Jury: School principal Weindl not guilty of CP charges; case arose after FBI agent left spyware on son's school laptop

From the Saipan Tribune (2/13/13): Weindl found not guilty: A federal jury yesterday found former Whispering Palms School principal Thomas Weindl not guilty of charges of accessing child pornography websites using a Public School System-issued laptop. For those unfamiliar with the case, here is my description from a previous post: In United States v. Weindl, __ F.Supp __ (D. N.M.I. Nov. 20, 2012), a Northern Mariana Islands federal district court denied suppression of evidence obtained when spyware installed on school-owned laptop (assigned to...

Read More

Featured Paper: Cloud Computing Security and Privacy

Cloud computing has been viewed by many as the next inevitable step towards a more efficient system for information management and storage. However, as our dependence on cloud computing continues to grow, many have started to examine the privacy, security, and legal ramifications that such a system creates. The Center for Applied Cybersecurity Research (CACR), located at Indiana University, has recently released a new white paper, Cloud Computing Security and Privacy, that examines the privacy and security risks associated with cloud dependence,...

Read More

District court finds CP restitution must be based on number of viewers rather than prior defendants

In United States v. Hollister, the district court held that a determination of restitution to child pornography victims requires the damages to be divided by a count of the total number of viewers of the images as opposed to the common divisor of total number of prior defendants. No. 12-40041 (D. Kan. 2013). The decision is based on the Tenth Circuit's decision earlier this month on the issue. The defendant had been convicted of distribution of child pornography of the "Cindy," "Vicky," and "Jan-Feb" series of images. As is common with these images,...

Read More

Wisconsin federal court forbids forced production of decrypted data on Fifth Amendment grounds

The District Court for the Eastern District of Wisconsin held last week that compelled production of decrypted data violates the Fifth Amendment because it would require the suspect to admit to having access and control over the devices. In re The Decryption of a Seized Data Storage System, 13-M-449 (E.D. Wis. 2013). The FBI seized 16 storage devices from the suspect, nine of which were encrypted. After four months of attempts to access the files, the government sought to force the suspect to "assist in the execution" of the...

Read More

Breaking: Jury finds Nosal guilty in CFAA case on remand from 9th Circuit (Updated)

From Vanessa Blum: Jury finds Nosal guilty on all counts, including 3 #CFAA charges. #cyberlaw Our previous summary of the case can be found here: The CFAA on trial - the latest from the Nosal case on remand Update: Here's some additional coverage: From Findlaw - 'Hacking' Case, Remanded by 9th, Results in Conviction From Wired - Man Convicted of Hacking Despite Not Hack...

Read More

6th Circuit declines to extend Warshak reasoning to P2P

In a recent unpublished opinion, the Sixth Circuit held that its 2010 opinion in Warshak should not be extended to provide a reasonable expectation of privacy for users sharing files over Limewire. United States v. Conner, No. 12-3210 (6th Cir. 2013). The defendant was convicted of receipt and possession of child pornography after law enforcement tracked the sharing of child pornography images on Limewire to him. A sheriff's deputy had searched for file names associated with child pornography, and found the defendant's IP address sharing...

Read More

Google Glass and the future of privacy

With the expected public release of Google Glass later this year, we must all be wondering about the product's potential effects on privacy. It will be worn similarly to eyeglasses and will provide users with picture, message, and navigation capabilities - just to mention a few. Jan Chipchase, Executive Creative Director of Global Insights at Frog Design recently wrote about the privacy considerations with technologies like Google Glass: As...

Read More

The CFAA on trial - the latest from the Nosal case on remand

Vanessa Blum from The Recorder has been covering the Nosal trial almost in its entirety. Her coverage has been fantastic, and can be found further below. We have also written extensively on the case for over a year. Our previous posts (for reference) can be found here: 9th Circuit Related Posts: 4/11/2012 - Jeffrey Brown, Ninth Circuit en banc adopts narrow reading of CFAA 4/16/2012 - Justin P. Webb, Why Nosal's dissent is surprisingly persuasive Nosal on Remand Post: 3/13/2013 - Justin P. Webb, Nosal on remand - another reading of CFAA's...

Read More

Three Virginia teens headed to trial for child pornography crimes for videos made on their cell phones

As the Washington Post reports, three Virginia high school students are being taken to trial for child pornography crimes due to cell phone videos they made during sex. [Fairfax County Commonwealth’s Attorney Ray Morrogh] declined to discuss the Fairfax County case, but authorities have said two 16-year-olds and a 15-year-old from West Springfield High School were charged with possession and distribution of child pornography in January after they filmed themselves engaging in sex acts with at least six teenage girls. A source with Fairfax...

Read More

District court holds that lost profits--due to fraudulent bids, not service interruption or degradation--constitute “loss” under the CFAA

The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, continues to receive some uneven treatment by the courts. In Yoder & Frey Auctioneers, Inc. v. Equipmentfacts, LLC, No. 3:10 CV 1590, slip op. (N.D. Ohio Apr. 8, 2013), the United States District Court for the Northern District of Ohio ruled that a private claim under the CFAA could proceed even though the harm it alleged did not seem to flow directly from unauthorized access. Background The plaintiffs, Yoder & Frey, an equipment auctioneer, and RealTimeBid.Com (RTB), an online...

Read More

Cybercrime Review welcomes Brad Edmondson as a guest writer

I am very excited to announce Brad Edmondson will be joining Cybercrime Review. Brad will begin posting as a guest writer this week and plans to formally join Cybercrime Review as a permanent author over the summer. Please join me in welcoming Brad. Brad is currently a 2L at Vanderbilt Law School and has developed an educational focus in the area of intellectual property law. Additionally, he is the incoming Senior Technology Editor for the Vanderbilt Journal of Entertainment and Technology Law. In 2008, Brad received his B.A. in Political...

Read More

Tallinn Manual applies "international law norms" to cyber warfare

It seems almost every day we see new reports of computer and network “attacks” allegedly perpetrated by nation states. China, Russia, and North Korea have all allegedly been involved in a variety of cyber attacks––and with the evidence mounting as to the now infamous Stuxnet attack, it can be safely assumed that the United States is not absent from this list. What cannot be assumed, however, is how these attacks fit into the complex set of policies, treaties, and international laws that govern national and international conflicts. Can a country...

Read More

White House looks for CISPA to address cyber crime reporting

Yesterday, the White House released a Statement of Administration Policy in which the Administration informed the House Permanent Select Committee on Intelligence, and the public, “if [H.R. 624 Cyber Information Sharing and Protection Act (CISPA)], as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.” While many of the White House’s suggestions to improve privacy protections in the Bill have been making headlines, one line in particular caught my attention. In its recommendations on how...

Read More

Antoine Jones denied release after mistrial; fourth trial pending

From the Blog of Legal Times: Judge Orders Man Jailed in Landmark GPS Case  The Washington man who was at the center of the U.S. Supreme Court’s landmark ruling over GPS tracking will remain locked up pending his fourth trial, a federal judge ruled today.  U.S. District Judge Ellen Segal Huvelle concluded no condition of release would “reasonably assure” the safety of the public. The defendant, Antoine Jones, has remained in custody since his arrest in late 2005 for his alleged role in a drug trafficking ring. The full memo opinion/order...

Read More

WI med researcher originally accused of espionage (for stealing cancer drug), now indicted under CFAA (full complaint & indictment)

Hua Jun Zhao has been indicted by a grand jury in the Eastern District of Wisconsin for a violation of the CFAA, namely deleting files from a server without authorization. The violation (per the indictment) is of 18 USC 1030(a)(5)(a), 1030(b), and 1030(c)(4)(B). The relevant statutory provisions are: 18 USC § 1030 - Fraud and related activity in connection with computers (a) Whoever—     (5)         (A) knowingly causes the transmission of a program, information, code, or command,          ...

Read More

Google encourages users to plan for "digital afterlife"

Google announced last week the launch of the "Inactive Account Manager," which lets users set an amount of time after which all of their Google Account's data will be deleted after a period of inactivity. The tool allows you to decide "what you want done with your digital assets when you die or can no longer use your account." Here's a description of the service: [Y]ou can choose to have your data deleted — after three, six, nine or 12 months...

Read More

Reddit AMA focuses on CFAA reform and CISPA

Cyber legislation has been a hot topic lately. At the center of the discussion are reforms to the Computer Fraud and Abuse Act, 18 U.S.C § 1030, and the pending House proposal related to cybersecurity, H.R 624: Cyber Intelligence Sharing and Protection Act. Recently, a group of scholars, not-for-profit organizations, and Internet activists hosted two “Ask Me Anything” (AMA) events on Reddit to inform users of the CFAA and CISPA. The CFAA AMA, which occurred on April 9th, included questions concerning some of the substantive provisions of the CFAA,...

Read More

Featured Paper: DNA Profiles, Computer Searches, and the Fourth Amendment

I found this interesting note, published recently in the Duke Law Journal on the use of the government's DNA database for certain convicted felons. The note, DNA Profiles, Computer Searches, and the Fourth Amendment, argues that the use is a violation of the Fourth Amendment. It's a pretty interesting read. Here's the abstract: Pursuant to federal statutes and to laws in all fifty states, the United States government has assembled a database containing the DNA profiles of over eleven million citizens. Without judicial authorization, the government...

Read More

S.D.N.Y. case highlights circuit split on CFAA’s application to “faithless employees”

In JBCHoldings v. Pakter, the United States District Court for the Southern District of New York addressed “whether an employee[’s] misuse of an employer’s information violates the [Computer Fraud and Abuse Act] where that information was obtained from a computer to which the employee was permitted access.” As JBCHoldings highlights, whether the CFAA applies to the “faithless employee” has caused quite a conflict among federal courts. Janou Pakter and Jerry Tavin owned the executive search firm Janou Pakter Inc., which was later purchased by...

Read More

Cybercrime Review welcomes Andrew Proia as guest writer

I am excited to welcome Andrew Proia as a guest writer for Cybercrime Review. Andrew will post as a guest writer starting this week. He plans to formally join Cybercrime Review as a permanent author sometime mid-summer. Andrew is a 3L at Indiana University Maurer School of Law and is finishing up his J.D. with a concentration in information privacy and cybersecurity. In 2010, he received his B.S. in Criminal Justice, summa cum laude, from the University of Central Florida. Andrew was part of the 2012 scholarship class at the International Association...

Read More

Trial court orders Facebook trash talk ban for divorcing couple; Husband appeals and loses

In a recent divorce case, the Georgia Court of Appeals ruled that it was okay for the trial court to order the parties to not talk disparagingly about either other on Facebook - at least until after the divorce proceedings. The husband appealed the order, arguing that it violated his First Amendment rights. The trial court had issued an order that "restrained and enjoined [the parties] from posting matters about each other or their current litigation on Facebook or other social networking sites." On appeal, the Court of Appeals acknowledged...

Read More

In CP case, dissenting opinion suggests computer search "not sufficiently connected ... to justify this serious intrusion"

In a recent Ohio case, the Court of Appeals of Ohio held that the search of a computer for evidence related to a rash of eggings that revealed child pornography was properly supported by probable cause (Ohio v. Castagnola, 2013-Ohio-1215 (Ohio Ct. App. 2013). However, a dissenting opinion argued the level of the intrusion made the search improper. After more than twenty eggings in the small Ohio town of Twinsburg, police had finally found their suspects after viewing several people purchase a large number of eggs from a local grocery store. When...

Read More

"Closer call": 1st Cir. upholds pre-Jones GPS tracking for 11 days under Good Faith exception

In United States v. Sparks, No. 11-1134 (1st Cir. March 26, 2013), the First Circuit upheld the denial of suppression of GPS tracking evidence which occurred over the course of eleven days, citing the Good Faith exception articulated in Davis. The GPS installation and tracking were pre-United States v. Jones. There are a few interesting things about this holding: 1. Associate Justice (Ret.) Souter sat by designation for the case 2. The court relied on precedent from the 80s (Knotts) and 70s (Moore) to justify the holding; both cases involved...

Read More

Hacking Back: Why security is important, even for hackers committing felonies (from XyliBox)

If you are going to steal credit card numbers and offer them on your site, try and at least secure admin panel (and the overall site itself) sufficiently that so the email addresses and passwords of your users are not easily accessed. The excerpt below is from Xylibox; the full post can be found here re: VMAdumps - a huge hat tip to XyliBox. Also, note that Cybercrime Review is merely reporting what has already been published; we in no way condoned...

Read More

Question on appeal: "Is a cell phone really a pair of trousers?"

In a Texas appellate case, the Electronic Frontier Foundation is arguing that a warrant is required before police search a cell phone being held in a jail's property room. A teenager was arrested at school for a "disturbance" and taken to jail. His cell phone was taken from him and searched, revealing evidence of an unrelated felony (he was arrested for a misdemeanor). The trial court and lower appellate court found that the evidence should be suppressed. The lower appellate court had framed the issue this way: Is a cell phone really a pair of...

Read More

Metadata from VHS? 8th Circuit upholds VHS tape seizure in child porn case

I couldn't help but mention this case, briefly. The 8th Circuit, in United States v. Hager, No. 12-2074 (Mar. 29, 2013), held that a search warrant for digital devices containing metadata related to the production of child pornography allowed officers to search/seize VHS tapes. Even though the court acknowledged that VHS tapes are analog and contain no such thing. The ruling was bolstered, in part, by the officer's reliance on a computer forensic expert's opinion, as well as an AUSA stating that the VHS tapes were within the scope of the warrant. I...

Read More

Growing squash indoors apparently provides probable cause for search of Kansas home for marijuana

In an attempt to take down marijuana growers, it appears that one Kansas county has decided that having indoor gardening equipment is all it takes to give probable cause for the search of a home. According to a report in the Kansas City Star, the couple told this story: “This is how we were awakened: banging, pounding, screaming,” the mother, Adlynn Harte, said Friday. “My husband opened the door right before the battering ram was set to take it out.” The father allegedly was forced to lie shirtless on the foyer while a deputy with an assault...

Read More