Friday, September 27, 2013

Arrest made in connection with Miss Teen USA "sextortion" case

Multiple media outlets reported yesterday that 19 year-old Jared James Abrahams, a computer science student from Temecula, California, was arrested for his alleged connection to an online extortion scheme referred to as "sextortion."

A criminal complaint filed in the Central District Court of California alleges Abrahams violated 18 U.S.C 875(d), a federal extortion statute, after he "knowingly and willfully, and with the intent to extort money and other thing of value, did transmit in interstate and foreign commerce from Providence, Utah to Temecula, California, an email communication to victim C.W., and the email communication contained a true threat to injure the reputation of C.W."

C.W. is reportedly Cassidy Wolf, Miss Teen USA 2013. According to Greg Botelho with CNN, at the time Wolf contact police about the activity "[she] was not a national figure -- even though she was Miss Teen California -- and lived in an apartment and attended Orange Coast College in Costa Mesa." Wolf tweeted about the arrest late Thursday.

According to the complaint, Abrahams allegedly
compromised victims' computers and obtained nude photographs and/or videos of the victims through remote operation of the victims' web-enabled cameras ("webcams"). After taking the nude photographs and/or videos, [Abrahams]  . . .  contacted the victims by email, [and] the victims learned that [Abrahams] had remotely used the victims' webcams to take nude photographs and/or videos of the victims without their consent . . . .  
The complaint goes on to claim that Abrahams "threatened to publicly disclose on the victims' Internet social media accounts" the nude images he had obtained, unless the victim's either "(1) sent nude photographs, (2) sent a nude video, or (3) logged on to Skype and did what [Abrahams] told the victim to do for five minutes."

Wednesday, September 25, 2013

State courts evaluate sexually violent predator status for convicted child pornographers

In two recent cases, state appellate courts in Pennsylvania and Texas have analyzed the application of sexually violent predator (SVP) status to convicted child pornographers. The result of the status varies by state but can include mandatory lifetime registration and civil commitment if it is determined that the defendant is "likely to engage in a predatory act of sexual violence" due to a "behavior abnormality." Nearly half of states and the federal government have SVP laws.

The Superior Court of Pennsylvania concluded in Commonwealth v. Goshow, No. 3206 EDA 2012 (Pa. Sup. Ct. 2013), that the defendant's viewing of child pornography resulted in the "continuous exploitation and victimization of the children depicted therein." Trial testimony argued that the defendant was "likely to engage in predatory sexually violent offenses" in the future because his pedophilia was "a chronic lifetime condition." The defendant had attempted to argue that there was no actual victim.

In Goshow, a dissenting opinion argued:
Here, there is no indication that Appellant directed any act at another person, but that he, in solitude, downloaded, viewed, and masturbated to images of child pornography. Therefore, he did not direct any act at another person. Although the children depicted in the pornography were victims in the production and distribution aspects of an insidious industry, the legal conclusion of the trial court that Appellant victimized the children is not sustainable in light of the statutory definition that requires acts directed at another, or the record established in this case.
In In Re Commitment of Chapman, No. 09-11-00561-CV (Tex. Ct. App. 2013), the Court of Appeals of Texas considered eight issues on appeal arguing that the defendant was wrongfully classified as an SVP. The defendant, convicted for multiple child pornography related crimes and involuntarily committed under the SVP statute, made arguments including improper admission of evidence, bias, insufficiency of evidence, and that the SVP statute was unconstitutional. The court disagreed on all issues and affirmed the defendant's civil commitment.

Monday, September 23, 2013

Yelp sues law firm for alleged fake review posts

User rating and review site Yelp has filed a lawsuit against a San Diego law firm for "try[ing] to game the system by stacking the deck in their favor with planted or fake reviews," arguing that such reviews are "harmful to customers."

According to the complaint,
The McMillan Law Group's efforts to mislead consumers are particularly brazen and disappointing given they have targeted some of the most vulnerable consumers of all - individuals who may be facing bankruptcy and who are looking for potential legal representation.
The lawsuit accuses the firm of breach of contract, intentional interference with contract, unfair competition, and false advertising.

Friday, September 20, 2013

Current issue of American University Law Review focuses on cybersecurity landscape


Volume 62, Issue 5 of the American University Law Review features a variety of works tackling the challenging and often complex issues surrounding cybersecurty. The Forward, written by Jorge L. Contreras, Laura DeNards and Melanie Teplinsky, states that this special issues
represents the culmination of a concerted effort to bring together scholars, legal practitioners, industry representatives, and government officials to discuss and debate the pressing issues surrounding cybersecurity in today’s increasingly interconnected environment.
As is the is case with cybersecurity policy, the topics vary greatly. While the article by appellate advocacy counsel for the Electronic Privacy Information Center, Alan Butler, addresses "the novel approach to cybersecurity policy by considering the implications of the Third Amendment of the U.S. Constitution,"  the piece by Professor Scott Shackelford, assistant professor of business law and ethics at the Indiana University Kelley School of Business, "searches for alternative avenues to foster cyberpeace by applying a novel conceptual framework termed polycentric governance."

The lasted issue of the American University Law Review is a great read for those interested in anything cybersecurity. Here are the links to the articles

Jorge L. Contreras, Laura DeNards, & Melanie Teplinsky, Foreward, Mapping Today's Cybersecurity Landscape, 62 Am. U.L. Rev. 1113 (2013)

Ivan K. Fong & David G. Delaney, Transcript, America the Virtual: Security, Privacy, and Interoperability in an Interconnected World, 62 Am. U.L. Rev. 1131 (2013)

Keir X. Bancroft, Regulating Information Security in the Government Contracting Industry: Will the Rising Tide Lift all the Boats?, 62 Am. U.L. Rev. 1145 (2013)

Alan Butler, When Cyberweapons End Up on Private Networks: Third Amendment Implications for Cybersecurity Polity, 62 Am. U.L. Rev. 1203 (2013)

Michael McNerney & Emilian Papadopoulos, Hacker's Delight: Law Firm Risk and Liability in the Cyber Age, 62 Am. U.L. Rev. 1243 (2013)

Scott J. Shackelford, Toward Cyberpeace: Managing Cyberattacks Through Polycentric Governance,  62 Am. U.L. Rev. 1273 (2013)

Miles L. Galbraith, Comment, Identity Crisis: Seeking a Unified Approach to Plaintiff Standing for Data Security Breaches of Sensitive Personal Information, 62 Am. U.L. Rev. 1365 (2013)

Peter S. Frecehette, Note, FTC v. LabMD: FTC Jurisdiction over Information Privacy is "Plausible," But How Far Can it Go?, 62 Am. U.L. Rev. 1401 (2013)

Danielle E. Sunberg, Note, Reining in the Rogue Employee: The Fourth Circuit Limits Employee Liability Under the CFAA,  62 Am. U.L. Rev. 1417 (2013)






Author's Note: In addition to being an author at Cybercrime Review, Andrew Proia is a postdoctoral fellow in information security law & policy at the Indiana University Center for Applied Cybersecurity Research. David G. Delaney serves as a Senior Fellow at CACR, while Scott Shackelford also serves as an affiliated Fellow. Both have contributed to the recent law review issue described in this post. All opinions expressed by the author of this post are solely in his individual capacity.

Thursday, September 19, 2013

North Carolina appeals court declares social media ban for sex offenders unconstitutional

In State v. Packingham, No. COA12-1287 (N.C. Ct. App 2013), the Court of Appeals of North Carolina vacated a judgement which forbade a convicted sex offended from accessing social networking websites as mandated by state law.

North Carolina's Protect Children from Sexual Predators Act (N.C. Gen. Stat. § 14-202.5) banned all convicted sex offenders from accessing commercial social networking sites.

At trial for violating the statute, the defendant argued that the statute was unconstitutional, but the court denied the motion. The defendant, a previously convicted sex offender, was found "guilty of accessing a commercial social networking Web site."

On appeal, the defendant argued that the statute violated his constitutional rights. The court agreed, finding that the statute does "further a legitimate state interest" but "is not narrowly tailored, is vague, and fails to target the 'evil' it is intended to rectify."

The statute was not narrowly tailored "because it treats all registered sex offenders the same, regardless of the offense committed, the victim's age, whether a computer was used to facilitate or commit the offense, the likelihood of reoffending, and regardless of whether the person has been classified as a sexually violent predator. It burdens more people than needed to achieve the purported goal of the statute."

As to the scope, the court ruled:
The construction of N.C. Gen. Stat. § 14-202.5(b) lacks clarity, is vague, and certainly fails to give people of ordinary intelligence fair notice of what is prohibited. We assume that persons of ordinary intelligence would likely interpret the statute as prohibiting access to mainstream social networking sites such as Facebook.com and Myspace.com. However, the ban is much more expansive. For example, while Foodnetwork.com contains recipes and restaurant suggestions, it is also a commercial social networking Web site because it derives revenue from advertising, facilitates the social introduction between two or more persons, allows users to create user profiles, and has message boards and photo sharing features.

Wednesday, September 18, 2013

Cal. school district pays firm to monitor students' social media

According to a recent CNN article, a California school district is paying a private firm over $40,000 to monitor its students' social media accounts for one year.

The company uses keywords to conduct the searches and sends a daily report to school administration.

Thus far, the service has been used to provide counseling to students who make suicidal threats online. The reports also contain information on "possible violence, drug use, bullying, [and] truancy."

Read the full article here:
http://www.cnn.com/2013/09/14/us/california-schools-monitor-social-media/index.html

Tuesday, September 17, 2013

Magistrate denies search warrant application for lack of probable cause and filtering safeguards

A federal magistrate in the District of Kansas recently denied applications for data from multiple electronic communications services, finding that the requests violate the Fourth Amendment. The requests from the FBI concern the theft of computer equipment from Sprint and the transportation of that equipment from Kansas to buyers in New Jersey.

The court first found that the request for service providers to turn over "all email communication ... and all records" is "too broad and too general". Limits are required. Also, the government must establish in its application plans for review of the data by specifying "any sorting or filtering procedures" for irrelevant data "or that contain attorney-client privileged information."

Ultimately, the magistrate held, "The government thus has not shown probable cause for the breadth of the warrants sought here." Further, even had probable cause existed,
To comport with the Fourth Amendment, the warrants must contain sufficient limits or boundaries so that the government-authorized agent reviewing the communications can ascertain which email communications and information the agent is authorized to review.
Examples of proper procedural safeguards suggested by the court include limiting the search to "certain key words or emails sent to/from certain recipients, appointing a special master..., or setting up a filter group or taint-team to review the information."

The case is In The Matter Of Applications Case For Search Warrants For Information Associated With Target Email Accounts/Skype Accounts, Nos. 13-MJ-8163-JPO, 13-MJ-8164-DJW, 13-MJ-8165-DJW, 13-MJ-8166-JPO, 13-MJ-8167-DJW (D. Kan. 2013).

Monday, September 16, 2013

Documents show U.S. government's use of border search exception to conduct domestic investigations

The ACLU recently released documents detailing how the United States targets citizens for domestic investigations by abusing the border search exception. The doctrine allows for searches and seizures to take place at international borders without probable cause.

David House had his computer, phone, and other devices seized as he returned to the United States from vacation. House was then working with the Bradley Manning Support Network.

Government documents demonstrate how House was placed in a database which notified Homeland Security Investigations (HSI), a department of ICE, of House's plans to travel internationally. "HSI was acting in cooperation with—and perhaps at the request of—the Department of Justice, the Department of State, and the Army’s Criminal Investigative Division."

Ultimately, House's devices were searched, and 26,000 files were evaluated. However, the government concluded that “no data was found that constituted evidence of a crime.”

The documents, released as part of House's settlement with the government, are available here.

Wednesday, September 11, 2013

Wis. man used fake teen personas on Skype to entice (and capture on video) underage sex acts [including Complaint]

Bruce Vielmetti at the Milwaukee Journal Sentinel reported this story a couple of days ago - Child porn case against Ozaukee County man moves to federal court. The back story is that David A. Weaver of Cedarburg, WI was originally charged in state court with possessing child pornography; authorities found, however, after further forensic analysis of his computer, that his transgressions were not so limited. Weaver had also produced child pornography by using fake Skype personas purporting to be children/teens to entice other minors to preform sex acts; Weaver used video capture software to record the chats. 

I obtained a copy of the federal complaint, which is 50 pages long and at times quite graphic and disturbing; the details of Weaver's acts serve as a stark reminder of how technology has made preying on minors almost too easy. 

Vielmetti's story has the quick synopsis:
An Ozaukee County man accused of using Skype to persuade hundreds of teenagers to perform live sex acts alone and with other children now faces federal prosecution.
...
After months of analyzing Weaver's computer, agents found thousands of videos and Skype chat logs. The complaint includes some logs that accompanied videos of the victims. 
Generally, boys would contact "Sara," who would "chat" with text messages and would never show live video but always would demand that the boys at the other end of the conversation show themselves on video. "Sara" would claim her mother had the camera or the microphone wasn't working and would ask the boys to send naked or sexual still photos instead. 
If the victims were girls, Weaver would adopt the same tactics posing as "Josh." 
Weaver also had special software that allowed him to display video captured from elsewhere — a teenage girl masturbating — when he was on Skype as "Sara," or a young male similarly engaged when he was posing as "Josh." 
One chat transcript in the federal complaint shows "Josh" talking with three girls purported to be 10 and 11 years old. He desperately pleads for the girls to engage in sex acts. One texts, "Are you gonna take a picture of us?" The girl says she's scared. "Josh" replies, "well i wasnt scared camming for you cuz i trust u guys. cmon itll be fun." 
As either "Sara" or "Josh," Weaver makes rapid, short requests for teens at the other end of the connection to disrobe, move a certain way, angle the camera just so, and engage in specific sex acts, while complimenting the victims' appearances and expressing how excited they are making him.
...
In some transcribed chats, Weaver tries repeatedly to get one boy to involve his dog in live video sex acts, but the boy repeatedly refuses.


Monday, September 9, 2013

Attorney writes Facebook post complaining about state AG's office, leading state to file Motion to Seal

A Mississippi lawyer recently found his own Facebook post the subject of court deliberation after the state attorney general's office filed a Motion to Seal the court record. Havard v. Epps, NO. 5:08CV275KS (S.D. Miss. 2013).

The defense counsel appeared to be frustrated with the state as the parties filed motions related to a habeas corpus proceeding, posting on Facebook:
After responding to an asinine motion filed by the State, which not only wants to kill my client but doesn’t want to be bothered by actually responding to his claims of innocence, I am heartened by the following words penned by Kris Kristofferson. There are some similarities between prophetic songwriters and lawyers:
And you still can hear me singin’ to the people who don’t listen, To the things that I am sayin’, prayin’ someone’s gonna hear. And I guess I’ll die explaining how the things that they complain about, Are things they could be changin’, hopin’ someone’s gonna care. I was born a lonely singer, and I’m bound to die the same, But I’ve got to feed the hunger in my soul. And if I never have a nickle [sic] I won’t ever die ashamed. ‘Cause I don’t believe that no one wants to know.
Following the post, the state sought to have the records sealed, arguing:
Mr. Carner’s inability to maintain his professional integrity could compromise a case which is sensitive in nature. The victim in this case is a minor, a 6-month-old girl who was sexually battered before she was murdered. Mr. Carner has already demonstrated he is unable to refrain from speaking about this case to the public.
Judge Keith Starrett, however, felt that the request was not necessary.
Respondents' concern was apparently triggered by a Facebook post of one of Petitioner's counsel about the Motion for Clarification discussed above. In particular, counsel wrote, "After responding to an asinine motion filed by the State, which not only wants to kill my client but doesn't want to be bothered by actually responding to his claims of innocence, I am heartened by the following words penned by Kris Kristofferson." However ill-advised this post may have been, in terms of the standards of professionalism by which lawyers are encouraged to govern themselves, this statement does not give rise, in the Court's opinion, to a need to seal this record, for three reasons. First, there is no indication that the record of these proceedings in state court is unavailable to the public; second, the state court record was conventionally filed in this Court and is not available for electronic access; and, finally, information about this case is so widely available through Internet sources that closure of this record will not prevent dissemination of the details of the charges or the identification of the infant victim in this case. For these reasons, the Motion to Seal will also be denied.
According to the Hattiesburg American, a spokesperson for the AG's office acknowledged the ruling was correct and claimed they were preparing to withdraw the motion, but the judge ruled on it before they had the chance to do so.