Tuesday, January 31, 2012

Tech Watch: Facebook Timeline creates security issues, possible phishing scams

For months, the Internet has been abuzz about Facebook's new Timeline feature. In addition to the redesigned profile, Facebook now gives you the ability to backdate posts - allowing you to add life events and tag them with an older date. As you can see at right (click for larger view), Facebook is asking for information about your relationships, children, pets, and more - even when you lost weight, had your first kiss, or moved into a new home.

I recently heard part of an NPR report concerning Timeline. The guest mentioned a great point: with the new information Facebook is looking to acquire, it makes it very easy to find answers to common password reset questions. As the Sixth Circuit decision was released yesterday (discussion here) concerning Sarah Palin's e-mail break in through the password reset feature, this is a great time to have the discussion.

This is part of what FB wants to know about your
birth, but they also want the story and pictures.
Suppose a person uses the life event feature to add all of their pets. Now, the first pet question is compromised. Mother's maiden name? She's probably listed as a family member (and constantly posts on your status updates!). What city were you born? Facebook now wants that, too.

As Facebook collects more data, it could also lead to more sophisticated phishing scams. Many scams now are unsuccessful because of mass e-mailing, hoping to find a person that matches the criteria. This would allow scammers to better target people with information they know to be accurate.

Perhaps now is a time to develop better questions such as "Who were you with when you had your first drink?" Never mind, Facebook is actually asking that now, too (as well as the location, year, and your story of how it happened).

Inventory search reveals evidence on digital camera; flash drive found under spare tire

The Court of Appeal of California has found an inventory search reasonable after police looked at images on a camera during the inventory. People v. Haraszewski, 203 Cal. App. 4th 924 (2012).

A police officer was headed to lock the gate at a public beach, but was notified that a car remained there. The officer was notified that a 911 call reported a man and boy at the nude beach that "did not seem right." As he was driving to the parking lot, the officer passed a car driven by a boy "about 11 or 12 years of age." The officer turned around and pulled the car over "on a suspected traffic violation and child endangerment." The man claimed he was giving the boy a driving lesson. A license check revealed the man was a registered sex offender.

The officer placed the man in the police car and began an inventory search of the vehicle, finding Vaseline, condoms, alcohol, a thumb drive, and a digital camera. A second thumb drive was also found under the spare tire in the trunk. A search of the camera revealed nude images of a boy on a beach. At the same time, the boy admitted photos had been taken at the beach.

On appeal, the defendant argued the camera was improperly searched, but the court found "there was a fair probability ... that evidence of a crime involving sexual molestation ... would be found in the digital camera and the thumb drives, and thus the warrantless viewings ... were supported by probable cause."

Flash Drive Technology
There was much more to the Haraszewski than I mentioned, but one of the points I wanted to make was that the defendant had hidden the thumb drive under the spare tire. Luckily the officer thought to check there, but it's not always so easy to identify.

For years, tech companies have been making it more and more difficult to identify flash drives. An American company is now producing cufflinks (shown right) that have two purposes - one acts as a 2GB flash drive, and the other creates a wi-fi hotspot (the pair is priced at $250).

Also, be sure to check out this former post on a flash drive that has a combination case and encryption.

Monday, January 30, 2012

6th Circuit affirms conviction under Sarbanes-Oxley for erasing Internet tracks

In United States v. Kernell, the Sixth Circuit held that by deleting evidence of defendant's hacking activities, he violated 18 U.S.C. § 1519 of the Sarbanes-Oxley Act. 667 F.3d 746 (6th Cir. 2012). The defendant used the forgotten password feature to obtain access to then-Governor Sarah Palin's personal e-mail account. Kernell was charged with, among other counts, violating § 1519, and he appealed that conviction.

After Kernell obtained access to the account, he publicly posted the login information to 4chan. Soon thereafter, he took several steps to cover his tracks, including deleting his temporary internet files, removing his browser, and defragmenting his hard drive. The FBI claimed these acts violated § 1519 which reads:
Whoever knowingly alters, destroys, mutilates, conceals ... with the intent to impede, obstruct, or influence the investigation ... of any department or agency of the United States ... shall be fined [or imprisoned].
The issue was whether Kernell was aware of the investigation and knew he had a duty to keep the records. The Sixth Circuit found that Kernell's acts were "done in contemplation of an investigation that might occur." Further, he had even publicly acknowledged the possibility of such an investigation. "[Kernell] deleted the information on his computer out of a fear that the FBI would find it, plainly showing that he took his actions with the intent to hinder an investigation."

Courts have applied § 1519 in other cybercrime cases:
  • United States v. Wortman, 488 F.3d 752 (7th Cir. 2007) (defendant who destroyed her boyfriend's CDs containing child pornography violated the statute because she knew of the investigation)
  • United States v. Hicks, 438 Fed. Appx. 216 (4th Cir. 2011) (defendant destroyed hard drive upon learning agents wanted to speak with him)
  • United States v. Keith, 440 Fed. Appx. 503 (7th Cir. 2011) (defendant deleted images of child pornography from a flash drive upon seeing police approach his house)
The distinction with these cases is that they specifically knew an investigation was in progress. Kernell, on the other hand, only suspected that a federal investigation would soon begin.

Technology companies partner to stop CP, phishing scams

Two recent partnerships of technology companies are working to combat cybercrime in the areas of phishing schemes and child pornography. Here's a brief overview of what they are doing.

Microsoft began working with NCMEC in 2009 to create software that could create a hash value for images of child pornography and then track that image despite being edited. The PhotoDNA technology divides the photo into a grid and develops gradient patterns to find it's "DNA." Currently, the software can be used to search all images on Bing, SkyDrive (Microsoft's cloud storage service), Hotmail, and Facebook.

The obvious problem with PhotoDNA is that it does not discover new images of child pornography. NCMEC is using its already known images to form the hash values from which the software searches.

It will be interesting to see how the law develops with regard to services like PhotoDNA. Of course, the Stored Communications Act provides for a NCMEC exception under 18 USC § 2702(b)(6). However, if a person has a reasonable expectation of privacy in their e-mail account, for example, Microsoft (in this situation) could potentially become an agent of the government (see, e.g., United States v. Jarrett, 338 F.3d 339 (4th Cir. 2003)). Therefore, PhotoDNA may violate the Fourth Amendment in jurisdictions adopting the Warshak logic of the Sixth Circuit as the NCMEC exception would be unconstitutional. On the other hand, courts have held that there is no property right in child pornography so the Fourth Amendment doesn't apply (United States v. Hicks, 438 Fed. Appx. 216 (4th Cir. 2011)).

Partnership of Bank of America, Facebook, Google, Microsoft, Paypal, and others formed to help thwart phishing scams. In a typical scam, a person receives an e-mail telling them to click a link and enter their account information for their bank, e-mail account, or social media account. When they click it, they are not being sent to the actual website, but to an identical site meant to trick them. Once they enter their login information, the scammer can use their real account for fraudulent purposes.

The DMARC partnership creates a new system of authentication that seeks to prevent phishing e-mails from ever making it to an e-mail account (most now wind up in the user's SPAM folder). It's very easy to send an e-mail appearing to be from an account such as "customer.service@bankofamerica.com" when the true sender wasn't associated with BOA. The proposed system would require a signature on the e-mail in order for it to be processed.

The agreement also provides reporting of phishing tactics to organizations whose accounts are being attacked.

Saturday, January 28, 2012

Ban of adult pornography struck down by 2nd Circuit

One of the most common conditions of supervised release to be vacated on appeal is one related to a ban of pornography - adult or child. In United States v. Magner, 455 Fed. Appx. 131 (2nd Cir. 2012), the Second Circuit vacated and remanded a condition that prevented access to "any 'website depicting images of nude adults or minors.'" Noting that this could forbid access to, for example, "art museum websites," the appeals court found it too vague.

In a Sixth Circuit case (discussed here in a previous post), the court struck down a ban on any material that "depicts or alludes to sexual activity." The court found this ban could prevent access to advertising, certain parts of the Bible, music, and soap operas.

Courts have held, however, that it is proper to restrict access to adult pornography - especially in the context of child pornography convictions.

Friday, January 27, 2012

Sixth Circuit vacates release conditions in CP case

In United States v. Inman, 666 F.3d 1001 (6th Cir. 2012), the court vacated and remanded a supervised release conditions in connection with a conviction of possession of child pornography. The court reviewed the conditions for plain error and found the following mistakes:
  • Forbiddance of drinking alcohol and requirement of reporting all prescription drugs to the probation officer was not warranted as there was no history of alcohol or drug dependence. Also, the statute does not allow a total ban of alcohol.
  • Ban for life of "any device capable of creating pictures or video." The court questioned this requirement since the conviction was for possession of child pornography, rather than production.
  • Ban of post office boxes and storage units would be better explained or reversed. The court suggested that the offender should be required to submit to a search of those places instead of a total ban.
  • Requirement to provide the probation office with requested personal financial information did not appear necessary based on the facts of the case.
The Sixth Circuit held, "Because both the length of supervised release and the conditions imposed are likely more severe than if the district court had followed the correct procedures, the district court's errors seriously affect the fairness, integrity, or public reputation of the proceedings."

Fifth Amendment held not violated by forced disclosure of unencrypted drive

The Colorado District Court is the latest to weigh in on the popular issue of whether a person can be forced to disclose a password or unencrypted files. In United States v. Fricosu, the court found that the defendant's Fifth Amendment right is not implicated by requiring production of an unencrypted version of the files. 2012 U.S. Dist. LEXIS 11083 (D. Colo. 2012).

After law enforcement seized six computers from the defendant's home, they were unable to break the encryption on one of the computers. The defendant refused to provide the password, arguing that such a requirement would violate her Fifth Amendment right against self-incrimination.

Two prior cases have dealt with this issue. In In re Grand Jury Subpoena to Boucher, 2007 WL 4246473 (D. Vt. 2007), the court required the defendant to provide either a password or an unencrypted copy of the specified files. However, as the EFF (Electronic Frontier Foundation) noted in their amicus brief to Fricosu, Boucher involved specific files identified as child pornography. Investigators could see the filenames but were unable to open the files. That is distinguishable in Fricosu because investigators only know of the types of files that will be on the computer. On that issue, the Fricosu court held, "The fact that [the government] does not know the specific content of any specific documents is not a barrier to production."

Also, in United States v. Kirschner, 2010 U.S. Dist. LEXIS 30603 (E.D. Mich. 2010), the court found that the defendant could not be compelled to disclose his password. The government argued in Fricosu that Kirschner does not apply they are providing the alternative of allowing production of decrypted files instead of the password.

In Fricosu, the EFF had argued that forcing Fricosu to provide the password or unencrypted files “would be an admission that she had control over the computer and the data stored on it before it was seized from her residence—which are critical admissions” and would therefore violate her Fifth Amendment rights.

In a recent post, I discussed TrueCrypt, a popular open-source software package that allows users to create hidden, encrypted volumes.

Thursday, January 26, 2012

Panel compares use of file-sharing program to leaving box of treats in a common area

A common issue for appeal in child pornography sentencing cases is whether the "thing of value" requirement under U.S.S.G. § 2G2.2(b)(3)(B) can be satisfied by showing simply that the defendant (1) had images of child pornography and (2) used file-sharing software. The five-level enhancement is applicable if the defendant distributed child pornography, but some courts hold that proof of distribution is not necessary as long as those two elements are met. (Read a prior post here concerning this dispute in the 8th and 11th Circuits.)

Eighth Circuit precedent does not require proof, and a recently decided case from that circuit followed that concept. United States v. Burman, 666 F.3d 1113 (8th Cir. 2012). What was interesting, however, was the concurring opinion. The majority had suggested that "[h]e who places an open box of treats in a common area of an office may be distributing treats," but as the concurring judge noted, the enhancement "applies only where the defendant is engaged in a 'transaction' that is conducted 'for a thing of value.'"

The concurring judge also cites a prior Eighth Circuit concurring opinion (his own) in which he wrote, "But simply showing that a defendant made images available to others through a file-sharing software program and downloaded images from others through the same program, with knowledge that the software allowed such distribution and receipt, is a tenuous basis on which to urge the application of § 2G2.2(b)(3)." United States v. Bastian, 603 F.3d 460 (8th Cir. 2010).

Wednesday, January 25, 2012

Missouri appellate court finds reasonable expectation of privacy in text messages, adopts Warshak

The Missouri Court of Appeals has adopted the reasoning of the Sixth Circuit in Warshak, finding a reasonable expectation of privacy in text messages held by a third party. State v. Clampitt, 2011 Mo. App. LEXIS 1741 (Mo. Ct. App. 2012).

The defendant, James Clampitt was charged with involuntary manslaughter after a car accident. Investigators used subpoenas (apparently under a state statute as opposed to the SCA) to obtain his text messages and phone records beginning with the date of the accident and for a few weeks thereafter, hoping to find an admission. The prosecutor did not seek a search warrant because they felt "the text messages 'were records that were in possession of a third party,'" and it was therefore unnecessary. The trial court suppressed the evidence, and the state appealed.

The appellate court first looked at whether the Fourth Amendment is relevant, asking whether or not there is a reasonable expectation of privacy in text messages. They look to Quon (130 S. Ct. 2619 (2010)), and while acknowledging that it dealt with employers/employees, they interpreted the case to mean that the Supreme Court "strongly suggested ... the public would have a reasonable expectation of privacy in ... text message[s]."

Next, the court then cited six opinions where "courts have found that individuals have a reasonable expectation of privacy in their cell phones and the information stored therein, including text messages." None of these cases, however, find Fourth Amendment protection for text messages stored by a third party, but rather for the actual physical cell phone and its contents. Investigators could likely have obtained the text messages in each case directly from the phone company without regard to the Fourth Amendment's protections.

The court then turns to Warshak (631 F.3d 266 (6th Cir. 2010)), which involved law enforcement obtaining the defendant's email without a search warrant. Ultimately, the Sixth Circuit found that a reasonable expectation of privacy existed in the e-mails even if they are stored with a third party and declared part of the Stored Communications Act unconstitutional. The Clampitt court found Warshak to be rather persuasive.

Ultimately, the Missouri Court of Appeals found that people have a reasonable expectation of privacy in text messages. "[A]s text messaging becomes an ever-increasing substitute for the more traditional forms of communication, it follows that society expects the contents of text messages to receive the same Fourth Amendment protections afforded to letters and phone calls." Further, the court found the search to be unreasonable and that good faith did not exist in obtaining the records.

In Warshak, the court determined that good faith existed because investigators relied on the Stored Communications Act, which traditionally allows e-mails and similar content to be obtained. In Clampitt, however, the state did not argue good faith reliance on the SCA so the court did not address it. Also, the good faith exception is only applicable to police officers, but here, it was the prosecutor who improperly obtained the messages.

SIDE NOTE: Our courts have traditionally held that there is no expectation of privacy in information held by a third party (See, e.g. United States v. Miller, 425 U.S. 435 (1976)). In the recent SCOTUS opinion in Jones (prior post here), Justice Sotomayor suggested a willingness to rethink that notion.

Arguments that just don't cut it (Part II)

Here's the second installment of the bad arguments collection. It's not that they are entirely implausible, but just that courts are not likely to believe and use as evidence, for example, that dogs can sense the act of wiretapping.
  • Plaintiff claimed he knew that HP was checking his voicemail in violation of the Wiretap Act when his "German shepherd, Duke, had his ears perked and was staring wildly at Plaintiff's Motorola router." Dunahoo v. Hewlett-Packard Co., 2012 U.S. Dist. LEXIS 7717 (S.D.N.Y. 2012).
  • Eight months after defendant's house was foreclosed upon, the new owner found his collection of child pornography in the flue of the chimney. The defendant argued that he had an expectation of privacy in the disks as they were not abandoned. The judge held, "It is unclear to me exactly when defendant planned to try to retrieve these disks, and it is ridiculous to think that he had any privacy interest in these disks which were sitting in someone else's house for this length of time." United States v. Larson, 2011 U.S. Dist. LEXIS 139566 (W.D. Mo. 2011).
  • Plaintiff argued that they cannot be required to disclose data from their social media accounts to the defendants during discovery because it would violate the Stored Communications Act. Unfortunately for the plaintiff, the SCA only prohibits unauthorized access and does not apply to the user himself. In re Air Crash near Clarence Ctr., 2011 U.S. Dist. LEXIS 146551 (W.D.N.Y. 2011).

Tuesday, January 24, 2012

June 6 announced as IPv6 launch day

Many major Internet companies have joined efforts in pursuit of the move to IPv6, announcing June 6, 2012 as the world launch day. This is, however, simply a launch and not a full move. In order for companies to participate, they must meet certain requirements depending on the nature of their business.
  • ISPs must enable IPv6 for at least 1% of their customers
  • Equipment manufacturers must enable IPv6 by default in their products
  • Websites must permanently enable IPv6 for their websites

With the recent expansion to devices connected to the Internet, the move from IPv4 was a certainty. In fact, some parts of the globe have already run out of their allotment of IP addresses. Under the IPv4 system, there were only 4.29 billion IP addresses to go around. If everyone in the world had only one device connected to the Internet, that leaves us a few billion short. The IPv6 system has substantially more with 240 undecillion addresses.

The problem with implementation is that the two are incompatible, requiring hardware and software to be replaced along the entire chain. An individual's computer and router, the ISP, and website hosts must all make the swap to allow communications.

Among the businesses currently signed up are Facebook, Google, Comcast, Time Warner, AT&T, Cisco, D-Link.

Monday, January 23, 2012

SCOTUS rules on GPS usage by law enforcement, finds practice to be a Fourth Amendment search

The Supreme Court ruled today in United States v. Jones (2012 U.S. LEXIS 1063) that installation and use of GPS by law enforcement to track a vehicle constitutes a search under the Fourth Amendment and requires a warrant if the search would otherwise be unreasonable. That part is unanimous. However, the majority's ruling is very narrow, finding the search occurred because of physical trespass rather than finding a violation of Jones's reasonable expectation of privacy. The Court did not determine the reasonableness of the search.

In Jones, law enforcement used a GPS device to track the defendant's vehicle over 28 days, producing "more than 2,000 pages of data." Jones was ultimately charged with crimes related to cocaine. At trial, he filed a motion to suppress evidence obtained by the device, which was denied in part. The DC Circuit reversed the conviction, finding the GPS device usage violated the Fourth Amendment.

In its analysis, the Court found that physically placing the device on Jones's vehicle was "a physical intrusion [that] would have been considered a 'search' within the meaning of the Fourth Amendment when it was adopted." Thus, the issue was not a Katz reasonable expectation of privacy question, but trespass. "The government physically occupied private property for the purpose of obtaining information." That seems to be a two-part test, requiring (1) physical occupation and (2) the purpose of obtaining information.

Justice Alito, in his concurring opinion joined by Ginsburg, Breyer, and Kagan, suggested the Court follow the reasonable expectation of privacy test. Finding the use to be a search and applying the test to these facts, Alito would find that tracking for 28 days was certainly unreasonable, though a shorter, more de minimis amount of time might very well have been reasonable. The majority opinion doesn't consider time at all because the reasonableness of the search was not an issue before the Court. Thus, the Jones opinion does not require a warrant in order to use GPS - it only requires it if the use is not reasonable. No line was drawn distinguishing reasonableness.

Justice Sotomayor, joining the majority but also writing a concurring opinion, suggested that reasonable expectation of privacy analysis should examine "whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on." The problem, as she explained, is that "[p]hysical intrusion is now unnecessary to many forms of surveillance." Sotomayor's opinion adopts the reasoning of both the majority and Alito. Thus, it would seem that even if the surveillance did not involve physical trespass, five votes on the Supreme Court would find that a search occurred.

This opinion changes precedent in three circuit courts insofar as they suggest that the use of a GPS device in tracking is not a search. The opinions are United States v. Garcia, 474 F.3d 994 (7th Cir. 2007); United States v. Pineda-Moreno, 591 F.3d 1212 (9th Cir. 2010); and United States v. Marquez, 605 F.3d 604 (8th Cir. 2010).

Others with much more knowledge and experience than myself have already written extensively on the Jones case today. See Professor Orin Kerr's posts here, here, here, and here. (Professor Kerr was cited throughout the Supreme Court's opinion). Read Lyle Denniston at SCOTUSblog here. For popular media, here are a few links with interesting commentary: NYT, The Atlantic, Wired, and Politico.

Sunday, January 22, 2012

Tech Watch: TrueCrypt provides open source file encryption, hidden drives

In 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries.

TrueCrypt is open source software that provides file and drive encryption. Their website claims that cracking the password "could take thousands or millions of years." The program enables a user to create hidden volumes, hidden operating systems, use pre-boot authentication, and virtual volumes hidden inside of decoy files (like a Word document or image file).

I recently starting using TrueCrypt because I felt uncomfortable keeping a file backup on an external hard drive without some sort of security. My drive now has an unencrypted partition as well as a hidden partition only accessible by the software with the correct password. Once the partition is mounted, it functions just like any other portable drive. File access may be slightly slower than an unencrypted drive, but I was able to copy files at about 25 MBps.

In investigations, knowledge of the use of TrueCrypt can be very important. If a hidden, encrypted volume is already mounted on a computer, the files may be accessible on the scene. Once the computer is shutdown, however, they will only be accessible with the password. Whether password disclosure can be compelled is an ongoing debate. Compare In re Grand Jury Subpoena (Boucher), 2009 U.S. Dist. LEXIS 13006 (D. Ver. 2009), with United States v. Kirschner, 2010 U.S. Dist. LEXIS 30603 (E.D. Mich. 2010).

Friday, January 20, 2012

Judge denies discovery request for Facebook data

A federal magistrate has denied a motion to compel Facebook records in a slip and fall case. The plaintiff claimed back injuries, but the defendant suggests the plaintiff might be faking some of her injuries (they have a surveillance picture of her pushing a grocery cart). Tompkins v. Detroit Metro. Airport, 2012 U.S. Dist. LEXIS 5749 (E.D. Mich. 2012).

The court found that the Facebook data is not relevant because the plaintiff is not alleging that damages that prevent her from, for example, pushing a grocery cart. "If the Plaintiff's public Facebook page contained pictures of her playing golf or riding horseback, Defendant might have a stronger argument." Further, the judge noted that the defendant's request for the entire account was overly broad.

Eleventh Circuit decides interstate commerce proof debate, disavows Tenth Circuit opinion

The Eleventh Circuit has weighed in on a developing circuit split - specifically whether the prosecution must prove that a defendant's particular copy of an image of child pornography was obtained over the Internet and therefore traveled in interstate commerce. Finding that the "particular images" approach was an inaccurate interpretation of federal law, the court affirmed the judgement because the original images had been created in another state. United States v. Schaff, 454 Fed. Appx. 880 (11th Cir. 2012).

The defendant had attempted to delete all images of child pornography from his computer, but the images were recovered from unallocated space. Other images were obtained in thumbs.db, pagefile.sys, and hyberfil.sys files. There was no evidence presented that showed that the defendant had downloaded the images from the Internet, and therefore, no proof that his particular images had been obtained through interstate commerce.

The First, Third, and Fifth Circuits have held that the defendant's use of the Internet is enough to meet the interstate commerce requirement, and further proof regarding the specific images is unnecessary. The Tenth Circuit, on the other hand, found that evidence must demonstrate that the particular files were transferred through interstate commerce (United States v. Schaefer, 501 F.3d 1197 (10th Cir. 2007)). The "particular files" requirement is distinct from the original files. Therefore, if a neighbor had given the defendant the files on a CD, the requirement would not be met.

The Eleventh Circuit refused to adopt the Shaefer opinion, finding that the defendant's Internet use, coupled with the fact that the images had been produced in a different state, was sufficient for establishing the interstate commerce requirement.

UPDATE: The Tenth Circuit has since reversed its holding on this subject in Schaefer. Click here for more information.

Thursday, January 19, 2012

Illinois court determines e-mail with five images of CP only allows one count

In a recent Illinois case, four counts of child pornography possession were vacated on appeal. The defendant had received five images in a single e-mail. Under the appellate court's interpretation of state law, this amounts only to one violation of the relevant statute. People v. McSwain, 964 N.E.2d 1174 (2012).

Many states would allow for five counts in this situation. See, e.g., Commonwealth v. Davidson, 938 A.2d 198 (Pa. 2007). However, as discussed in this post, California law would also only allow one count.

Court finds camera not a closed container, search incident to arrest was unconstitutional

An Oregon federal court has found that a search incident to arrest violated the Fourth Amendment because exigent circumstances did not exist. Schlossberg v. Solesbee, 2012 WL 113746 (D. Or. 2012). The plaintiff argued in a Section 1983 claim that his rights were violated by his arresting officer when the officer searched his camera.

Closed Containers
First, the court evaluated whether a camera is a closed container. If you are unfamiliar with the debate, this often comes up with cell phones. If the phone is considered a closed container, it can be searched incident to lawful arrest if found on the arrestee's person (United States v. Finley, 477 F.3d 250 (5th Cir. 2007), applying closed container principles established in Robinson, 44 U.S. 218 (1973)). In United States v. Park, 2007 WL 1521573 (N.D. Cal. 2007), the court determined that electronic devices should be distinguished because of the large amount of information they carry, and they are not "part of the person." The Ohio Supreme Court, likewise, has determined that cell phones are not closed containers and are subject to a higher level of privacy due to the information they carry. State v. Smith, 920 N.E.2d 949 (Ohio 2009). For a more in-depth discussion of these issues, see Professor Susan Brenner's posts here and here.

The court ultimately agreed with Smith and Park, finding that cell phones and cameras should not be considered "containers." The court wrote that cases like Finley create a troubling rule - "any citizen committing even the most minor arrestable offense is at risk of having his or her most intimate information viewed by an arresting officer."

Exigency Exception
Further, "warrantless searches of such devices are not reasonable incident to a valid arrest absent a showing that the search was necessary to prevent the destruction of evidence, to ensure officer safety, or that other exigent circumstances exist." The officer had suggested concern that the camera's battery would die created an exigency, but the court found that argument unpersuasive.

Qualified Immunity
Because of the search of the camera violated the Fourth Amendment, the officer was liable for damages unless he was protected by qualified immunity. The court held that a jury should determine whether the arrest was lawful - if it was, the officer is entitled to qualified immunity.

Wednesday, January 18, 2012

Court reverses identity theft conviction for stolen wallet

The Washington Court of Appeals has reversed a conviction of identity theft, finding that no evidence was presented to prove the defendant would use an identification card and credit card to commit a crime. State v. Williams, 2012 Wash. App. LEXIS 57 (2012).

The defendant had stolen a wallet containing a credit card, identification card, and over $200 cash. Subsequently, he was charged with identity theft and theft.

On appeal, the court iterated an important point: theft of such items alone is not sufficient to prove identity theft. As with the Washington statute, proof must be shown of intent to possess or use that information "in order to commit, aid, or abet a crime." Here, the defendant stole a wallet, not an identity.

Hard drive abandoned after owner left it in his home for an extended period of time

The conviction of an Ohio man has been reinstated after the Ohio Supreme Court found his hard drive to be abandoned and thus not protected by the Fourth Amendment. State v. Gould, 2012 Ohio 71 (2012).

In December 2005, the defendant moved his belongings into his mother's house. He left his hard drive with her and told her not to "let anybody get their hands on it." When he moved six months later, he took all of his things except the hard drive. His brother told their mother that it likely contained child pornography, and she returned it to the defendant. In August 2006, the defendant's older brother moved in with him. Shortly thereafter, the defendant stole his brother's truck, left all of his belongings, and contacted no one in the family. Later, the brother sold the defendant's possessions in a garage sale, but their mother reclaimed the hard drive.

The mother took the hard drive to law enforcement and suggested that the defendant had abandoned it. After multiple failed attempts to contact the defendant, the police obtained consent from the mother to search the drive, which contained images of the defendant engaging in sexual acts with a seven-year-old girl.

The trial court found the defendant guilty on multiple charges. On appeal, the conviction was reversed after the court found that the defendant had a reasonable expectation of privacy in the hard drive. The Ohio Supreme Court, however, reinstated the conviction, holding that the hard drive was abandoned "by leaving it in his Toledo apartment without the ability to exert control over it." As such, he had no reasonable expectation of privacy in the drive, and the search did not violate the Fourth Amendment.

As you might can discern from this post's title, I am not entirely comfortable with this decision - or at least the precedent it creates. I can certainly imagine a scenario where a person leaves their home for four months, and it not be abandonment. The court failed to specify why they ruled as they did. Did he stop paying rent? Is it because he stole a truck and stopped communicating with his family? Did it make a difference that he had a roommate? It just seems plausible that a person could leave a shared home for four months - even by stolen truck -  and retain an expectation of privacy in their possessions.

Nebraska court allows father visitation rights in prison after attempted sexual assault conviction

The Nebraska Court of Appeals reversed a custody order that forbade in-prison visitation rights to the father after he was incarcerated for possession of child pornography and attempted sexual assault. Robey v. Robey, 2012 Neb. App. LEXIS 9 (2012). The victim of the attempted assault was a neighborhood child. While it is known that the children were in the room when the act occurred, it appears the children were unaware it was happening.

At trial, the court denied supervised visitation rights while the father was in prison. However, on appeal, the court reversed, holding that visitation should not be denied because a parent is in prison and because "[t]he negative ramifications experienced by the parties' minor children were not shown to be specific or causally related to the specific crimes of which Robert stands convicted."

Tuesday, January 17, 2012

The Pirate Bay to abandon torrents, provide magnet links

The Pirate Bay, a popular torrent website, will stop providing users with torrents next month. Instead, they will only offer users magnet links.

For some time now, P2P users had to download a torrent in order to then download their content of choice (be it legal or not-quite-so legal). The torrent file contained metadata about the intended download that allowed the software to connect to other users with the file. This metadata includes the file's name, size, and hash value (well, a hash list actually, but that's a little technical).

Magnet links simplify that process. Instead of downloading a file, you simply paste a link into your P2P software that looks something like this:
The blue highlighted text is the hash value, yellow is the file name, and red is a series of URLs that the software uses to find the file.

This change may not mean a whole lot for you. Courts are just now beginning to refer to torrents in opinions, but they still do not seem very comfortable with the idea. Magnet links may help them out a little.

Some argue that this swap may provide a little legal protection for websites like The Pirate Bay, who are often accused of enabling illegal downloads. However, though they are no longer hosting torrent files, they are still hosting the link which still has to be downloaded (by opening the page).

Monday, January 16, 2012

6th Circuit vacates sentence after judge "splits the difference" in enhancement dispute

In United States v. Johnson, 446 Fed. Appx. 798 (6th Cir. 2012), the Sixth Circuit vacated and remanded the sentence of a man convicted of transportation, transfer, and possession of child pornography.

In 2001, the defendant was convicted of transmitting child pornography and using a facility in interstate commerce to attempt to persuade a minor to engage in sexual activity. As it turned out, the minor was an FBI agent. Upon release from prison and completing two years of supervised release, the defendant showed that he hadn't quite learned his lesson. He again engaged in online communications where he sent pornographic images to what he thought was a 13-year-old girl but was actually an undercover agent. He pled guilty to various charges.

At sentencing, the government argued for a five level enhancement under section 2G2.2(b)(5) for "a pattern of activity involving the sexual abuse or exploitation of a minor." The district court found arguments for and against the enhancement valid so he decided to split the difference in the number of months.

While the Sixth Circuit noted the judge's "admirable desire to achieve fairness," the sentence was arbitrary because the judge did not resolve the dispute. Finding that the compromise was not appropriate, the court noted, "Such an approach to sentencing is not the product of reason but of happenstance and, unfortunately, short-circuits every other discussion regarding the reasonableness of the sentence in this case."

Sunday, January 15, 2012

Appellate court addresses multiple issues in CP case

A recent Eleventh Circuit case presents a myriad of issues. In United States v. Cray, the defendant appealed his convictions of receipt and possession of child pornography. 450 Fed. Appx. 923 (11th Cir. 2012). He had subscribed to a website providing child pornography for $79.99 per month, and law enforcement tracked his actions on the site back to his ISP account. Among his arguments for reversal were:
  • An argument that obtaining his IP subscriber information was a violation of the Wiretap Act, and thus suppression of the information was warranted. As the court noted, there is no suppression remedy under the Wiretap Act. (Also, obtaining such information is clearly not a wiretap under ECPA.)
  • An expert witness should not have been allowed to testify that "Cray personally operated his laptop to access a child pornography website while in Dover, Delaware." The court found this testimony to be reliable and appropriate although the expert was not personally aware of the act.
  • Admission of testimony concerning geographic location of IP addresses was not inadmissible hearsay under plain error review.
  • Presentation of videos from the child pornography website to the jury was appropriate despite the fact that the videos were not located on the defendant's computer. They were relevant to show the defendant's "intent to receive and access ... child pornography" and to prove they "were actually child pornography."
  • Summary chart matching "filenames found in [defendant's] laptop registry with files accessed on the Website by a subscriber using Cray's name and information" were appropriate for presentation to the jury because the information had already been established, defendant had opportunity to cross-examine, and the court provided limiting instructions to the jury.
Therefore, the trial court decision was affirmed.

Wednesday, January 11, 2012

11th Circuit vacates sentence, finds swapping CP on P2P network not per se "for valuable consideration"

The Eleventh Circuit has vacated and remanded a sentence that included a five-level enhancement because it found the defendant had not received "a non-pecuniary thing of value" in exchange for sharing child pornography on a peer-to-peer network. United States v. Spriggs, 666 F.3d 1284 (11th Cir. 2012).

The defendant pled guilty to receipt of child pornography, and a five-level enhancement was applied "for distribution of illicit images for the receipt, or expectation of receipt, of a non-pecuniary thing of value" at sentencing.

The court first examined whether a distribution took place. The defendant was using the Shareaza P2P software to download child pornography. Law enforcement had attempted to download files from the defendant, but were unsuccessful. There was also no proof that anyone else downloaded files from him, but because they were located in the shared folder, such proof was not necessary to show distribution.

However, the court did not find that "a non-pecuniary thing of value" was received or expected. The Eighth Circuit has determined that because possessors of child pornography often swap files on P2P networks, no proof is necessary to show it actually happened in order to apply this enhancement. United States v. Stultz, 575 F.3d 834, 849 (8th Cir. 2009). Here, the Eleventh Circuit disagreed - because files on P2P are free and downloads are not "conducted for 'valuable consideration,'" a transaction over the network is insufficient.
Without evidence that Spriggs and another user conditioned their decisions to share their illicit image collections on a return promise to share files, we cannot conclude there was a transaction under which Spriggs expected to receive more pornography.
The district court had also justified the enhancement because a user may receive faster download speeds when sharing files, but because there was insufficient proof, the argument was struck down.

RELATED CASE: Just days after Spriggs, the Eleventh Circuit decided an almost identical case in the same way - United States v. Vadnais, 667 F.3d 1206 (11th Cir. 2012).

Tuesday, January 10, 2012

Judge finds guidelines flawed, Sixth Circuit vacates sentence

The Sixth Circuit has vacated and remanded the sentencing of a defendant after the district court imposed one day in jail and ten years supervised release for possession of child pornography because the judge objected to the sentencing guidelines. United States v. Bistline, 665 F.3d 758 (6th Cir. 2012).

After pleading guilty to the possession of 305 images and 56 videos of child pornography, the district court refused to follow the guidelines range of 63 to 78 months' imprisonment because it felt "that 'the guidelines for possession of child pornography are seriously flawed.'" Ultimately, the court sentenced the defendant to one night in jail and 10 years of supervised release. On appeal, the government argued that the sentence was "substantively unreasonable."

The district court considered several issues at sentencing including the need for adequate deterrence, the need to avoid unwarranted sentence disparities, and the history and characteristics of the defendant. The court found that "the humiliation of his arrest and [his] prosecution" was sufficient deterrence, but the Sixth Circuit disagreed. Likewise, the court found that the imposed sentence creates disparities in sentencing rather than avoiding them. Lastly, the district court used the defendant's age and need to care for his wife to justify the sentence, but the appellate court found that their children could have cared for her.

At sentencing, the district court also found it troubling that Congress had been involved in creating the relevant guidelines, but the Sixth Circuit had no objection to that and felt that any "political considerations" that might have influenced their decision could also happen in the courtroom.

Monday, January 9, 2012

Chats between defendant and minors found inadmissible in sexual exploitation of minors case

A North Dakota man has been charged with attempted sexual exploitation of his two minor stepdaughters. Videos reveal that he used his cell phone to record the girls showering. The defendant claims he was videoing them because "he was concerned that they were taking nude pictures of themselves and texting them to friends." United States v. Rambough, 2012 U.S. Dist. LEXIS 1781 (D.N.D. 2012).

At issue is whether chat logs should be admissible where defendant, claiming to be a 19-year-old woman, communicated with both minors and adults. The government claims them to be relevant to show the defendant "has a sexual interest in minors." The defendant argues them to be irrelevant to the charge and that potential unfair prejudice outweighs probative value.

The court found that the chats with other adults "have little, if any, probative value" and do not pass the FRE 403 filter. The chats with children, however, are relevant, but should not be admissible due to potential unfair prejudice. The opinion also notes that just as the defendant claimed to be a 19-year-old woman, the minors with whom he was chatting may also have "adopt[ed] a persona." As a result, the court assumed those conversations were with adults.

Friday, January 6, 2012

Tracking computer usage, free credit monitoring, and digital forensics guides from corporations

I have collected several random stories recently that do not deserve their own post alone, but that I thought should be shared.
  • From Lifehacker, this post shows you how to see if someone has been using your computer when you were not around. Using the Windows Event Viewer, users can see system logs detailing each time the computer boots or wakes from sleep or hibernation.
  • This isn't an endorsement nor do I really know much about this service, but Lifehacker did an article about Credit Karma, a credit monitoring service that notifies you of changes via e-mail. The service once restricted its number of users, but it is now free to anyone who registers. WSJ, NYT, CNN, and others have also recommended the service.
  • SANS's Computer Forensics website provides links to corporate handbooks for digital forensics investigators from companies like Microsoft, eBay, MySpace, and more. Some of the information is outdated, but it may give you an idea as to what is required and who to contact.

Thursday, January 5, 2012

Malware steals credit card info, hides charges in online banking

As Mashable reports, new malware can steal your credit card information when you make purchases online, and after using it for fraudulent purposes, it can also hide those charges from your bank statement when you check your account online. Sounds like some pretty advanced stuff. Here's the video for slightly more info (apologizes for the embedded commercial).

Tuesday, January 3, 2012

UK study reveals 33% of divorce petitions cite Facebook as a problem

In a study conducted by Divorce Online in the United Kingdom, 33% of divorce petitions filed in 2011 used Facebook posts as evidence of behavior that led to the breakup (up from 20% in 2009).

There were three main reasons that Facebook was mentioned:
  1. Inappropriate messages to members of the opposite sex. 
  2. Separated spouses posting nasty comments about each other. 
  3. Facebook friends reporting spouse’s behavior.
I'm sure that we have all seen our Facebook friends posting horrible things about their spouses, but I'm also sure that few of them expect those posts to end up appearing in legal documents.

Courts are still struggling with how to deal with social media discovery in civil cases. Some courts require the parties to "friend" each other. Understanding that privacy settings may restrict what can be viewed, others have ordered disclosure of login information. However, both of these options may lead to disclosure of information that is irrelevant and not subject to discovery. Some courts have conducted in camera review of the parties' accounts. Offenback v. L.M. Bowman, Inc., 2011 WL 2491371 (M.D. Pa. 2011); Barnes v. CUS Nashville, Inc., 2010 WL 2265668 (M.D. Tenn. 2010). With the addition of Facebook's download feature, we may see that option become the predominant method in the near future.

Sunday, January 1, 2012

New year presents new challenges

The year 2011 brought about many new or advanced challenges in the cybercrime field. Some of the big headliners included:
  • With the closing of Reddit's "jailbait" section, many websites have begun to move away from semi-anonymous postings. Several have integrated Facebook to require users to post to sites within their Facebook accounts. Of course, websites are protected by the Communications Decency Act, but making the swap certainly brings much less headache.
  • The group "Anonymous" began attacks as early as 2006, but their acts expanded greatly last year with relation to unrest in the Middle East, Bank of America, Sony, child pornographers, and more.
  • With the Pentagon acknowledging in July that over 24,000 files had been stolen, the DOD developed a framework for virtual retaliation for cyberwarfare attacks. The hackings of the U.S. Senate and the CIA in the spring also brought about many discussions in congressional committees on how to deal with the issue of cybersecurity.
The new year is certain to present new issues. Here are a few predictions as to what we should expect:
  • Increased smartphone attacks - Computers which have long been easy to attack are now the hard targets. Cell phones are almost entirely unprotected - most of us have no virus or malware protection. With increasing financial transactions by smartphone apps, this is sure to be a major issue in 2012. The major question is who is going to pay for the protection - will cell users have to buy virus scanning software or will phones start coming with it pre-installed?
  • Cyber intrusions of utilities - In November, it was reported that hackers had gained remote access to a water pump in Illinois and caused it to burnout, but DHS later found there was "no evidence of a cyber intrusion." However, this method of cyber attacks certainly seems to have potential. With groups like Anonymous that use hacking to further social causes, it only seems natural to extend their reach into electrical grids or water supply stations.
  • More movement to the cloud - Many businesses and governments have already begun to make the move as it is more cost-effective and convenient. That in itself presents a problem - if all government records are in the cloud, the data may be more susceptible to theft. Further, cyber criminals will also likely make the move. It is much easier to find evidence when it is on their hard drive, but much more difficult when spread out over hundreds of servers worldwide.

Thank you all for reading my blog. I've enjoyed the last few months, and I hope I can continue to offer you good information in the year to come.

Ninth Circuit finds standing to challenge government's alleged communications dragnet

In a lawsuit alleging "widespread warrantless eavesdropping" in violation of the Foreign Intelligence Surveillance Act, the Electronic Communications Privacy Act, and the Stored Communications Act, the Ninth Circuit has reversed and remanded the lower court dismissal on standing grounds. Jewel v. NSA, 673 F.3d 902 (2011).

The suit, backed by the Electronic Frontier Foundation, alleged "that the government[] operated a "dragnet collection" of communications records by 'continuously soliciting and obtaining the disclosure of all information in AT&T's major databases.'" The district court dismissed the compliant, finding that Jewel's complaint failed by not "specifically linking any of the plaintiffs to the alleged surveillance activities."

Of course, the issue is whether Jewel could demonstrate a "sufficiently concrete and specific injury" in order to have standing. The court found that the complaint "described in detail the ... equipment used ... at the particular AT&T facility" and that she "alleged with particularity that her communications were part of the dragnet."

RELATED CASE: The Ninth Circuit also decided, in a separate opinion, that § 802 of the Foreign Intelligence Surveillance Act, which immunizes telecommunications companies from cooperating with the government's investigations, is constitutional. In re NSA Telcoms. Records Litig., 2011 U.S. App. LEXIS 25949 (2011).