letter, 6 lower case, 1 number, and 1 special character. A brute force attack could try the 2.5 trillion possibilities in about 3 days using only one computer.

If we upgrade the password to 3 upper case, 8 lower case, 2 numbers, and 1 special character, there are almost 12 quintillion combinations. Using one computer to crack it would take about 40,000 years (using modern-day computers), but if you could dedicate 100,000 computers to the task, it could be done in about 6 months.

Since TrueCrypt passwords can be up to 65 characters, these times could easily extend into millions of years.

For a handy spreadsheet to calculate your password's security, click here for one from Mandylion Research Lab. I make no promises that the calculations are accurate because the math is much to complex for me!

UPDATE: Thanks to a reader comment, I've been directed to Gibson Research Corporation's calculator (by Steve Gibson). The page contains a lot of great information on password strength and some helpful and interesting links. Thanks for the tip!

Saturday, February 25, 2012

CP defendant appeals sentence, 6th Circuit affirms

In United States v. Cunningham, the defendant made several interesting arguments on appeal concerning his child pornography sentence, but the Sixth Circuit affirmed the sentence. 669 F.3d 723 (6th Cir. 2012). These appellate court held:
  • The § 2G2.2 enhancements are reasonable despite defendant's arguments concerning how often they are applied and lack of empirical grounding.
  • The sentencing court preparing its opinion prior to the hearing was "disconcerting" but okay because the court had "carefully scrutiniz[ed] the parties' arguments and evidence."
  • Reliance on recidivism data was reliable despite being applied in nearly every child pornography case. The defendant argued that he had a low risk of recidivism because he had "voluntarily delete[d] his child pornography." Defendant had been severely depressed, but the court noted that most people with depression "do not resort to online communities of child pornography to address their loneliness."
  • Defendant's psychological assessment showing multiple disorders did not entitle him to a lower sentence. The court found that the report did not distinguish him from people who have had depression that did not resort to viewing child pornography.
  • A video showing the defendant using a picture of a child to act out a sexual fantasy was properly used as evidence. This information was helpful to understanding his "history and characteristics" and potential danger to children in the future.
  • Argument that the district judge sentenced the defendant "on the basis of passion and outrage" after viewing the defendant's child pornography collection was insufficient. It was appropriate for the judge to view the images, and the judge's shock was understandable.

11th Cir. finds Fifth Amendment violation with compelled production of unencrypted files

The Eleventh Circuit held that compelled production of unencrypted files violates the Fifth Amendment as it would be testimonial, and the "foregone conclusion" doctrine does not apply. In Re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, 671 F.3d 1335 (11th Cir. 2012).

The case began with a child pornography investigation after videos of underage girls were found on YouTube. Officers seized multiple external hard drives and determined that parts of them were encrypted using TrueCrypt (discussed here). A grand jury subpoena was issued to require production of an unencrypted copy, and the defendant refused to comply and was held in contempt.

Whether the production was testimonial was the key issue examined by the Eleventh Circuit. The government argued that "all it wanted Doe to do was merely to hand over pre-existing and voluntarily created files, not to testify." The court agreed, finding that the files alone are not testimonial. The act of production, on the other hand, "would sufficiently implicate the Fifth Amendment privilege."

The court reached this conclusion after finding that it would not be a physical act like providing a key for a safe, but "would require the use of the contents of Doe's mind. Also, the purported testimony was not a "foregone conclusion" because the government does not even know what is on the drive - it may be nothing. Neither do they know that Doe is capable of accessing the files.

Also, the court held that testimony could be compelled with sufficiently granted immunity, but that was not given to Doe. In order to compel the production, "use and derivative-use immunity" must be provided.

Certainly a key to this outcome is the way in which TrueCrypt works. When a volume is encrypted using this software, there is no way to tell whether the volume is full or empty without knowing (or breaking) the encryption key. Since breaking the key may take hundreds of years, it is likely impossible to know what, if any, files are on the drive through a forensics investigation. These drives could have contained millions of files, preventing the government from knowing with any specificity what was on it. Encryption for individual files (as opposed to an entire drive or partition), on the other hand, would likely not bring this same result.

This decision comes just days after the latest ruling in the related Fricosu case from the Tenth Circuit (read more here).

Friday, February 24, 2012

3rd Circuit affirms CP conviction, creates privacy rule, and makes it impossible to satisfy that rule

In United States v. Coates, 2012 U.S. App. LEXIS 3582 (3rd Cir. 2012), the Third Circuit affirmed a conviction for child pornography offenses. Coates had consented to the viewing of a text message on his phone, but the officer detoured through Coates's pictures, finding images of child pornography.

Coates had notified police that he was receiving text messages from a person threatening to kill his friend, and he took his phone to the local police station. An officer continued talking with Coates and apparently touching random buttons on the phone without looking at it. All of a sudden, he looked down and saw child pornography on the screen. Coates was charged and convicted on multiple child pornography counts.

According to the officer, he received the phone in a closed position, but Coates claimed it was open and displaying the text messages. An inmate testified that the officer had told him he "planned to 'beat it on a technicality'" because the surveillance video had inadvertently been lost.

On appeal, the appellate court found that Coates did not possess a legitimate expectation of privacy in his cell phone. For Coates to have maintained his privacy, he should have navigated to the message before handing his phone to the officer, or in the alternative, instructed the officer on how to navigate to the text message. What seems odd, however, is that the officer "testified that as Coates was sliding the phone through the slot, Coates told him that the message would be in his 'messages,' and that it 'should be the first message.'" I'm not sure how he could have explained it better. Thus, the court requires "instructions on how to manipulate [the phone]," but the officer testifying that such instructions were given is insufficient.

Of course, another issue is that text messages will not be found in the pictures folder, and thus consent to read the message properly restricted access. The court found that consent was given "to navigate his phone to reach the text message, which is precisely what Officer Persing did," but the images were "in plain view when he looked at the phone."

I understand the court's point - we don't want people producing child pornography of their children. But why do they create a rule providing for an expectation of privacy that is met by the facts of the case, and then deny that an expectation of privacy existed?

Thursday, February 23, 2012

10th Cir. denies interlocutory appeal on forced drive decryption in Fricosu

In previous posts (here and here), I have discussed the case of United States v. Fricosu where a federal judge has ordered the defendant to provide a decrypted copy of her hard drive to federal investigators. Just after the order, Fricosu claimed that she may have forgotten the encryption key. The deadline for providing the copy is later this month.

Meanwhile, she has appealed to the Tenth Circuit on the issue. The appellate court dismissed the appeal, finding they have no jurisdiction due to a lack of a final decision from the district court.

Tuesday, February 21, 2012

Conn. court finds no expectation of privacy in employee computer

In Dickman v. Warden, the Superior Court of Connecticut held that an employee had no reasonable expectation of privacy in her work computer despite the company not following their policy for obtaining those files. 2012 Conn. Super. LEXIS 257 (Conn. Super. Ct. 2012).

Dickman was suspected of worker's compensation fraud and using her work computer to conduct private business. As a result, her employer obtained files from her work computer and turned them over to the local prosecutor. The prosecutor found evidence of falsified probate documents, and Dickman was ultimately convicted of forgery.

On appeal, Dickman claimed that she had a reasonable expectation of privacy in her work computer. The computer was not shared but was in a shared area. Also, the employer had a policy allowing entrance into the computer for criminal investigations or where there was a credible allegation of policy violations. The latter required approval from a committee as well as the vice president, a process which was not followed in this case.

The appellate court ruled that despite the policy not being strictly followed, Dickman could not claim to have a reasonable expectation of privacy because "an employee such as petitioner would reasonably be aware that such information stored on the computer could be retrieved on such an allegation" as worker's comp fraud or conducting private business.

Saturday, February 18, 2012

Court strikes down Louisiana law banning social networking use by sex offenders

A federal court struck down a Lousisiana law that forbade certain sex offenders from accessing social networking websites after finding the statute to be "substantially overbroad." Doe v. Jindal, 2012 U.S. Dist. LEXIS 19841 (M.D. La. 2012).

In 2011, Louisiana enacted a law titled "Unlawful use or access of social media" that made it illegal for registered sex offenders whose victim was a minor to use social networking, chat rooms, or peer-to-peer networking. However, if the offender obtains permission from their probation or parole officer, access to these sites would be allowed.

The plaintiffs argued that the law is overbroad and would have the effect of banning news websites, YouTube, Gmail, LinkedIn, USAJOBS, and others because they allow for communication through "comments and content forwarding." The state countered, arguing that the plaintiffs do not have standing because they have yet to seek permission to use the sites.

The court found that because of the self-censorship required of the plaintiffs, it has had a chilling effect on their First Amendment rights. The statute does not specify how permission will be granted or how offenders no longer under supervision will obtain permission, creating jurisdictional issues. While there is a "legitimate interest in protecting children from sex offenders online," the statute is "substantially overbroad" and unconstitutional.

Thursday, February 16, 2012

Two CP convictions vacated on double jeopardy grounds

A federal district court has vacated two convictions related to child pornography due to double jeopardy violations. Yarosius v. United States, 2012 U.S. Dist. LEXIS 18408 (N.D. Ohio 2012). The defendant had been convicted on three counts:
  • Count One: receipt and distribution of visual depictions of real minors engaged in sexually explicit conduct (18 U.S.C. §2252(a)(2))
  • Count Two: receiving and distributing child pornography that had been transported in interstate commerce by computer (18 U.S.C. §2252A(a)(2)(A))
  • Count Three: possessing child pornography on two computers (18 U.S.C. §2252A(a)(5)(B))
In a § 2255 motion, the defendant sought to have Count One and Count Three vacated on double jeopardy grounds. The court found that possession charge was a lesser-included offense of the receipt charge under Sixth Circuit precedent, requiring that Count Three be vacated. Further, the Count Two statute was meant to allow prosecution of both virtual and real images, but Count One was only for real images. Since Count One and Count Two were punishing the same images, Count One was a lesser-included offense of Count Two.

Court orders school Internet filtering be disabled due to pro-gay website discrimination

A federal court has issued a preliminary injunction requiring a school to disable its internet filter so as not to "discriminate against websites expressing a positive viewpoint toward LGBT individuals." Parents v. Camdenton R-III Sch. Dist., 2012 U.S. Dist. LEXIS 18914 (W.D. Mo. 2012).

The school district had enacted a filter to comply with the Children's Internet Protection Act to prevent access to obscene materials. The software classified pro-gay information websites as "sexuality" and blocked them, but websites with negative views were accessible as they were categorized as "religion." Students had the option of requesting access to a website but were forced to identify themselves and wait for possible approval. A school board member had even "expressed 'concern with students accessing websites saying it's okay to be gay.'"

The court held that the system stigmatizes or at least burdens individuals who wish to view the positive websites despite the system allowing a website to be unblocked. The court determined that each element required to get a preliminary injunction favored the plaintiffs, and they are also likely to succeed at trial.

UPDATE: Read a more detailed post on this case here by Eugene Volokh at Volokh Conspiracy.

Wednesday, February 15, 2012

Social Media in the News

Social media has been getting (or causing) a great deal of news coverage recently. Here are a few things going on:
  • A Maine high school football coach accidentally posted a nude photo of himself on Facebook. It only appeared for 10 minutes, but the three-time state championship coach and middle school teacher still had to resign.
  • Just when you thought it was dead, MySpace claims to be adding 40,000 new users each day. Part of the influx is attributed to the site's new music player and an integrated Facebook app.
  • After a Tennessee man and woman removed one of their Facebook friends, the ex-friend's father shot both of them in the head. A search of the father's home revealed approximately 80 handguns.
  • A North Carolina father has received nearly 25 million views for this video he posted on YouTube. His daughter complained about her parents on Facebook, and her father responded by getting trigger happy with her laptop. Reaction has been varied.
A new website, PrivacyScore, rates websites based on user privacy. Site profiles let you know, among other information, how long your data is retained by the company.

7th Cir. addresses CP double jeopardy claim, remands sentence due to consideration of improper fact

In United States v. Halliday, 672 F.3d 462 (7th Cir. 2012), the Seventh Circuit addressed whether possession of child pornography is a lesser-included offense of receipt and remanded the sentence because the sentencing judge considered an improper fact.

Law enforcement downloaded child pornography from the defendant's computer using Limewire, and search of defendant's computer revealed 15 videos which had been downloaded on 8 dates. He was convicted on two counts of receipt and one count of possession - the receipt charges for the first and last download date and possession for the intervening time.

On appeal, Halliday argued that the separate convictions for receipt and possession violated double jeopardy because possession is a lesser-included offense. The court discussed circuit precedent which held that receipt and possession do not violate double jeopardy, but suggested that "the reasoning of these cases is now in question, both because of our more recent views of the scienter requirement in possession cases, and because of how our sister circuits have viewed possession and receipt in the child pornography context." However, there was no need to make such a decision here as "where separate images form the bases for separate receipt and possession counts, there can be no double jeopardy violation." The court did issue a note for attorneys in future cases:
While we do not today overturn Myers, Malik, or Watzman, we note that in future cases, the government would be wise to clearly indicate in the indictment which images are included in each count of the indictment. Additionally, where both receipt and possession are charged, we would also think it wise for the court to instruct the jury that any images and videos relied on for a receipt count cannot form the basis of a conviction for a possession count. The absence of such an instruction in this case, however, does not alter our analysis.

Halliday also argued that the sentencing judge relied on an improper fact at sentencing. The judge suggested that the defendant thought the crime was victimless and not criminal, but the defendant never asserted either idea. Thus, this speculation may have improperly influenced the sentence, and the sentence was vacated and remanded.

Tuesday, February 14, 2012

Government argues that fake name removes expectation of privacy

In an ongoing Arizona case, the government has filed a memo arguing that the defendant had no expectation of privacy in a cell phone when it was registered under a fake name because doing so is fraudulent. The memo cites cases holding similarly with other property - specifically storage units (Johnson) and mailboxes (Lewis).

The most recent order from the court can be found at United States v. Rigmaiden, 2012 WL 27600 (D. Ariz. 2012). To learn more about the case, click here for a post from CYB3RCRIM3.

Sunday, February 12, 2012

6th Cir. vacates computer forfeiture, restitution award

The Sixth Circuit vacated on the issues of forfeiture and restitution in a child pornography possession and production case. United States v. Evers, 669 F.3d 645 (6th Cir.).

After the defendant's son reported him to police for alleged sexual abuse of the defendant's niece, police executed a search warrant to find photographs the defendant had taken of the girl. Officers seized two computers, a digital camera, and other items. In relevant part to the appeal, the trial court ordered forfeiture of the seized items as well as restitution to the son (who was acting as the niece's guardian).

The trial court awarded $1,640 in restitution including $1,500 for lost wages and $140 for child care expenses under 18 U.S.C. § 2259. The defendant argued on appeal that (1) only the victim's lost income is recoverable, (2) the lost wages were not proximately caused by the offenses, and (3) the child care award is not justified. The Sixth Circuit held that the son was a victim under the statute and can recover lost income as it was proximately caused by the defendant. The award for child care was vacated, however. The defendant had been providing free child care for the victim which would not have been free otherwise, and thus, the child care expenses were not proximately caused by the crimes.

On appeal, the Sixth Circuit also vacated the forfeiture of one of the computers because both had not been used for child pornography. Property subject to forfeiture "must bear a 'sufficient nexus' or 'substantial connection' to the underlying offense."

Saturday, February 11, 2012

Torrent sites in frenzy, Google launching cloud storage, OneShar.es provides encrypted messages

Here are a few stories from the tech world:
  • In the wake of the Megaupload seizure, many file sharing websites are deciding to get out of the business. BTJunkie recently closed voluntarily. Just in case something happens, one Pirate Bay user has collected all of the contents on that website into one .zip file so that users can access the 1.5 million+ torrents in case of a shutdown.
  • Google is planning to launch a free cloud storage service within weeks. The size limit is unknown, but more storage can be purchased for a price. After the upcoming privacy policy changes, it will be interesting to see if Google reserves the right to show ads relevant to our stored files.
  • A new service called OneShar.es allows users to send an encrypted message. Suppose you need to e-mail your credit card number to someone, but you're afraid they will forget to delete the e-mail. Create a message on OneShare.es, send them the link, and the message is automatically deleted after the URL is opened.

Ohio court finds 40 year sentence for CP charges "difficult ... to justify"

The Ohio Court of Appeals has reversed a sentence of 40 years for four counts of child pornography possession because the court found "it difficult on this record to justify 40 consecutive years in prison for the nonviolent crime of possessing child pornography." Ohio v. Bonness, 2012 Ohio 474 (Ohio Ct. App. 2012).

The defendant was a 53-year-old retired police officer. He pled guilty to attempted rape, eight counts of child pornography, and other charges. He was sentenced to 8 years for the attempted rape charge and consecutive 5 year terms for each of the child pornography counts. He appealed the sentence arguing that the terms should not have been consecutive, and the appellate court reversed.

Among its reasoning, the court noted that the sentence would be a "de facto life sentence" and would "place an undue burden on the state's resources as the prison system would be forced to pay for all of Bonness's medical care." The court also noted that other countries provide far less severe sentences for child pornography offenses, citing a Canadian case where the government only sought five to seven years for possession of 4.5 million images.

Friday, February 10, 2012

6th Cir. vacates sadistic or masochistic conduct enhancement

In United States v. Corp, 668 F.3d 379 (6th Cir.), the Sixth Circuit vacated an enhancement for materials depicting sadistic or masochistic conduct because the court only considered the victim's testimony concerning the defendant's conduct rather than the actual content of the images.

The defendant had met the victim on an adult-only dating service, and after meeting, the defendant photographed the victim in many sexual acts. After it was discovered that the victim was 15, defendant was charged and pled guilty to sexual exploitation of a minor. At trial, a number of enhancements were applied, and defendant appealed two - (1) § 2G2.1(b)(4) - material involving sadistic or masochistic conduct and (2) § 4B1.5(b) - pattern of activity involving prohibited sexual conduct.

The appellate court held that a sadistic or masochistic determination is objective and is limited to "the contents within the four corners of the image." Thus, the actual victim's physical or mental pain and experiences is immaterial. The trial court placed great weight on the victim's testimony that defendant urinated on her in applying this enhancement, but none of the photos showed this act. A photo did exist, however, in which the victim had the defendant's semen on her face. The court found that the actual act of ejaculating on another's face is "purposefully degrading and humiliating," but these photos do not capture the act - only the results of that conduct.

With regard to the pattern challenge, the defendant must have been engaged in a pattern of prohibited sexual conduct with minors on at least two occasions. The court found that two acts satisfied this requirement. The first was a previous child pornography offense, and the second concerned a collection of pictures that appeared to involve a girl under the age of 18, but the government was unable to confirm her age. Because the defendant did not contest these facts at trial, the finding was not clearly erroneous.

Thus, because the § 2G2.1(b)(4) enhancement was based on conduct and not the content of the photographs, it was vacated. The § 4B1.5(b) enhancement was affirmed.

Thursday, February 9, 2012

Texas court finds MySpace profile properly authenticated by page's content

The Court of Criminal Appeals of Texas found MySpace profiles to be properly authenticated in Tienda v. State, 358 S.W.3d 633 (2012). Tienda was on trial for murder after a multiple car shootout. The victim's sister found the MySpace profiles and testified at trial as to how she found them. Subscriber reports were also obtained by subpoena from MySpace.

The court used the following circumstantial evidence to find that the MySpace pages belonged to the appellant and that he wrote the admitted posts:
  1. The page contained photographs of Tienda
  2. A post contained information about the murder victim and the music at his funeral
  3. References to Tienda's gang
  4. Posts referring to information Tienda knew
Courts have long-struggled with authentication of digital evidence. Click here for earlier posts discussing the issue.

11th Circuit addresses 22 issues on appeal in international child pornography ring case

"If '[a]ll the world's a stage' as Shakespeare wrote, this case demonstrates just how much the dimensions of that stage are shrinking with the advent of the internet, at least in regards to child pornography," wrote Eleventh Circuit Judge Fay in an opinion concerning an international child pornography ring. The case, United States v. McGarity (669 F.3d 1218 (11th Cir. 2012)), was an appeal from multiple defendants convicted of taking part in a child exploitation enterprise involving 64 individuals and over 400,000 images. To become a member of the group, users had to pass a series of tests involving child pornography with the assumption being that law enforcement would be legally prohibited from following suit. The group encrypted all postings and used many other means to secure their activities. An informant turned over his account to police, allowing them to discover the identity of many others.

The defendants were charged with 40 counts and raised 22 issues on appeal. Among the findings, the court held:
  • The child exploitation enterprise (CEE) statute, 18 U.S.C. § 2252A(g), was not unconstitutionally vague and overbroad.
  • Charge of statutory obstruction of justice under 18 U.S.C. § 1512(c) was insufficient because the indictment did not provide sufficient notice of the factual predicate for the charge. Therefore, the conviction was vacated.
  • Prosecutor closing including "The victims in these videos and images, they're the children. They're our daughters and granddaughters, neighbors, friends. Sometimes at night when I'm sitting in my house and everyone is asleep and even the puppy is down, it's awfully quiet, I can't fall asleep, sometimes you can hear the crying" was in error, but did not affect a different outcome.
  • The court should have instructed the jury that the CEE statute required the jury to be unanimous in determining predicate acts to show a CEE. However, because the jury convicted the defendants of three counts that could serve as predicates, the conviction stands. (One defendant, however, was only convicted of two offenses that can serve as predicates, and therefore his conviction was reversed.)
  • Two counts violated double jeopardy as Count Two (conspiring to commit certain acts underlying the CEE) was a lesser-included offense of Count One (knowingly and willfully engaging in a CEE).
  • Defendants who received a life sentence plus other sentences totaling 2400 months was within the guidelines and not grossly disproportionate.
  • Defendant who attempted to wipe his hard drive properly received an obstruction enhancement because although no proof was shown as to whether he was successful, the evidence clearly showed his attempt.
  • Defendant properly received an enhancement for receipt of a thing of value in exchange for posting child pornography. The nature of the ring allowed him to receive more child pornography as a result of his posts. (See a prior post on this topic here.)
  • Restitution award for "Amy" series was improper (prior discussion here). The proof of proximate cause is necessary as it would otherwise impose strict liability on child pornographers. The issue was remanded for a full hearing as to proximate cause.
The dissent only differed by arguing that the statutory obstruction of justice charge was sufficient.

7th Cir. denies that CP images were "grandfathered in"

Quick rule: An image of child pornography is child pornography despite when it was created. In United States v. Peel, 668 F.3d 506 (7th Cir. 2012), the defendant argued that because child pornography was defined as images of children under the age of 16 at the time he took the photos, the images were grandfathered in under current law that would make those images illegal. Not so, said the Seventh Circuit in an opinion by Judge Posner:
If accepted the argument would have the ridiculous consequence of allowing a person who happened to possess pornographic photographs of 16- and 17-year-olds taken before 1984 to market them, giving him a market that being shielded from new competition would offer substantial profit opportunities because after 1984 there could be no further legal production or possession of such pornography.

Wednesday, February 8, 2012

Miss. lawyer scammed by corporate identity theft

We often hear about identity theft as it relates to individuals, and some recent attention has been drawn to child identity theft, but the theft of a corporation's identity remains a serious, though seldom-discussed topic. The Mississippi Secretary of State reported today on "an internet scheme with international ties that bilked a Mississippi attorney out of hundreds of thousands of dollars."
The Mississippi attorney received an email from someone purporting to be Robert Larsen of Larsen Fabrics located in the United Kingdom. “Mr. Larsen” claimed a Mississippi company owed money on a contract and was willing to settle. “Mr. Larsen” employed the Mississippi attorney to collect the debt. The attorney was then informed the Mississippi company was prepared to settle. 
A fraudulent settlement check was sent to the attorney, allegedly from the Mississippi company. The attorney deposited the check and wired funds to a Japanese account before the fraud was discovered. The Mississippi company had no knowledge of the scheme until contacted by investigators.
Here's a link to the basic scam e-mail as sent to an attorney in a different state (the comments to the post discuss the variations of the scam).

Few public resources discuss the topic specifically. Professor Susan Brenner wrote about corporate identity theft a few years ago on her blog, CYB3RCRIM3. Also, the Colorado SOS's office has some information about the issue on their website.

Tuesday, February 7, 2012

Pa. court discusses whether defendant has standing in another's e-mail account

In Commonwealth v. Hoppert, 39 A.3d 358 (Pa. Super. Ct. 2012), a Pennsylvania appellate court examined whether probable cause existed to obtain defendant's e-mails when the account had been closed three months earlier. The defendant argued the e-mails were stale, but the court found that "the information sought was not easily disposable and there was a fair probability that AOL had retained it."

Footnoted in the case was a discussion of whether the defendant had a reasonable expectation of privacy in the e-mail account which was in another person's name. The court compared it to a prior case determining that the defendant did not have a reasonable expectation of privacy in phone records from his girlfriend's cell phone. That case cited another which found that a defendant had no expectation of privacy in phone bills in his wife's name. The court didn't actually address standing but simply wanted to flag it for future reference.

This raises an interesting issue - proving ownership of Internet accounts can be a difficult task (in this case, however, it was an AOL e-mail account, making it a slightly clearer case). A person who creates an e-mail account under an alias could have ownership of that account. Many couples now create joint Facebook accounts (such as Jack-n-Jill Smith). The free aspect of many accounts presents another issue - how do you show it is yours and not just something you are using? Hoppert was using someone else's e-mail account, but did the e-mails belong to him because he wrote them, or were they property of the person whose name the account was in? Can we have e-mail accounts with joint property interests when e-mail providers only allow one name on the account?

Another issue with the court's discussion is whether it was proper to analogize e-mails with phone records as e-mails are not "records" (see content versus records distinction in 18 USCS § 2702). It's well-accepted that no expectation of privacy exists in phone and e-mail records (telephone numbers dialed or e-mail routing information). However, the actual content of those phone calls or e-mails may be a different story (certainly with phone calls and e-mails vary by jurisdiction). Thus, an absence of a reasonable expectation of privacy in records does not necessarily mean the same for content.

Monday, February 6, 2012

Woman ordered to decrypt drive has forgotten password

In a recent post, I discussed United States v. Fricosu, the case of a Colorado woman who was court-ordered to provide an unencrypted copy of her hard drive. Law enforcement had been unable to decrypt the drive, and Fricosu refused to turn over the password.

Well, as reported by Threat Level, Fricosu has forgotten the password. "It's very possible to forget passwords," said her attorney. All along, Fricosu has claimed that she was not the one who encrypted the drive, but the court found that not to be true.

Fricosu has until February 21 to turn over the files, so we do not yet know how the court will respond. Meanwhile, she is preparing an appeal to the Tenth Circuit.

Tech Watch: Google Analytics reveals large amount of data

I have finally created another video, this time examining the features of Google Analytics. Many people are wondering what information Google collects on its users, and this video shows the information I am able to view about you, the visitors to my blog.


Most websites are equipped with a similar tracking feature. An important note is that Google Analytics does not allow website owners to view IP addresses, though I'm sure Google is tracking that information as well. Thus, though I am able to find lots of information about each of my visitors, I have no way of actually finding out who you are.

Saturday, February 4, 2012

Study reveals statistics on Facebook user habits

Pew Research has released a new study titled "Why most Facebook users get more than they give." It provides great insight into the average user's Facebook activity as well as what the report refers to as "power users." Other interesting factoids about the average user:
  • Has 245 friends and 156,569 friends of friends
  • Sends 9.5 private messages per month
  • Receives 4 and sends 4 friend requests per month
If you've ever wondered why people do what they do on Facebook, this 40-page report might provide some information.

Double jeopardy examined in CP case by 6th Circuit

In United States v. Hutchinson, the Sixth Circuit vacated a conviction for possession of child pornography and remanded a conviction for receipt of child pornography due to double jeopardy considerations. 448 Fed. Appx. 599  (6th Cir. 2012). The defendant had pled guilty, but argued on appeal that the conviction violated the constitution.

The first conflict raised by the defendant was that convictions of Count Two (receipt and distribution of child pornography) and Count Three (possession of child pornography) violated double jeopardy. The court held that "conviction under both statutes is permissible if separate conduct is found to underlie the two offenses." In this case, the conduct for Count Two was that defendant possessed the computer containing child pornography, and the images were shipped through interstate commerce. The facts for Count Three were that defendant received and distributed child pornography through interstate commerce. Because both counts were based on the same conduct, the possession charge was a lesser-included offense, offended double jeopardy, and was vacated.

The defendant also argued a double jeopardy violation with Count One (receipt and distribution of visual depictions of minors engaged in sexually explicit conduct) and Count Two. The Sixth Circuit found that the record did not contain enough information, but "if the same images of 'real' child pornography formed the basis of both Counts One and Two," Count One would be a lesser-included offense. Both counts may cover real images, but only Count Two may cover virtual images. Thus, the issue was remanded.

Friday, February 3, 2012

5th Circuit addresses "substantial step" requirement for persuading minor to engage in sexual activity

In United States v. Broussard, the Fifth Circuit addressed whether (1) defendant's conversations with minors suggesting meeting for sexual activity but without travel was a substantial step, and (2) imposing a 40-year sentence to give the defendant "treatment" was reasonable. 669 F.3d 537 (5th Cir. 2012). The court upheld the guilty plea as the substantial step issue was not plain error, but vacated and remanded the sentence because the court considered Broussard's rehabilitation.

Broussard had met the victims on Facebook, obtained their cell phone numbers, and conversed with them through text messaging about meeting to engage in sexual activity. No definite travel plans were made. Broussard pleaded guilty to attempting to persuade a minor to engage in sexual activity under 18 U.S.C. § 2422(b). On appeal, he argued that his guilty plea should not have been accepted as he made no substantial step because the conversations were "'all fantasy' and 'just talk,'" and he made no attempt to meet with the victims.

Courts use a two-factor test to prove attempt under § 2422(b), requiring that the defendant "(1) acted with the culpability required to commit the underlying substantive offense, and (2) took a substantial step toward its commission." A "substantial step" does not require that "sexual conduct occur," (United States v. Bailey, 228 F.3d 637, 639 (6th Cir. 2000)), nor does it require "travel or preparations in advance of travel" (United States v. Barlow, 568 F.3d 215 (5th Cir. 2009)). However, mere preparation does not satisfy the requirement. United States v. Farner, 251 F.3d 510, 513 (5th Cir. 2001).

Ultimately, the court held that because it has yet to rule as to whether this conduct constitutes a substantial step, it was not plain error for the district court to accept the guilty plea. Other courts provide some guidance on the issue. Recently, the Court of Appeals for the Armed Forces held that asking "u free tonight" was not a substantial step as "[t]here was no travel, no 'concrete conversation,' such as a plan to meet, and no course of conduct equating to grooming behavior." (See my prior post here.) The Ninth Circuit has held, "[T]he substantial step must 'unequivocally demonstrat[e] that the crime will take place unless interrupted by independent circumstances." United States v. Goetzke, 494 F.3d 1231, 1237 (9th Cir. 2007).

At sentencing, the trial court found Broussard a "scary individual when it comes to children" and stated that he "is sick in the head." As such, the judge felt that imposing 40 years of imprisonment followed by lifetime supervised release was a way to provide Broussard with "the treatment that he needs." Citing the Supreme Court in Tapia, the Fifth Circuit vacated the sentence because courts may "are prohibited 'from imposing or lengthening a prison term to promote an offender's rehabilitation.'" Tapia v. United States, 131 S. Ct. 2382, 2391 (2011). The sentence was plain error and was remanded.

3rd Circuit upholds search of cell phone photos folder for communications with a minor

In United States v. Karrer, the Third Circuit upheld a conviction for possession of child pornography after defendant's unsuccessful attempt to suppress evidence. 2012 U.S. App. LEXIS 1928 (3rd. Cir. 2012). The defendant, a 37-year-old man, had been engaging in "inappropriate communication" with teenage girls through the chat feature of Neopets, a children's website. The conversations discussed dating, and the defendant once told a girl he was in a nudist colony. A warrant was executed, seizing all computer devices and cell phones.

On appeal, the defendant argued the warrant was illegal or overbroad, and the court readily struck down both arguments. The warrant had authorized a search for child pornography, which the court found to be a mistake and unsupported by probable cause. However, the court still upheld a search of a cell phone's images folder.

Investigators were searching the phone for "unlawful communications with minors." The district court determined that "cell phones often archive communications as image files, which may be saved in photos folders" (actual language available at United States v. Karrer, 2010 WL 3824195, *3 (W.D. Pa. 2010)). The argument was that image files sent with an MMS could be saved to the photos folder, and investigators could determine if the image was received by MMS. The investigator opened the folder to look for communications, and child pornography was in plain view.

To me, it seems unlikely that an image in this folder could be proven to have been sent to the defendant by a minor (and they weren't, in fact) unless the MMS conversation was still saved on the phone, which also would have contained the image. The Third Circuit seems to think that actual conversations are archived as image files seemingly by default, which is not the case. If that is the understanding that courts take, this opens up a search of cell phone images when the phone is searched for any content, regardless of how narrowly-tailored the search is.

Thursday, February 2, 2012

Cal. court finds showing 25-minute video of CP to jury not overly prejudicial

A California defendant was found guilty of possession of child pornography after a 25-minute video from his computer was shown at trial. People v. Holford, 202 Cal. App. 4th 758 (2012) (Word Doc). The defendant argued the video caused undue prejudice, and in the alternative, the video should have been edited to show only part of the video.

On appeal, the California Court of Appeal noted that "child pornography is not pretty and will always be unpleasant. ... [I]t would surprise us if the jurors here were not 'sickened, disgusted, or shocked' by much of what was depicted during the video on the hard drive found in defendant's possession." Despite that, the video was highly probative and was properly admitted.

Further, the court noted that while an excerpt might have sufficed, that was not an ideal solution.
  • Because of the size of the file, it would have taken approximately five minutes to transfer. Showing the entire video would prove that copying it to the computer was not accidental.
  • Showing only the end of the video would have shown that it contained child pornography, but the jury might have wondered if the defendant was unaware of the end of the video.
  • The first part of the video only the image of a nude child and would not have sufficiently proven sexual conduct.
  • If snippets were used, the jury might have wondered what happened between the segments.

The defendant also argued that the trial court should have reviewed the video before allowing the jury to view it. The appellate court noted that the trial judge should have reviewed it, but the defendant failed to show how the decision to show the video would have been different.

Wednesday, February 1, 2012

Porn companies seek revenge for illegal downloads

In Digital Sin, Inc. v. Doe, 2012 U.S. Dist. LEXIS 10803 (S.D.N.Y. 2012), the court held that the plaintiff may subpoena customer records for certain IP addresses that illegally downloaded - in whole or in part - a video titled "My Little Panties #2." The process is as follows:
  • Once the ISP receives the subpoena, they have 60 days to serve the customers.
  • Customers will have 60 days from service to contest the subpoena or request anonymous litigation.
  • After 60 days, the ISP may release information to the plaintiff unless a customer has moved to quash or modify the subpoena.
Thus, the court has issued a limited protective order, allowing the parties to be heard before their information is revealed to the plaintiff.

RELATED CASE: The Electronic Frontier Foundation has filed an amicus brief in a different set of litigation involving illegal downloads by 1,495 individuals of pornography. The D.C. federal judge ordered that in order to make a motion to remain anonymous, defendants must reveal their identities. Yes - to remain anonymous, they must give up their anonymity. The EFF argues that this ruling will force defendants to either settle or suffer public embarrassment. The suit is part of litigation filed by Hard Drive Productions, Inc., and others have been filed in states across the country, including California, Virginia, and Illinois.

Court: In CFAA definition of "loss," "'and' means 'or'"

The Computer Fraud and Abuse Act (18 U.S.C. § 1030) criminalizes the unauthorized access of computers. In its original forms, it was only concerned with computers of the federal government and financial institutions but has since expanded to cover computers in interstate or foreign commerce. Civil suits may also be brought for loss attributable to the access. Many cases now concern an employer filing suit against a former employer who continued to access the company's network after going to work for a competitor.

It's a long statute complicated by its sentence structure. The first part of the statute, § 1030(a)(1), is only a sentence fragment, but contains 155 words and 16 commas. While commas are not necessarily bad, courts have struggled to understand whether certain conjunctions apply to only part (or the entirety) of a section.

In 2000, while working on CFAA revisions, it was proposed that the statute should better explain what "loss" meant (S. 2430, 106th Cong. § 2(4)(f) (2000)). The proposed language was:
the term "loss" includes—
(A) the reasonable costs to any victim of—
(i) responding to the offense;
(ii) conducting a damage assessment; and
(iii) restoring the system and data to their condition prior to the offense;
and
(B) any lost revenue or costs incurred by the victim as a result of interruption of service.
Thus, it's clear that loss can include either damage from subsection (A) or (B). However, as passed, the statute reads:
the term "loss" means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.
Courts have held that the proposed section (A) losses become subject to the "interruption of service" requirement under the actual statute because of the "and" conjunction (highlighted in yellow). See, e.g.Nexans Wires S.A. v. Sark-USA, Inc., 166 Fed. Appx. 559 (2nd Cir. 2006); SKF USA, Inc. v. Bjerkness, 636 F. Supp. 2d 696 (N.D. Ill. 2009); General Sci. Corp. v. SheerVision, Inc., 2011 U.S. Dist. LEXIS 100216 (E.D. Mich. 2011).

In a recent case, however, the court (also the Eastern District of Michigan as in the citation above for the opposite proposition) held, "The 'and' means 'or.'" Dice Corp. v. Bold Techs., 2012 U.S. Dist. LEXIS 10727 (E.D. Mich. 2012). According to the court, it matches the proposed statute and the legislative history, and therefore the definition "is disjunctive."

The court's reasoning certainly makes sense, and the statute is much more effective as a result of this approach. It seems reasonable to me, however, to look at this a different way. Because the word "and" appears after "conducting a damage assessment," it is obvious that the section is separate and that the other "and" is simply providing an additional definition. Thus, the statute reads that "loss" is (A) and (B). That I know of, no court has accepted (or considered) that idea.