Friday, December 30, 2011

Georgia court finds probable cause though investigator did not contact person who discovered CP

The Georgia Court of Appeals held in Manzione v. State that the failure of a Georgia investigator to contact the Yahoo! employee who reported child pornography to NCMEC did not invalidate a search warrant. 719 S.E.2d 533 (2011).

An employee at Yahoo! discovered four images of child pornography and tracked the IP address to Athens, Georgia. The employee reported this information to the National Center for Missing and Exploited Children (NCMEC) where the images and information were forwarded to the Georgia Bureau of Investigations. An agent then tracked the IP address to the defendant's address and obtained a search warrant.

On appeal, Manzione contested admission of evidence on the grounds that probable cause did not exist because the information obtained by the agent was hearsay "and that NCMEC was an unreliable source" as the agent should have directly contacted the Yahoo! employee. The court found "that NCMEC was nothing more than a pass-through entity" and though the agent probably should have contacted Yahoo!, the information could have been presumed reliable. Therefore, sufficient probable cause existed for the search.

RELATED CASE: Almost the same situation arose in another Georgia appellate case involving a report from Google to NCMEC in James v. State, 312 Ga. App. 130 (2011).

Thursday, December 29, 2011

Comedian Louis CK weighs challenges of piracy and profit in new video release

Louis CK posted his PayPal account page to his website.
I do not dedicate a lot of time to discussing music, movie, or software piracy on this blog as those topics are covered extensively on other blogs. However, I did want to bring up a story I read concerning comedian Louis CK's new video. The comedian decided to forego digital rights management and traditional advertising. Instead, the download is simply for sale on his website.

"The experiment was," wondered Louis CK, "If I put out a brand new standup special at a drastically low price ($5) and make it as easy as possible to buy, download and enjoy, free of any restrictions, will everyone just go and steal it? Will they pay for it? And how much money can be made by an individual in this manner?"

The result was spectacular - over $1 million in just twelve days. Perhaps if people didn't have to pay $30 for a movie, there would be less piracy.

First Circuit vacates CP convictions after FBI agent makes improper statements

The First Circuit recently reversed a child pornography conviction after admission of improper testimony. United States v. Vázquez-Rivera, 665 F.3d 351 (1st. Cir. 2011). The FBI had conducted a chatroom operation, posing as a 14-year-old girl. After sending video to the "girl" of a man (no face identifiable) masturbating, the FBI tracked the IP address back to the home of the defendant. Over 100 images of child pornography were found on the home computer, which was apparently accessible by seven people.

The first issue on appeal was whether test FBI Agent Segarra's testimony was improper overview testimony. Such testimony is usually presented "early during trial to describe the government's general theory of the case." The problem is when the witness provides an overview of the entire investigation "including aspects ... the witness did not participate in, before the government has presented evidence." However, the court found that the agent's testimony was not improper overview because the agent was the "penultimate witness on the first day of a five-day trial and, as such, did not "preview" the government's case."

On the stand, Segarra was asked to identify the person who was found to have been using the screen name at issue, and she responded with the defendant's name. The admission of this statement was plain error because it addressed the ultimate issue before the jury. Only circumstantial evidence existed to show a connection between the defendant and the chats. Further, the testimony was based "on the overall investigation rather than her personal observations." Here's the exchange:
Q: And just to make -- to clarify, IncestoPR is the same person as Secreto, correct?
A: Correct.
Q: And Secreto is the same person at
A: Correct.
Q: And throughout your investigation, who did you identify that person to be?
. . . .
A: We identified him as William Vazquez-Rivera.
The court also addressed the specific wording of the testimony by Segarra: "we ended up identifying [the subject] as William Vazquez Rivera." This statement is also improper because it involves the opinion of other unidentified officers and because it declares the defendant to have "sent the illicit material and was therefore guilty."

She also testified regarding the video that has been sent. The defendant was wearing pajama pants in the video and was wearing those same pants the day that Segarra and others arrived at the defendant's home to execute a search warrant. Because she connected the pants to identify the defendant as the same person in the video, this testimony was improper.

This goes on and on with various other statements made by the agent, and the court strikes each down as improperly admitted. The court found that the "repeated and extensive use of improper testimony may have influenced the jury" and because the evidence was not "sufficiently compelling to assuage this concern," the conviction should be vacated.

Monday, December 26, 2011

EFF releases guide to help international travelers protect files

Last week, the Electronic Frontier Foundation (EFF) released a 21-page guide titled "Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices." It contains information on how travelers should backup their data, minimize what they carry with them, and encrypt files.

There are several exceptions to the warrant requirement of the Fourth Amendment, one being the border search exception. At least one federal appellate court has held that there is no requirement of suspicion of criminal activity in order to search technological devices as a person travels to or from the United States. See United States v. Arnold, 533 F.3d 1003 (9th Cir. 2008).

Thursday, December 22, 2011

Tech Watch: How to track Internet activity back to a user

Be sure to visit Cybercrime Review's YouTube channel in the future for more videos like this. If you have any suggestions for video topics, post your ideas in the comments below.

Wednesday, December 21, 2011

Fourth Circuit vacates CP transportation convictions as multiplicitous

The Fourth Circuit vacated 26 convictions for transporting child pornography as plain error of multiplicity in United States v. Buczkowski, 2011 U.S. App. LEXIS 25190 (4th Cir. 2011).

The defendant had been charged with possession and transportation of child pornography after a computer repairman found 27 images of child pornography on defendant's computer. The images were of his niece, some of which were pictures of the defendant and niece engaging in sexual acts. The defendant had been working for a military contractor in Iraq, and because he transported the images "using any means ... of foreign commerce", he was subject to the transportation charge.

At trial, he was convicted of 27 counts of transportation, but on appeal, he argued that the additional counts were multiplicitous. The court found that "[t]he central focus of the statute is the act of transporting, not the number of individual images transported." Therefore, only one count should have been charged. Because the defendant raised the issue for the first time on appeal, the court reviewed under plain-error, and found that the convictions should be vacated.

Tuesday, December 20, 2011

CDA claim against Facebook's "Sponsored Stories" feature survives motion to dismiss

When Facebook released its Sponsored Stories feature in January, many users instantly began complaining. Yesterday, a lawsuit concerning the feature survived Facebook's motion to dismiss.

Sponsored Stories connects a Facebook user's likes and check-ins to paid advertising. For example, if a user likes Nike, their name may appear on Nike's website when one of the user's Facebook friends visits the site. Though users can opt-out from being used in Sponsored Stories, it was automatically enabled for all users when released.

In Fraley v. Facebook, Inc., 2011 U.S. Dist. LEXIS 145195 (N.D. Cal. 2011), the plaintiffs allege violations of the Communication Decency Act (CDA), among others. While Facebook argued in its motion to dismiss that the CDA "provides broad immunity" to websites like themselves, the court found that the statute may not extend to Facebook's actions in Sponsored Stories. The plaintiffs allege that that "Facebook creates content by deceptively mistranslating members' actions," making it an information content provider and, thus, not immune under the CDA.

If you have a passion for preventing cyber crime and would like to make a career out of it, a masters programs in criminology can help you find the job you are looking for.

No probable cause to search home after sex offender conducts possible CP search at work

In United States v. Busby, the defendant's employer noticed that the computer assigned to him was performing searches such as "young-angels" and downloading torrents like "Pthc-Russia10Yo-11Yo-Little-Brother-And-Sister-2BoyGirls-Fucking-Just-Posing-Or-Naked-Pthc-R." 2011 U.S. Dist. LEXIS 145217 (N.D. Cal. 2011). The employer contacted the police and the laptop was seized. The following day, a search warrant was obtained for the defendant's residence because the laptop had also been used at the defendant's  home and contained images "of females in their mid-to-late-teens posing in a sexually suggestive manner." The defendant was also registered as a sex offender.

The court found that while the defendant may have had a subjective expectation of privacy in the laptop, he had signed a policy stating that "[u]sers have no explicit or implicit expectation of privacy" in the laptop. Thus, the employer's consent to search and seize the laptop was permissible. The search of the defendant's home, however, was unconstitutional and warranted suppression of evidence. The websites visited were only suspected of containing child pornography, but as the court pointed out, the photos in question may have been of young adults (18 or 19 years old) and not child pornography. Further, the fact that he was a registered sex offender does not help establish probable cause under these facts.

Monday, December 19, 2011

Conviction reversed after juror uses Twitter during trial

An Arkansas juror tweeted during trial, “Choices to be made. Hearts to be broken. We each define the great line.” It was brought to the attention of the court after counsel discovered it and realized a reporter was following the juror. Ultimately, the trial judge found that the juror disregarding a specific instruction not to tweet was not a material breach of the juror's oath. Then, the juror continued to tweet in a similar manner despite constant reminders not to do so.

On appeal before the Arkansas Supreme Court, the court reversed and remanded the conviction as a result of this juror's misconduct (and another juror who slept throughout parts of the trial) (Dimas-Martinez v. State, 2011 Ark. 515 (2011)). The court also ordered a committee to examine limiting juror's access to mobile phones during trial.

Other cases that have dealt with the issue of juror use of social media include:
  • Pennsylvania juror updated his Facebook status throughout the trial with comments such as "can't believe tomorrow may actually be the end." The updates were shown on local television news, but the court found there was no outside influence or prejudice. United States v. Fumo, 655 F.3d 288 (3rd Cir. 2011)
  • Facebook statuses such as "I may get 2 hang someone" and "Guinness for lunch break," and the juror becoming friends with another juror was not enough to demonstrate prejudice or bias. United States v. Ganias, 2011 WL 4738684 (D. Conn. 2011)
  • Juror friending the plaintiff on Facebook and sending pictures from the account to the plaintiff's lawyer that allegedly showed drug use was not improper because testimony indicated the trial had been over prior to the friending. Wilgus v. F/V Sirius, Inc., 665 F. Supp. 2d 23 (D. Me. 2009)

Sunday, December 18, 2011

Fifth Circuit reverses CP charge because computer was shared, dissent suggests argument is 'nonsense'

In United States v. Moreland, 665 F.3d 137 (2011), the Fifth Circuit dealt a crushing blow to prosecutors, finding that where a computer is shared between multiple users and no evidence clearly proves which user viewed child pornography found on it, a conviction will not stand.

The defendant lived with his wife and father. The three shared two computers, and the defendant's father often used them late at night. In September 2007, the wife found Internet history that indicated viewing of child pornography, and she reported it to police. In January 2008, the father died, and in May 2008, the defendant was charged with possession of child pornography. Testimony at trial indicated that there was no way to know the download dates of the images presented to the jury, and it was impossible to distinguish use of the computer between the three. The defendant's family testified that the father had long been a viewer of pornography.

With regard to custody of the computers, the court found that the prosecution offered no evidence to show that the defendant knew of the images and had control over them. Further, even exclusive possession of a computer without evidence showing defendant's knowledge and control over the images is insufficient for a possession conviction. Therefore, the court reversed the conviction.

In his snarky dissent, Judge Jolly wrote, "The record does not reflect whether the jury box had more than twelve chairs, but we do know—and we know for sure—that two more jurors are trying to crowd into the box." Jolly argued that there was sufficient evidence to support the conviction and that the "'[m]y dead Daddy did it' defense was deceitful and fictional nonsense." If you want to get schooled in deference to a jury's verdict and proper standards of review, this dissent is an excellent read.

It will be interesting to see whether the Fifth Circuit rehears the case en banc. Meanwhile, I would imagine defense attorneys certainly appreciate the gift.

Electronic evidence authenticated by pictures, greetings, and stated interests

In previous posts, I have attempted to list what courts look for when authenticating digital evidence. A recent California case almost adds a new one to the list. I may be reading too much into the opinion, but it's a worthwhile argument nonetheless.

The issue concerned authentication of a printed MySpace profile. People v. Valdez, 201 Cal. App. 4th 1429  (2011). It contained the following that was attributable to the alleged author: his pictures, greetings addressing him by name or relation, and stated interest in gangs and a picture of him "forming a gang signal with his right hand."

The profile was used to tie the defendant to gang activity, and the relevant data had been posted more than a year before the crime, making it inconceivable that anyone would have fabricated the information that early. Thus, implicit in this decision is a rule that electronic evidence can be authenticated if it appears that the supposed author has continued to update the profile. If they had not authored certain data on the page, they obviously would have deleted those postings (assuming, of course, that they saw them).

Derogatory statements toward "enthroned tulku" labeled free speech, defendant compared to Colonists

The case of United States v. Cassidy (2011 WL 6260872) has made headlines in recent days for many reasons. Cassidy was charged under the federal stalking statute (18 U.S.C. § 2261A(2)(A)) for actions on  Twitter and a blog. Cassidy met the victim, "an enthroned tulku or reincarnate master who was enthroned in 1988 as a reincarnate llama" after claiming to be a tulku. Cassidy worked with the victim for two weeks, and upon termination, went to cyberspace to complain. 

In total, the victim claims that over 7,000 tweets were directed at her. Other derogatory statements were made on a blog titled "Digital Tibetan Buddhist Altar." The tweets included:
  • "you are a liar & a fraud & you corrupt Buddhism by your very presence: go kill yourself."
  • "that ho b*tch so fat if she falls & breaks her leg gravy will spill out."
  • "Rain tomorrow should cover the tracks..."

The victim did not leave her house for a year and a half after these acts, except for visits to a psychiatrist.

After extensive analysis, the court found the statements protected by the First Amendment. The victim was "a well-known religious figure" and "challenge[d] her character and qualifications." Further, "the Government's interest in criminalizing speech that inflicts emotional distress is not a compelling one."

Continue reading after the jump to see how the judge compared Cassidy's posts to how our Founding Fathers might have put up signs in their front yard.

Asking "u free tonight" not a substantial step under federal enticement statute

The Court of Appeals for the Armed Forces recently addressed whether a chat room conversation fell under the underage enticement statute by the question "u free tonight" being a substantial step. Finding it not to be, the decision was reversed. United States v. Winckelmann, 70 M.J. 403 (2011).

The defendant was charged with attempted enticement of a minor under 18 U.S.C. § 2422(b) (among other charges) for a chat room conversation in which he thought he was chatting with a 15-year-old male. When asked if he would have sex with 15-year-olds, he replied "if they want." After asking the "boy", "u free tonight", he told the boy, "e-mail me u want to get together."

The statute (in relevant part) allows fine and imprisonment not less than 10 years if one knowingly entices (or attempts to do so) any individual under age 18 to engage in sexual activity using a means of interstate commerce. Courts have held that the defendant must take a "substantial step toward enticement" in order to be guilty. United States v. Young, 613 F.3d 735, 742 (8th Cir. 2010)United States v. Barlow, 568 F.3d 215, 219 (5th Cir. 2009)United States v. Brand, 467 F.3d 179, 202 (2d Cir. 2006)"[T]he substantial step must 'unequivocally demonstrat[e] that the crime will take place unless interrupted by independent circumstances." United States v. Goetzke, 494 F.3d 1231, 1237 (9th Cir. 2007).

The Winckelmann court found that asking "u free tonight" was not a substantial step as "[t]here was no travel, no 'concrete conversation,' such as a plan to meet, and no course of conduct equating to grooming behavior."

Friday, December 16, 2011

Probable cause existed where teenager used images of CP to turn in his father

In United States v. Wilker, the court found that probable cause existed where the defendant's son took evidence of defendant's child pornography collection to the police. 2011 U.S. Dist. LEXIS 144264 (N.D. Iowa). The evidence included two images and two VCR tapes alleged as being from a hidden camera kept in the defendant's bathroom. Going by the testimony of the son and the son's friend, law enforcement obtained a warrant to search the defendant's house.

The defendant argued that probable cause would not have existed if law enforcement had disclosed information regarding the son's credibility to the magistrate. In the interview, the son "admitted that he wished to live with his mother instead of Defendant, that he and Defendant often argued and that, just days before [the son] reported Defendant to the police, Defendant had threatened to send Stephen to a 'boys home.'" The court found this to be a non-issue because the son "was a known informant and police could have held him accountable," and "he had 'an exceptionally strong basis of knowledge'" because he had personally discovered the images and tapes.

A second argument against probable cause concerned the fact that the son had told the officer he had not seen child pornography on the defendant's computer in at least a year, and thus probable cause did not "exist when [the] warrant [was] issued" with regard to the computer. However, because of the other evidence, it was reasonable to assume that the defendant "had used his computer in the past to store child pornography," and it should have been searched.

Court applies exception provision of federal Wiretap Act

In a recent wiretapping case, the court made a brought up an important Wiretap Act provision that should be clarified. The plaintiff learned that his conversation with a J.P. Morgan Chase Bank employee had been recorded by the company. The court holds that under the federal Wiretap Act, the plaintiff cannot state a claim. "The statute prohibits an interception that is 'for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.' 18 U.S.C. § 2511(2)(d). Courts have interpreted this provision to require that the 'interceptor intend to commit a crime or tort independent of the act of recording itself.' Caro v. Weintraub, 618 F.3d 94 (2d Cir. 2010).

While the court is correct in its analysis, it is important to mention that Caro and the Wiretap Act both state this requirement only "where [the wiretapper] is a party to the communication or where one of the parties to the communication has given prior consent to such interception." 18 U.S.C. § 2511(2)(d). Thus, if a party to the conversation records it for the purpose of committing a crime or tort, they have also violated the federal Wiretap Act.

The case is Berk v. J.P. Morgan Chase Bank, N.A., 2011 U.S. Dist. LEXIS 143510 (E.D. Pa. 2011).

Thursday, December 15, 2011

No suppression for CP found during TSA search

In United States v. McCarty, the Hawaii federal district court reconsidered a child pornography case after it had been vacated and remanded from the Ninth Circuit. When the defendant's luggage was scanned at an airport, a mass was noticed around his laptop. Fearing explosives, the TSA employee opened the bag, pulled out an envelope of photos, and several photos fell out. By normal procedure, the agent must flip through the photos for explosives material. The photos ranged from newspaper clippings of children's underwear ads to images of nude children, 57 images total of minor children. None of the images were technically child pornography, but taken together, they looked far from innocent.

The Ninth Circuit had extensively analyzed the search under administrative search doctrine, noting that "[t]he TSA search scheme ... was focused solely on the discovery of threats to air travel safety," and "the scope of the permissible search ... was defined by the point at which the screener was convinced the bag posed no threat to airline safety." The court found that while the agent acted, in part, outside the scope of the administrative search (violating the defendant's Fourth Amendment rights), she never abandoned the search entirely. The decision was remanded for the trial court to decide whether probable cause existed for arrest and whether evidence suppression was needed.

On remand, the district court found that probable cause existed because of several of the images individually because of their explicit nature. Each "would be 'sufficient to warrant a prudent man to believe that [defendant] had committed'" an illegal act, and the collection further solidified that conclusion. Further, none of the evidence should be suppressed as the search was justified under the administrative search or inevitable discovery.

The original 2008 district court opinion is available here, the Ninth Circuit opinion here, and the new district court opinion is available at United States v. McCarty, 2011 U.S. Dist. LEXIS 143220 (D. Haw. 2011).

Site tracks torrent users by IP address, allows database search

A new website has file sharers terrified. Somewhat. Maybe. Not really.

The website,, tracks torrent downloads against the downloader's IP address. A visit to the website will automatically display files downloaded using your current IP address. You can also do a search for a specific IP, torrent, or filename.
This Minnesota IP address downloaded
two episodes of the new tv show, New Girl.

Of course, if you have a dynamic IP assigned by your ISP, it may come back with files downloaded by others. The website claims to be able to track about 20% of downloaders, and the database contains about 52 million users. Read about IP addresses here.

The purpose of the site is to encourage users to improve their security by the use of VPNs, proxy servers, or seedboxes. For more information about these topics, read an earlier post here.

Wednesday, December 14, 2011

Tech Watch: MAC addresses vs. IP addresses

The differences between MAC addresses and IP addresses remain an issue of confusion. After a recent discussion I observed that confused the two, I thought I would try to explain how each works.
The computer first sends data to the network's router, using its local network IP address and MAC address. Each packet contains the computer's MAC address. Once the data leaves the network, it drops the MAC address and sends the data through the IP address assigned by the ISP.

MAC Addresses
A MAC (Machine Access Control) address is a unique number assigned to a network adapter. My laptop, for example, has two network adapters - one for a wired, ethernet connection and another for wireless. Thus, my laptop has two MAC addresses that are tied directly to the hardware. Reformatting my hard drive or changing how I connect to the Internet will not change the numbers. Further, no other adapter is supposed to have the same number.

Maine SC finds chat log properly authenticated by detective testimony

The Maine Supreme Court recently held that a chat conversation between the victim and defendant was properly authenticated after a detective who witnessed the conversation testified to its legitimacy (State v. Churchill,   32 A.3d 1026 (2011).

The victim, a 12-year-old girl, used instant messaging software to converse with the defendant while detectives monitored the conversation. After the chat was over, the victim emailed a transcript to one of the detectives. The trial court admitted a printout of the conversation after the detective testified that the printout was what appeared on the computer screen and that the text had not been changed.

The Maine Supreme Court found these additional factors relevant to the authentication of the chat log:
  • The e-mail was sent while the officers were at the victim's home and was received on the detective's phone while there.
  • The detectives monitored the entire chat and closely supervised the victim while she e-mailed the log.
  • The "time stamps on each message show[ed] an uninterrupted sequence, the messages respond[ed] logically to one another, and Churchill's messages respond[ed] directly to statements the victim made over the telephone."

Authentication can sometimes be tricky when presenting digital evidence, but courts usually defer to testimony of law enforcement in cases like this. See Stearman v. State, 2010 Ind. App. Unpub. LEXIS 1115 (2010); Jackson v. State, 320 S.W.3d 13 (Ark. Ct. App. 2009). Of course, this situation is slightly different than other cases because the detective simply observed the conversation - in Stearman and Jackson, the officers were a party to the chat.

For other posts dealing with authentication of digital evidence, click here.

Tuesday, December 13, 2011

5th Circuit addresses CP sentencing, terms of release

The Fifth Circuit released a 38-page opinion today regarding sentencing enhancements and terms of supervised release in a child pornography case, United States v. Miller, 665 F.3d 114 (5th Cir. 2011). Miller appealed his 220-month sentence and release terms, but the judgment was affirmed by the appellate court.

Miller had pled guilty to the knowing transportation or shipment of child pornography. For sentencing purposes, the court found that he had possessed 495 images, engaged in sexually explicit chats with children, and requested child pornography exchanges via e-mail. The sentencing guidelines called for a range of 188 to 235 months in prison, and he was sentenced to 220 months. Before the Fifth Circuit, he argued that that sentence was unreasonable and was longer than necessary to satisfy the sentencing goals.

As part of his argument, he cited United States v. Dorvee (616 F.3d 174 (2d Cir. 2010)), a Second Circuit case that held Dorvee's sentence to be unreasonable because it would require more time in prison for distributing child pornography than for a person "actually engaged in sexual conduct with a minor." Addressing Dorvee, the Fifth Circuit held, "the Guidelines remain the Guidelines" and that "[i]t is for the Commission to alter or amend them."

New cybercrime textbook released

I would like to take a post to congratulate Professor Thomas K. Clancy on the publication of his new textbook, Cyber Crime and Digital Evidence: Materials and Cases, published by Lexis. Professor Clancy "test drove" his text in our Cybercrime class last fall, and my copy remains an excellent reference tool. Unfortunately, I've already maxed out on classes offered by him so this brown nosing does me no good.

Clancy is the director of the National Center for Justice and the Rule of Law (where he developed, among other projects, the Cyber Crime Initiative) and is a research professor at the University of Mississippi School of Law.

Monday, December 12, 2011

Va. court sanctions attorney for frivolous SCA claim

A Virginia circuit court recently denied a claim under the Stored Communications Act where plaintiff alleged an SCA violation regarding Facebook accounts where the information was publicly accessed. Womack v. Yeoman, 2011 Va. Cir. LEXIS 143.

The case concerned plaintiff's injuries sustained from a vehicle accident. The defense counsel used MySpace and Facebook to research the plaintiff and her family to learn more about the damages, looking over various postings. The plaintiff's counsel did not perform similar research but was assured the profiles were private (the court found this to be an unreasonably sufficient inquiry).

Plaintiff's counsel accused the defense of engaging in "unethical and illegal conduct by 'hacking' into" the accounts and that the act "violate[d] Plaintiff's and her families (sic) right to privacy under the [SCA]." The court found that all information obtained by the defense was publicly available and no violation of the SCA had occurred. Further, the defense was awarded attorneys' fees as sanctions for the claim.

But consider this: what settings are required to make something "private?" Here's a depiction of nearly every level to which access to one's Facebook information can be restricted:

To the left, you have the group of people that will be unavailable to access postings because they have neither Internet access or a Facebook account. Since both are required to access the majority of FB data, does this make it such an exclusive group that it is not public? Obviously not. But suppose the defense attorney was a "friend of a friend" of the plaintiff, and the settings then allowed him to obtain her postings. The plaintiff had not specifically approved the lawyer, but their relation gave him access. Or taking it to the extreme, is "private" only the information which the user shares with no one other than themselves? Possibly.

Tech Watch: New privacy add-ons and services

There are always new browser add-ons or other services being introduced to provide more privacy and security while online. Though I have never tried any of these (and also do not endorse them or guarantee how well they work), the concepts may be helpful for us to understand how they might be used.
  • A service called BTGuard allows BitTorrent users to download files from the file sharing network with anonymity. The service "gives you a[n] anonymous IP address and encrypts your downloads" for $6.95 per month. Or, upgrade to a virtual private network (VPN) for $9.95 and have all of your Internet activity anonymized.
  • Seedboxes have become popular in the P2P world because it provides great privacy to file sharers. All uploads and downloads are handled through an overseas server. Users may connect to the server through FTP or HTTP to find the files they set the server to download. One of the more popular services, ExtremeSeed, has services starting at $20 per month.
    • Just to clarify, this means that instead of someone showing up in America as downloading illegal files, their files would show up in Luxembourg, for example. They would then enter an FTP site to download their files.
  • Several browser extensions allow users to set certain domains or topics to automatically load in the browser's private browsing feature. Ghost Incognito for Chrome is preset to do this with all .xxx domains.
Have you heard of a notable extensions or privacy apps recently or do you have a question about how they work? Send an e-mail to .

Saturday, December 10, 2011

Cal. court modifies probation conditions for CP possessor

A California appellate court modified conditions of probation in a child pornography case (People v. Kinley, 2011 Cal. App. Unpub. LEXIS 9410 (2011)). Kinley had taken his computer for repairs, and employees found a screen saver displaying child pornography.

  • The requirement not to "reside near" parks, schools, etc. was modified to state "reside within 2,000 feet" because it was too vague. 
  • A ban on possession of toys, stuffed animals, and games without permission from the probation officer was constitutional. "It is not unreasonable to require written approval from the probation department in the unusual event that this 60-year-old single, childless male can demonstrate a need to have children's clothing, a stuffed animal, or toy."
  • A general requirement of disclosure of the conviction to romantic partners (and getting informed, written consent) was struck down, but such disclosure is required if they have "regular contact with minors."
  • Requirement that Kinley "not use a computer that is connected to any computer or computer device capable of being connected to a computer" was deleted, but another term limiting computer use to education and employment was kept.
See a related post here.

Restitution under § 2259 awarded by NY District Court

Several recent court opinions have dealt with restitution damages under 18 U.S.C. § 2259, and you can find earlier postings on this blog regarding these cases here.

In United States v. Hagerman, 2011 U.S. Dist. LEXIS 141231 (N.D.N.Y. 2011), the court addressed these same issues in a lengthy opinion. Here's a brief (as brief as I could make it!) outline of the arguments:
  • Evidentiary hearings are not necessary to determine restitution under § 2259.
  • The victim of the child pornography was such because:
    • The materials are a permanent record of the harm.
    • The images are an invasion of the child's privacy.
    • The child pornographer instigated an economic motive in the CP industry.
  • The statute's use of semicolons (instead of commas) and applying "the rule of the last antecedent," there is no proximate cause requirement for the first five losses (lost income, attorneys' fees, medical care, etc.).
    • Also, the statute is remedial in nature and doesn't have the goal of punishing the "defendant for harm that he proximately caused."
  • Despite the lack of need for proximate cause, it existed. The losses were reasonably foreseeable, and the losses and the defendant's actions had a direct causal connection.
    • There is no requirement that the defendant know the victim.
      • The injuries stem "from the fact that she did not know who was downloading" the images.
      • Such a requirement would make it extremely difficult to grant restitution.
      • The requirement would violate the "spirit" of the law (as it would require testimony).
  • There is no need to precisely quantify the amount of harm the defendant caused.
    • All of the losses were due to the victim's revictimization.
    • Mathematical precision is not required to show causation. Even if it must be quantified, it need only be reasonably quantified. In this case, that amount is .68% (146 defendants have been identified with this series).
  • Restitution amounts
    • Future counseling expenses of $108,975 are reasonable and established.
    • Education and vocational counseling needs of $147,830 are reasonable and established.
    • Lost wages and benefits of $722,511 are reasonable and established.
    • Attorneys' fees of $203,140 and out-of-pocket expenses of $42,241.04 are reasonable and established.
    • The total amount should be offset by losses already recovered.
  • The defendant is jointly and severally liable for the restitution. The payments should be tracked to ensure that the victim is not awarded "double recovery."
The opinion included many more sections and arguments than I mentioned here. If you are just learning about restitution under this Section 2259, it's a good place to start. Thanks, Judge Suddaby, for this excellent opinion on the subject.

Friday, December 9, 2011

Sanctions may be ordered where employee reformatted drive to remove CP

In Océ North America v. MCS Servs., 2011 U.S. Dist. LEXIS 141209 (D. Md. 2011), the court held that an employee wiping a hard drive that contained child pornography was a violation of the company's discovery obligations.

Océ was involved in a lawsuit and was under a preservation order. The company had sent e-mails to every employee ordering them not to delete any information from their computers. One employee, however, used software to remove data from his computer. Océ argued that the employee's intent was to delete child pornography on the hard drive - as opposed to company data - and that removing data possibly subject to discovery was not done with a culpable state of mind required for sanctions.

The court found that the employee's negligent conduct would satisfy the culpability element of spoliation, subjecting Océ to possible sanctions.

ICANN to create additional top-level domains

A Senate committee has asked ICANN to slow the release of new top-level domains (TLDs). ICANN is a nonprofit organization that handles Internet domain name issues.

A top-level domain is the last part of a domain name, as shown here:
Many TLD's exist now - .com, .gov, .org, .edu, .biz, etc. In the past, these limits have forced some businesses to get less desirable domain names because their desired .com was already taken.

The organization has recently considered loosening restrictions on TLDs, which might open up many new options directed at specific business types (.hotel) or a specific city (.london). Another proposal would allow a company to purchase their own TLD at a cost of $185,000. Adding more TLDs allows a business to find more ways to distinguish itself. For example, if a San Francisco business named "Jim Bob's Burger Shack" wanted the .com, but it was already taken by a New York restaurant, it would be out of luck. But if San Fran got its own TLD, they could get jimbobsburgershack.sf.

One of the many problems with this has shown up with the new .xxx TLD, discussed here in a previous post. Many businesses and other institutions have feared that pornographic websites will show up at a domain related to them. For that reason, many universities have spent thousands of dollars reserving domain names like or Click here for recent commentary on the .xxx TLD from Mashable and here for CNN commentary.

Despite these issues and the senators' pleas, the new policies may begin as early as January 2012.

Mass. court finds lack of probable cause in e-mail account with CP

The Appeals Court of Massachusetts struck down a search warrant for lack of probable cause in Commonwealth v. Finglas,  957 N.E.2d 1132  (2011).

Investigators had been contacted by America Online (AOL), reporting that the account of user "NATALY20" contained five images of child pornography. The images had been received from another e-mail account. NATALY20's account was tracked to the defendant. Law enforcement obtained a search warrant and executed it.

The problem, as the court noted, was that there was nothing to show that the images were sought by the defendant, but instead, may have been unsolicited. Further, there was no information to show whether the "images were accessed, viewed, and/or saved."

Cal. court reverses CP possession conviction

California courts have held that possession of multiple images of child pornography constitute only a single act of possession (People v. Hertzig, 156 Cal. App. 4th 398 (2007)). Also, the simultaneous possession of child pornography in multiple containers (hard drives, DVDs, etc.) in the same location is also only one act (People v. Manfredi, 169 Cal. App. 4th 622 (2008)).

In a recent case, People v. Sample, the defendant was convicted of two counts of possession of child pornography - one each for a laptop in his backpack, an external hard drive in his backpack, and a computer in his storage shed. Because the external hard drive was found in the same location as the laptop, it was not a separate act of possession. (200 Cal. App. 4th 1253 (2011)). Therefore, the appellate court reversed one of the two convictions under the statute.

SCA minimum damages only awarded with actual damage

An Illinois blogger was injured in a car accident, and while in the hospital, her employer obtained access to her personal Facebook and Twitter accounts and used them to promote the employer's website (she had a large personal following). When she became aware this was happening, she asked her employer to stop. They failed to do so, requiring her to change her passwords. In her lawsuit, she alleged (among other arguments) that her employer had violated the Stored Communications Act (SCA).

The evidence showed hat the employer did, in fact, access the accounts, accept multiple friend requests, and post 17 tweets. Therefore, the defendants "exceeded their authority in obtaining access" to the accounts under the statute. The question here is whether she is entitled to damages.

The SCA allows an award for "actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000." The court, however, found (as others have) that actual damages are required in order to get the minimum statutory damages. (The court was deciding motions for summary judgment; damages in this case will be examined in discovery.)

What do you think about this rule? It just seems strange to have a "privacy statute" that would allow unauthorized access of a Facebook, e-mail, or other account with only a remedy when actual damages exist. If someone only read all of the messages, a victim may get nothing, but if $1 worth of damage is done, they are awarded $1,000.

The case is Maremont v. Susan Fredman Design Group, Ltd., 2011 U.S. Dist. LEXIS 140446 (N.D. Ill. 2011).

Fourth Circuit examines image requirement for probable cause, subjective "obscenity"

In United States v. Wellman, the Fourth Circuit held that an image of child pornography was not required to show probable cause and that a requirement of "obscenity" is not subjective.  663 F.3d 224 (4th Cir. 2011).

West Virginia's ICAC identified an IP address using Gnutella that had shared five images determined to be child pornography according to their hash values. Police tracked the IP address to Wellman (who had also been convicted of sexual abuse of a child in 1987 and was not registered as a sex offender as required by law).

Wellman argued that the warrant was defective because it did not contain the alleged images or descriptions of them. The court declined to require that the search warrant include an image to be valid. "While the inclusion of such material certainly would aid in the probable cause determination, we do not impose a fixed requirement or a bright-line rule, because law enforcement officers legitimately may choose to include a variety of information when submitting a search warrant application."

The defendant also argued that the "minors engaged in sexually explicit conduct were obscene" requirement placed a subjective knowledge requirement on the word "obscene." The court readily struck this down, however.

RELATED CASE: The Fifth Circuit recently held that probable cause existed where the only pre-search evidence of child pornography was knowledge of "partially nude" images of children. From that, an investigator testified that "people who collect child pornography collect child erotica as well." United States v. Gove, 2011 U.S. App. LEXIS 24175 (5th Cir. 2011).

Wednesday, December 7, 2011

Yahoo! awarded over $600 million for CAN-SPAM violations

In Yahoo! Inc. v. Xyz Cos., 2011 U.S. Dist. LEXIS 139848 (S.D.N.Y. 2011), Yahoo! alleged that the defendant sent hoax emails using the Yahoo! name and mark notifying the individuals that they had won a lottery. In all, 11,660,790 emails were estimated to have been sent. A default judgement was entered for Yahoo! after a finding of violations of the CAN-SPAM Act and trademark counterfeiting, awarding damages of $610,039,500 plus attorneys' fees.

The CAN-SPAM Act, 15 U.S.C. § 7701. et seq. allows liability where an e-mail contains headings that are misleading, does not contain an unsubscribe feature, and is not clearly identified as an advertisement.

Yahoo! originally requested the statutory maximum of $100 per violation of CAN-SPAM ($100 per e-mail) and trebling because the act was willful for a total of approximately $3.5 billion. However, the court found $50 per violation sufficient and trebling unnecessary because of the large amount of the award.

Monday, December 5, 2011

Facebook download feature useful in ESI discovery

Though it came out about a year ago, I have just now used the "Download Your Information" feature to do just that with my account. It allows a user to download nearly all activity they have had since joining Facebook into a single ZIP file.

While it doesn't include what I have done on other's profiles and posts, everything that has ever been posted on my wall is there - all the way back to the first wall post on March 5, 2005 (Facebook was so much simpler back then!). It's all collected into a single HTML file along with all of the pictures that others and myself have posted. A separate page contains links to all of the pictures and videos I've uploaded to Facebook. A list of friends (alphabetical by first name) is included as well as another page that lists every message I have ever sent or received.

As you might imagine, this service could be very useful during discovery. In several cases, judges have ordered parties to share their Facebook password with the other side. Simply downloading your client's information and passing it along would be a much easier process and when done early, it would ensure preservation of the data. There is no guarantee, however, that this file will contain deleted data, which Facebook only keeps for 90 days. That information may need to be obtained via subpoena directly from Facebook.

To try it out for yourself, open Facebook, click the arrow in the upper-right corner, and select "Account Settings." Then click "download a copy" near the bottom of the page. Once you get the process started, you'll be able to return in a couple hours to download the file.

Saturday, December 3, 2011

Plans to manually cancel CP downloads did not negate intentional distribution

The defendant in a recent Third Circuit case argued he should have been given a two-level sentencing enhancement, rather than a five-level, because he did not intentionally distribute child pornography. He admitted to configuring his file sharing program to share images of child pornography, but he claimed that he planned to "intervene and manually [] cancel each attempted upload." Unfortunately for him, at least one image was downloaded by another user.

This argument was rejected because he could have configured the program not to share the files or he could have just not opened the program. The case is United States v. Corbett, 453 Fed. Appx. 226 (3rd Cir. 2011).

Friday, December 2, 2011

Tech Watch: New USB drive has combination case and 256-bit encryption

There's a new USB flash drive that's soon to be on the market that has some features you've only seen in movies. Meet the Crypteks USB. It comes in an ultra-high-grade aluminum alloy combination lock case with 14,348,907 possible combinations. Once you get it open, it has 256-bit AES hardware encryption. And there's more - you also get to set the number of password wrong attempts before it reformats itself. It isn't out yet (probably later this month), but the price will be around $130.

Advocacy group releases child sex trafficking report

Shared Hope International released report cards yesterday for each state with regard it its attempts to eliminate demand for child sex trafficking and to identify and assist victims. Only four states received a "B" grade (there were no "A's", while 25 received an "F". Texas has the highest grade at 83.5, while Wyoming received the lowest at 29.5.

The rating is basted on six factors:

  • Criminalization of domestic minor sex trafficking
  • Criminal provisions addressing demand
  • Criminal provisions for traffickers
  • Criminal provisions for Facilitators
  • Protective provisions for child victims
  • Criminal justice tools for investigation and prosecution

Each report card summarizes the laws of the state in these various categories and suggests what the state must do to improve its fight against sex trafficking.

The National Association of Attorneys General's (NAAG) presidential initiative under Washington Attorney General Rob McKenna is focused on human trafficking. More information about their "Pillars of Hope" program can be found here. Shared Hope International will discuss their findings with NAAG at its November meeting.

Thursday, December 1, 2011

10th Circuit affirms conviction in Craigslist scam

The Tenth Circuit has affirmed a conviction of wire fraud and identity theft and various sentencing enhancements. The defendant, an Oklahoma citizen, had posted multiple ads on Craigslist soliciting people with a great deal of debt. He told them that if they paid him half the amount, the rest would be taken care of through a debt-assistance program. Once someone contacted them, the defendant used stolen credit cards and bank account numbers to pay the bills. When the payments were discovered to be fraudulent and were reversed, the victims contacted the defendant, whose number (a prepaid cell phone) had been disconnected.

While the defendant was not the one who posted all of the ads, others used his alias in relation to the act, supporting the aiding and abetting charge. Another ad was posted from a local library, but it was reasonably attributable to the defendant. The court also upheld the identity theft charge, finding that although the defendant did not actually steal the information, he knowingly used it to make payments.

Sentencing enhancements were also made for being the leader or organizer of the act and obstruction of justice.

The case is United States v. Lawrence, 449 Fed. Appx. 713 (9th Cir. 2011) (affirming United States v. Lawrence, 2010 WL 1875647 (W.D. Okla. 2010).

Craigslist is an online, classified advertising website. Typically, ads can be placed for free without creating an account - users simply provide contact information for those interested. Job posts, apartment rentals, and therapeutic services may have posting fees depending on location. The website has before run into several legal issues including alleged sex trafficking and prostitution. As a result, Craigslist closed its erotic services board in September 2010.

Washington court reverses sexual exploitation of minor conviction

The Washington Court of Appeals recently reversed a sexual exploitation of a minor conviction because the defendant only asked a child to send a nude photograph, but the child never took or sent the picture. Throughout the e-mail exchange, the defendant repeatedly asked the child to send nude pictures, but she refused to do so.

The statute makes it a crime if a person “[a]ids, invites, employs, authorizes, or causes a minor to engage in sexually explicit conduct, knowing that such conduct will be photographed or part of a live performance.” The court distinguished the statutory text of "will be" from the alternate "could be," finding that simply asking a child to take and send nude images was not illegal under this statute.

Stribling was also convicted of attempted possession of depictions of a minor engaged in sexually explicit conduct conviction and six counts of felony communication with a minor for immoral purposes.

The case is State v. Stribling, 267 P.3d 403 (Wash. Ct. App. 2011).