Listen in to cyberbullying, sexting discussion

Update: The discussion can be found in the MPB archive here: http://mpbonline.org/inlegalterms/lt102913/.

Be sure to tune in tomorrow morning (Oct. 29) at 10am (CDT) for a discussion about cyberbullying, sexting, and digital stalking and harassment with cybercrime expert Priscilla Grantham.

Here's the link to listen live to Mississippi Public Broadcasting: http://mpbonline.org/Programs/listen_live.

Priscilla and I were colleagues at the National Center for Justice and the Rule of Law where she was a senior research attorney and taught courses related to the Fourth Amendment, cybercrime, and ICAC for judges, prosecutors, and law enforcement.

Read More

Former Romney/Ryan intern charged with cyberstalking and internet extortion denied bail

In United States v. Savader, 13-MJ-359 (E.D.N.Y. May 7, 2013), Magistrate Judge Gary R. Brown denied bail to Adam Savader because of the nature of his crimes (cyberstalking and internet extortion) and due to the "weaponized" nature of the cache of compromising pictures the defendant possesses. The court's reference to weaponization derived from the fact that the images of the 15 victims were in cloud storage, and thus "the cache of compromising photos, [could] be accessed from any Internet- enabled device on the planet," allowing Savader to perpetrate additional crimes or antagonize his victims further.

The Savader case was well publicized when it hit the news; see:

Politico, Adam Savader, ex-Romney intern, arrested for blackmail
New York Daily News, Former Romney campaign intern busted in nude-pics blackmail scheme

From the Politico article (to summarize):

A former intern for the 2012 Republican presidential ticket of Mitt Romney and Paul Ryan and for Newt Gingrich’s presidential campaign was charged with cyberstalking young women and blackmailing them into sending nude photos in federal court on Tuesday.
Adam Savader, a 21-year-old from Great Neck, N.Y., obtained nude photos of 15 different women and threatened to publish the photos unless the women sent him even more naked pictures, according to a criminal complaint. Some of the victims were Savader’s high school and college classmates.

The complaint was originally under seal, but was unsealed on April 23, 2013 by order of the court. The complaint plus additional documents from the E.D. of Michigan (where the charges were filed), can be viewed here:

Savader Docs (Complaint, Arrest Warrant, Docket, etc.)

While Savader was charged in Michigan, he lives in New York, hence the reason why the detention order (and reasoning) emanated from the Eastern District of New York. In beginning his determination, the EDNY Magistrate considered whether it was even proper to make a bail determination in New York instead of Michigan. In the end, the court held that the amended Rules of Criminal Procedure allowed the court to proceed, and indeed it makes sense to hold a bail hearing in the defendant's home district, where Savader could more easily provide information relevant to the bail hearing; namely, his community ties, etc.

As to the merits, the court noted that the case "present[ed] novel factual issues as well as the kind of legal challenges that often arise when applying traditional legal concepts to cases emanating from digital technology." I think that is the interesting part of this otherwise routine part of criminal procedure. What should the standard be for individuals charged with internet crimes, where access to a computer might be the only thing needed to perpetrate additional crimes, modify evidence, or in this case, antagonize victims further with compromising photos?

In this case, the court referred to it as a close call, but ended up siding with detention. I don't necessarily agree it was close. As the court noted: there were 15 victims, the defendant showed some acumen for technology (not enough to know Google Voice numbers can be tied to your IP address...), and the defendant held specific animus for some of the victims. Moreover, because the fruits of his alleged crimes were stored out on the internet, the temptation for him to access that material (for any reason at all, nefarious or otherwise), might have been too great (notwithstanding his family's assurances otherwise).

I will note that I think the analysis regarding bail should be different in hacking cases, where systems have been adequately secured and there is no further chance the defendant could reoffend. However, here, I don't think you can convincingly argue future crime/tampering/sexual gratification related to the cache of material is a non-issue.

Because I haven't seen much related to bail considerations for electronic crimes, I reproduce in full the court's reasoning, below:

Because the offenses charged do not appear to constitute crimes of violence as defined in the Bail Reform Act, see 18 U.S.C. §3156,3 the Government is limited to seeking detention under § 3142(f)(2)(B), to the extent it can establish that the defendant “presents a serious risk that [he] . . . will . . . threaten, injure, or intimidate, or attempt to threaten, injure, or intimidate, a prospective witness.” Thus, the determination turns on whether the defendant may attempt to threaten or intimidate potential witnesses, which, in this case, means the complaining victims. 

Precise prediction of future human conduct represents an impossible task. Here, however, we can look at several indicators. First is the defendant’s capacity to threaten or intimidate the victims, both identified and unidentified. According to the Government’s proffer, agents uncovered evidence of an Internet cloud storage account that included files bearing names of the victims, presumably containing the photograph files used as part of the extortion. Notwithstanding the seizure of computer hardware from the defendant, the existence of this cloud storage suggests that, based on the information currently available, the defendant has possession of the cache of compromising photos, which can be accessed from any Internet- enabled device on the planet. Though electronic files do not generally constitute dangerous materials, in the context of this highly-unusual case, the defendant effectively “weaponized” these items, presenting a significant risk. Given the defendant’s demonstrated facility with computer technology, it would be all but impossible to fashion terms and conditions that would eliminate defendant’s access to these materials. Hence, like an individual with access to a secret cache of weapons, the defendant certainly maintains the capacity to intimidate or further injure the victims until these materials can be definitively located and secured. 

The second factor is the defendant’s willingness to employ these materials to cause further harm to the victims. Of course, that he has done so in the past is one consideration. At the hearing, his counsel argued, persuasively, that the defendant would be a fool to violate a court directive contained in a release order, as it would mean almost certain return to jail. In addition, the mere exposure of the scheme may well make the defendant reticent to engage in additional similar conduct. As Justice Brandeis famously observed, “Sunlight is said to be the best of disinfectants; electric light the most efficient policeman.” However, the Government has presented evidence showing that this defendant – largely for reasons that are as yet undiscovered – maintained an animus against some of these victims for many years. Though the defendant is now 21, he has managed to hold a grudge against several victims since high school. This demonstrated drive on the part of the defendant forces me to conclude that there remains a serious risk that he will attempt to intimidate or further injure the victims, as long as those photos remain in his control. 

Having concluded there is such a risk, the question is whether there are conditions which can remediate that risk. The Court notes that, at the bail hearing, defendant demonstrated substantial ties to the community. A large number of family members appeared at the bail hearing, representing three generations of his family, all of whom appeared willing and eager to assist in ensuring that the defendant will not engage in further wrongful conduct. According to his attorney, family members were willing to accompany him to school, attend classes with him, and take any other steps necessary to secure his release. Because of the unique circumstances of this case, I find that this support, though an important consideration, cannot overcome the serious risk of danger to the victims. As such, I directed the defendant be detained pending removal to the Eastern District of Michigan. 

That said, I note that this was a close call, which could have easily resulted in a different outcome. As described above, these decisions must be made with deference to the charging district, which will have access to better information concerning the status of the compromising photographs, input from the victims, and the nature of the evidence. That court, therefore, will be in a far better position to evaluate the risk presented by the defendant, and should accord little weight to this determination.

Read More

If I read your emails, change your password, and use your emails against you in a divorce proceeding, am I cyberstalking you?

If you said "yes" to the question posed in the title of this post, you may have some difficulties in Florida. In Young v. Young, 2012 Fla. App. LEXIS 15112 (Sept. 28, 2012), a Florida appellate court said "no" to that question, holding that cyberstalking, per Florida statute, requires "electronic communications by [a person] of "words, images, or language . . . directed at" another individual (the person allegedly getting stalked).

In Young, the husband allowed his wife to use his computer password to install a multi-user licensed anti-virus program. Under these facts, I'm not exactly sure why she needed the password, but the case does not clarify. The husband, in my estimation, was operating under good faith because at the time of disclosure, the couple was either at, or still amidst, their dissolution proceeding.  (At this point I'd like to stop and offer what should be obvious advice at this point - short of a court order, never disclose your password to anyone, for anything, at any time. Including your wife. I can't think of many stories I have heard that open with "so I gave her/him my password" and end happily.)

The wife, without the husband's consent, then "used the password to read his email and then changed the password so that he could no longer gain access to his account." Subsequently, she "filed a paper in the divorce proceeding that contained extensive personal information taken from the emails." The husband filed for a domestic violence injunction, which was granted by the lower court after interpreting that the wife's actions "amounted to cyberstalking."

The court of appeals overturned the injunction, stating that reading your emails, changing your password, and using the information discovered in your email account are not electronic communications directed at another, and therefore fall outside the purview of the statute.

In my common understanding of stalking in general, but also cyberstalking, I was never under the impression that stalking had to include some sort of communication to the "stalkee." Isn't part of stalking doing so by use of stealth? Indeed, one online dictionary defines it as:

1. To pursue by tracking stealthily.

2. To follow or observe (a person) persistently, especially out of obsession or derangement.

To me, this is an odd outcome - but, it is more a failing of statutory drafting than a mistake by the court. The husband may also have other remedies (computer intrusion statutes at the state level), however those will certainly not be sufficient to obtain a DV injunction. The larger question is this, does the wife's behavior give rise to the husband's belief that he was in imminent danger of domestic violence, which is the DV injunction standard in Florida. That's a high bar to meet, but one would need to know the content of the emails to know just how angry she might have been. As a public policy matter, I think a DV injunction here wouldn't be a bad thing.

Read More