Archive for the ‘Computer Crime’ Category

Let’s Make a New Law!

Thursday, October 24th, 2013

Any moderately well-informed person these days is aware of the shocking injustices that happen whenever criminal laws get written by people who don’t really understand what criminal law is, or how it works. (Brilliant summary here.) They tend to create crimes that are ill-defined, overbroad, and usually an overreaction to the perceived harm. The results can be pretty bad.

How much more cause for concern, then, when the proposed crime violates not only the fundamental principles of criminal jurisprudence, but cherished individual rights that have nothing to do with crime?

And how much more cause for concern, then, when those who catch potential problems are not engaged in thoughtful debate, but are instead shouted down and accused of malicious and reprehensible conduct?

It looks like that’s what’s been going on recently in an ongoing debate over proposed “Revenge Porn” legislation that’s floating around out there. At first the shenanigans were amusing to watch, but lately it’s turned into a distressing train wreck online. A law has been proposed in reaction to something with a lot of emotional pull, thoughtful people have voiced concerns that it may be a bad law, and its proponents have responded less with reasoned debate than with emotional backlash. Those who disagree are shouted down as stalkers and assholes; their comments are deleted so that others may not see them.

Ignoring whether either side is right or wrong, what a terrible blow this has been to the credibility of the law’s proponents. Think how insecure they must be in their own assertions to react so defensively. How much confidence can than inspire in the rest of us?

-=-=-=-=-

“Revenge Porn” is pretty much what it sounds like. You’re in a relationship with someone, they let you have some nude pix, then there’s a breakup and you feel bitter and to get back at them you post their nudes online for the world to see. It’s a nasty, cruel thing to do. It’s not hard to imagine society thinking the practice to be so bad that it deserves to be punished. It’s easy, in other words, to see Revenge Porn as something that might be criminalized.

Some law professors have been pushing a model statute that would criminalize the practice. So far, no big deal. This is something that law professors are expected to do.

None appear to be professors or practitioners of criminal law, though. That’s not encouraging. Those reviewing the language will therefore probably want to keep an extra-sharp lookout for things like imprecise (or missing) mens rea, over-inclusive definitions, and conflated or confused concepts, etc. Nothing personal, just a normal precaution. You get this stuff all the time.

An extra wrinkle comes from the fact that posting a nude picture of your ex counts as “speech” for First Amendment purposes. And the First Amendment doesn’t let the government criminalize speech, except in very tightly controlled circumstances. Even the most awful, painful, hurtful and distressing speech (such as that of the Westboro Baptist “Church”) is not something that gets criminalized in this country.

-=-=-=-=-

This is a criminal law blog, not a First Amendment forum, and so it’d be somewhat off-topic to get into whether or not Revenge Porn is something that can be criminalized without running afoul of Freedom of Speech. But it is pertinent to note that the professors’ interpretation of the 1st Amendment here is not universal — and it is also relevant to examine how they have reacted to the ensuing disagreement.

To be fair, the law’s proponents are from academia, where disagreement (often) = bullying and criticism (sometimes) = hate speech. Where speech is generally not very well protected, in the first place. Where debate can be frowned upon and contrary points of view shouted down, removed from newspaper bins, at times even persecuted and hounded out. You ain’t seen petty vindictiveness until you’ve seen someone challenge the orthodoxy. You don’t get this from the better professoriate, of course — there are plenty of wonderful academics who welcome healthy debate, the chance to make their case or (as the case may be) get a new point of view. But there are plenty of others who prefer to point to their credentials and their peer-acceptance as proof of their correctness, and who get the most defensive when challenged.

You can usually tell which kind of academic you’re dealing with based on how they react to a contrary position. The ones who are pushing the Revenge Porn law, sadly, seem to be falling into the lesser camp so far. This is not good for their credibility.

So to the extent that First Amendment practitioners are in dispute with these particular academics, one might be inclined to conclude that the practitioners could perhaps be more likely to be correct.

-=-=-=-=-

But again, this is a criminal law blog. So how does the law look from the perspective of our criminal jurisprudence?

Not… not so great.

Here’s what the model statute says:

Whoever intentionally discloses a photograph, film, videotape, recording, or any other reproduction of the image of another person whose intimate parts are exposed or who is engaged in an act of sexual contact without that person’s consent, under circumstances in which the person has a reasonable expectation of privacy, commits a crime. A person who has consented to the capture or possession of an image within the context of a private or confidential relationship retains a reasonable expectation of privacy with regard to disclosure beyond that relationship.

(a) Definitions: For the purposes of this section,
1) “disclose” means sell, manufacture, give, provide, lend, trade, mail, deliver, transfer, publish, distribute, circulate, disseminate, present, exhibit, advertise or offer.
2) “intimate parts” means the naked genitals, pubic area, buttocks, or female adult nipple of the person.
3) “sexual contact” means sexual intercourse, including genital-genital, oral-genital, anal-genital, or oral-anal, whether between persons of the same or opposite sex.

(b) Exceptions:
1) This section shall not apply to lawful and common practices of law enforcement, the reporting of unlawful conduct, or legal proceedings.
2) This section shall not apply to situations involving voluntary exposure in public or commercial settings.

…..

Holy cannoli, where to begin…?

The first problem is one of good old mens rea: It criminalizes disclosing the image without the subject’s consent, regardless of whether the actor knew about it one way or the other, or meant to do so without consent. It criminalizes the act where the subject had a reasonable expectation of privacy, regardless of whether the actor knew or had any reason to know it. The only mens rea here is whether the image was disclosed intentionally.

It’s a strict liability crime. Whenever you see that, huge red flags should be popping up in your head screaming “INJUSTICE AHEAD!” Sure it doesn’t criminalize accidentally dropping a photo out of your wallet, but it does criminalize showing it to people with the mistaken belief that your wife was cool with it — or without the knowledge that she had since changed her mind.

The second problem is one of conflated concepts. “Reasonable expectation of privacy” is a concept of Fourth Amendment law — of procedural rights, not of criminal liability. It is a term of art that has been defined in a fairly convoluted fashion over the years in such a way that the average layman couldn’t give you an accurate definition of the phrase if his life depended on it. His liberty would depend on it, here. The authors probably don’t mean for this phrase to have the meaning & baggage it carries in Fourth Amendment jurisprudence. They just think it sounds good. And so there is inherent confusion in the statutory language. It is not clear what is actually meant here. And where there is vagueness in criminal law, where there is room for interpretation, there is room for cops and prosecutors to screw over the regular Joe. And if you don’t think that happens, you’re not getting out enough. When you see conflated concepts and room for interpretation, those red flags ought to be screaming at you even louder.

The third problem is one of unclear writing. Seriously, what do the “consent” and “reasonable expectation of privacy” clauses modify? Does this refer to images that are disclosed without consent, or taken without consent? Does this refer to images that were disclosed under circumstances where someone had an expectation of privacy, or taken under such circumstances? Is it criminalizing pictures of sexual acts that were nonconsensual? What about images that were taken by someone else, and then given to you by your ex? What about images that someone else forwarded to you, or you found online, and had no way of knowing whether they were consensually/privately taken or disclosed (whichever verb applies)? It can be read all of these different ways.

There is literally no way of knowing for sure what conduct is criminalized here. As written, it outlaws all kinds of behavior its authors probably didn’t mean to punish. It is overbroad as hell. You hear those red flags? Since when do flags scream? These are. Get some earplugs.

Strictly from a criminal perspective, this is a god-awful statute. It’s another one of those “think of the children” “take back the night” “let’s name a statute after the victim” kinds of legislation that pave an eight-lane superhighway to hell with their good intentions.

-=-=-=-=-

You want a statute that works? (Again, ignoring any First Amendment concerns.) Here’s one I banged out in court this morning while waiting for a case to be called. Zero research or deep thought went into it:

…..

DEFINITIONS:

(A) “Private Sexual Image” = any media containing:

(i) an image taken in a non-public place, and in a non-commercial setting…

(ii) of a living person whose identity is readily ascertained from the contents of the image…

(iii) and depicting that person’s unclothed genitalia, buttocks, or female breasts, or depicting that person engaged in sexual intercourse, oral sex, manual-genital contact, or other such sexual behavior…

(iv) and which has not previously been “distributed” as that word is defined herein.

 

(B) “Distribute” = make publicly available by any means, including displaying in public or in a publicly-accessible medium, sharing via any communication or peer-to-peer arrangement, and any other method that makes a duplicate of the image available to others. Excluded are private acts of showing the image, without duplication or transmission, to individuals or small groups of people.

 

CRIMES:

Any person who, with the intent to harass, shame, or defame another person:

(1) distributes an image he knows, or a reasonable person similarly situated would know, to be a Private Sexual Image of that other person;

(2) when he knows, or a reasonable person similarly situated would know, that he does so without the consent of that other person; and

(3) thereby does harass, shame or defame that other person

is guilty of a Fucking Nasty Crime.

 

Any person who, with the intent to harass, shame, or defame another person:

(1) distributes an image he knows, or a reasonable person similarly situated would know, to be a Private Sexual Image of that other person;

(2) when he knows, or a reasonable person similarly situated would know, that he does so without the consent of that other person

is guilty of a Nasty Crime.

 

Any person who

(1) intentionally distributes an image he knows, or a reasonable person similarly situated would know, to be a Private Sexual Image of another person;

(2) when he knows that, or recklessly disregards whether, he does so without the consent of that other person

is guilty of a Crime.

 

DEFENSES.

It shall be an affirmative defense to all of these crimes that, when the image in question was originally taken, it was reasonable to expect that it would later be viewed or possessed by people other than those who were a subject of the image, the person taking the image, and the person accused of distributing the image.

It shall be an affirmative defense to the Fucking Nasty crime that the image in question was transmitted to the accused via electronic or other means whereby the image could be “forwarded” or otherwise duplicated and transmitted to third parties.

…..

There, quick and easy. There’s probably stuff to fix in there, as well, and again who knows if it’d pass constitutional muster on other grounds, but it’s hardly as overbroad or prone to injustice as the one those professors are promoting.

I bet you can do it even better. You are cordially invited to tear my suggestion apart in the comments, and provide your own language. Have at it!

Hey feds, get off of my cloud (Followup)

Tuesday, May 17th, 2011

Last month, we posted on the senate hearings on whether the feds need to get a warrant before getting emails and other stuff stored in the cloud.  The Obama administration would rather let the feds continue to get such stuff without bothering to get a warrant, as they now can do under (very outdated) current law.  As we put it:

As the law currently stands, if an email is more than 180 days old, the feds are allowed to snag it without a warrant, under the 1986 Electronic Communications Privacy Act.  In yet another bit of Orwellian fractal weirdness, the ECPA was designed to ensure that online communications had just as much privacy protection as anything in the offline world.  (Given the erosion of Fourth Amendment protections in the brick-and-mortar world, a cynic might be tempted to crack that the ECPA has lived up to its expectations.)

And we quoted Sen. Patrick Leahy, who last year argued to drag law enforcement and the Fourth Amendment into the modern era:

Today, ECPA is a law that is often hampered by conflicting privacy standards that create uncertainty and confusion for law enforcement, the business community and American consumers.

For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent. There are also no clear standards under that law for how and under what circumstances the Government can access cell phone, or other mobile location information when investigating crime or national security matters. In addition, the growing popularity of social networking sites, such as Facebook and MySpace, present new privacy challenges that were not envisioned when ECPA was passed.

Simply put, the times have changed, and so ECPA must be updated to keep up with the times.

Well, today Sen. Leahy proposed a new bill that might do just that.  The bill (pdf here) would get rid of that 180-day loophole, and require the feds to get a warrant no matter how old the email or data might be.

-=-=-=-=-

Obviously, we’re in favor of that.  But this bill goes farther than that.  If adopted, this bill would also:

  1. Prohibit cloud services from knowingly (more…)

Hey, feds, get off of my cloud

Friday, April 8th, 2011

Our jury’s still out, and there’s so much stuff to catch up on.  There’s the 5th Circuit’s denial of Jeff Skilling’s appeal, even though the Supreme Court had struck down the “honest services fraud” charge last summer.  We were so ready to write something about it yesterday, but work intervened, and now we’re not in the mood.  Maybe this weekend.

Instead, we’re all intrigued about the Senate hearings earlier this week on whether federal law enforcement ought to get a warrant before doing any search and seizure out there in the cloud.  Apparently, the Obama administration says the warrant requirement is just too much of a hassle.

The term “cloud computing” covers a lot of things, but for these purposes we’re talking about people storing data not on their own hard drives, but out there somewhere in the ether of the internet.  Of course, “out there somewhere” means “stored on someone else’s servers.”  Which means it’s there for the taking (or destruction) if those remote servers were to be compromised.  And of course, that means it’s out there for the seeing if law enforcement decides to go poking around in the cloud.

As the law currently stands, if an email is more than 180 days old, the feds are allowed to snag it without a warrant, under the 1986 Electronic Communications Privacy Act.  In yet another bit of Orwellian fractal weirdness, the ECPA was designed to ensure that online communications had just as much privacy protection as anything in the offline world.  (Given the erosion of Fourth Amendment protections in the brick-and-mortar world, a cynic might be tempted to crack that the ECPA has lived up to its expectations.)

As Vermont senator Patrick Leahy put it last September, when the Senate first starting considering changes to the ECPA, the statute

was a careful, bipartisan law designed in part to protect electronic communications from real-time monitoring or interception by the Government, as emails were being delivered and from searches when these communications were stored electronically. At the time, ECPA was a cutting-edge piece of legislation. But, the many advances in communication technologies since have outpaced the privacy protections that Congress put in place.

Today, ECPA is a law that is often hampered by conflicting privacy standards that create uncertainty and confusion for law enforcement, the business community and American consumers.

For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent. There are also no clear standards under that law for how and under what circumstances the Government can access cell phone, or other mobile location information when investigating crime or national security matters. In addition, the growing popularity of social networking sites, such as Facebook and MySpace, present new privacy challenges that were not envisioned when ECPA was passed.

Simply put, the times have changed, and so ECPA must be updated to keep up with the times

Think of it this way:  You’re storing your emails on a third party’s servers.  Isn’t there some lessening of your privacy expectations in that situation?  And on top of that, until maybe six or seven years ago, it wasn’t that outrageous to deem emails left on a third party’s servers for more than six months — instead of storing them to one’s own hard drive or local server for preservation — to be “abandoned.”  AOL users lost their emails after just a month or so.  If you didn’t actively save it to your hard drive, you didn’t want it.  (Forget, of course, the user’s reasonable expectation that the email would no longer exist in the first place.  Do not waste brain cells wondering whether one can abandon something that one believes to have already been destroyed.)

The point is, the law sort of made sense back in the 80s.  And it still kinda made sense when Google was new and Facebook was still in the future.

But now, things have changed.  In ways that are both dramatic and obvious to anyone who might be reading this post.  Now, by default, the vast majority of users do not store their emails locally (if they even know how to do so).  Emails are almost always accessed through a third party’s servers.  Almost nobody downloads their emails — and even if they do, the original remains on the server.

The vast majority of users expect that their emails, protected by their usernames and passwords, will remain private.  Even though the emails are stored out there in the cloud, the ordinary reasonable expectation is that they are private.

As we all know, the Fourth Amendment prohibits the search and seizure of stuff where there is a reasonable expectation of privacy, unless law enforcement gets a warrant based on a showing of probable cause to believe that particular evidence of a particular crime will be discovered by the search.  (For those of you desiring a quick primer on the various exceptions that apply, you can certainly do worse than to listen to N. Burney and G. Mehler’s brilliant CLE lecture, “Search and Seizure in 60 Minutes“)

The exceptions to the Fourth Amendment essentially boil down to situations where the evidence would cease to exist if a warrant were sought, or there’s some other thing we want the police to be able to do (such as make sure people are safe) that might be deterred if they weren’t allowed to use evidence observed in the process.  None of the exceptions are based on a policy of “we probably wouldn’t have probable cause to search in the first place.”

But that is precisely the policy offered by the Obama administration this week.  We kid you not.  Here’s associate deputy attorney general James A. Baker, testifying on why the administration doesn’t want to have to get a warrant to search the cloud:

In order to obtain a search warrant for a particular e-mail account, law enforcement has to establish probable cause to believe that evidence will be found in that particular account. In some cases, this link can be hard to establish.

And if they aren’t allowed to search in cases where they cannot establish probable cause in the first place?  The consequences would be dire, he (more…)

Defending Assange

Wednesday, December 8th, 2010

Now that Julian Assange has been arrested in the U.K., his fight for the moment is to prevent extradition to Sweden, which wants to arrest him for questioning about allegations of sexual misconduct.  But given the comparative laxity of any punitive measures Sweden might impose even in the worst case scenario, a more troubling concern is the possibility of extradition to the United States for criminal prosecution for espionage.

If that happens,  however, he might have a pretty good shot at winning.

The Espionage Act of 1917, 18 USC §§792-799, is what he’d have to deal with (there are reports that the DOJ is already preparing these charges).  Here are the parts that are most likely to apply:

§793(c) gets you up to 10 years in prison for receiving anything pertaining to U.S. national defense, if you did it while having “reason to believe” that it was illegally obtained, and that it would be used either to the injury of the U.S. or to the advantage of another country.

§793(e) gets you up to 10 years in prison if you’re in possession of such stuff, and you have “reason to believe” that it “could be used” either to the injury of the U.S. or to the advantage of another country, and you go ahead and disseminate it or cause it to be disseminated.

Well, wait, you say.  Those sound pretty much exactly like what Assange freely admits to having done.  A private in the U.S. Army apparently downloaded a whole bunch of confidential documents, and provided them to Wikileaks.  Assange ordered the documents to be released, publicized what he was doing, and publicized that it would likely injure the United States.  Forget all of Assange’s bluster about the harm being minimal.  His actions seem to hit all the statutory elements.  So how can he win?

As several have (more…)

Dude, We Warned You

Wednesday, May 5th, 2010

The Monitor reports that a 17-year-old Texas boy is now facing child porn charges, after getting a 16-year-old friend to send him a topless photo of herself from her cell phone.

Child porn is a very VERY serious charge. Even those who themselves would never commit a sex act against an actual child still go to prison for a long time just for downloading pictures that may be more than a decade old. You don’t ever want to get charged with it. We defend people charged with it, we know of what we speak. (Heck, we wrote the book on it.)

So when this whole “sexting” thing hit the news in ’09, we posted a warning that teens might unwittingly be exposing themselves [Ed.- Was that necessary?] to criminal charges that are in many ways life-ending.

Fortunately, there are prosecutors and judges out there with good judgment, who won’t go after teens for stupid teenage indiscretion with other teens. But there are also school administrators who can get themselves in trouble for possessing the photos during their own investigations.

Will this kid wind up getting prosecuted? Who can say. It’s up to that local DA’s office. The feds probably won’t touch it, but state prosecutors typically only go after (more…)

Gawker Gets It Wrong

Tuesday, April 27th, 2010

gizmodo

As everyone reading this is probably aware, last Monday the website Gizmodo announced an exclusive look at Apple’s iPhone 4, which hasn’t been officially released yet. In their post (here), they said “you are looking at Apple’s next iPhone. It was found lost in a bar in Redwood City, camouflaged to look like an iPhone 3GS. We got it. We disassembled it. It’s the real thing, and here are all the details.” The post was written by blogger Jason Chen, and featured video of him showing details of the phone, and a lot of photos.

As time went on (see all the posts here), it came out that Gizmodo had paid $5,000 for the phone. The guy they bought it from wasn’t the phone’s owner, but had merely found it in a beer garden back in March. An Apple employee had lost it there.

So, if they bought it from someone who wasn’t the owner, and they knew it was supposed to be a secret, did the folks at Gizmodo commit any crimes here?

Law enforcement got involved very fast. By Friday, law enforcement in San Mateo had gotten a search warrant (viewable here) to seize Jason Chen’s computers, disks, drives, and any records pertaining to the Apple prototype 4G iPhone.

The search warrant was executed that same day, and a bunch of computer stuff was seized (the inventory is also viewable here).

Yesterday, the chief deputy district attorney for San Mateo County told the WSJ’s “Digits” blog (here) that nobody’s saying a crime happened or not. They’re still investigating.

Meanwhile, however, Gawker Media (the owner of Gizmodo) issued a letter on Saturday (viewable here) stating that “under both state and federal law, a search warrant may not be validly issued to confiscate the property of a journalist.”

In support of that statement, Gawker Media cited California Penal Code §1524(g) (viewable here), which prohibits search warrants for items described in Evidence Code §1070.

Evidence Code §1070 (here) says a judge can’t hold a journalist in contempt for refusing to disclose his sources, or for refusing to disclose unpublished information gotten while preparing a story.

So we have to ask, does Gawker Media know what it’s even talking about?

-=-=-=-=-

There’s a big difference between a search warrant and (more…)

Hoist on Their Own Petard — How Forensic Accountants Catch Small-Time Scammers

Tuesday, August 11th, 2009

 

No law today. Let’s have a police procedural for a change. We’re in the mood for some white-collar stuff, so here goes.

Forget about the Madoff case. Most financial crimes are nowhere near as headline-worthy, nor do they involve such massive amounts of other people’s money. But smaller scams are just as likely to get prosecuted, and they’re just as much a felony as the big ones. And though the news may not report it, people get caught and convicted all the time.

And like Al Capone, the smaller scammers aren’t caught by the gun-toting detectives so much as by the green visor-wearing accountants.

It’s usually a case of self-incrimination. Defendants usually create the very evidence that puts them behind bars, in their financial books and records. Of course, most of them aren’t doing it on purpose. They’re not creating blatant records that flatly proclaim “here there be crimes.” Most take pains to avoid creating records of improper doings, and to conceal or camouflage the rest. But it is often those very attempts to hide their activities that wind up calling attention to them.

-=-=-=-

Every law enforcement agent knows that, to catch the “bad guys,” you need to follow the money. Who wound up with the cash or the assets? How did the money get from person A to person B, and so on to Mr. X?

One easy way to start is to look at public documents. Lots of records get publicly filed, for anybody to look at, and they can be good leads. Does Mr. X own a house? Pull the deed from the county clerk’s office. There’s going to be information that leads to the mortgage itself, and then Mr. X’s bank records are just a subpoena away. Probate records lead to the estate, which leads to more bank records and real estate records. Does someone have a rap sheet already? Maybe they had to post bond in an earlier case. That’s going to show the source of the lien, and lead to more assets. Dun & Bradstreet and similar records can tell whether someone has a lien against Mr. X — such people are often more than willing to give more information to law enforcement. Heck, even newspapers can be a source of leads to get an investigation started.

Paper begets paper. Or computer data. It is nigh impossible to have dealings of any significance without some record being kept somewhere, in some form.

When following leads, the investigator ought to have an idea of what he’s looking at. What kind of business is this company in? Where are they located? What do they spend money on? The investigator can’t tell whether something is unusual unless he knows what the usual looks like.

Maybe this is a kickback scheme. If I am demanding kickbacks from you, or bribes, or extortion payments so I allow you to keep doing business with me, then maybe I don’t want that money coming directly to me. And maybe you don’t want it coming directly from you. So perhaps I set up a “consulting” company to receive payments from you. Or maybe you set up a “customer” company to make payments to me. Or perhaps we do both. Maybe we have lots of shell companies, or only one. If the investigator figures it out, though, our cautions might turn around to condemn us.

Maybe you pay me with a no-show job. If so, you’d better be careful about who is holding back my payroll checks or delivering them to me. And is my pay typical of my job? A steady, constant paycheck is more typical of an office worker than a blue-collar worker, after all. These are possible tipoffs to an investigator. And paper begets paper.

-=-=-=-

So how else do they get the paper, apart from going to public records?

Subpoenas are the main stock-in-trade of the white-collar investigation team. Smart teams won’t subpoena the world, of course, because that just makes for far more work than necessary, while increasing the odds of tipping off Mr. X to the existence of the investigation. Instead, they’ll just limit their subpoenas to what they really need. Narrow requests also make more subpoenas necessary down the road, which keeps open a line of communication.

A shotgun subpoena followed by a narrower one just tips off defense attorneys like us. We see something like that, we have a chat with the client, and figure out what the investigators are probably looking for. We get all that extra time to prepare our defense.

When in doubt, utility bills are a common lead-generator, to figure out how someone is paying for their phone, cable, electricity, etc.

One thing they’ll probably want to see are old tax returns, especially for a business. Tax returns can be a mine of useful information, such as who formed the business, who the officers are, how much they get paid, who their accountant is (always a good person to interrog… ah, interview). And if the tax returns don’t match reality, well that’s another charge for the grand jury to hear, isn’t it?

The company’s accountant often did the tax returns for the owners and officers, too. Investigators can request the accountant’s retained copies of those returns, and find out all kinds of information about assets, mortgages, sources of income, etc.

Canceled checks are a high-want item. They’re one way of seeing who’s paying money to whom.

Bright investigators don’t settle for photocopies, but insist on originals. Critical information could have been whited out before copying. Photocopies are often illegible, and may not include the all-important information on the back of checks showing who deposited it and to what account.

In general, subpoenas are going to be issued to non-targets. There’s little point in asking the suspect to provide the evidence that will hang him. All it does is raise him up. And a savvy defense attorney is going to bring that client in to present the documents to the grand jury — because here in New York, for example, it is far too easy for the prosecutor to slip up and confer total transactional immunity on the client right there in the grand jury. (That’s a topic for a whole nother post.)

No, suspects aren’t usually the ones who get subpoenaed. They get searched.

-=-=-=-

Search warrants are a unique chance for the investigators to get all that stuff they never would have gotten from a subpoena. The “second set of books,” rather than the official set they keep for the IRS and other outside eyes. The secret records. (Although these can sometimes be viewed by an undercover posing as a legitimate potential buyer of the business.)

That’s what the investigators are hoping for: a “smoking gun” document of some kind. Original documents with all the info that got whited out in the subpoena response. Records of illicit payments made, cash skimmed, investors gypped. Evidence that customers were told one thing, but reality was something else entirely. It may be buried somewhere in all those boxes of docs and all those hard drives, but they can’t wait to find it.

These records may be as simple as a notebook or a wad of scratch paper. They could be as detailed as anything. Maybe there’s evidence of a cash payroll — which leads to questions of where that cash came from (the bank? really?) on top of issues of tax and benefits evasion. Maybe there’s a little black book recording paid bribes, or extortion payments received.

Search warrants are often a fine way to gain evidence of embezzlement. Maybe those personal expenses were paid for with the business’s money, or with investors’ deposits. A good search warrant team will have agents who know what they’re looking for, others speaking to the subject. Others will be busy talking to witnesses, family members, employees and others at the location, letting them think the cops know exactly what’s going on, so they’d better come clean.

In a suspect’s home, the search team might see pictures of that really nice boat, or expensive collections, or the like. Investigators love to see things like that, especially when the checkbook doesn’t show those expenses. A lifestyle and possessions beyond one’s official means is going to make them poke around for illegitimate sources of cash.

Obviously, the execution of a search warrant means the investigation ain’t a secret any more. So these usually come at the end of an investigation.

-=-=-=-=-

So how about some examples. Let’s say I have ABC company. Law enforcement subpoenaed or seized a bunch of payroll checks. Every week, my company is cutting a few dozen checks to employees. They all look totally legit, until one of the forensic accountants notices that Joe Blow tends to deposit four or five checks at a time, all on the same day. That means he’s probably not getting them each week like a normal employee, but is receiving a bunch of them once a month. That is typical of a no-show job. Joe Blow and I are now just that much closer to getting caught. Thanks, Joe.

Meanwhile, my manufacturing company DEF sends out invoices every month or so to Jack Nimble, charging tens or hundreds of thousands of dollars for all kinds of different products being delivered. Payment is due on receipt, send the check to my headquarters at 1405 Blank Lane, Suite 120. Unfortunately, the forensic accountant noticed that each month’s invoice number is one more than the previous month’s. Do I only have one customer, for all these things I’m selling? And Suite 120 turns out to be a mail drop box number. Suspicious. They’re going to watch that box and I.D. who uses it, and maybe figure out who’s paying for it. And due on receipt? Someone’s standing on the loading dock with a check for a couple hundred grand? No way. And anyway, how come there are no bills of lading, shipping records, or anything else indicating this really happened? This looks like Jack Nimble is paying me some kickbacks through a shell company.

Original checks are a treasure trove. I’m cutting tons of them to small suppliers, nothing more than $9500 or so. Oddly enough, however, they all tend to get cashed at the same check-cashing joint. They’re not deposited to anyone’s accounts. Looks like I’m laundering some money. Investigators are going to check up on these companies to see if they’re legit, maybe subpoena invoices, bills of lading and purchase order forms to see what’s going on.

MySpace Judge Agrees with Us

Friday, July 3rd, 2009

 

Remember the Lori Drew case? She’s the mom who was convicted last Thanksgiving for creating a fake MySpace persona, which she then used to harass a teenaged girl until the girl committed suicide.

After she was convicted, we argued that her conviction stretched the meaning of the statute too far. Here’s what we wrote:

The underlying statute, the Computer Fraud and Abuse Act, is a federal law intended to prevent hacking. Drew created a fictitious MySpace account, which was used to harass the girl. In doing so, Drew violated MySpace’s terms of service, though she apparently never read them. By violating the terms of service, Drew got unauthorized access to MySpace’s servers, and the prosecution went out on a limb to argue that this technically violated the CFAA.

But does it really?

Plenty of pundits are now doubting that the verdict will survive an appeal. Congress clearly intended the law to criminalize hacking into someone else’s computer. That’s different from creating a fictitious screen name — a very common and socially acceptable occurrence.

Terms of service are conditions imposed by websites which govern permissible use, and which almost always prescribe penalties that may be imposed for violations. These penalties normally range from warnings and temporary disabling of access, to permanent denial of access. The relationship is essentially contractual.

But if the prosecution’s theory is upheld on appeal, then breaching such conditions would have criminal consequences.

Criminalizing this kind of behavior isn’t exactly far-fetched. Crime is essentially that behavior which society considers so threatening that the guilty must be punished with a restriction on liberty or a loss of property. The existence of a civil remedy does not preclude something from being criminal — a thief is civilly liable to return what he stole, but still faces jail regardless. And there may be something to an argument for criminalizing the false personas on social networking sites frequented by minors, to protect society from predators.

But that’s clearly not what Congress was trying to do here. Furthermore, the prosecution’s stretched interpretation is just too overbroad. Rather than being narrowly tailored to focus on those who violate the TOS of a child-used site for the purpose of committing a nefarious or dangerous crime, the prosecution’s theory simply criminalizes all violations of any site’s TOS agreement. A court of appeals is likely to find that an improper application of the law.

Lori Drew was scheduled to be sentenced today. (Well, technically yesterday. Thursday. We’re still working, so it’s still Thursday to us.)

But she wasn’t sentenced. Instead, Judge Wu threw out her conviction. According to CNN, he refused to uphold the jury’s verdict because the guilty verdict would set a bad precedent that anyone who violates a site’s TOS could also be found guilty of a misdemeanor. Criminalizing all violations of a site’s TOS agreement is not what the law is designed to do. Because it technically allows such improper application of the law, it is probably unconstitutional for vagueness.

This was just an oral decision. Wu is expected to issue his written decision soon.

Great minds think alike!

Memo to Child Porn Defendants: The “It Was Only Research” Defense NEVER WORKS.

Thursday, May 7th, 2009

GEN. MELCHETT: Field Marshall Haig has formulated a brilliant new tactical plan to ensure final victory in the field.

CPT. BLACKADDER: Ah… Would this “brilliant plan” involve us climbing out of our trenches, and walking very slowly towards the enemy?

CPT. DARLING: How could you possibly know that, Blackadder? It’s classified information!

CPT. BLACKADDER: It’s the same plan that we used last time. And the seventeen times before that.

GEN. MELCHETT: Ex-ex-ex exactly! And that is what is so brilliant about it! It will catch the watchful hun totally off guard. Doing precisely what we’ve done eighteen times before is exactly the last thing they’ll expect us to do this time! There is, however, one small problem.

CPT. BLACKADDER: That everyone always gets slaughtered in the first ten seconds.

GEN. MELCHETT: That’s right.

From “Blackadder Goes Forth” Plan A: Captain Cook


(Quoted scene begins around 8:30)

Because of the frankly horrible topic of this post, we thought we’d dilute it a bit with a bit of Atkinson, Fry and Laurie. But it’s on point. As this clip illustrates, it simply defies common sense to try the same thing repeatedly and expect a different outcome.

But in child porn cases, defendants and their attorneys keep trying the same thing over and over, and all that happens is they go to jail.

We’re talking about the “I was only doing it for research” defense. Pete Townshend of The Who tried it, to no avail (although possession charges were dropped six years ago today, when no porn was found to be in his possession, he was still put on the sex offenders registry for paying to visit a child porn site). Any number of less-well-known defendants have also tried it and failed. Washington Post reporter Lawrence Charles Matthews tried it, and he actually had done a radio series on the subject, and he still got time (and his case, U.S. v. Matthews, 200 F.3d 338 (4th Cir. 2000) specifically held that there is no exception for journalistic or other allegedly-legitimate uses of child porn). A law enforcement officer, Michael McGowan, claimed to have been doing his own investigation on his own time, and wound up getting 20 years. Talk show host Bernie Ward claimed he was doing research for a book, and got 87 months last year.

Even though the defense never works, people keep trying it. And so we come to erstwhile war hero Wade Sanders, the former assistant deputy Secretary of the Navy who came to national prominence when he vouched for former presidential candidate John Kerry, who just got sentenced to federal prison.

First, some background. CAUTION: EXTREMELY DISTURBING CONTENT FOLLOWS.

During an apparently typical investigation, an undercover FBI agent logged onto a peer-to-peer file sharing service (where members can copy files from each other’s computers), and searched for computers containing files with the term “pthc,” which is shorthand for “preteen hardcore.” The agent found several child porn files on Sanders’ computer, including a photo of a preteen naked girl lying on her back with ejaculate on her stomach, a 10 minute video of adult males inserting their penises into the mouths of prepubescent naked girls with one scene of ejaculation, and a photo of two naked prepubescent boys engaged in anal intercourse. It was easy to identify the location of the computer where the files were located, and a search warrant was obtained. On executing the search warrant, three computers and an external hard drive were seized, all of which contained many more equally disturbing photos and videos. (This is common. Most offenders who possess child porn possess a large quantity of it.)

During the search, Sanders spoke with the agents. When asked if any child porn would be found, he only said that he sometimes encountered it while downloading adult porn, and always deleted it. At no time did he suggest that he was conducting research that might explain any child porn they might find. And he wasn’t found to actually have any research notes or materials.

The evidence appeared strong enough that he decided to plea to the charge, under 18 U.S.C. § 2252(a)(4)(B). Under the Guidelines, his offense level was adjusted upwards for having materials involving under-12 kids, using computers, distributing materials, and possessing over 600 images, to level 29. He got the standard 3E1.1 three-level reduction for accepting responsibility, getting him to level 26, with a sentencing range of 63 to 78 months.

At sentencing, the prosecution asked for the low end of 63 months. Sanders sought probation.

In his own defense, Sanders claimed that he was researching child porn, but with a twist. He started by saying he’d gone through hell in Vietnam combat. Then, in 2004, he started supporting John Kerry for president, and was criticized by other veterans. This criticism made him feel betrayed, and sparked an onset of post-traumatic stress disorder. This PTSD manifested itself with obsessive-compulsive behavior. He then stumbled on an image of child porn, was horrified by it, and became overly protective of the little kids. So he obsessively began trying to find out where the kids came from and the conditions they lived in.

The judge, Thomas Whelan, flatly stated that he didn’t buy it. He found no evidence that Sanders was telling the truth about being involved in any research. Sanders never mentioned this during the search, either. And his own story didn’t explain the stuff he’d downloaded before 2004. Judge Whelan also pointed out that the “I was only doing research” claim, even if true, is still not a valid defense under the law.

So, although the judge did come down off the Guidelines sentence, Sanders still received 37 months in prison — at the end of which he will be 105 years old. In all likelihood, this is a life sentence for the man.

* * * * *

What puzzles us is why people keep trying this defense, when the law doesn’t recognize it and it never ever works?

If we might be a little shameless here, we’d recommend that people try our piece titled “Understanding the Investigative Process to Better Defend Your Client,” in Inside the Minds: Strategies for Defending Internet Pornography Charges (2008). Or they might take our online CLE on defending internet porn cases, (the first in our “Hope for Hopeless Cases” series with West LegalEdcenter, which also includes that chapter in the course materials.

These cases rarely go to trial. Like Sanders, defendants usually plead out because the evidence appears overwhelming. Still, appearances can be deceiving, and there are often ways to attack the evidence itself. Maybe not enough to justify taking the case to a jury, but perhaps enough to negotiate a better deal. (Not implying that was the case with Sanders, nor impugning his attorney in any way, of course.)

What is most likely to work, however, is not trying to explain it away. Rationalizing the evidence is only going to hurt your credibility, as it did to Sanders.

Instead, what is most likely going to work is to attack the evidence itself. This is time-consuming and expensive, and isn’t guaranteed to work. After all, investigators have the luxury of building their own cases, and cherry-picking the strongest cases from the enormous number of possibles they could charge. Ideally, you want to be able to give the prosecution a new way of looking at the evidence, so that they realize it’s not necessarily as strong as they originally thought. It takes deep understanding and analysis by experts, as well as compelling advocacy. But even in a less-than-ideal situation, the more you can put the prosecution on the spot to defend its evidence — that the photos are real, that they depict real people, that the kids really are minors, etc. — or the more you can raise doubt about how incriminating it is, the better your chances of a decent plea offer.

Prosecutors rarely change their assessment of what a case is worth based on excuses and rationalizations. They made up their mind based on the evidence they have. A good defense is going to give them a new way of looking at that evidence, to get them to re-assess the defendant’s culpability, their chances of success, or (yes) the amount of work they’re going to have to do if this goes to trial.

And FOR THE LAST TIME, PEOPLE, “I was only doing research” is NOT going to do the trick.

“Sexting” – Humiliating? How About Criminal?

Thursday, March 12th, 2009

sexting.png

There has been a spate of news articles over the past week about a supposedly new teen trend called “sexting” — basically kids taking nude photos and sending them to each other’s cell phones and computers. The articles follow a Today Show interview with the mother of a girl who committed suicide last July after her photos started getting spread around. Most of the articles out there are of the “how do we protect our children from themselves” variety, but there is also a legal consideration. A lot of this activity could count as child porn, and could result in criminal prosecution.

Jesse Logan was a high school student in the Cincinnati area. Like plenty of teenage girls before her, she gave her boyfriend some nude photos. Unlike the Polaroids of previous generations, she sent them electronically, either by cell phone or by email.

Also unlike physical Polaroids, making copies of these photos would be free and easy. A potentially unlimited number could be sent off to others, just as she had sent them to her boyfriend. When they broke up, the ex-boyfriend sent copies to other high school girls. The photos spread around from cell phone to cell phone, and she started getting harassed at school. She became miserable, stopped going to school, and even went on a local TV station to tell her story.

Two months later, one of Jesse’s acquaintances committed suicide. She went to the funeral, then came home and hanged herself.

Hers is only the most tragic case making the news right now. But it happens all the time. There are reports that nearly half of all high school boys these days have seen nude photos of girls in their school. Some of those are spread by the girls’ boyfriends after a breakup, but most seem to have just been disseminated through normal teen chat.

If those ex-girlfriends were under 18 — and most of them probably were at the time, this being high school — then those photos are child porn. Distributing child porn, possessing it, and disseminating it to minors are all crimes that can get those high schoolers in serious trouble.

The consequences could be very severe. The ex-boyfriends and others who spread their photos could be charged with child porn, receive real jail sentences, and spend the rest of their lives as registered sex offenders.

Realistically, a teenage boy with a nude photo of his girlfriend isn’t likely to be charged with child porn. But someone who sends that photo to others, or posts it online, or otherwise spreads it around… that’s a whole ‘nother story.

It doesn’t even have to be intentional. Alan Grieco, a psychologist who treats Florida sex offenders, told Tampa Bay Online about a client who, when a young 20-year-old man, had dated a 17-year-old girl. He had a nude photo of her on his cell phone, which he did not share with anyone else. But after breaking up, his new girlfriend found the photo and sent it to the first girl’s parents. That young man was then charged with child pornography, and is going to spend the rest of his life living with that.

The kids who voluntarily send nude images of themselves aren’t thinking about how easy they will spread, how permanent such things are once they’re in the wide electronic world, and how much of an embarrassment they could be in the years ahead. That’s bad enough. But what’s worse is that the kids who receive, post and pass around these photos could be putting themselves in very hot water indeed.

MySpace Conviction Probably Exceeded Scope of Law

Tuesday, December 2nd, 2008

 

We were away last week, achieving an unqualified victory in a case brought by the Antitrust Division. But while we were gone, Lori Drew got convicted of three criminal counts of accessing a computer without authorization. Drew is the mom who was accused of harassing a teenaged girl over the Internet to the point where the girl committed suicide.

The underlying statute, the Computer Fraud and Abuse Act, is a federal law intended to prevent hacking. Drew created a fictitious MySpace account, which was used to harass the girl. In doing so, Drew violated MySpace’s terms of service, though she apparently never read them. By violating the terms of service, Drew got unauthorized access to MySpace’s servers, and the prosecution went out on a limb to argue that this technically violated the CFAA.

But does it really?

Plenty of pundits are now doubting that the verdict will survive an appeal. Congress clearly intended the law to criminalize hacking into someone else’s computer. That’s different from creating a fictitious screen name — a very common and socially acceptable occurrence.

Terms of service are conditions imposed by websites which govern permissible use, and which almost always prescribe penalties that may be imposed for violations. These penalties normally range from warnings and temporary disabling of access, to permanent denial of access. The relationship is essentially contractual.

But if the prosecution’s theory is upheld on appeal, then breaching such conditions would have criminal consequences.

Criminalizing this kind of behavior isn’t exactly far-fetched. Crime is essentially that behavior which society considers so threatening that the guilty must be punished with a restriction on liberty or a loss of property. The existence of a civil remedy does not preclude something from being criminal — a thief is civilly liable to return what he stole, but still faces jail regardless. And there may be something to an argument for criminalizing the false personas on social networking sites frequented by minors, to protect society from predators.

But that’s clearly not what Congress was trying to do here. Furthermore, the prosecution’s stretched interpretation is just too overbroad. Rather than being narrowly tailored to focus on those who violate the TOS of a child-used site for the purpose of committing a nefarious or dangerous crime, the prosecution’s theory simply criminalizes all violations of any site’s TOS agreement. A court of appeals is likely to find that an improper application of the law.

Will Internet Anonymity Be the Next Federal Crime?

Wednesday, November 19th, 2008

anonymous-blogger.png

Jury selection began today in what many are calling a landmark trial in the new field of Internet law. As the first case of its kind, U.S. v. Lori Drew could have a far-reaching impact on the future of anonymity on the web.

Lori Drew faces federal counts of Conspiracy and of Accessing Computers Without Authorization. Drew is charged with creating a false Internet identity on the social networking site MySpace, posing as a teenage boy. Prosecutors say she then used that false identity to befriend a depressed 13-year-old girl, a former friend of Drew’s daughter, and then began to harass the girl with hurtful messages. The girl hanged herself after allegedly receiving the messages, including one telling her that “the world would be a better place without you.”

Although Drew is not charged with the girl’s death, U.S. District Judge George Wu ruled last Friday that evidence of the girl’s suicide could be introduced by prosecutors. He stated that any prejudice would not be unfair, because the fact that the girl committed suicide is common knowledge, and jurors would be instructed that Drew is not charged with causing the suicide. Although the events took place in Missouri, the trial is being held in Los Angeles, where the MySpace servers are located.

The case is being closely watched, as Drew is being prosecuted under a law normally used to target computer hackers, and expanding the reach of the law could create criminal liability for many.

The Computer Fraud and Abuse Act prohibits accessing protected computers without authorization. The prosecution seeks to expand the scope of this prohibition, to include violating the terms of service of a website that prohibits people from misrepresenting their identity through false accounts.

Using a false name to register with a website is commonplace. Anonymity is sought for a variety of reasons, most of them socially acceptable. Reasons range from fears of identity theft, protection from predators, avoiding spammers and scammers, and other justifiable concerns in this high-tech age. There are malicious reasons, too, such as concealing the identity of individuals committing crimes online.

The jurors being selected today will be asked to determine whether violating MySpace terms of service, by registering a false user profile, is a federal crime. They may well do so, especially now that they will hear that this particular false profile was allegedly used to harass a young girl to the point where she committed suicide.

Feel free to comment to this post anonymously or under a false name. It does not violate The Criminal Lawyer’s terms of service.