Friday, November 30, 2012

Seventh Circuit develops rules for CP restitution cases, requires classification of offenders for calculation

In United States v. Laraneta, No. 12-1302 (7th Cir. 2012), the Seventh Circuit held that child pornography defendants who simply possessed images are only liable for restitution based on the limited amount of damage they caused. Distributors, however, are liable for the entire damages. Further, defendants may not seek contribution from others.

The defendant had pled guilty to seven counts related to child pornography. The defendant was sentenced to thirty years in prison and ordered to pay over $4 million in restitution to two victims.

The Seventh first examined whether child pornography victims can intervene in the criminal proceeding itself. Finding that it "would be a recipe for chaos," the court held that victim intervention is best left for an appeal.

In his appeal, the defendant argued that the district court's award of restitution to "Amy" and "Vicky" was erroneous. Amy and Vicky are two victims of child pornography, and the two have received restitution of varying amounts from cases around the country. Vicky's losses total nearly $1.25 million (and she's recovered just over $250,000), and Amy's losses are calculated at over $3 million (and she's recovered about half). The court ordered the defendant to pay the entire balance of those losses, and he argued that it's not his responsibility.

Courts have struggled with the federal statute that allows restitution for child pornography victims - 18 U.S.C. § 2259(c). Of all the circuits that have dealt with the issue, all but one (the Fifth) have determined that the defendant must have proximately caused the victim's losses in order to be required to pay restitution. Courts have further struggled with what exactly that means.

The Seventh Circuit, deciding to remand for a redetermination of restitution by the trial court, suggested that "it is beyond implausible that [Amy and Vicky] would have suffered the harm they did had [the defendant] been the only person in the world to view pornographic images of them." As such, on remand, the court must consider which portion can be allocated to the defendant. However, if the court labels the defendant a distributor, he should be liable for the entire amount of the damages.

Amy and Vicky suggested that imposing joint liability is fair because the defendant can seek contribution from other viewers. Posner opined such an approach to be "extraordinarily clumsy," considering the assets of most prisoners and "the bother of awarding contribution rights to hundreds of prison inmates. We have enough inmate suits as it is."

Thus, the Seventh's rules for restitution are:
  1. Subtract restitution payments already received in other cases.
  2. Determine the defendant's status. If he is simply a viewer, determine what of the damages are a result of his acts. If he is a distributor, the defendant is liable for the entire remaining loss.
  3. The defendant is not entitled to contribution from other offenders.
  4. Victims may not intervene in district court.
The defendant also appealed his 30-year sentence (including a 10-year consecutive possession charge), arguing that the length was inappropriate and it should not have been consecutive. These arguments were struck down, of course.

Thursday, November 29, 2012

Highlighted Paper: Orin Kerr, The Mosaic Theory of the Fourth Amendment

This week I would like to draw attention to Orin Kerr's new article on Mosaic Theory, a theory which gained notoriety after the GPS tracking case United States v. Maynard and was later implicitly accepted by some justices of the Supreme Court in United States v. Jones. I have a personal interest in this topic, since my law review article, Car-ving out the Notions of Privacy: The Impact of GPS Tracking and Why Maynard is a Move in the Right Direction, focused on Maynard and Mosaic Theory as well. This blog has also discussed Jones and Mosaic theory on numerous occasions, making the article that much more relevant.

Congratulations to Orin on his newest publication. And, if you look closely, you'll see that Orin cited a few student pieces that discussed the topic previously in a footnote on page 314.  I was excited to be among those cites, as any student author would be.

The article can be found here: Orin Kerr, The Mosaic Theory of the Fourth Amendment, 111 Mich. L. Rev. 311 (2012).

The abstract for the article is below:

In the Supreme Court's recent decision on GPS surveillance, United States v. Jones, five justices authored or joined concurring opinions that applied a new approach to interpreting Fourth Amendment protection. Before Jones, Fourth Amendment decisions had always evaluated each step of an investigation individually. Jones introduced what we might call a "mosaic theory" of the Fourth Amendment, by which courts evaluate a collective sequence of government activity as an aggregated whole to consider whether the sequence amounts to a search. 
This Article considers the implications of a mosaic theory of the Fourth Amendment. It explores the choices and puzzles that a mosaic theory would raise, and it analyzes the merits of the proposed new method of Fourth Amendment analysis. The Article makes three major points. First, the mosaic theory represents a dramatic departure from the basic building block of existing Fourth Amendment doctrine. Second, adopting the mosaic theory would require courts to answer a long list of novel and challenging questions. Third, courts should reject the theory and retain the traditional sequential approach to Fourth Amendment analysis. The mosaic approach reflects legitimate concerns, but implementing it would be exceedingly difficult in light of rapid technological change. Courts can better respond to the concerns animating the mosaic theory within the traditional parameters of the sequential approach to Fourth Amendment analysis.

Wednesday, November 28, 2012

Principal caught with CP when FBI agent returns son's school laptop with spyware still on it; court denies suppression

This case will be discussed in two posts.

In United States v. Weindl, __ F.Supp __ (D. N.M.I. Nov. 20, 2012), a Northern Mariana Islands federal district court denied suppression of evidence obtained when spyware installed on school-owned laptop (assigned to an FBI agent's son and later used by the principal) sent child pornography (CP) reports (alerts) to the FBI agent - evidence that led to charges against the school principal (two counts of receiving CP and two counts of possession of CP). There are three relevant issues in the case: (1) whether the act of "accidental" failure to remove the spyware resulted in an "inadvertent search" or an intentional one, (2) whether the FBI agent was acting under the color of law when he opened and later investigated the reports he received from the spyware, and (3) whether Weindl had standing to assert a reasonable expectation of privacy in the spyware reports.

I believe this case was wrongly decided on the all three issues. I contacted David Banes, the lawyer for Weindl, and he (not surprisingly) agrees as well. He indicated that his client "fully intend[s]" to appeal this denial of suppression after the case goes to trial (it does not look like the judge will allow a conditional plea).

In this first post, I will give a summary of the case. In the second post, I will argue why the court erred in its holding.


The defendant Thomas Weindl ("Weindl") was a school principal at Whispering Palms public school in Saipan, Mariana Islands. The FBI agent whose actions gave rise to this case is Joseph Auther ("Auther"). Auther's eldest son was enrolled at Whispering Palms, and was assigned a laptop during his time there. Auther kept an eye on his son's use of the laptop by purchasing and installing eBlaster on the laptop (without his son's knowledge). eBlaster sent email reports directly to Auther, with keystrokes, internet sites visited, and a plethora of other information. The report in Auther's inbox "would give the subject as 'Report,' followed by the date and time span of covered activity."

Auther was reassigned to a different FBI office in April 2012 and as part of the moving process, returned the laptop to the school, and more specifically, handed it over to Weindl. Auther did not tell Weindl about eBlaster, apparently assuming that it had been removed, but had told Weindl (prior to turning it in) that he would wipe the machine. Auther did in fact attempt to wipe the machine, but failed. The court describes Auther's actions as follows:
The first step Auther took to service the laptop was to bring it into the FBI office and ask fellow agents for advice on how to wipe it clean. They tried to remove all the files but were unsuccessful. Next, . . . Auther asked a local computer store to repair a scratched screen and wipe off all the files on the laptop's hard drive. The store's service order (Ex. 1) lists the work to be done as "Reimage" and the work performed as "Clean out files." Auther did not tell the technician about eBlaster, but he expected that the cleaning would eliminate the program. 
As stated previously, eBlaster was not, in fact, removed. After handing the laptop over, Auther did not receive any emails from eBlaster for over six days. On the seventh day, Auther received four emails from eBlaster indicating someone was using the laptop to access child pornography. The emails had subject lines, as described above, that clearly indicated that they were regarding activity that occurred after Auther turned in the laptop. Auther viewed all four emails, nonetheless. Auther hypothesized that the activity could be from a virus, another student using the laptop, or Weindl himself. He thought of Weindl because the pornography searched for was of young asian children with older adults and Weindl had recently married a Korean woman and now had an 11-year-old stepdaughter.

At this point, Auther did not report the results of the reports to authorities, but instead called Weindl under false pretenses, acting as if he would like to purchase the laptop. Weindl indicated that he had given it back to the school laptop agency (PSS), and that Auther wouldn't be able to buy it. Auther did not indicate that he had received CP reports, or that eBlaster was apparently still on the computer. Auther's reasoning was:
. . .that he did not want to raise concerns in Weindl's mind about who was using the computer or about a possible investigation involving Whispering Palms teachers and students. . . . [H]e was concerned that the Internet activity might mean that a child molester was operating at Whispering Palms. He was aware that a former coach at Pennsylvania State University had just been convicted on child molestation charges, and he was determined not to allow similar conduct to go undetected at Whispering Palms. (emphasis added)
Three days later, instead of handing the case over to the authorities, Auther then proceeded to start an investigation into what was going on with the laptop. Flashing his FBI badge at the offices of the the laptop program agency (PSS), he inquired if the laptop had actually been returned, and found that it hadn't. Auther then inquired with his ISP about the IP address noted in the reports, attempting to find out where the computer was being used. Auther indicated to the court that he may have shown his FBI badge to the ISP. The ISP refused to tell him anything, but he was able to decipher that the computer usage was not from an IP at his house.

On the same day as the trip to PSS and the ISP, Auther received two more emails indicating that the computer was being used to access CP. He decided to drive by the school on his way to report everything to the FBI. He noticed Weindl's car in the parking lot and called Weindl on his cellphone. Auther asked about the laptop and Weindl said he was investigating some "hanky panky" going on at PSS. Auther knew he was lying since PSS did not have the laptop, and grew much more suspicious. He reported what was going on and his suspicion about Weindl to a special agent with the FBI (Ewing). He also asked that child protective services be sent to Weindl's house to check on his 11-year-old stepdaughter.

Over a week later, Ewing and Auther went to Weindl's office to speak with him. During the conversation, Weindl admitted he lied about returning the laptop to PSS and admitted to viewing child pornography. He also confessed that he had taken the laptop out into the jungle and smashed it. He was arrested outside the school a short time later. Prior to trial, Weindl filed a motion to suppress the eBlaster evidence arguing that it was obtained in violation of his Fourth Amendment rights.

The court, in denying suppression of the eBlaster evidence, began by declaring that to have a Fourth Amendment violation, there needed to be state action and standing (a reasonable expectation of privacy). Addressing the state action portion, the court laid out the standard relating to an off-duty officer - whether Auther was acting under color of state law, where his actions "in some way related 'to the performance of his official duties'" or "pursuant to [a] government or police goal." The court held that when Auther installed eBlaster he was acting as a private citizen, and not as an FBI agent. Despite the circumstances changing when Auther returned the laptop (that Auther wasn't acting as a concerned parent anymore), the court held that it was an inadvertent search not under color of state law because Auther did not intentionally leave eBlaster on the computer.

In reaching that result, the court was not persuaded by Weindl's argument that even if the presence of eBlaster was inadvertent, Auther opening and reading the eBlaster reports turned something inadvertent into intentional. The court reasoned that "[t]he search was the gathering of information by eBlaster, not the viewing of the contents." The court also dismissed the argument that "the initial eBlaster reports come under the Fourth Amendment via the two-part test for private-party searches."

So, to clarifiy, the original four emails from eBlaster sent to Auther, and him viewing them, were not the "product of a search conducted under color of state law."

The court did find a search, however, relating to the two eBlaster reports Auther received after he called Weindl to inquire about the laptop. The court stated:
By that time, Auther knew that someone may have been viewing illicit material on the laptop. He suspected Weindl even before he called him. When he did call, he hid his real concern about the laptop's usage behind a pretense that he was interested in purchasing the computer. After the call, he did not uninstall or disable eBlaster, even though as a private citizen he was under no obligation to continue monitoring an unknown person's offensive Internet activities. He did not immediately call his colleagues at the FBI and hand the investigation over to them — conduct that might have indicated Auther wanted to maintain a separation between his private self and his public persona as a law enforcement officer. . . . [instead] Auther continued his investigation into the child pornography website searches. . . . At the PSS offices, he showed his FBI badge. At the Internet service provider, he relied on the fact that he was known to be an FBI agent to seek information about IP addresses. The totality of the circumstances shows that at this point, Auther's actions were related to his official duties and in pursuit of a police goal. Although a formal FBI investigation had not been opened yet, Auther was now acting under color of law.
The court dismissed the government's argument to the contrary, that "even if Auther's conduct constituted state action, his discovery of the illicit Internet activity through eBlaster e-mails was accidental and therefore does not come under the Fourth Amendment." The court stated that precedent was clear that to have inadvertent discovery through plain-view doctrine, the police had to be somewhere they were justified to be. However, here, "Auther, . . . had no legitimate justification to intrude on anyone's conduct on the school laptop once it was no longer on loan to his son. Moreover, the incriminating evidence did not drop out while he was straightening the icons on the computer's desktop but came into view because of intentional spying on the keyboard and hard drive."

Addressing the argument that a violation of the federal Wiretap Act occurred, the court noted that under the criminal portion of the Act, "suppression motions are authorized only with respect to the contents of wire and oral — not electronic — communications."  The court laid out that the definition of "[a] wire communication is 'any aural transfer' involving wire or like connections between the point of origin and point of reception." 18 U.S.C. § 2510(1). And that, "an 'aural transfer' is 'a transfer containing the human voice' at some point in transmission of the communication." 18 U.S.C. § 2510(18). Thus, the court held that there was "no evidence that the transmission of information from the school laptop to Auther via eBlaster entailed hearing a human voice. Therefore, the evidence that Weindl seeks to suppress is not the product of a wire communication."

Finally, the court noted that to suppress the two eBlaster reports the arrived after Auther called Weindl under false pretenses, Weindl must have Fourth Amendment standing; that he had a subjective expectation of privacy regarding his actions on the laptop, and that his expectation was objectively reasonable. The court held that Weindl did not have standing. The court refused to accept the argument that Weindl had a property interest in the laptop. But, the court stated, the Fourth Amendment isn't solely grounded in property (note: don't tell that to Scalia), but also in privacy expectations.

Weindl argued, in that vein, that he had a legitimate expectation of privacy in the laptop because: he was the sole user, there were no warnings that his use would not be private (or that monitoring occured), he used the laptop in his own, locked office, when he was not using the laptop, he placed it in a desk drawer, and he never gave anyone else permission to use it. Not buying this argument, the court explained:

Sometimes, people delude themselves into thinking that they have a right to things that don't belong to them. . . . No evidence indicates that Weindl had a right to use, or himself had permission to use, a PSS laptop, even for school-related activities. Auther turned his son's laptop in to Weindl in Weindl's capacity as an agent for the school, not for Weindl's personal use.
Even if Weindl had a subjective (albeit unrealistic) expectation of privacy in the PSS laptop, it was not an expectation that society is prepared to endorse. An expectation of privacy does not become objectively reasonable just because a person hides someone else's property away in his office desk and does not let anyone else use it. A person cannot have a reasonable expectation of privacy in a computer he stole or obtained by fraud. See United States v. Wong, 334 F.3d 831, 839 (9th Cir. 2003) (stolen laptop); United States v. Caymen, 404 F.3d 1196, 1201 (9th Cir. 2005) (fraudulently obtained laptop). . . .
Weindl's case is similar to Wong and Caymen. Weindl misappropriated school property for his own personal use. Whatever expectation of privacy he developed in the contents of the laptop's hard drive and the keystrokes of Internet searches is not a legitimate one that society is prepared to accept. . . . The laptop was not assigned to Weindl and was not his office computer. For these reasons, Weindl lacks standing to claim a Fourth Amendment violation with respect to the eBlaster reports. (emphasis added)
Accordingly, the court held that none of the eBlaster reports should be suppressed, because the first four were not part of a search under color of state law and the last two were searches, but Weindl lacked standing (a reasonable expectation of privacy) to challenge them.

The next post on this case will focus on the court's analysis and explain what I believe the correct holding should have been.

(There is an additional issue in this case regarding the interrogation of Weindl that occurred in his office (after it was determined that he had looked at the CP), specifically: whether the conversation constituted a custodial interrogation requiring Miranda rights. The court held that part of the interrogation could stand, and part had to go. I believe this issue was wrongly decided as well (the entire conversation should have been tossed). However, I'm not going to address it because it is tangential to the main issue (and actually goes away if the computer evidence is suppressed because it would be fruit of the poisonous tree)). 

Government appeals GPS case to Third Circuit; groups file amicus arguing that warrant is required

As frequent readers of this blog have become well-aware, an interesting fight occurring throughout American courtrooms concerns the interpretation of the Supreme Court's Jones decision and the application of the good faith doctrine to that opinion. Some patterns have appeared, but there are many exceptions to each of them.

One decision, United States v. Katzin, followed a pattern. Typically, if the jurisdiction of the search did not have binding precedent, the good faith exception does not save the search, and the evidence is suppressed. In Katzin (No. 11-226 (E.D. Pa. 2012)), the district court found that the warrantless use of a GPS tracking device violated the Fourth Amendment and cannot be excused under the good faith doctrine. The jurisdiction had no binding authority on the issue and as the installation occurred four months after Maynard, there was a circuit split.

The government has appealed the case, suggesting to the Third Circuit that no search warrant was needed because the Supreme Court did not specifically decide if a warrant is needed to monitor a person's movements via GPS. Further, they suggest that good faith saves the evidence.

The Electronic Frontier Foundation (EFF), American Civil Liberties Union (ACLU), and the National Association of Criminal Defense Lawyers (NACDL) have filed an amicus brief, arguing that Jones requires a warrant for installation of and monitoring with a GPS device and that the good faith doctrine only saves evidence when binding precedent existed at the time of the installation.

Tuesday, November 27, 2012

Fifth Circuit reissues en banc CP restitution opinion, retains substance of the opinion

In October, the Fifth Circuit, in an en banc opinion, held that a victim of child pornography is not limited to recovery for losses proximately caused by the defendant. In re Amy Unknown, No. 09-41238 (5th Cir. 2012) (en banc). Under the opinion, victims can be awarded the full amount of damages from any individual defendant - even if he only came into possession over the Internet. The decision, which I discussed in a previous post, vacated and remanded the combined cases for the district court to reconsider damages.

Each had been heard by different panels of the court individually. When the second case was heard, the panel agreed with the prior precedent, but wrote a special concurrence questioning the prior decision and suggesting the opinion be taken up en banc. The two cases were heard together by the full Fifth Circuit.

Last week, the Fifth Circuit withdrew its October opinion, choosing to vacate and remand one of the cases and to affirm the other. In re Amy Unknown, No. 09-41254 (5th Cir. 2012) (en banc). The court had remanded both in the October opinion, but in one of the cases, the government had not actually appealed the sentence which had awarded only partial damages. Therefore, the issue could not be remanded because it had not actually been appealed.

Monday, November 26, 2012

District court case provides road-map for what not to do under the Fourth Amendment

In Hatfield v. McDaniel, 2012 U.S. Dist. LEXIS (M.D. Ala. October 19, 2012), the court allowed the plaintiff's case alleging violations of section 1983 resulting from two illegal searches to proceed. The defendants were law enforcement officers and state/local entities that were party to the alleged Fourth Amendment violations.

This is the closest case I've ever seen of what not to do under the Fourth Amendment:
1.  Facially invalid searchwarrant - check
2.  Search of computer (pursuant to facially invalid search warrant), which was allowed within 10 days, executed 1 year later - check
3.  Failure to stop a search upon the owner's revocation of consent - check

Hatfield owned a car stereo store which occasionally accepted trade-in merchandise. He was careful, however, not to accept stolen goods. When a car stereo was brought in that he believed was stolen, he refused to accept it, and an officer showed up shortly after to take custody of the stereo and arrest the individual trying to trade it in. At that time, Hatfield asked the officer to take a look at a rifle he had received as a trade-in, because he was unsure if that was stolen, too. It turns out that it was.

The officers decided, based on the stolen merchandise they had found so far, that it would be prudent to go through all of Hatfield's inventory to check for other stolen merchandise. Hatfield agreed. The officers began the search, and a little while later, a drug dog showed up (his name was Hobbs - he was not a party to the action). At that point Hatfield removed consent for the search. The officers told him he could do it the hard way, or the easy way. Hatfield chose the hard way, which involved his arrest for the stolen rifle, and the police obtaining a warrant from a judge to continue to search. However, instead of waiting until the warrant arrived, there was evidence that the search continued at Hatfield's store. Error #1.

At some point during the search, Hatfield's girlfriend told officers there was child pornography on his computer. They drafted a facially invalid warrant, based on only her statement and no other evidence - they did not even include in the warrant a statement regarding her veracity or the basis for her claim. Error #2.

They then executed the facially invalid search warrant for Hatfield's computer, and seized it. The warrant gave the police 10 days to do so. Then, 1 year later, they actually searched the computer and found child pornography. (In my opinion, Error #3 - the court held otherwise).

Prior to trial, Hatfield moved to suppress all of the evidence obtained after he revoked consent, and the court granted the motion. This included the seizure of the computer. So, all charges were dropped. Hatfield then sued the police, the city, and individual officers for Section 1983 violations related to the search. The defendants moved for summary judgment, arguing qualified immunity applied. However, the court disagreed.

As to the search after consent was revoked, the court cited Arizona v. Hicks as controlling, and stated the following:
The controlling precedent, then, shows that an officer moving a box in Powerhouse Audio, even if only a few inches, and then inspecting it constituted a search (even if that search revealed nothing of great value). Accordingly, on summary judgment, Lieutenant McDaniel and Officer Furlong, who allegedly participated in that warrantless search, are not entitled to invoke the defense of qualified immunity as a shield to Mr. Hatfield's Fourth Amendment claim against them. (emphasis added)
The court then went on to analyze the search/seizure of the computer. Hatfield argued that the search warrant had not been executed within the defined term of 10 days, because the computer wasn't actually searched within that period. The court disagreed (which I think, personally, was erroneous). The court held that execution of the warrant occurred within 10 days because the seizure occured within 10 days. The court reached that conclusion as follows:
While it is undisputed that Sergeant Graves did not search the computer until nearly a year after the warrant was issued, it does not necessarily follow that the warrant was not executed within the ten-day limit. Although the term "execute" is undefined in § 15-5-12, usage of the term suggests a search warrant is executed when the described property is physically seized and taken into police custody. In the context of electronically stored information, that would mean the warrant is executed when the computer is seized, not when the files are accessed. 
With respect to the warrant to search the computer, the court held that it lacked even "a hint" of probable cause and was therefore facially invalid. The court explained:
. . . in light of controlling precedent, the affidavit fails to establish even probable cause to believe there would be pictures of children, pornographic or otherwise, on Mr. Hatfield's computer. The only fact supporting such a conclusion is the statement of an unidentified woman at the scene, because the affidavit did not reveal Ms. Neal's identity but only referred to her as "a person that was at the store." . . . It is well settled law that a statement from an anonymous source may establish probable cause for a search warrant, but only so long as "given all the circumstances set forth in the affidavit . . . , including the 'veracity' and 'basis of knowledge' of persons supplying hearsay information, there is a fair probability that contraband or evidence of a crime will be found in a particular place." Illinois v. Gates, 462 U.S. 213, 238, 103 S. Ct. 2317, 76 L. Ed. 2d 527 (1983). But here the only fact tending to establish probable cause is the anonymous statement, and there is absolutely nothing in the affidavit supporting the veracity or basis of knowledge of the woman who made it. . . .The statement here lacks even a conclusory assurance of reliability and credibility, so it could not have provided probable cause for a search warrant.

Moreover, the warrant was "so lacking in indicia of probable cause as to render official belief in its existence unreasonable." The court rejected a last ditch argument that the officer's conduct was based on the collective knowledge of law enforcement:
Even assuming Sergeant Graves had access to the collective knowledge of law enforcement, Mr. Hatfield's evidence shows his computer was searched pursuant to a facially void warrant. That conduct, if established at trial, constitutes a violation of clearly established law, and Sergeant Graves is therefore not entitled to invoke the defense of qualified immunity.
Total fail - check.

Friday, November 23, 2012

First Circuit holds that use of Yahoo!'s CP reports at trial requires author testimony under the Confrontation Clause

In United States v. Cameron, No. 11-1275 (1st Cir. 2012), the First Circuit held that certain reports prepared by Yahoo! and NCMEC as part of a child pornography investigation were testimonial, requiring the defendant to have the opportunity to confront the authors of those reports under the Sixth Amendment's Confrontation Clause. The court also held that Yahoo!'s investigation after an anonymous tip did not make it a government agent under Fourth Amendment law.

The defendant was charged with multiple child pornography crimes after law enforcement learned from Yahoo! that an account with his IP address had been sharing images of child pornography. The images had been reported by another user, and Yahoo! began an investigation which resulted in a report to NCMEC and ultimately ICAC. At trial, the defendant argued that the indictment did not meet the specificity requirement, evidence should be suppressed because Yahoo! was acting as a government agent, and evidence should be suppressed because the government was not planning to call witnesses from Yahoo! and Google which violated his Confrontation Clause rights. Each motion was denied. He was ultimately found guilty and sentenced to 192 months in prison.

On appeal, he argued each of the three above issues again. As to the sufficiency of the indictment, he argued that it was insufficient because it did not identify the specific images for each offense. The court held that a description of the offense, the date of the offense, the description of the images as digital, and the means of transportation was enough to meet the sufficiency requirement.

With the government agent argument, the defendant alleged that Yahoo!'s search of his password-protected account for images of child pornography violated his Fourth Amendment rights and made them government agents. The court, however, found that the government did not instigate or participate in the search nor did it have control over the search, and Yahoo! was therefore not acting as a government agent.

The defendant's Confrontation Clause argument centered upon whether the evidence from Yahoo! and Google were testimonial. If it was testimonial, a witness must be called that the defendant could then cross-examine.

  • They presented data concerning the defendant's connections to his accounts. These records, determined the court, were not testimonial as they "were totally unrelated to any trial or law enforcement purpose." 
  • Also used at trial were reports prepared by Yahoo! concerning their investigation into the report of child pornography. The court found that they were hearsay and testimonial. They were prepared to "prov[e] past events potentially relevant to [a] later criminal prosecution." Thus, the admission without the opportunity to confront violated the defendant's rights.
  • The defendant also argued that CyberTipline Reports from NCMEC were testimonial because the reports were based on information contained in the Yahoo! reports. The government argued they were not statements of NCMEC because they simply forwarded Yahoo!'s report to law enforcement  The court found them to be testimonial.
Because the defendant did not have the opportunity to confront witnesses for the testimonial statements, the court reversed five of the convictions, finding the error not to have been harmless. 

A dissent by Judge Howard argued that the use of the CyberTipline Reports did not violate the Confrontation Clause as the defendant has no right "to cross-examine the person(s) who actually located the stored digital images and created a corresponding archive associated with each user name photo album."

Thursday, November 22, 2012


Just wanted to write a quick note to thank all of you for reading Cybercrime Review. Justin and I are very appreciative for you continuing to read and for your encouragement, and we hope you'll continue to come back as we have some great things planned for Cybercrime Review's future.

Happy Thanksgiving to all of you, and be sure to be extra careful deep frying your turkey!

Congratulations to Jeffrey - he won 2nd place (and $2500) in the Shannon Bybee Scholarship Award

Please join me in congratulating Jeffrey on his latest achievement. He was informed yesterday that he was awarded runner-up in the International Association of Gaming Advisors (IAGA) competition for the Shannon Bybee Scholarship Award. His paper entitled "Cyber Thieves in Online Casinos" was determined by a committee of IAGA member attorneys to be of "outstanding merit," a fitting description which brings with it the honor of publication on the IAGA's website. Along with the publication, Jeffrey will receive a check for $2500.

Congrats Jeffrey.

Wednesday, November 21, 2012

"Egregious spoliation conduct" of plaintiff, who used various pieces of software to scrub his computer, results in claim forfeiture

Update: I've placed a link to the case in the write-up

In Taylor v. Mitre Corp., 2012 U.S. Dist. LEXIS 162854 (E.D. Va. September 10, 2012), the plaintiff in an employment related suit (FMLA and ADA claims), through "egregious spoliation conduct" - use of CCleaner, Evidence Eliminator, and a sledge hammer - had his suit tossed out and forfeited his claims.

The action was brought before the court on a Motion for Sanctions, filed by the defendant, after Mitre Corp. discovered (through a court ordered forensic examination of the plaintiff's computer) that the defendant had knowingly deleted large swaths of files on his new computer. The plaintiff was also requested to produce an old HP laptop that he had used during his employment with Mitre and which had significant litigation related information on it. The plaintiff, however, indicated that he had tried to back up the computer, only getting 30-40% of the files off, before taking a sledgehammer to the computer and taking it to the dump.

Aware of the plaintiff's new Dell computer, the court ordered a computer inspection of the Dell to discover any related evidence. The court described what happened next:
 E-mails between Plaintiff and his counsel illustrate Plaintiff's frustration with the Court's consideration of a mandatory computer inspection. For example, on May 30, 2012, in an e-mail to counsel, Plaintiff said, "As a computer expert very familiar with forensic examinations, I find this overly invasive and unwarranted" and that he and his wife would "not submit to a voluntary submission of [their] electronic devices without a court order."  Plaintiff goes on to say that if his counsel returned with a court order requiring inspection of his laptop he "will either not provide the devices or [he] will move all non-sensitive files to a CD and wipe the drive." . . . At the conclusion of the e-mail he jokes that "an electrical surge just fried my computer and a 50 pound anvil fell over and landed on it" and asks "what penalties [he would] suffer from a contempt of court citation."
The attorney client emails above were discoverable due to the fraud exception to the privilege.  After the court order was clarified to fall under FRCP 34, a forensics firm conducted a keyword search on the computer, but the defendant refused to allow it to be imaged.

The forensic company then ran various forensics programs on the computer and discovered a plethora of evidence showing the plaintiff's spoliation activity. The day the plaintiff heard about the court order for inspection, he bought Evidence Eliminator, which overwrites files on the computer to make them unable to be recovered upon forensic examination. However, the plaintiff did not make any attempt to remove the program after using it, so it was easy to confirm he had in fact done so. Additionally, he had run CCleaner (which cleans temporary internet files), to destroy additional evidence, to the tune of approximately 16K files being deleted. Finally, in another effort to avoid discovery, he used Private Browsing to ensure browsing history would be erased when the browser was exited.

The court was not pleased, and dismissed the case and ordered forfeiture of the plaintiff's claims - the harshest sanction possible. This was a ruling based on all of the activities the plaintiff took, willfully to destroy evidence - taking a sledgehammer to the old PC, using CCleaner, private browsing, and most especially, using Evidence Eliminator. With regard to the latter, the court stated:
This Court cannot, and will not, tolerate the use of such a program by a plaintiff in litigation—in the middle of the discovery—who had knowledge that his computer was about to be searched pursuant to a Court order. The undersigned Magistrate Judge concludes that downloading and running of Evidence Eliminator just days after finding out about the Court-ordered computer inspection constituted willful spoliation of evidence.
The court went on to say that the conduct noted above highly prejudiced the defendant, and to let the suit proceed after such willful conduct, would be to the detriment of the defendants.

My question is - how could a self-described computer expert not know he would get caught?

Monday, November 19, 2012

Kansas appellate court okays warrantless cell phone search during search incident to arrest

In State v. James, No. 106,083 (Kan. Ct. App. 2012), as a matter of first impression in the state, the Court of Appeals of Kansas held that officers may read an arrestee's text messages in a cell phone found on his person as part of a search incident to arrest.

The defendant had been pulled over for having a headlight out. The officer smelled alcohol and soon learned the defendant and his passenger had been making drinks and consuming alcohol while in the vehicle. A search of the car revealed marijuana, and the defendant suggested it may belong to his brother. He did not know his brother's phone number, but because he was in handcuffs, he "stuck out his hip" as a gesture to get the officer to obtain his phone and call his brother. Here's what happened next:
While removing the cell phone from James' pocket, the deputy asked "are there going to be any text messages on here relating to drug sales?" And James responded that there was nothing about drugs on his phone. 
Deputy Voigts proceeded to look at the cell phone in James' presence. In scrolling through James' text messages, the deputy found two incoming messages that caught his attention. On December 8, 2009, a person named Ash sent a text message to James' cell phone, which read: "U got green I will meet U somewhere." Another text message, sent on December 9, 2009, said, "Hey T-Ray this is Cotie. U got a 20?"
Never was the officer told he could not search the messages, and the phone did not require a password. The defendant was later charged with various drug crimes. The text messages were used as evidence at trial, and the defendant was convicted and sentenced  to 44 months in prison.

On appeal, he argued that the search violated his Fourth Amendment rights and that the use of the messages was improper under the rules of evidence.

The Court of Appeals found that the search of the cell phone for text messages "probative of criminal conduct ... was a valid search incident to a lawful arrest." Further, the court found unpersuasive the defendant's arguments that cell phones should be treated differently than other containers including Ohio's Smith v. State (finding that the search of cell phone requires a warrant) and Kansas's own State v. Rupnick (holding that the search of a computer hard drive requires a warrant). The state made a consent argument, but the court did not need to consider it.

Finally, the court found that the text messages were not inadmissible hearsay. The questions "U got green" and "U got a 20" were not "offered to prove the truth of the matter stated." The questions are "neither true nor false" and thus do not qualify as hearsay.

Thursday, November 15, 2012

New Mexico district court denies exclusionary rule for unconstitutional GPS use despite lack of precedent

In United States v. Aispuro-Haros, No. 11-2293 (D. N.M. 2012), the court ruled that pre-Jones use of a GPS device without a warrant was an unconstitutional search under Jones. However, despite a lack of precedent in the Tenth Circuit for the relevant time, the court held that the exclusionary rule does not apply.

The defendant is charged with crimes related to drug trafficking and filed to a motion to suppress due to law enforcement having tracked him with a GPS device without first obtaining a search warrant. The government conceded that the use of the device was unconstitutional, but argued that the exclusionary rule should not apply. The court agreed:
If the experienced, thoughtful, and knowledgeable jurists of the Seventh, Eighth, and Ninth Circuits did not know that the use of a GPS device on a vehicle constituted a warrantless search in violation of the Fourth Amendment, then it is not reasonable to assert that the officers involved in the underlying investigation in this case should have known that either.
The D.C. Circuit's decision in Maynard had already been released at the time of the use, but the court excused that on account of it being the minority view. Maynard was later affirmed by the Supreme Court in Jones.

As has been explained many times on this blog, this approach to the application of the exclusionary rule to GPS use is the minority. Most trial courts within the Seventh and Ninth Circuits have not applied the exclusionary rule because of existing precedent allowing the use, whereas most courts in other circuits have suppressed the evidence.

Wednesday, November 14, 2012

Mass. trial court finds obtaining one day of CSLI without cause to violate the Mass. Constitution

In Commonwealth v. Wyatt, 30 Mass. L. Rep. 270 (Mass. Sup. Ct. 2012), the Superior Court of Massachusetts held that obtaining cell site location information (CSLI) without a showing of cause (the court did not specify if probable cause was a requirement) was a violation of the Massachusetts Constitution. As a result of this finding, the defendants' motions to suppress were granted.

As part of a murder investigation, law enforcement acquired nine 2703(d) orders covering five different cell phone companies and eighteen phone numbers seeking subscriber information and call records for a near two-month period and CSLI for one day. Officers later admitted they did not have probable cause to acquire this information. The four defendants filed a motion to suppress their historical CSLI .

The court began by discussing the similarities of cell phones and a GPS device, noting that "CSLI enables a cellular telephone to be treated as a de facto Global Positioning System (GPS) tracking device." As such, they conducted an evaluation of a state high court opinion in Connolly (holding that installation of a GPS device on a vehicle is a seizure) and the Supreme Court's opinion in Jones.

Next, the court applied the expectation of privacy test to the use of CSLI. Because "[i]t is unlikely that the average cellular telephone user knows that when he or she makes or receives a call or a text message, the service provider creates and maintains a record of the cellular telephone’s location," the defendants had a subjective expectation of privacy in the cell records.

As to an objective expectation of privacy, the court held:
Allowing the government to track our movements without evidence that the person whose CSLI is sought engaged in criminal activity compromises what it means to be a citizen of the United States of America free from arbitrary surveillance.... 
Allowing the government to track a citizen’s movement through CSLI, without requiring the government to show probable cause or even reasonable suspicion that the target is engaged in criminal activity is contrary to the very freedom we hold dear.
Thus, the defendant's motion to suppress their cell site location information was granted.

Cybercrime Review blogger Justin Webb contributed to this post.

Tuesday, November 13, 2012

Highlighted Paper: "The Case Against Combating BitTorrent Piracy Through Mass John Doe Copyright Infringement Lawsuits"

This month I'd like to highlight another Michigan Law Review article that is germane to this blog's focus. The article is: Sean B. Karunaratne, The Case Against Combating BitTorrent Piracy Through Mass John Doe Copyright Infringement Lawsuits, 111 Mich. L. Rev. 283 (2012).  I have seen much in the technology blog-o-sphere about this topic, typically highlighting some of the less than ethical tactics that these mass lawsuits engage in, but I can't remember seeing much in scholarly work on the subject.
That defendants may likely be successful arguing improper joinder or lack of personal jurisdiction is the thrust of the piece. The abstract is below:
Today, the most popular peer-to-peer file-sharing medium is the BitTorrent protocol. While BitTorrent itself is not illegal, many of its users unlawfully distribute copyrighted works. Some copyright holders enforce their rights by suing numerous infringing BitTorrent users in a single mass lawsuit. Because the copyright holder initially knows the putative defendants only by their IP addresses, it identifies the defendants anonymously in the complaint as John Does. The copyright holder then seeks a federal court's permission to engage in early discovery for the purpose of learning the identities behind the IP addresses. Once the plaintiff knows the identities of the John Does, it contacts them with a settlement demand. But often before such discovery is granted, the anonymous defendants have been improperly joined, and the lawsuit has been filed in a court that lacks personal jurisdiction over the defendants. This presents no problem to the plaintiff because the plaintiff does not intend for the lawsuit to go to trial. However, the defendants effectively have no choice but to succumb to the plaintiff's settlement demand because settling will be less costly than fighting the action. This Note argues that courts should not grant expedited discovery in such procedurally deficient lawsuits. To rein in these mass lawsuits, this Note argues that mass copyright infringement suits should meet certain minimum joinder and personal jurisdiction requirements before courts grant expedited discovery.
I think the strong-arm settlement tactics of these copyright litigation factories needs to be reigned in, especially in the case of pornographic works; the embarrassment of the consumer is often a boon to these outfits bordering on unjust enrichment. Copyright owners should have recourse for infringement, but not at the expense of cannibalizing individuals and legal rules in the process of doing so. Thankfully, there has been judicial push-back on these types of approaches.

Monday, November 12, 2012

Sixth Circuit affirms restitution award against expert witness who morphed stock images into CP for jury exhibit

In Doe v. Boland, No. 11-4237 (6th Cir. 2012), the Sixth Circuit held that an expert witness who morphed images of children into child pornography in order to show the ease of such editing to a jury was guilty of possession of child pornography. As such, he was ordered to pay restitution of $300,000 to the victims.

The defendant had downloaded images of two children from a stock photo website and edited the images "to make it look like the children were engaged in sex acts" as part of his preparation for testimony at a child pornography trial. His actual intent was to show the jury how easily such images could be modified and to argue that the defendants on trial may not have known the pornographic images they were viewing were actually child pornography.

After his presentation of the images, the FBI began an investigation, and he was charged with possession of child pornography under 18 U.S.C. § 2252A(a)(5)(B). The district court held that he did not have to create these morphed images to prove his point and that his actions were not protected by the Constitution or statute. Thus, damages of $150,000 were awarded to each of the two victims. (Read our earlier post about this decision here.)

The Sixth Circuit first held that the § 2252A(f) action for damages allows a court to award "compensatory and punitive damages" and does not require an "exact amount of ... damages." Therefore, the award of $300,000 was permissible.

Secondly, the production of the images was not protected by the First Amendment, and it was immaterial that the images were "never displayed ... outside of a courtroom" or transmitted electronically. "The creation and initial publication of the images itself harmed ... [the children], and that is enough to remove Boland’s actions from the protections of the First Amendment."

In conclusion, the court wrote:
This $300,000 award undoubtedly amounts to tough medicine for Boland.  When he created morphed images, he intended to help criminal defendants, not harm innocent children.  Yet his actions did harm children, and Congress has shown that it “means business” in addressing this problem by creating sizeable damages awards for victims of this conduct.... Nor was this Boland’s only option for trying to help his clients.  He could have shown the difficulty of distinguishing real pornography from virtual images by transforming the face of an adult onto another, or inserting a child’s image into an innocent scene.  If he felt compelled to make his point with pornography, he could have used images of adults or virtual children.  Instead, he
chose an option Congress explicitly forbade: morphed images of real children in sexually explicit scenes.  That choice was not protected by the First Amendment, and the children therefore are entitled to the relief Congress offered them.
Thus, the trial court's decision was affirmed. The case was first heard by the Sixth Circuit in 2011. In that earlier decision, the appeals court reversed and remanded a trial court decision holding that Congress intended for there to be an exception for expert witnesses.

Thursday, November 8, 2012

Hushmail provides unencrypted e-mails to feds; practice raises interesting legal questions

In a Second Circuit case (United States v. Gonzalez, 686 F.3d 122 (2d Cir. 2012)) released earlier this year, evidence was presented at trial that had been e-mailed through Hushmail, a secure e-mail service used by "millions of people and thousands of businesses." Hushmail's website claims that they "encrypt your message automatically before it is sent, and then restore it back to its original form when the recipient reads it."

The issue that immediately came to my mind was the fact that Hushmail provided not only the communications but they were able to unencrypt them first. Here's the court's description of the evidence:
The government also introduced into evidence numerous emails sent from the address "" — which Gonzalez admitted was his — through "Hushmail," an encrypted email service provider that encoded email messages, permitting them to be accessed and read only by someone who had the encryption key. The emails introduced at trial by the government, decoded by Hushmail, included the following..."
This isn't the first time Hushmail has done this. In 2007, Threat Level explained the security issues and how Hushmail is able to provide an unencrypted copy of a user's e-mails.

In recent years, several courts have evaluated whether the government can force an individual to provide an encryption key for electronic files. Courts have ruled on both sides of this popular Fifth Amendment issue. Perhaps an interesting extension of that debate is whether a person's agent (that word choice may be a stretch) - their e-mail provider - can be forced to provide an unencrypted copy of e-mails or whether they may only provide the scrambled versions. Another interesting issue is how we would define communications required to be disclosed under provisions of the Stored Communications Act.

Hush Communications' CEO, Ben Cutler, responded to my inquiry about their disclosure policy:
Our policy is to only release user information if we receive an order enforceable in British Columbia Canada requiring that we do so. British Columbia, Canada is the jurisdiction where our servers and operations are located. The order must be for a specific user account. In the case where authorities in the US are seeking information on one of our users they would have to make an MLAT request to the Canadian Department of Justice, which if successful would result in an enforceable order being issued here in Canada.
As may be obvious, I don't really claim to have answers to these issues, but I feel they are interesting to think about. Please feel free to comment below with your thoughts.

Wednesday, November 7, 2012

District court holds reasonable suspicion satisfies Jones, good faith exception requires binding precedent

In United States v. Robinson, No. S2-4:11CR00361 (E.D. Mo. 2012), the district court held that the good faith exception should not apply to GPS evidence where there was no binding precedent but also held that reasonable suspicion - rather than probable cause - is sufficient to satisfy the Supreme Court's decision in United States v. Jones.

Law enforcement had conducted surveillance on the defendant over a month and a half period. That, along with interviews they had conducted, gave them "reasonable suspicion," according to the district court judge. After the visual surveillance appeared to corroborate the interviews concerning the alleged fraudulent activity, a GPS device was installed on the defendant's car in early 2010 where it recorded data for nearly two months.

At the motion to suppress hearing, the parties made the normal arguments. The defendant argued the data should be suppressed because no warrant had been obtained, violating the Fourth Amendment according to Jones. The prosecution argued that the Davis good faith exception should apply and save the evidence from suppression. The court, interestingly, disagreed as to both.

Good Faith Exception
In its analysis of the good faith issue, the court first examined precedent as of the installation of the device, looking at Knotts (1983 beeper case), Garcia (Seventh Circuit case finding that GPS use was not a Fourth Amendment event), and Pineda-Moreno (Ninth Circuit case holding the same). Maynard (the DC Circuit case which held that it was a search and was ultimately affirmed by the Supreme Court in the restyled name of United States v. Jones) was handed down in August - nearly five months after the GPS device in the present case had stopped tracking the defendant.

The court acknowledged that most courts in the Seventh and Ninth Circuits apply the good faith exception where GPS has been used prior to Jones, but the more challenging issue is what happens outside of those circuits. Ultimately, the judge held that the Davis good faith rule should not apply here, finding that it only protects law enforcement action where there was binding precedent.
The language of Davis is narrow, and quite specific. In discussing whether the police were culpable, the majority in Davis noted "the officers' conduct was in strict compliance with then-binding Circuit law." Davis, at 2428-29. The opinion repeatedly references "binding" authority, see, e.g., id., at 2428, 2429, 2431, 2434; the majority did not reference "generally accepted authority." Indeed, the majority specifically noted that the situation might be different with "defendants in jurisdictions in which the question remains open."
Also discussed was the need for caution when dealing with technology. "[O]ne may not simply assume that prior case law authorizes conduct when it deals with different technology, is perhaps installed in a different fashion, or permits a different degree of intrusion," reasoned the court.

Reasonable Suspicion
Nonetheless, the court, relying on binding precedent in Marquez, found that the GPS evidence would not be suppressed because reasonable suspicion existed, making the search reasonable. In Marquez, the Eighth Circuit held that GPS installation on a car parked in a public place with reasonable suspicion for a reasonable period of time does not require a warrant.

The defendant argued that Marquez had been abrogated by the Supreme Court's decision in Jones. The court, however, disagreed as it determined that Jones did not specify what level of suspicion is necessary for use of a GPS device. As Marquez had done so and determined that reasonable suspicion was sufficient, that decision was still good law.

Thus, the motion to suppress was denied because reasonable suspicion existed.

Thanks to Jed, a loyal reader, for pointing out this case to us.

Tuesday, November 6, 2012

Federal court holds police exceed scope of warrant by intentionally searching for child porn during ID theft case

In United States v. Schlingloff, 2012 U.S. Dist. LEXIS 157272 (C.D. Ill. Oct. 24, 2012), Judge Shadid held that use of Forensic Toolkit's (FTK) Known File Filter (KFF) to alert on child pornography files was outside the scope of a warrant issued to look for evidence of identity theft.

The defendant in this case lived at a location that was searched pursuant to a valid warrant; the warrant was issued to find evidence of identity theft. During the search of the residence, multiple media devices and computers were retrieved, including a computer and external storage device belonging to the defendant. When the items were sent for forensic analysis, the computer forensic analyst did a search of the devices not only for identity theft (likely image and string searches), but also for child pornography using FTK's KFF option.

A short explanation on KFF. To make forensic analysis easier, files that are known to be valid (system files, DLLs, etc.) are hashed, and those hash values are compared against a disk image to exclude known valid files from further forensic analysis. Conversely, known malicious or illegal files are also hashed, and if those files are found on the computer, the KFF alerts on those hashes, indicating to the investigator that those files should definitely be investigated further. Per FTK's own literature, the KFF can be pared to certain file lists (i.e. hashes of child porn files, virus-related files, etc.) relevant to the current investigation. Additionally, the forensic investigator does not have to use KFF - it is merely an option.

Here, the investigator chose to use the KFF, and within its alerts were hashes of child pornography. While searching the defendant's computer, child porn alerts generated by the KFF showed up. The analyst took the next step and (to confirm the files were in fact CP), opened a few to confirm the results.  As the court stated:
The search here did not end with flagging the child pornography files during preprocessing, however. After the KFF alerted to the two files in question, [the agent] believed that he recognized them to be part of the "Vicky" series of child pornography based on their hash values and his experience. Rather than stopping at this point to obtain a warrant to search for images of child pornography, [the agent] briefly opened each file in order to confirm his suspicions before stopping any further processing. . . . 
Based on this evidence, the defendant was charged with possession of child pornography. The defendant filed a motion to suppress the evidence, arguing that it was outside the scope of the warrant. The initial motion was denied because the court was under the impression that KFF was an all-or-nothing option. Upon learning that the KFF can be turned on and off in a motion to reconsider, the court granted the motion to suppress.

The court justified its decision as follows:
The Court of Appeals has recognized that where the KFF alert flags a file as child pornography, an agent could be acting outside the scope of the warrant if he opens the flagged files without obtaining a new warrant. . . .
By opening the "Vicky" files flagged by the KFF alert, McNamee knew or should have known that those files would be outside the scope of the warrant to search for evidence of passport fraud or identity theft, particularly as the warrant did not specifically refer to evidence found in video files. . . .
. . . the Court finds that Agent McNamee took an affirmative additional step to enable the KFF alerts that would identify known child pornography files as part of his search for evidence of passport fraud or identity theft. In a case where the professed subject matter sought in the search bore no resemblance to child pornography, it is difficult to construe this as anything other than a deliberate expansion of the scope of the warrant, or at the very least, an affirmative step that effectively did so. 
Holding that use of a method like KFF to search a computer which was not suspected of child pornography at the outset, is the correct outcome. As the court said, that was an affirmative step. The government argued that the evidence would have inevitably been found (which is likely true if they had just done a straight image search and ran through those images), but the court was unpersuaded by that argument, stating that it missed the point. And to the extent that the government intertwined the inevitability of file discovery to the plain view doctine, the court was still unpersuaded. The court stated that  the KFF had placed the officer somewhere he wasn't supposed to be (by bringing the files directly to his attention) and that is different in kind from other cases where CP found in the course of an investigation is allowed because it is discovered inadvertently - often under plain view doctrine. The court noted that "the suggestion that the agent inadvertently came across a file when that same agent specifically set up the situation to find and highlight this type of file by 'clicking' to enable the KFF alert is untenable."

The court summed up the holding stating that each step in the process may not have violated the Fourth Amendment, but (1) the knowing use of the KFF with CP values, (2) the alerts on the CP,  and (3) the choice to open the files to confirm their contents combined to lead to only one permissible outcome: suppression.

The court correctly noted that this problem is not going away, and that evidence from computers must be dealt with differently because of its permanence, and the unlikeliness of a staleness argument. The courts offered that:
Given the ever increasing state of technology and consequently, technology related crimes, the Court finds that this issue is not going to go away, and in fact, will likely become more prevalent and finely contoured. Digital images or files can be located nearly anywhere on a computer and "may be manipulated to hide their true contents." . . . Accordingly, more comprehensive and systematic searches have been found to be reasonable. . . . Nevertheless, it is also important to note that there is normally no fear of degradation or dissipation of evidence or a rapidly evolving situation requiring the need to "shoot from the hip" in examining seized computer files without a proper warrant. . . . In fact, Judge Posner recently noted that the doctrine of staleness has taken on new contours as a result of technological advancements and the importance of employing a "realistic understanding of modern computer technology" when evaluating Fourth Amendment challenges to computer searches.

Friday, November 2, 2012

Recent articles related to technology and the law

Here are some recently published (or posted) articles I found on SSRN that you might enjoy reading. Feel free to e-mail me if you have suggestions for an upcoming list.

GPS / Jones
Hacking / Cyber Attacks

Thursday, November 1, 2012

GAO produces report on cell location data protection

The Government Accountability Office recently released a report entitled "Mobile Device Location Data: Additional Federal Actions Could Help Protect Consumer Privacy." It covers:
(1) how mobile industry companies collect location data, why they use and share these data, and how this affects consumers;
(2) the types of actions private sector entities have taken to protect consumers’ privacy and ensure security of location data; and
(3) the actions federal agencies have taken to protect consumer privacy and what additional federal efforts, if any, are needed.
The GAO recommends that mobile industry companies adopt a variety of practices, enforce their policies consistently, and implement certain safeguards to protect the data. Additionally, employees must be held accountable for policy breaches. Action was also recommended for the FTC, FCC, and Department of Commerce.