Thursday, August 30, 2012

7th Circuit analyzes staleness in computer searches, holds the doctrine should apply "only in the exceptional case"

In United States v. Seiver, No. 11-3716 (7th Cir. 2012), in an opinion by Judge Posner, the Seventh Circuit analyzed the issue of staleness as it relates to a finding of probable cause to search a computer. Noting that "modern computer technology and the usual behavior of its users" support the position that the probable cause was not stale, the conviction was affirmed. The case concerned a search warrant for child pornography on the defendant's computer. A 13-year-old girl had uploaded a pornographic video of herself to the Internet, and...

Tuesday, August 28, 2012

DOJ seizes domain names involved in illegal distribution of Android apps

The Department of Justice announced last week that they had seized three website domains that were involved in illegally distributing copyrighted Android apps. This was the first time domains had been seized in relation to smartphone apps. The domains are applanet.net, appbucket.net and snappzmarket.com and visitors are now greeted with the seizure banner (at right) often associated with other takedowns. “Criminal copyright laws apply to apps...

Kentucky district court grants suppression of CP evidence

In United States v. Kinison, No. 12-57-JBC (E.D. Ky. 2012), the district court granted a motion to suppress evidence in a child pornography case due to lack of probable cause at the time of the warrant. The defendant's girlfriend told police that the defendant had sent text messages to her phone describing child pornography and sexual activity with children. Police reviewed the text messages and used them to obtain a search warrant to search defendant's home. The girlfriend told police that his home computer had been used to view the child...

Friday, August 24, 2012

Fifth Circuit reverses lifetime term of supervised release in CP case

In United States v. Alvarado, the Fifth Circuit vacated and remanded a lifetime term of supervised release as part of a sentence for receipt of child pornography because the trial judge "never considered the possibility of anything less than lifetime supervision." No. 11-40771 (5th Cir. 2012). The defendant appealed the sentence, arguing that it was procedurally and substantively unreasonable. The Fifth Circuit found the 170-month prison sentence to be reasonable but held otherwise for the lifetime term of supervised release under a plain...

Wednesday, August 22, 2012

8th Circuit judge writes of concern with CP guidelines

An Eighth Circuit judge has joined the group of members of the judiciary opposed to the federal child pornography guidelines. In a recent opinion before the court, Judge Bright wrote a concurrence to suggest that the sentence was "excessive." United States v. Zauner, No. 12-1007 (8th Cir. 2012). The defendant had been charged with production of child pornography after she took sexually explicit photos of her children at the urging of a man she met online. The two met on a ridesharing website. She was sentenced to 18 years in prison and 15...

Tuesday, August 21, 2012

Kentucky Court of Appeals criticizes attorneys' lack of knowledge on technological issues

In Crabtree v. Commonwealth, the Kentucky Court of Appeals criticized trial counsel's failure to properly understand the technology involved in a child pornography case. No. 2011-CA-000452-MR (Ky. Ct. App 2012). The defendant had used a peer-to-peer networking service to download the files. On appeal, the conviction was affirmed. The case concerned a college student who took his computer to be repaired, and while there, the technician discovered file names identifying them as child pornography. The computer was turned over to the police....

Monday, August 20, 2012

Reminder: Register for Wednesday's webinar on encryption

Don't forget to sign up for our webinar on encryption, taking place this Wednesday, August 22 at 1:00 Eastern. Justin will cover encryption technology and software as well as forensics issues, and I will address the relevant case law on forced disclosure of passwords for encrypted files. Click here to register. The webinar will be approximately thirty minutes, and we will stick around afterward for any questions you may have. Feel free to...

Hotels present concerns for guests' security, technology

For many of us, hotels often become a second home. And relying on technology like we do, we carry all of our important devices with us. However, it's not always feasible to take your laptop with you to dinner or your cell phone to the pool. But to what extent should you worry about it? Spying on the staff Several months ago, I met Canadian privacy scholar Christopher Parsons at the Privacy Law Scholars Conference in D.C. He does a lot of interesting...

Friday, August 17, 2012

DarkComet RAT Update: Pro-Syrian regime use continues

The EFF is reporting that DarkComet has been seen in a new malware campaign targeted at Syrian dissidents - the article can be found here: Pro-Syrian Government Hackers Target Activists With Fake Anti-Hacking Tool. Our multi-part series on the hacking tool and its legal and moral implications can be found he...

Thursday, August 16, 2012

Seventh Circuit holds warrantless search of digital storage devices after private "search" did not violate Fourth Amendment

In Rann v. Atchinson, __ F.3d __ (7th Cir. 2012), the Seventh Circuit held that a law enforcement search of two digital storage devices for child pornography which were handed over by the defendant/offender's wife and daughter, respectively, did not violate the Fourth Amendment. The defendant was arguing ineffective assistance of counsel (by way of federal habeas), based on his lawyer's failure to attempt to suppress the child pornography evidence obtained from the digital devices when the police searched them without a warrant. After the...

Facebook friends may give government access to view other's page, use doesn't violate Fourth Amendment

Though it is not likely to be news to readers of this blog, a federal trial court in New York has ruled that the government obtaining access to a defendant's Facebook page through one of his Facebook friend's cooperation does not violate the Fourth Amendment. United States v. Meregildo, No. 11 Cr. 576 (S.D.N.Y. 2012). The defendant sought to suppress evidence, arguing against the method the government used to collect evidence to support a determination of probable cause. The government had gotten one of his Facebook friends to give them access...

Wednesday, August 15, 2012

Sixth Circuit holds that "pinging" cell phone to obtain GPS location is not a search; opinion confuses everyone

In United States v. Skinner, a Sixth Circuit panel held that repeatedly pinging a cell phone in order to obtain its GPS coordinates (or something like that) was not a Fourth Amendment search and thus does not necessitate evidence suppression. No. 09-6497 (6th Cir., Aug. 14, 2012). In a concurring opinion, one judge argued that obtaining the data was a search, but the good faith rule saves the evidence from suppression. The defendant was suspected of being involved in drug trafficking, and participants in the exchange were known to use pay-as-you-go...

Tuesday, August 14, 2012

EFF files amicus in D.C. Circuit Court against use of CSLI in remanded Jones case

Back in April, Jeffrey wrote that Antoine Jones wasn't off the hook for his crimes because of the ruling in United States v. Jones, 132 S. Ct. 945 (2012). Rather, instead of using the GPS tracking data they had collected (illegally), the police decided to use Cell Site Location Information (CSLI). Jeffrey's previous article can be found here - Jones II: This time, the government seeks to use cell site location information.  If you're looking to read more on the subject, we have additional content that can be found, here. On Monday, the...

Ninth Circuit takes second look at Pineda-Moreno, denies suppression of evidence

The Ninth Circuit has revisited United States v. Pineda-Moreno, No. 08-30385 (9th Cir., Aug. 6, 2012) after remand from the Supreme Court and has upheld the use of GPS evidence in the case due to the Davis good faith rule. Pineda-Moreno was one of the three leading circuit cases prior to Jones to hold that a GPS device could be used by law enforcement without a search warrant - the Ninth's reasoning was that the installation and use was not a search. After the Supreme Court held the use to be a search in Jones, Pineda-Moreno appealed...

Friday, August 10, 2012

In Paypal DDOS case, government reprimanded for failure to analyze and return data in a timely fashion

If you recall, I wrote earlier about the E.D.N.Y holding that the government's failure to examine data after 15-months was a seizure under the Fourth Amendment - see: Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure. Well, it appears the government continues to have issues in this regard. In United States v. Collins, 2012 U.S. Dist. LEXIS 111583 (N.D. Cal. Aug. 8, 2012), the government's motion to reconsider an order to return evidence was denied. The evidence was data that "fell outside...

Illinois Supreme Court classifies images of minor during legal, sexual activity to be child pornography, dissent applies Stevens

In People v. Hollins, Docket No. 112754 (Ill. 2012), the Illinois Supreme Court held that images taken of a 17-year-old during sexual activity were to be classified as child pornography. A dissenting opinion argued that the Supreme Court's decision in Stevens requires otherwise as the sexual activity was legal under Illinois law. The defendant, a 32-year-old man, was convicted of violating the Illinois child pornography statute after taking photographs of his 17-year-old girlfriend while the two were engaged in sexual activity....

Thursday, August 9, 2012

New nation-state malware named Gauss discovered

Kaspersky has put out a report on what I would refer to as a "child analogue" of the Stuxnet, Duqu, and Flame malware, dubbed "Gauss." For a condensed synopsis of the report, head here: Gauss: Nation-state cyber-surveillance meets banking Trojan. The trojan attempts to gather as much information from the computer as possible, and also attempts to steal banking credentials (which is a relatively unique feature of the malware). Gauss is most prevalent, so far, in Lebanon, and its financial credential thievery appears to be targeted at specific Lebanese...

Georgia court applies good faith to warrantless GPS use based on 1981 beeper case

A few months ago, I mentioned that an Alabama federal district court denied the suppression of GPS evidence because a 1981 circuit ruling allowed "the warrantless installation of an electronic tracking device ... to the exterior of a vehicle parked in a public place ... where the agents possess reasonable suspicion." United States v. Michael, 645 F.2d 252, 256-59 (5th Cir. 1981) (en banc). A Mississippi court refused to uphold the use of GPS under the same case. In United States v. Nelson, 2012 U.S. Dist. LEXIS 103944 (S.D. Ga. 2012),...

Wednesday, August 8, 2012

Cybercrime Review to conduct webinar on encryption technology and legal issues

Two weeks from today, Justin and I will conduct the first of what we hope to be many webinars on cybercrime related topics. In our initial presentation, Justin will cover encryption technology and software as well as forensics issues, and I will address the relevant case law on forced disclosure of passwords for encrypted files. Date: Wednesday, August 22 Time: 1:00-1:30 Eastern Click here to register. The webinar will be approximately thirty...

Tuesday, August 7, 2012

Carnegie Mellon study on Silk Road

You may recall that in May I wrote a post about what Bitcoins could buy you in the criminal underground, appropriately titled "What Bitcoins can buy you in the criminal underground." In that post I mention Silk Road - a site that is pretty much an illicit drug bazaar. To follow up on that, I'd like to draw attention to a new study that has come out, authored by Nicolas Christin, which details the revenue made by the site, and other usage statistics - including a very high satisfaction rate with the transactions. The study can be found here: Traveling...

Hacking victim details how he lost his email account and everything on his computer

Be sure to read "How Apple and Amazon Security Flaws Led to My Epic Hacking" from Wired writer Mat Honan detailing how hackers were able to delete his entire Google Account, take over his Twitter account, and remotely erase his iPhone, iPad, and MacBook. It's important to read the whole thing - on the last page, he explains why you should not enable the Find my Mac feature in iCloud. It's enough to scare any sensible person into seeking ways to...

Fifth Circuit affirms illegal gambling convictions for use of sweepstakes software

In United States v. Davis, 2012 U.S. App. LEXIS 15875 (5th Cir. 2012), the Fifth Circuit affirmed the defendants' convictions for illegal gambling after they used computer software to allow users to participate in a sweepstakes in violation of federal and Texas law. The defendants were charged with conducting an illegal gambling business under 18 U.S.C. § 1955 for their actions in a sweepstakes promotion at three Texas Internet cafés. Under the statute, the act must "violate[] the law of the state in which it is conducted." The...

Monday, August 6, 2012

Cybercrime Review launches site redesign

For those of you not reading via RSS feed, you probably noticed that we launched a new layout over the weekend. We'd love to hear your thoughts - either in the comments or by e-mail. It's hard to believe that Cybercrime Review began ten months ago. Over 300 posts later, we're still going strong. Thank you for your readership, tips, and arguments along the w...

District Court denies motion to suppress cell site data

In United States v. Madison, 2012 U.S. Dist. LEXIS 105527 (S.D. Fla. 2012), the district court denied a motion to suppress cell site location information as the application contained facts asserting that the defendant was an associate of - and lived near - a known participant. A 2703(d) order was obtained to get historical cell site records for the defendant after a shooting and other related crimes. To prove specific and articulable facts, law enforcement presented facts concerning the gunman they caught near the scene. They connected the...

Sunday, August 5, 2012

Craigslist wins $233K in case against optimization site

In Craigslist, Inc. v. Kerbel, 2012 U.S. Dist. LEXIS 108573 (N.D. Cal. Aug. 2, 2012), the Northern District of California granted default judgment for Craigslist against www.craigslist-poster.com for violations of the CFAA, Lanham Act, California hacking statute, California fraud statute, and DMCA. Kerbel and his website exploited the CAPTCHA function of craigslist, and sold credits for "campaigns" that would blast out posting all over the country ("24/7"), circumventing the Terms of Use specified by Craigslist. As the court described it, the "[d]efendant's...

Thursday, August 2, 2012

Analysis of cybercrime cost estimates

ProPublica recently analyzed the often cited estimate of the cost of cybercrime to be around $1 trillion. The director of the National Security Agency recently referred to this amount as "our future disappearing in front of us." Click here for the sto...