Thursday, May 31, 2012

Alabama district court applies good faith to pre-Jones GPS use based on 1981 beeper case from old Fifth Circuit

A district court in the Eleventh Circuit has held that use of a GPS device on a vehicle before the Supreme Court's decision in Jones was done in good faith because a 1981 case (old Fifth Circuit which included present-day Eleventh Circuit, en banc) "held that placing an electronic beeper on the exterior of a defendant's car when the car was parked in a public lot did not violate the Fourth Amendment." United States v. Rosas-llescas, 2012 U.S. Dist. LEXIS 74594 (N.D. Ala. 2012). Because the device was installed pre-Jones, it was done in good faith.

Several courts have recently decided this issue, but none have applied non-GPS holdings. Courts in the Seventh, Eighth, and Ninth Circuits have upheld the use of pre-Jones GPS tracking because precedent had allowed it. (Read more here.) Courts outside of those circuits have denied good faith. The Illescas holding could potentially allow good faith to be applied to GPS use in both the Fifth and Eleventh Circuits.

Additionally, the defendant in this case was seeking to suppress evidence obtained after an unconstitutional use of GPS and a tainted traffic stop, but the evidence was not subject to suppression because it was evidence to establish the defendant's identity. The defendant was a suspected illegal alien. Eleventh Circuit precedent does not allow suppression of such evidence even after an unconstitutional search.

Next week, Cybercrime Review will explore recent applications of the Jones decision by lower courts in a three-part series.

Third Circuit holds that three-year-old information is not stale in child pornography cases

In United States v. Prawdzik, 2012 U.S. App. LEXIS 10840 (3d Cir. 2012), the Third Circuit affirmed a motion to suppress over an argument that a search warrant contained stale information because it had been three years since the sexual abuse had occurred.

On appeal, the defendant argued that the information supporting the search warrant was stale because the sexual abuse had ended three years earlier. The appellate court acknowledged that information supporting child pornography crimes could potentially grow stale, but the facts of this case did not support such an argument.

The defendant had sexually abused the child over a period of five to six years and was known at the time of the search warrant to have transferred videos of the abuse to his computer. Because "pedophiles rarely, if ever, dispose of child pornography," it was likely that the videos would still be there. Additionally, the defendant had recently contacted the victim, his daughter, by phone. As such, "there was a 'substantial basis' for the magistrate judge to conclude that the affidavit established probable cause."

Age of information is a factor to be considered in determining probable cause - the nature of the crime and the evidence presented should also be considered. See, e.g., United States v. Vosburgh, 602 F.3d 512 (3d Cir. 2010).

Wednesday, May 30, 2012

Missouri Supreme Court reverses CP convictions due to ambiguous statute

In State v. Liberty, 2012 Mo. LEXIS 104, the Missouri Supreme Court reversed seven of eight child pornography possession charges because the statute was ambiguous as to whether it allowed a single or multiple prosecutions for possession of multiple images. The court, however, denied other arguments made by the defendant.

The defendant had posted a description of physical contact with a 7-year-old child to a pedophile website, which was used as the basis for his conviction of promoting child pornography. On appeal, he argued that it did not describe "sexual conduct" as required by the statute, but instead "discussed 'riding with some children in an inner- tube.'" The court disagreed. The defendant also made a non-"sexual conduct" argument with regard to images of child pornography that had been used as evidence, but the court also struck down that argument.

Successfully argued, however, was the defendant's double jeopardy argument. He had been convicted of eight counts of possession of child pornography. The statute made possession unlawful if:
knowing of its content and character, such person possesses any obscene material that has a child as one of its participants or portrays what appears to be a child as an observer or participant of sexual conduct.
The Missouri Supreme Court held that the use of the word "any" allows the statute to be reasonably interpreted  "to permit either a single prosecution or multiple prosecutions for a single incidence of possession of eight still photographs of child pornography." Because the statute is ambiguous, the court applied the rule of lenity and reversed seven of the eight convictions. The state is not prevented from retrying the defendant if they believe they have "evidence demonstrating separate offenses, as, for example, possession of the photographs by Mr. Liberty at different times or from different sources."

The statute has since been revised, and "the legislature [has] made clear that possession of 20 or more proscribed images constitutes a single unit of prosecution."

Tuesday, May 29, 2012

Congress investigates location data issues

House conducts hearing on GPS Act
A recent congressional hearing addressed the proposed Geolocational Privacy and Surveillance Act which would require a search warrant to obtain GPS or CSLI data from phone companies. The bill is authored by Rep. Jason Chaffetz (R-Utah) and Sen. Ron Wyden (D-Oregon).

John Ramsey, of the Federal Law Enforcement Officers Association, suggested that location data is often essential to obtaining a search warrant, and requiring a warrant for location data would make law enforcement's job more difficult. Ramsey suggested that the location data is nothing more than a corporate record and is undeserving of a special standard. (Other testimonies are available here.)

Franken requests DOJ practices
Senator Al Franken (D-Minn.), an outspoken privacy advocate, has requested from the Department of Justice a rundown of their practices for requesting location information directly from cell service providers.
I am eager to learn about how frequently the Department requests location information and what legal standard the Department believes it must meet to obtain it. I would also like to know how the Department may have changed these practices since the Jones decision.
Specifically, Franken asked how many requests the DOJ had made, what type of response was given, whether the data was historical or prospective, the legal process used, total cost, and Jones-related questions.

Monday, May 28, 2012

EU law requiring consent for cookies modified by British to allow implied consent

The European Union's "cookie law" (EU Directive 2009/136/EC) went into effect over the weekend, which requires:
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information.... Users or subscribers shall be given the possibility to withdraw their consent for the processing of traffic data at any time.
Thus, for websites to use cookies to track users, they must first obtain the user's consent. Though the law was passed in 2009, many websites had not complied, leading the British government to advise websites on Thursday that "implied consent" would suffice.

Thursday, May 24, 2012

Court suppresses fruit of warrantless GPS tracking, but could inevitable discovery have saved it?

In United States v. Lee, 2012 U.S. Dist. LEXIS 71204 (E.D. Ky. 2012), the court ordered suppression of evidence obtained as part of an investigation using a GPS device installed without a search warrant. A later search was not sufficiently attenuated, and the use of GPS was not in good faith.

The defendant was suspected of drug trafficking, and a DEA officer installed a GPS device on his car without a search warrant. The device allowed them to track his movements, and the DEA notified state police of the investigation. State police were notified of the defendant's location and ultimately stopped the defendant for not wearing a seatbelt. During the stop, 150 pounds of marijuana was found.

The magistrate recommended suppression of the evidence, and the government objected, arguing "that the traffic stop was sufficiently attenuated from the illegal GPS search to expunge the taint of the illegal search, and even if it was not, that the officers acted in good faith."

Because of the timing, lack of intervening circumstances which might have severed the unconstitutional use of GPS, and the fact "that the police misconduct was guided by an impermissible purpose," the district court found that the stop was not sufficiently attenuated.

The court also refused to extend the good faith exception. In circuits that had allowed warrantless GPS prior to Jones, courts have been allowing the use of GPS data obtained prior to Jones (see previous post here). However, as the court noted, allowing the use of non-binding authority to support a good faith argument would allow officers to "beg forgiveness rather than ask permission in ambiguous situations involving . . . basic civil rights" (quoting United States v. Katzin, 2012 U.S. Dist. LEXIS 65677, (E.D. Pa. 2012)).

Possible Argument
An argument I think would be interesting in this type of situation would be inevitable discovery with CSLI. If the government could get the defendant's CSLI records showing his movement along the same route, they could have had the same result. Since CSLI data can be obtained with specific and articulable facts (rather than the higher probable cause standard), the government could show that if they had known the GPS use would be unconstitutional, they would have just used CSLI, still been able to track the defendant, and still found the pot. The pot, being derivative evidence, would likely be admissible. Some courts would not allow the GPS data itself to be admitted (as it's primary evidence), but it's not that important when you have 150 pounds of marijuana to prove your case.

Cal. court: CP possession no reason to modify father's parental rights without proof of risk to child

A California appellate court has reversed an order making a child a dependent of the court following his father's conviction of possession of child pornography. No evidence showed there was a risk that the father would sexually abuse or exploit the child. In re M.M., 2012 Cal. App. Unpub. LEXIS 3772 (Cal. Ct. App. 2012).

The father had been convicted of possession of child pornography, and the state argued that the possession "created a detrimental and endangering home environment for the child ... and place[ed] the child at risk of physical and emotional harm and damage and sexual abuse." Additionally, the court noted that the father was a massage therapist, specializing in children that were always accompanied by their parents.

No evidence was presented to suggest that the father had abused his son. The child's mother acknowledged that he had always been a good father, and she "did not view [him] as a predator or a pedophile." A psychiatrist testified that the father posed no risk to his son. The court, however, was not convinced there was no risk, and made the son a dependent of the court, gave the mother physical custody, and ordered family maintenance services and family reunification services to the father. The father appealed, arguing the court did not have jurisdiction.

For the court to take jurisdiction, the state must have shown "that Father failed to supervise or protect [the son,] adequately causing him to suffer or that he will suffer serious physical harm or illness." The appellate court held that possession of child pornography alone does not do that, and no evidence was presented to suggest the father "was likely to commit a hands-on sexual offense against any child, let alone [the son]." Additionally, jurisdiction can be established if the child has been sexually abused or is at risk for sexual abuse, but the court held that sharing and possessing child pornography does not establish such.

Wednesday, May 23, 2012

NY district court allows wiretap evidence over multiple objections from defendant

In United States v. Kazarian, 2012 U.S. Dist. LEXIS 70050 (S.D.N.Y. 2012), the court denied the suppression of wiretap evidence over arguments that probable cause did not exist, the necessity requirement was not established, and minimization was not followed.

The defendant allegedly worked to defraud Medicare of over $100 million and sought to suppress evidence from wiretaps (among other searches), arguing that probable cause did not exist and the applications did not show necessity for a wiretap. The court first found that probable cause existed, and then addressed the necessity requirement.

Under the Wiretap Act, allowance for a wiretap requires law enforcement to "demonstrate that 'normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous.'" 18 U.S.C. § 2518(1)(c). Wiretaps should not be used routinely "as the initial step in criminal investigation," but law enforcement need not exhaust all other means.

The defendant claimed that "little to no investigation was done" prior to the wiretapping and that the language for showing necessity was essentially boilerplate. However, the court held that using such boilerplate language does not alone make it invalid and found that the wiretapping was reasonably believed to be more effective than other methods of investigation.

The court, in a detailed analysis, also held that the government sufficiently followed the minimization requirement which requires the wiretap to "be conducted in such a way as to minimize the interception of communications not" related to the investigation. 18 U.S.C. § 2518(5).

District Court: Guessing location of IP address for Doe defendants does not establish personal jurisdiction

A California federal district court has dismissed a case for lack of personal jurisdiction because the plaintiff did not sufficiently prove that the unknown user of a specific IP address was located in California. Celestial Inc. v. Swarm Sharing Hash, 2012 U.S. Dist. LEXIS 61559 (C.D. Cal. 2012).

The plaintiff, a producer of adult pornography, had filed suit against multiple John Doe defendants who had used peer-to-peer networking software to download copyrighted videos. To satisfy personal jurisdiction, the plaintiffs asserted that research had "placed the IP addresses of the Doe Defendants in California." According to the plaintiff:
Determining the nation of an Internet user based on his or her IP address is relatively simple and accurate (95%-99% percent) because a country name is required information when an IP range is allocated and IP registrars supply that information for free. 
Determining the physical location down to a city or ZIP code, however, is more difficult and less accurate because there is no official source for the information, users sometimes share IP addresses and Internet service providers often base IP addresses in a city where the company is basing operations. 
Accuracy rates on deriving a city from an IP address fluctuate between 50 and 80 percent, according to DNS Stuff, a Massachusetts-based DNS and networking tools firm. 
Even when not accurate, though, geolocation can place users in a bordering or nearby city, which may be good enough for the entity seeking the information. This happens because a common method for geolocating a device is referencing its IP address against similar IP addresses with already known locations.
The district court held that because "there may still be a 20 to 50 percent chance that [they] lack[] jurisdiction," the case could not proceed to allow discovery of the Does' identities. "[E]ven if the most advanced geolocation tools were simply too unreliable to adequately establish jurisdiction, the court could not set aside constitutional concerns in favor of Plaintiff's desire to subpoena the Doe Defendants' identifying information."

Tuesday, May 22, 2012

Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure

In what I would call a very significant case, a New York federal court has held that failure to examine a defendant's imaged hard drive within 15-months after it was obtained was an unlawful seizure in violation of the Fourth Amendment. In United States v. Metter, 2011 U.S. Dist. LEXIS 155130 (E.D.N.Y. 2012) the government imaged over 60 hard drives as part of a criminal investigation into securities fraud, yet held on to the images and failed to actually do anything with them for over 15 months. The defendant argued that "the government's significant delay in conducting off-site searches of the imaged evidence merits blanket suppression of all seized and imaged evidence as routine delays of this duration would eviscerate the Fourth Amendment's privacy protections." While treading very cautiously, the court ultimately held that such delay, especially due to the amount of irrelevant, yet highly personal information that could be on a computer hard drive, was an unreasonable seizure.

At the outset, the court noted that the defendant's argument raised "an interesting issue of first impression in this Circuit that may impact electronic discovery in future criminal investigations and cases: How long may the government retain seized and imaged electronic evidence before conducting a review of that evidence to determine whether any of it falls outside the scope of a search warrant?" (This is indeed an interesting question. Think, for example, of evidence collected from a murder scene. The officers may take pictures, blood swipes, fingerprints, etc., but they cannot bag up the entire site or completely capture it for future use. That is the case with imaging a defendant's hard drive, though - essentially the evidence (relevant or irrelevant) lasts forever; it can be revisited ad nauseum, and consequently raises a plethora of Fourth Amendment concerns. Ultimately, and because of this evidentiary effect, this ends up as a case where the court was forced to treat electronic evidence different from physical evidence because of the fundamental difference in nature and kind between the two.)

The court went on to note that courts have long recognized that searches (typically of papers) will inevitably involve reviewing documents that are outside of the scope of the search because it is impossible to conduct a search otherwise; pragmatically, there are "tactical difficulties" in cabining a search when you don't know what you will find, or where "it" will be found, per se.  This recognition has been extended to computers, but:
Computers and electronic information present a more complex situation, given the extraordinary number of documents a computer can contain and store and the owner's ability to password protect and/or encrypt files, documents, and electronic communications. As a result, the principle of permitting law enforcement some flexibility or latitude in reviewing paper documents just described, has been extended to computerized or electronic evidence. Courts have applied the principles recognized in Andresen "in analyzing the method used by the police in searching computers and have afforded them leeway in searching computers for incriminating evidence within the scope of materials specified in the warrant."
Thus, courts look to the heart of the Fourth Amendment for the lawfulness of the search - was it "reasonable?"

The court recognized that the warrants issued in this case (there were multiple, spanning both homes and offices), were facially valid, sufficiently particular, and clearly defined the scope of each search. Additionally, the police acted reasonably in executing the searches, and promptly returned the hard drives back to the owners after they were imaged. Thus, the crux of the case does not involve a failure of the warrants themselves, or the procedure in which they were executed on-scene, but the process involved afterwards.

The court pointed out that delays of several months have been found to be reasonable - there may be law enforcement delays, an ongoing investigation, etc., but that there was a lack of precedent on the ceiling of this temporal question - when did a delay become presumptively unreasonable. While not actually answering that question, or establishing a black-letter rule, the court stated that:
The parties have not provided the Court with any authority, nor has the Court found any, indicating that the government may seize and image electronic data and then retain that data with no plans whatsoever to begin review of that data to determine whether any irrelevant, personal information was improperly seized. The government's blatant disregard for its responsibility in this case is unacceptable and unreasonable.
The court dismissed the government's argument that because they returned the original hard drives they were not really violating any privacy. I find this argument to be almost laughable - why does having a copy of a personal document lessen its embarrassing or incriminating nature? The court found this a "distinction without a difference."

Notably, the defendant's counsel had also notified the court that the government was willing to provide copies of these hard drives to attorneys of other defendant's involved in the fraudulent scheme, upon request. While this might have been helpful in a discovery sense, the failure to triage these hard drives for irrelevant information was damning. Ultimately, the court stated:
The government's retention of all imaged electronic documents, including personal emails, without any review whatsoever to determine not only their relevance to this case, but also to determine whether any recognized legal privileges attached to them, is unreasonable and disturbing. Moreover, the government repeatedly asserted its intent to release indiscriminately the imaged evidence to every defendant, prior to conducting any review to determine if it contained evidence outside the scope of the warrants. The Court agrees with Defendant that the release to the co-defendants of any and all seized electronic data without a predetermination of its privilege, nature or relevance to the charged criminal conduct only compounds the assault on his privacy concerns. It underscores the government's utter disregard for and relinquishment of its duty to insure that its warrants are executed properly.
After holding the government's actions in contravention of the Fourth Amendment, the court wrestled with the remedy. Did such process "deserve" complete suppression of all evidence - a remedy quite harsh to a case built around such evidence. The court ultimately decided complete suppression was warranted:
The Court has not reached this conclusion lightly. However, the Court cannot, in the interest of justice and fairness, permit the government to ignore its obligations. Otherwise, the Fourth Amendment would lose all force and meaning in the digital era and citizens will have no recourse as to the unlawful seizure of information that falls outside the scope of a search warrant and its subsequent dissemination. 
The impact of this case is wide-reaching for law enforcement - essentially they must do something with seized evidence in a reasonable amount of time. This raises a series of questions:
  1. What must law enforcement do to prevent suppression if the amount of time grows - merely do a keyword search, or fully triage and redact irrelevant evidence?
  2. We know 15 months is too long, but what about 10, 12 or 8 months? Another line drawing problem is born.
  3. How does this decision affect law enforcement timetables for existing and future investigations, and what if any impact will it have as more cases involve electronic evidence and case loads and backups increase?
  4. What will the impact of this decision be on general electronic discovery as it relates to passing unredacted/reduced electronic evidence to co-defendants, since such discovery implicates privacy concerns due to the nature of hard drives and the "intermixing" of relevant and irrelevant evidence?

Cable guy did not act as agent of law enforcement when he discovered child pornography on a service stop

In United States v. Jurek, 2012 U.S. Dist. LEXIS 70242 (N.D. Ohio 2012), the court held that an AT&T cable guy did not act as a governmental agent when he searched a customer's computer and found child pornography. The defendant called AT&T to report that his U-verse service was not working correctly, and a technician was dispatched. The technician went to the defendant's home, and was assisted by the defendant's son who called his father when the technician arrived. While working in the web browser (I assume to connect to the router/access point), the technician noticed a lot of pornography sites in the browser history, and one with the word "Lolita." The technician decided to side-track and investigate further, which he admitted was not part of the job he was sent there to do. He went into the Start Menu and viewed the "My Pictures" folder and discovered child pornography. He reported this to his supervisor after he left, and subsequently the situation was reported to law enforcement.

The court held that merely browsing around a customer's computer, while a search in and of itself, was not a search that violated the Fourth Amendment because the technician was not acting on behalf of law enforcement. This makes sense - merely discovering child pornography while monkeying around on a customer's computer isn't acting under the color of law - even if it is later reported to law enforcement. The defendant attempted to argue that the level of detail that the AT&T technician provided to law enforcement implied that he had some sort of background in investigations of this sort. The defendant argued that:
extensive notes and conclusions were made by the Technician, which were very detailed and extensive, and included approximate ages, the presence of pubic hair, the presence of semen, and estimates of age. These details appear to reflect prior knowledge, or at least training or coaching as to what to record if these images are seen during the course of a service call.
Even so, the court said, that alone does not create agency. There had to be some sort of prior discussion, agreement, persuasion, or any other interaction with law enforcement that precipitated the technician's actions.  Unluckily for the defendant, the only reason the technician was using the defendant's computer was because the technician's computer was not working at the time.

While the motion to suppress was properly denied, I think one interesting thing here is the legitimate complaint the customer could have with AT&T. The technician was (1) unprepared for the visit with proper technical equipment and (2) went outside of the scope of his job to investigate the defendant's computer for child pornography -  a clear invasion of the defendant's privacy. The defendant may have allowed use of his computer to achieve the maintenance goals he requested, but I doubt his consent included a grant of permission to wander his hard drive on a hunch.

Unsurprisingly, though, I don't foresee AT&T having to worry about such a complaint in this case.

Plaintiff alleges the FBI used his voice to create rap music, FBI should be charged with identity theft

A federal district court has dismissed an inmate's suit against Verizon and others for failure to state a claim for relief, finding the allegations were "obviously 'fantastic' and clearly 'delusional.'"

The plaintiff suggested that Verizon wiretapped his phone and gave the recordings to the FBI. The FBI then used his voice to create rap music and used his image to publicize it. "I want the FBI to be charged with identity theft," added the plaintiff.

The case is T.I. v. Verizon Mobile Phones, 2012 U.S. Dist. LEXIS 69505 (W.D.N.C. 2012).

Military appeals court reverses conviction because four of six alleged images of CP did not meet definition

In United States v. Barberi, 2012 CAAF LEXIS 594, the Court of Appeals for the Armed Forces reversed and remanded a conviction for child pornography possession because four of the six images did not fit the required definition.

The investigation had revealed six images of a child that were introduced at trial in support of the allegation. The Army Court of Criminal Appeals had found that four of those images "were legally and factually insufficient to support a conviction" as they did not contain the necessary elements to be child pornography, but upheld the conviction because the remaining images did qualify.

The Court of Appeals for the Armed Forces disagreed, holding:
Although two of the images submitted by the prosecution in support of Charge II were legally and factually sufficient to support a finding of guilty, the remaining four were constitutionally protected and we cannot know which images formed the basis for the finding of guilt to the possession of child pornography charge.

Saturday, May 19, 2012

Tool released to download all iCloud data, recover iPhone password for $199

ElcomSoft, a developer of computer forensics products, has released a tool that has the ability to download a user's iPhone data from iCloud. Here's the product description:
ElcomSoft Co. Ltd. discovers yet another way to access information stored in Apple iOS devices by retrieving online backups from Apple iCloud storage. The company updates Elcomsoft Phone Password Breaker, a tool to retrieve user content from password-protected backups created by Apple iOS devices and BlackBerry smartphones, with the ability to retrieve iPhones’ user data from iCloud. No lengthy attacks and no physical access to an iPhone device are required: the data is downloaded directly onto investigators’ computers from Apple remote storage facilities in plain, unencrypted form. Backups to multiple devices registered with the same Apple ID can be effortlessly retrieved. Investigators need to know user’s original Apple ID and password in order to gain access to online backups.
The same software also allows password recovery and forensic analysis on iPhones, and it is available for $199.

ElcomSoft also has products to allow wireless, SQL, and Windows password recovery, all available to the public.

Friday, May 18, 2012

More analysis of the NY decision in People v. Kent

In the aftermath of the recent decision from the Court of Appeals of New York in People v. Kent (summary here), there's been a large amount of interesting commentary - both legal and popular. Here are a few of the best:

  •'s article, "Judicial Misunderstanding of Technology and Child Pornography," criticizes the decision which has "potentially given a 'free pass' to those who 'merely view' child pornography on the internet."
  • The New York Criminal Defense blog's post on Kent has an interesting section discussing what defendants must know about how cache works before they can be prosecuted. 
  • The Daily Mail (UK) wrote a piece discussing the ethical issues behind child pornography and whether the harm has already been done once the images are created.
Perhaps the most interesting headline was from the Family Research Council - "Hunger Games Are Real: Children Sacrificed to Porn Now a Legal Spectator Sport."

Thursday, May 17, 2012

6th Circuit reverses 60-year sentence for CP crimes

In United States v. Aleo, 2012 FED App. 0134P (6th Cir. 2012), the Sixth Circuit reversed a total sentence of 720 months (60 years) for one count each of production, possession, and transportation of child pornography - each to run consecutively. The government had recommended 300 months.

The defendant, a 66-year-old Michigan man, had subscribed to multiple child pornography websites in addition to producing his own. The sentencing judge noted:
I think this is perhaps one of the most despicable cases that I have ever been involved in, in 28 years on the bench.... [T]here's no way that the sentencing guidelines are adequate ... to punish the defendant for what he has done to the victims and to make this thing right.
On appeal, the defendant argued that the 60-year sentence was unreasonable. The Sixth Circuit found the sentence to be procedurally reasonable, but reversed due to it being substantively unreasonable. The sentencing judge's suggestion that the sentencing guidelines were inadequate was questioned as "the Sentencing Guidelines do envision a crime such as [this]." Additionally, the court found that the sentence was harsher than that imposed for similar crimes.

Wednesday, May 16, 2012

What type of process is required for a cell tower dump?

I was recently in a discussion concerning the type of process needed for law enforcement to obtain a tower dump from a service provider. A tower dump allows police to request the phone numbers of all phones that connected to a specific tower within a given period of time. Beyond this list, law enforcement could also request customer information, allowing them to match the cell numbers with a specific customer's name, address, and other account information.

Under the Stored Communications Act (SCA), information can be obtained from phone companies (and other service providers) by use of a subpoena, 2703(d) order, or search warrant, depending on the type of data requested. For example, a subpoena can be used to obtain basic subscriber information. However, account logs and transactional records require a 2703(d) order - which requires specific and articulable facts to believe the records are relevant to an ongoing criminal investigation.

So the question to my readers is this - what type of process is required for a tower dump? We're just curious as to how easily phone companies are giving the information away. The specific and articulable facts standard seems too high for a tower dump, but a subpoena doesn't exactly seem sufficient. Or does a tower dump even fit under the SCA since that report alone only gives away phone numbers and not account information? Please leave a comment to this article if you have any ideas.

After a quick search, I was only able to find one reported case that mentions tower dumps - Jackson v. State, 716 S.E.2d 188 (Ga. 2011). In that case, police had obtained the defendant's cell number from a tower dump following a series of crimes. This, of course, only showed the defendant was in the area of the crime. On appeal, Jackson argued that the records are "not sufficient corroborating evidence as they only establish where his cell phone was at the time of the crimes, and not where he was, since he may have let a friend borrow his phone." The Georgia Supreme Court upheld the use of the records. Unfortunately, proper process was not an issue in that case.

Last month, the ACLU released a report on the use of cell site data by law enforcement. Click here for my earlier post.

Tuesday, May 15, 2012

NY state senator proposes altering child porn bill to include viewing

In response to the recent New York high court ruling (discussed here) that viewing online child pornography is not alone possession, a New York state senator has introduced legislation to modify the state statute. In the senator's press release titled "New York Must Close Loophole That Protects Perverts," he noted:
Senator [Martin] Golden’s legislation seeks to amend the law, that currently makes it a crime to possess an obscene sexual performance by a child, to also include knowingly accessing such material with intent to view.
The bill, available here, modifies the statute to include the language "knowingly accesses with intent to view" under the crime of possessing a sexual performance by a child.

Georgia court holds that "My Pictures" folder falls within the scope of warrant for drug records

In Henson v. State, 723 S.E.2d 456 (Ga. Ct. App. 2012) a Georgia appellate court held that an officer did not exceed the scope of a warrant issued to find evidence of drug distribution when the officer looked in the defendant's "My Pictures" folder. The officer was searching the defendant's residence lawfully when he came upon the defendant's computer which was in his room and turned on. It appears from the facts of the case that the only thing the officer did was go to the Start Menu, click on "My Pictures," review a few thumbnails, and he ended up discovering child pornography. At that time, he stopped obtained a second warrant which later revealed a large amount of child pornography.

The defendant argued that the officer had exceeded the scope of the warrant because, in essence, it was not reasonable to look in the My Pictures folder for evidence of drug transactions. The court disagreed and held that because records of drug transactions could be stored on a computer (and pictures were worth a thousand words?), the search stayed within the scope of the warrant because it particularly identified "electronic records." The court recognized that there was no Georgia case law on point, but cited to United States v. Walser, 275 F.3d 981 (10th Cir. 2001), where a similar situation had occurred.

In Walser, an officer executing a search warrant was examining a running computer, and while looking within a subfolder of Microsoft Works files, he noticed an AVI file, viewed the thumbnail and determined that the image appeared to depict child pornography. The officer promptly stopped his search, similar to Henson, and obtained a second warrant. The 10th Circuit upheld the search in Walser because the search was not a sweeping search of the computer, but had been executed according to a "clear search methodology." The court went on to state that
officers conducting searches (and the magistrates issuing warrants for those searches) cannot simply conduct a sweeping, comprehensive search of a computer's hard drive. Because computers can hold so much information touching on many different areas of a person's life, there is a greater potential for the "intermingling" of documents and a consequent invasion of privacy when police execute a search for evidence on a computer. . . . Thus, when officers come across relevant computer files intermingled with irrelevant computer files, they "may seal or hold" the computer pending "approval by a magistrate of the conditions and limitations on a further search" of the computer.
The court in Henson analogized the case before them to Walser, stating rather matter-of-factly as if it was clear and obvious that "the officer searching Henson's computer did not engage in a wholesale fishing expedition but was instead seeking files encompassed by the warrant when he stumbled across the images of child pornography." The court went on to offer some cautionary words:
as one prominent legal scholar has noted, "[a] computer is akin to a virtual warehouse of private information"; and just because an officer has the authority to search the data stored on a personal computer (such as Henson's laptop) does not mean that he has the unbridled authority to sift through all of the data stored on the computer. Instead, officers must be as specific as possible in a search warrant regarding what it is they are seeking on the computer and conduct the accompanying search, as the officer did here, in a way that avoids searching files that are not reasonably likely to contain the kinds of data identified in the warrant. 
It is hard to argue that the outcome of this case is wrong, based on the very limited description of the officers actions, but I have two observations: (1) It seems very interesting that the first thing the officer did when he got to the computer was look in the "My Pictures" folder and immediately found child pornography - he is either the luckiest cop alive or the defendant is the unluckiest drug dealer; (2) I think there is at least a somewhat convincing argument that it may not have been reasonable for the officer to search the "My Pictures" folder, first - namely, that the first place I would look for evidence of drug transactions would be akin to what the officer in Walser did, look for evidence of spreadsheets, word documents, or the like. If the crime you are attempting to prosecute is drug distribution, you want evidence of distribution - payments, money owed, inventory, etc. - likely to be in written form. Thus, it is tenuous to argue that "My Pictures" is the logical first stop - I doubt it is common in the drug trade to snap photos of all of your drug deals (or for police to look for photographic evidence of drug transactions). However, looking at the facts in a light most favorable to the prosecution, the motion to suppress was properly denied.

Underlying this, however, is the more fundamental question - how does one properly define the scope of a search with respect to computers so as not to trample Fourth Amendment protections and also meet the particularity requirement? The strictures of a search are easy to define in physical space, but electronic records present novel challenges. Do you define the scope as folders that can be looked in, or sectors of a hard drive, or specific keywords that can be searched for? And how do you protect privacy without crippling the police's ability to properly investigate crimes as technology is used more and more in criminal acts?  This case presented the court with an easy question; I doubt the questions are going to get easier, though.

Monday, May 14, 2012

D.C. Circuit denies EPIC's request for information from NSA concerning Google cyberattack

The D.C. Circuit has denied the appeal of the Electronic Privacy Information Center (EPIC) as it attempted to seek communications between Google and the National Security Agency (NSA) concerning a January 2010 cyber attack on Google. Elec. Privacy Info. Ctr. v. NSA, 2012 U.S. App. LEXIS 9571 (D.C. Cir. 2012).

The attack targeted the e-mail accounts of Chinese human rights activists. It was reported that Google contacted the NSA immediately after the attack, and "former NSA director Mike McConnell commented in the Washington Post that collaboration between NSA and private companies like Google was 'inevitable.'" EPIC filed a Freedom of Information Act request in an attempt to learn more about how Google and the NSA may be working together.

The NSA refused, arguing a FOIA exemption as well as an exemption under the National Security Agency Act. EPIC argued that the exemptions did not apply, but the D.C. Circuit disagreed:
[I]t is apparent that any response to EPIC's FOIA request might reveal whether NSA did or did not consider a particular cybersecurity incident, or the security settings in particular commercial technologies, to be a potential threat to U.S. Government information systems. Any such threat assessment, as well as any ensuing action or inaction, implicates an undisputed NSA "function"—its Information Assurance mission—and thus falls within the broad ambit of Section 6 of the National Security Agency Act.

NCJRL/NAAG mobile devices conference presentation

I'll be speaking on smartphone data security and privacy this Wednesday at a conference for attorneys from AG's offices around the country, sponsored by the National Center for Justice and the Rule of Law and the National Association of Attorneys General.

If any of you will be attending, please come introduce yourself.

Friday, May 11, 2012

What Bitcoins can buy you in the criminal underground

Jeffrey's previous post noted that the FBI was concerned about Bitcoins and their potential to be used to procure illegal items or facilitate agreements that otherwise would have drawn attention if done in regular currency.  It is actually pretty startling to see what exactly Bitcoins can be used to purchase in the criminal underground. Because I would prefer not to draw the ire of those who run these sites by sharing screenshots of all of them, I will merely describe a few of the interesting things I have seen.

1. Quite handy to criminals, there are multiple sites which will blatantly "launder" your Bitcoins, making them much harder to track. Essentially, your coins are fanned out through the "fog" of transactions occurring, and when they return to you it becomes extremely hard to identify what Bitcoin was used for a certain transaction.

2. There are now a series of underground sites where drugs can be bought and sold with Bitcoin. The DEA recently busted the "Farmers Market" which had been in existence for a very long time. Part of the failure of the Farmers Market was that the site itself was involved in all of the trades - by verifying the products of sellers and escrowing money. The new sites, including the Silk Road which has been described elsewhere, defeat this purpose by making the site merely the forum to connect individuals to illicit substances. This is very interesting, because it involves a very high level of trust between individuals who are clearly typically untrusted. Essentially every drug you could think of can be bought, including schedule I, II, and III substances.

3. A recent trend has been to start up gun-running operations on Tor, which, much like the drug operations, facilitate arms trades between individuals for Bitcoins.

4.  One can also rent botnets for specific time frames, or buy an entire botnet, if they have enough money (and are properly motivated).

5. The most troubling site I have seen is one which offers "murder-for-hire."  The price is relatively steep, and it's a pay 50% beforehand, pay 50% afterward type of deal. If such a site is legitimate, it is pretty frightening. However, it is not hard to imagine that a criminal may set up this site, sucker people into paying the first 50%, delay long enough to grab deposits from others, and then close up shop with cash in hand.

6. Lastly, Tor is not without its bargain shoppers. A coupon site exists, where an individual will make you a coupon for any item you would like, giving you 50% off.

Clearly, the digital dark-side has moved "below" the internet and under the radar to some extent to protect its interests. When surfing Tor-hosted sites, individuals commonly refer to the regular internet as "clearnet" - and lament its insecurity due to alleged government infiltration. Recent cybersecurity legislation has only added fuel to the flame, and the NSA's construction of a Data Center in Utah is the cause célèbre for big brother speculation.

The new cybercrime cases we are likely to see will arise from these areas as criminals dig in even farther.

Thursday, May 10, 2012

FBI report released on illicit use of Bitcoin currency

Threat Level has released a copy of an FBI report on the Bitcoin virtual currency and its potential for use in illicit activity.

Bitcoin uses peer-to-peer networking, cryptographic proof, and digital signatures to allow users to make currency transactions online. There is no centralized authority for the currency, and the total market for Bitcoins is currently around $45 million.

Earlier this year, over $228,000 in Bitcoin currency was stolen, according to a report from Ars Technica.

New York high court finds that cache of CP alone is insufficient to support possession charge

In People v. Kent, 2012 NY Slip Op 3572 (N.Y. 2012), the Court of Appeals of New York held that possession of files in a browser's cache is not sufficiently proven when it is not also shown that the defendant was aware that the files were being cached. Additionally, "merely viewing Web images of child pornography does not, absent other proof, constitute either possession or procurement."

During a virus scan of the defendant's work computer, an employee found images of "scantily clad, prepubescent girls in provocative poses." The defendant denied knowledge of them, and a further search revealed Internet cache detailing that child pornography websites had been visited from the computer. Additionally, thousands of images of prepubescent girls "dressed in lingerie or bathing suits" were discovered, as was this message:
Well, this last batch pretty much tears it. While, as somebody's father, I'm pretty appalled by this stuff, I also don't want to get arrested for having it. So let's do this—if this is a legitimate research project, let's write it up and tell the deans (and preferably also the cops) what we're doing and why. Otherwise, let's drop it in the most pronto possible fashion.
I don't even think I can mail the disk to you, or anyone else, without committing a separate crime. So I'll probably just go ahead and wipe them. You have the URL's if you want to pursue it.
See you sooner or later, no doubt. Kent.
No evidence showed that the defendant had paid for child pornography or that he knew the images had been saved in the computer's cache. He was convicted of two counts of Promoting a Sexual Performance by a Child and 141 counts of Possessing a Sexual Performance by a Child.

The Court of Appeals of New York held that "cached images can serve as evidence of defendant's prior viewing of images," but the fact that the images were "simply viewed ... is not enough to constitute their procurement or possession." The court continued, "Rather, some affirmative act is required (printing, saving, downloading, etc.) to show that defendant in fact exercised dominion and control over the images that were on his screen."

Because no evidence was presented that the defendant knew the website cache was on the computer nor that he "downloaded, saved, printed, or otherwise manipulated or controlled the image while it was on his screen," the court reversed. Other files, however, were manually saved and later deleted, and they sufficiently prove possession.

Here are links from non-legal sources:

Wednesday, May 9, 2012

Cybercrime Review seeks new student author, welcomes guest bloggers

Cybercrime Review is seeking a student author to cover developments in child pornography and identity theft law. Click here (or click on the graphic to the right) for more information. Please feel free to forward this to upcoming 3L students you think may be interested.

Additionally, we welcome guest posts from our readers. Cybercrime Review seeks to be a hub for all things cybercrime, and we welcome your take on recent issues - whether new to the blog or in response to our work.

7th Circuit suggests Illinois eavesdropping statute may violate the First Amendment

In ACLU of Illinois v. Alvarez, 2012 U.S. App. LEXIS 9303 (7th Cir. 2012), the Seventh Circuit suggested that an Illinois statute banning the recording of police conversations without consent is likely to violate the First Amendment. Though it's not directly a cybercrime issue, the case could certainly have effects on privacy issues and technology use.

The law makes "it a crime to use 'an eavesdropping device to hear or record all or part of any oral conversation without the consent of any party thereto.'" If a person records communications involving police activity, imprisonment of 15 years is possible. The ACLU argued that the statute violates the First Amendment as people should be able to record police activity. The state, however, argued "that openly recording what police officers say while performing their duties in traditional public fora—streets, sidewalks, plazas, and parks—is wholly unprotected by the First Amendment."

The Seventh Circuit, in an opinion by Judge Sykes, held that the statute "restricts a medium of expression ... and thus an integral step in the speech process. As applied here, it interferes with the gathering and dissemination of information about government officials performing their duties in public." Further, the statute is not subject to strict scrutiny, but "the statute does not serve the important governmental interest of protecting conversational privacy; applying the statute in the circumstances alleged here is likely unconstitutional."

As such, the denial of allowing the ACLU to amend their complaint is reversed, and a preliminary injuction was ordered, forbidding:
the State's Attorney from applying the Illinois eavesdropping statute against the ACLU and its employees or agents who openly audio record the audible communications of law-enforcement officers (or others whose communications are incidentally captured) when the officers are engaged in their official duties in public places; and conduct such further proceedings as are consistent with this opinion.
Judge Posner dissented.
Our ruling casts a shadow over electronic privacy statutes of other states as well, to the extent that they can be interpreted to require the consent of at least one party to a conversation to record it even though the conversation takes place that in a public place, if the conversation could nevertheless reasonably be thought private by the parties.... The constitutional right that the majority creates is likely to impair the ability of police both to extract information relevant to police duties and to communicate effectively with persons whom they speak with in the line of duty.
In January, an article from Slate discussed the effects of the Illinois eavesdropping statute.

8th Circuit affirms supervised release condition banning legal child nudity

In United States v. Kelly, 2012 U.S. App. LEXIS 9225 (8th Cir. 2012), the Eight Circuit held that a special condition of supervised release prohibiting the defendant from possessing photographic depictions of nude children was not unconstitutionally overbroad.

The defendant had been convicted of being a felon in possession of a firearm. The sentencing court found that he was a "sexual predator" based on his criminal history and ordered the following condition:
The Defendant shall neither possess nor have under his control any material, legal or illegal, that contains child pornography, or photographic depictions of child nudity or of children engaged in any sexual activity.
On appeal, the defendant argued that the provision violates his First Amendment rights as it might prohibit works "such as Raphael's 'Madonna with the Christ Child.'" The Eighth Circuit disagreed, holding that "viewing photographic depictions of child nudity would undermine [the defendant's] rehabilitative process" and affirmed.

A dissenting opinion by Judge Bye argued that the ban of "'legal' child nudity," materials which would "be completely innocuous and wholly lacking in any prurient interest," was not supported by a particularized showing. The dissent also discussed the defendant's criminal history which dealt with the sexual assault of post-pubescent females.

Monday, May 7, 2012

Defendant argues he has expectation of privacy in SHA-1 values. Wait, what?

In State v. Daigle, 2012 La. App. LEXIS 573 (2012), the defendant appealed the denial of a motion to suppress evidence of child pornography obtained through the use of the Gnutella network. His argument began with an assertion of privacy already foreclosed by both United States v. Stults, 575 F.3d 834 (8th Cir. 2009) and United States v. Ganoe, 538 F.3d 1117 (9th Cir. 2008) - namely that an individual does not have a reasonable expectation of privacy in the files that they share off their computer because the whole of the Internet is free to view and download those files. However, in his next argument he states that even if the above is true, he had an expectation of privacy in the SHA values of the files? --
Defendant next claims that he had an expectation of privacy in the SHA values for his files as SHA means Secure Hash Algorithm. By its very name, it implies an expectation of privacy. Moreover, Defendant had an expectation of privacy because his files were encrypted and firewall-protected. Defendant equates Detective Gremillion's viewing the SHA values for his files to a law enforcement officer climbing a fence to look inside someone's window. 
A little tech speak for a second - SHA-1 is a mathematical algorithm that transforms the contents of a file into a hexidecimal string 40 characters long. So, for example, the SHA-1 hash of the string "justin" is 0ce7911e6479995d6c346d6f03eb723b5135309e. The hash is non-reversible and the likelihood of two sets of data having the same SHA-1 hash is essentially nil. This mathematical algorithm can be run against any data set to generate the hash, and often is run against files to ensure that they have not been modified while in transit, or from the original. So if I want to send a file to Jeffrey, I hash the file on my side, send it to him with the hash, and then when he gets it, he checks the hash against what I gave him to make sure he received exactly what I intended.

In this case, the officer used the "Wyoming Tool Kit," to interact with the Gnutella network just as a client would, but instead of sharing files for sharing sake, the tool kit runs SHA-1 hashes against files that are being shared to determine if they are child porn. If a hash matches a value in a database of SHA-1 hashes of known child pornography, typically law enforcement stops, finds who the user is, and then explores all of the files that the individual is sharing to determine if there is even more child pornography.

Now, with respect to mere file sharing, a few circuits have already ruled that you have no expectation of privacy in files that you share out into the peer-to-peer world - see Stults and Ganoe above. Since law and analogies go hand-in-hand, I'll analogize what I believe the courts have said in this regard. Essentially, by sharing your files out on the Gnutella network using programs such as Limewire, Bearshare, PHEX, etc., you are essentially stopping on the side of the road at a busy intersection, putting up a table, and handing out free cds, software, and pornography. Anyone is free to stop and ask you if you have a particular media file, and if you do, they can take a copy. You have a million copies on-site, so no big deal - you can always get more. And, if the person likes your tastes, and wants to see more of what you have, you allow them to rifle through your entire collection in the back of your van, and take whatever they would like from there, too.

In the analogy above, a police officer would violate no reasonable expectation of privacy because what you were offering at the table was in plain view, and what you had in the back of the van was legally searchable because you have offered blanket consent allowing anyone to look inside and rifle around. While it is often hard to make analogies to how cyberspace works, in this instance, it is actually pretty easy. And the legal basis is solid - you have a whole lot of consent, plain view, and one could argue third party doctrine as well.

After reading the above, it should be clear why the SHA-1 argument the defendant uses is befuddling and technically inaccurate. First, SHA-1 has nothing to do with encryption in this case, but merely with non-repudiation - i.e. that the value of the hash makes it impossible for you to argue the file isn't what they are alleging, because no two files have the same value. Additionally, using the Wyoming Tool Kit to obtain these hashes does nothing more than obtain their data and run this algorithm against them, which is functionally the same as mere file sharing.

While the "S" in SHA does stand for "secure," the defendant is arguing from a position of "huh." The SHA-1 values are post hoc values generated from data, not values that existed on the defendants computer and subject to a reasonable expectation of privacy. In essence, he cannot have privacy in a hash that was not calculated on his computer, never existed there, and even if it did, contained no more than 40 characters of hexidecimal garbage. SHA-1 is not encryption, its hashing - the hash is not the file, and the file is not the hash. The analogy at the end of the quoted argument above should not be hopping a fence and looking in a window, but instead: taking the free media you got from the guy with the van on the side of the road and checking to see if it is what it is purported to be - an exact replica - or if he was a fibber, and it is nothing of the sort.

Friday, May 4, 2012

Should it be illegal to put a nude photo of your ex on the Internet?

Though I spend a lot of time on the Internet, there is still a lot I haven't seen. I read recently about "Is Anyone Up?" (which recently decided to shutdown), a website that allowed users to submit nude photographs of others, many of which were referred to as "pornographic souvenirs from relationships gone sour." Most posts also began with a screenshot of the person's Facebook profile.

Of course, there are several civil remedies that could be used to stop such postings, but is the act criminal? Congress tried to act on this most recently in 2005 with the Personal Pictures Protection Act of 2005. The bill would have allowed imprisonment of two years for placing sexually explicit photos online without permission.

This is a stretch, but under 18 U.S.C. § 2257, there is a requirement that "whoever produces any ... digital image ... of an actual human being ... which contains ... actual sexually explicit conduct" and goes through interstate commerce "shall create and maintain individually identifiable records pertaining to every performer portrayed." Punishment is up to five years in prison. Interstate stalking might also apply (18 U.S.C. § 2261A).

State law would certainly be the way to go. Most states' obscenity statutes would likely cover this type of act (see Ala. Code 1975 § 13A-12-200.3; A.C.A. § 5-68-303; McKinney's Penal Law § 235.00). In Utah, the distribution of pornographic material statute punishes a person who creates, distributes, or promotes pornography (U.C.A. 1953 § 76-10-1204). New Jersey's invasion of privacy statute punishes the act with up to five years in prison (I couldn't find the citation, but my source is here).

After a quick Google search for cases on this issue, I was only able to find a few. One man posted nude images of his wife under her name, and he was charged with identity theft. Another man was charged with cyberstalking and hacking. A Pennsylvania state trooper pled guilty to misdemeanor harassment for his postings. Cases with age issues have been charged under sexting or child pornography statutes. The issue seems be be taken more seriously in Europe with many countries having statutes that deal specifically with this act.

Certainly this should be an illegal act, and the publication is something the victim should be able to stop, but is it too late? Are people so used to the idea of the Internet being open to nearly any activity that such a statute would change the nature of the Internet?

Thursday, May 3, 2012

Magistrate orders individual suits in mass copyright violation case, evaluates use of IP address as evidence

A federal magistrate has determined that lawsuits for downloading copyrighted adult pornography on peer-to-peer networks against unknown defendants must be brought individually. In re Bittorrent Adult Film Copyright Infringement Cases, 2012 U.S. Dist. LEXIS 61447 (E.D.N.Y. 2012). Many recent cases involved thousands of IP addresses being given to the court with no further evidence, prompting the judge to evaluate whether an IP address alone is sufficient to state a claim. Because there is no other remedy, the plaintiffs should be allowed to proceed.

The plaintiffs sought to require ISPs to identify their customers by the IP addresses that had been found downloading the videos on BitTorrent. Several of the John Does had sought to quash for a variety of reasons, including:
  • Being at work at the time of the download
  • The account had been closed because it was compromised by a hacker
  • Doe was "an octogenarian with neither the wherewithal nor the interest in using BitTorrent to download the file"
  • Downloading the video was "contrary to [a Doe's] 'religious, moral, ethical, and personal views'" and her wireless router was unsecured

The magistrate also analyzed whether an IP address alone is sufficient for such an allegation:
The complaints assert that the defendants — identified only by IP address — were the individuals who downloaded the subject "work" and participated in the BitTorrent swarm. However, the assumption that the person who pays for Internet access at a given location is the same individual who allegedly downloaded a single sexually explicit film is tenuous, and one that has grown more so over time. An IP address provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for any number of telephones.... Thus, it is no more likely that the subscriber to an IP address carried out a particular computer function — here the purported illegal downloading of a single pornographic film — than to say an individual who pays the telephone bill made a specific telephone call.
The court also acknowledged that wireless routers make this assumption even stronger. "Different family members, or even visitors, could have performed the alleged downloads." As a result, an IP address does not sufficiently identify the alleged copyright violator.

Distinguished from this scenario was the case in Arista Records (2d Cir. 2010). There, the defendant was using a university network where the exact user could easily be determined. They had also downloaded hundreds of files, making "it far more likely that the subscriber to the IP address would have conducted or at least been aware of the illegal downloading."

However, because the plaintiffs would be left without a remedy to protect their works, they should be allowed to proceed - but not with swarm joinder which is a "waste of judicial resources." Future actions must be filed against individual defendants "so as to avoid unfair outcomes, improper joinder and waste of judicial resources, and to ensure the proper payment of filing fees." Thus, the judge recommended that the complaints be dismissed to all defendants other than John Doe I.

Tuesday, May 1, 2012

3rd Circuit denies admission of testimony related to hostage victim's computer contents

In United States v. Santiago, 2012 U.S. App. LEXIS 8686 (3d Cir. 2012), the Third Circuit examined a conviction related to hostage taking. The defense argued the kidnapping was staged by the victim to get ransom money to pay for his gambling and/or sex addictions, but the trial and appellate courts held that testimony related to those arguments should be excluded.

A forensics expert for the defense investigated the victim's computer and "found various files indicative of child pornography and emails suggesting that Correa had solicited prostitutes, several online poker applications, miscellaneous financial information, a video game titled "River City Ransom," and a reference to a website that included the words "A Little Kidnapping Never Hurt Anyone." An e-mail was also found where the victim claimed "to be 'broke' ... while negotiating prices with prostitutes."

In the defense's original argument, they suggested that the hostage victim had actually staged the kidnapping in order to obtain ransom money to pay his gambling debts. The defense later conceded that the victim had no gambling debt and did not have a gambling addition. Instead, the new theory was that his addiction to porn and prostitutes gave him a financial motive for planning the kidnapping. The district court concluded that all testimony from the experts related to gambling and sex addition was not relevant, was hearsay, and/or was highly prejudicial.

On appeal, the Third Circuit affirmed, finding that "there was no evidence that [the victim] was in debt or that [his] income was insufficient to satisfy his sexual activities." His communication that he was "broke" was made "while negotiating prices with prostitutes" and was simply him "haggling over prices" as he "had the incentive to understate his ability to pay." Further, "[e]vidence of [the victim] soliciting prostitutes and viewing pornography would likely inflame the jury.