skip to main |
skip to sidebar
This is another post about the rules that dictate what police can and cannot do in seizing evidence, including computers and laptops.
Unlike my earlier posts on this topic, this post is really about the remedy that is used to enforce those rules.
As I’ve explained in earlier posts, the 4th Amendment creates a right to be free from “unreasonable” searches and seizures conducted by law enforcement. As I’ve also explained, in order to be “reasonable” a search or seizure must be authorized either by a search (and seizure) warrant or by an exception to the 4th Amendment’s warrant requirement. If the police conduct a search and/or seizure without complying with the 4th Amendment requirements, the search/seizure was unreasonable and is unconstitutional. This means the search/seizure violated someone’s 4th Amendment rights, and there has to be some remedy, some sanction, for the violation. If law enforcement officers can violate people’s constitutional rights with no adverse consequences, there is no incentive for them to abide by the law. Since 1961, the remedy for law enforcement’s violating someone’s 4th Amendment rights is suppression of the evidence resulting from the violation; the U.S. Supreme Court adopted this principle – known as the exclusionary rule – in 1961 in Mapp v. Ohio. The premise behind the exclusionary rule is that if officers know they can’t use the evidence they obtain by violating the 4th Amendment, they will be much less likely to violate it. The assumption is that the only reason officers violate the 4th Amendment is obtain evidence to be used in prosecuting someone for a crime. As is often true in the law, though, there are exceptions to the exclusionary rule. One of the exceptions is the inevitable discovery principle. As Wikipedia explains, the principle allows evidence of a defendant's guilt that would otherwise be considered inadmissible under the exclusionary rule to be admitted into evidence in a trial.
The doctrine . . . . holds that evidence obtained through an unlawful search or seizure is admissible in court if it can be established, to a very high degree of probability, that normal police investigation would have inevitably led to the discovery of the evidence.
The rationale for the inevitable discovery principle is, as Wikipedia explains, that since the exclusionary rule was created “to deter police . . . misconduct, excluding evidence that would inevitably . . . have been discovered otherwise would not serve to deter police misconduct.”The New Jersey Superior Court – Appellate Division recently analyzed the applicability of the inevitable discovery principle in State v. Finesmith, 406 N.J.Super. 510, 968 A.2d 715 (2009). I won’t go into detail on the facts in the case, because a lot was going on, most of which isn’t relevant to the inevitable discovery issue. Basically, in 2005 the New Jersey State Police received information from the Wyoming Crimes Against Children Task Force that certain IP addresses “located in New Jersey had been making pornographic videos involving children available through peer-to-peer file-sharing networks.” The New Jersey State Police traced one of the IP addresses to the home of Ross Finesmith and his wife, Leslie. Based on that and other evidence, the State Police obtained a warrant to search the home for “computers, pornographic videos involving children and other related materials.” State v. Finesmith, supra. As the officers prepared to execute the warrant, one of them asked Leslie Finesmith where the computers in the house were located. She told him; she also told him there was another computer Ross Finesmith carried back and forth from his home to his office. She also told the officer that (i) Ross used the laptop to access the Internet from home and (ii) she didn’t know where it was. Later, after officers had found the other computers and found child pornography on one of them, a detective asked Ross where the laptop was. Ross told him it was “`at the office.’” State v. Finesmith, supra. The detective sent an officer to Ross’ office to get the laptop, but it wasn’t there. When the detective told Ross the laptop wasn’t at his office, Ross said “`I forgot. It’s at home in my van.’” The detective asked Ross to consent to a search of the van, which he did; in the interim the officers had finished searching the Ross home and left. After the detective got Ross to sign a form consenting to the search of the van, officers went back to the Ross home, searched the van, found the laptop, seized it and found evidence on it. The problem was that the detective asked Ross about the laptop after he’d given Ross the Miranda warnings and Ross had asked for a lawyer. Once you’re in police custody, are given the Miranda warnings and ask for a lawyer, police can’t ask you any questions about the crime(s) they’re investigating. If they do, that violates Miranda. After Ross was indicted for endangering the welfare of a child “based on his alleged distribution of child pornography from a computer in his home”, he moved to suppress the evidence found on the laptop, arguing that his consent to search the van was invalid because the police didn’t honor his Miranda right to counsel. State v. Finesmith, supra. The trial court agreed: It held that “because Detective Gorman had failed to honor defendant's request for counsel . . . [his] consent to the search of his van for the laptop was invalid.” State v. Finesmith, supra. Since the consent was invalid, the search of the van violated the 4th Amendment. (As I’ve explained, consent is an exception to the 4th Amendment’s requirement that police get a warrant to search a place and seize items.)Since the search of the van violated the 4th Amendment, the evidence would have been suppressed, but the trial court held that the inevitable discovery principle applied. To reach that result, it had to deal with another issue: For the inevitable discovery principle to apply, the prosecution has to show it’s very likely that the police would have found the evidence even without the conduct that violated the 4th Amendment. So for the principle to apply in this case, the police had to show it was very likely they would have found the laptop anyway. Ross said it was not likely because the police had finished searching his home and left; he said since they’d left his home (and the van), there was no way the police would have found the laptop in the van, absent Detective Gorman’s obtaining his consent to a search of the van. The trial court did not agree:[T]he search for the laptop never really stopped. . . . the reentry to the home was a continuation of the original search. The police were led away from the home . . . because of some misstatements that were offered by the Defendant as to the laptop being in his Morristown office. . .
Had the laptop not been discovered at the home by comments from the Defendant, there's little doubt the investigation would have continued until [it] was recovered. At the end of the first search, it was not only known that the laptop existed, but also that it was used primarily by the Defendant.
Child pornography had already been found on the basement computer. It's apparent to me the police would have continued in searching for the laptop. The exclusionary rule is meant to [e]nsure the State does not profit from illegal activity by the police. However, the rule is not so broad as to make the State worse off than if the illegal activity had not occurred. . . .
It's clear to me that the police knowing the nature of the case, knowing that they had child pornography in the basement, knowing that the laptop existed, knowing that the Defendant used that same laptop to plug into the home system, would have continued. The discovery is inevitable.
State v. Finesmith, supra. Ross Finesmith appealed.The appellate court noted that at the hearing on Ross’s motion to suppress the laptop it contained, Detective Gorman talked about what he would have done to find it:I realized that laptop was a critical piece of evidence. . . . Had . . . he not told me where it was . . . we would have taken any necessary steps to locate that laptop. I would have advised everyone on the search [team] that there was a missing piece of evidence, there is something that we missed, most likely at the house. We would have to revisit that. We would have to go back into that house and search the house.
State v, Finesmith, supra. The appellate court upheld the trial court’s ruling:[T]he trial court correctly concluded that the laptop was admissible under the inevitable discovery exception to the exclusionary rule even though the police determined its location as a result of a suppressed statement by defendant. The execution of a search warrant is . . . a `proper, normal and specific investigatory procedure [ ].’ . . . Moreover, the court's finding that the search pursuant to that warrant would have been continued until the laptop was discovered, regardless of what defendant told the police about its location, is supported by sufficient credible evidence, in particular Detective Gorman's testimony. . . .
State v. Finesmith, supra. Finesmith was allowed to appeal the trial court’s ruling on the motion to suppress before the case went to trial, probably because the laptop and the evidence on it were essential to the prosecution’s case. His losing on appeal means the case will be going to trial at some point; an article published at the end of April said no trial date had been set, at least not at that point.
Maybe you saw this story: A Chinese man (whose name is not given) has been sentenced to serve three years in prison for extorting “virtual items and currency” from a “fellow Internet cafĂ© user.” The currency was worth 100,000 yuan or $14,700.The man who’s sentenced to three years and the three friends who helped him also “extorted virtual equipment for online games” from their victim. The friends only seem to have been given a fine; the primary extortionist got both a fine and a jail time.The virtual currency was QQ coins, which are sold by Tencent, a Chinese web portal; QQ coins can be used to buy items in online games pay for using Tencent’s chat client, QQ. According to the PC World story, QQ had 377,000,000 active users at the end of last year, so it’s obviously very popular, which presumably means QQ coins are in great demand. The story also says Chinese law doesn’t protect virtual property – which I assume means Chinese law doesn’t recognize virtual property as something that has value and can be owned – but the court in this case held that the goods these guys took should be protected “because the victim spent time and money” to acquire them. I did a post on virtual property a couple of years ago. In that post I basically defined virtual property as property that exists only in digital form and is used only in an online world. I also said digital property only has value in an online world, but that’s not really what I meant; if virtual property has value in an online world, you can sell it to someone for real-world currency. As I’m sure all of us know, there’s a thriving market in virtual goods and currency; Linden Lab’s Linden dollars, for example, are traded on several currency exchanges and various game goods and property are sold on eBay and in other online marketplaces. So if someone creates value in a game world – by, say, buying virtual land and building a castle on it – they can trade that value for real world currency (or for in-world currency, or just keep it and use it themselves). In that post , I also argued that law should – if it already does not – protect the ownership of virtual property just as it protects tangible, real-world and intangible property that is created and used in the real-world (intellectual property, etc.). I’m really not sure how far U.S. law, for example, has progressed in that direction because that issue that falls more in the area of expertise of lawyers who specialize in property and intellectual property than in the area of criminal law.As I noted in an earlier post, U.S. criminal law has for some time protected certain types of intangible property. There’s an Oregon case, for example, in which the defendant was prosecuted for computer theft based on copying a password file that belonged to his employer. As far as I can tell, the intangible property U.S. criminal law protects is really property that has value only in the real-world: e.g., passwords to access accounts on a corporate computer system, trade secrets, etc. I’m not saying those laws don’t protect what I’m calling virtual property; I’m saying that issue hasn’t come up yet, at least not in the criminal context.That led me to wonder how the Chinese case would be handled in the U.S. So let’s assume the same thing happened as happened in China: the primary perpetrator (we’ll call him Mr. X) and his three cohorts beat up the victim (John Doe) to get him to turn over his virtual property. Under the Model Penal Code – a template of criminal laws drafted by the America Law Institute which shaped contemporary U.S. criminal law – extortion is defined as follows: “A person is guilty of theft [by extortion] if he purposely obtains property of another by threatening to inflict bodily injury on anyone”. Model Penal Code § 223.4(1). Clearly, what Mr. X and his buddies did would qualify as extortion: We know they didn’t just threaten to beat up John Doe; they actually beat him up. I suspect, though, that they may have told him at the outset that they’d beat him up if he didn’t give them what they wanted and when he refused, they beat him up to show they were serious. And a threat was implicit in the beating and in the cessation(s) of the beating that came when they asked John Doe if he’d changed his mind, i.e., if he was now willing to give them the property or face more physical abuse. (I’m assuming that the beating they gave him and the beating they let him know would follow if he didn’t give them the property inflicted or would have inflicted bodily injury on him. And since it’s clear they beat him and at least implicitly threatened him with more beating in order to get him to give them the property, they clearly acted for the purpose of obtaining property of another . . . so we have the necessary intent, or mens rea.)The critical question, then, is whether they obtained “property” from him. The Model Penal Code defines property as “anything of value, including real estate, tangible and intangible personal property, contract rights, choses-in-action and other interests in or claims to wealth, admission or transportation tickets, captured or domestic animals, food and drink, electric or other power.” Model Penal Code § 223.0(6). (If you’re wondering, a chose in action is “essentially a right to sue.”)I can’t find any reported cases in which the defendant was charged with extortion based on his or her using the threat of physical injury to force someone to surrender virtual property. It seems to me the Model Penal Code’s definition of property – especially intangible property – would encompass virtual property. At least a few states have updated the definition of property used in their criminal statutes, including extortion statutes, to make it clear that digital property is included in it. Here’s the New Jersey statute that defines “property” as the term is used in extortion, theft and other property crimes: `Property’ means anything of value, including real estate, tangible and intangible personal property, trade secrets, contract rights, choses in action and other interests in or claims to wealth, admission or transportation tickets, captured or domestic animals, food and drink, electric, gas, steam or other power, financial instruments, information, data, and computer software, in either human readable or computer readable form, copies or originals.
New Jersey Statutes § 2C:20-1(g). Based on some quick research, it looks like eight or nine other states have added essentially the same language to their definitions of property in their criminal codes. Do I think the New Jersey legislature meant to include virtual property in this definition? I don’t know, but I’m pretty sure they didn’t, because they added the data and software part of the definition in 1984, long before we had the Internet and, I think, long before even the text-based virtual worlds were popular. It doesn’t really matter whether they meant to include it or not; it looks to me like this language clearly encompasses virtual property. (Of course, I could see a defense attorney arguing that this definition encompasses only the data that is used to create what we perceive as, and treat as, virtual property. That argument might come up if the defense wanted to show not that virtual property wasn’t property, but that it’s value was much lower than claimed, which could reduce the level of the offense being charged and/or the sentence imposed.)It looks, then, like what Mr. X and his buddies did could be prosecuted as extortion in the nine or ten states that specifically include data and information within their definitions of property. I they could also be prosecuted in states that still have the basic Model Penal Code definition, too, because I think the intangible property alternative would encompass virtual property. I’m not saying the defense can’t argue otherwise; I’m saying I think the prosecution would have a really good argument that the theft of virtual property like the QQ coins could be prosecuted as extortion.And that brings me to the final question: What would happen in this country if John Doe went to his local police department and told them some guys had beaten him up and taken his virtual currency and virtual property? Would the police take him seriously? Would they launch an investigation? And what about the prosecutor? Would a country district attorney (or an assistant district attorney) be willing to pursue this case and take it to trial or to a plea?I don’t know. I remember reading a news story several years ago about a fellow who had something similar happen to his virtual property; he went to the local police and, according to what the told the reporter who wrote the story, they told him there was no crime because nothing “real” had been taken. Now, that was several years ago, and police are probably more aware of online worlds and all of this, or at least some police officers are.Would that, though, translate into an investigation and prosecution? If you’re a police officer and/or a prosecutor and you’re already overwhelmed with cases in which people are stealing and extorting property and inflicting other harms on their fellow citizens in the real, physical world, would you dedicate some of your resources to pursuing a case like this?
In Franks v. Delaware, 438 U.S. 154 (1978), the U.S. Supreme Court considered the issue of false information’s being used to get a search warrant. This post is about a case that applied the Franks decision to email, but before we get to that case, I need to provide a little context.When a police officer wants a warrant to search a particular place for evidence and seize any evidence he finds, he has to go to a federal or state magistrate (a judge). To get the warrant, the officer has to submit an application that explains, in detail, where he wants to search and what he wants to search for and seize. He also has to demonstrate to the magistrate that there is probable cause to believe the items he wants to search for and seize (i) are evidence of a crime and (ii) will be found in the place he wants to search.
To establish probable cause, the officer submits an affidavit (a sworn statement) in which he describes what he’s learned from his investigation and other sources. The officer is presumed to be telling the truth, not because he’s an officer but because he’s making the statements in the affidavit under oath. If the officer includes statements from third-parties, especially unidentified third-parties, he will have to include information that demonstrates why the magistrate should believe them and why the magistrate should decide they know what they’re talking about. In Franks v. Delaware, Jerome Franks, who was charged with rape, kidnapping and burglary, moved to suppress evidence police had found when they executed a search warrant at his apartment. Franks argued that the affidavit the detective handling the case submitted to get the warrant included false statements, statements that went to the issue of whether there was probable cause to search his apartment. The trial court denied his motion, and when he appealed to the Supreme Court of Delaware, that court held that “a defendant under no circumstances may so challenge the veracity of a sworn statement used by police to procure a search warrant.” Franks v. Delaware, supra. The case went to the Supreme Court, which reversed. The Supreme Court held that when adefendant makes a substantial . . . showing that a false statement knowingly and intentionally, or with reckless disregard for the truth, was included . . . in the warrant affidavit, and if the allegedly false statement is necessary to the finding of probable cause, the Fourth Amendment requires that a hearing be held at the defendant's request. In the event that at that hearing the allegation of perjury or reckless disregard is established by the defendant by a preponderance of the evidence, and, with the affidavit's false material set to one side, the affidavit's remaining content is insufficient to establish probable cause, the search warrant must be voided and the fruits of the search excluded to the same extent as if probable cause was lacking on the face of the affidavit.
Franks v. Delaware, supra.That brings us to U.S. v. Hanna, 2008 WL 2478830 (U.S. District Court for the Eastern District of Michigan 2008). Dawn and Darrin Hanna were charged with conspiracy to export telecommunications equipment and global positioning system to Iraq, exporting or attempting to export such equipment and conspiracy to commit money laundering. U.S. v. Hanna, supra. [F]rom 2001 through 2003, Defendants . . . exported telecommunications and other equipment to Iraq in violation of an economic embargo. . . . Darrin Hanna was the president and owner of TIGS; Dawn Hanna was the vice president of sales. According to its website, TIGS `provides customers with computer systems and software for sales, operations, management information systems, network systems design and administration and product research and development.’ . . . The government contends that Defendants worked with others, including Emad Yawer and his Jordanian company, Advanced Technical Systems (`ATS’), as well as an ATS-affiliated company, Dresser International Group, and its general manger, Walid Al-Ali a/k/a Walied Al-Aly. Defendants also worked with Skyport Freight, a freight forwarder in London. . . .
Defendants purchased equipment from domestic and European suppliers and shipped the equipment to Iraq via Syria. After Defendants had completed four shipments, and received approximately $9.5 million in proceeds, customs officials in England intercepted a shipment. A subsequent shipment was intercepted in Chicago.
The government . . . sought the two search warrants challenged here in June 2004. The facts supporting the requests for the search warrants are detailed in the affidavit of Brian C. Wallace, United States Immigration and Customs Enforcement Special Agent.
U.S. v. Hanna, supra. Agent Wallace used a single affidavit to get both warrants. One of the warrants authorized a search of the Hannas’ “place of business,” TIGS; the other authorized a “search of Dawn Hanna’s America Online e-mail account.” U.S. v. Hanna, supra. After the warrants were executed and the Hannas were indicted, they moved to suppress evidence arguing that there was a Franks problem with part of the information in Wallace’s affidavit. Here’s what became the target of the Franks challenge:Wallace . . . relies on an undated e-mail/letter found in the July 18, 2003, search of TIG's trash to support the warrant. [It] concerns goods sent to Iraq via Syria, and is authored by Walied Al-Aly, an agent for Dresser International Group and sent to Charles (believed to be . . . the director of Skyport Freight). [It] also discusses a disagreement between Skyport, TIGS, and Global Telecommunications over the payment of funds.
U.S. v. Hanna, supra. The Hannas characterized the inclusion of the Al-Aly emailas a false statement because the signor's name is misspelled, and it does not appear on letterhead of Dresser International Group whereas other documents in the government's possession . . .spell Al-Aly's name correctly and are on letterhead. Defendants conclude that Wallace intentionally misled the magistrate judge in that he advanced the position that Al-Aly was an agent of Dresser International, when the real agent was Al-Ali.
U.S. v. Hanna, supra. The federal judge disagreed:Wallace correctly quoted the July 2003 e-mail/letter indicating goods have been shipped to Iraq. The affidavit spells the name, `Al-Aly,’ the way it was spelled in the e-mail/letter. Although Defendants assert that letter was a fraud, the two different spellings indicate something less than fraud. First there is no evidence that the affiant noticed the spelling variation or that he thought it was significant. . . . The Government argues that Arabic names are often spelled in a variety of ways when translated in to English, which uses a different alphabet. Thus, the difference between Walid and Walied or Ali and Aly is not so noteworthy or unusual to suggest fraud. Moreover, the difference may merely reflect the e-mail/letter was written by an assistant whose first language was not English. . . .
More important . . . is the content of the letter. The `Charles’ to whom the letter is addressed is thought to be the director of Skyport Freight. Al-Aly thanks Charles for his help and support “in shipping our goods to Iraq via Syria.” The fact that the letter is on plain paper is explained by the fact that the items recovered in the trash were e-mail messages. The informal nature explains the absence of letterhead.
U.S. v. Hanna, supra. So the judge held that the Hannas hadn’t shown that Wallace “knowingly and intentionally” used a false statement in applying for the warrants. That, though, did not completely dispose of the Hannas’ argument: Under Franks, it is also a 4th Amendment violation for an officer to use a false statement “with reckless disregard for the truth.” The judge therefore considered whether “Wallace’s failure to mention the different spelling of Aly’s name” was a violation under this standard:Defendants . . . have no evidence to suggest anything more than negligence. Wallace quoted the e-mail/letter accurately; his failure to detect or point out the variation in spelling is at most negligent. Notably, he used the same inaccurate spelling when discussing the certificates signed by Al-Aly. This evidences oversight, not a `high degree of awareness’ that two spellings were used. Negligence and innocent mistake are insufficient to overcome the presumption of validity. Therefore, Defendants have not satisfied the first prong of the Franks test.
Even if the Court were to find the omission was more than negligent, Defendant cannot meet the second prong of the . . . test. In making the assessment, the Court considers whether once all of the information regarding the e-mail/letter spelling variations is included in the affidavit, sufficient information connecting Defendants' business activities to Iraq exists to establish probable cause.
U.S. v. Hanna, supra. The judge found that while the email was “a key piece of evidence connecting Defendants to Iraq,” it was “not the only evidence” to do so. U.S. v. Hanna, supra. She reviewed the information in Wallace’s affidavit – including another email “recovered from TIGS’ trash” which showed “that TIGS worked to secure post-embargo contracts in Iraq” – and found that ”the plethora of reasonable expectations for the variations in spelling, combined with the additional facts support a fair probability that evidence of a crime would be found tat TIGS and in Dawn Hanna’s e-mail account.” U.S. v. Hanna, supra. The court therefore denied their motion to suppress.I’ve found a few other reported cases involving Franks claims related to emails, but this one has a good defense argument plus some unusual facts. As may be apparent from this court’s decisions, it’s very difficult to win on a Franks argument.
This post is another in a series of posts I’ve done that deal with Customs agents searching people's laptops at international borders.
As I've explains in several posts, the border search exception is one of the exceptions to the 4th Amendment’s requirement that officers get a warrant before searching someone’s property. Those posts, like this one, focused on the application of the border search exception to laptops people are carrying into or out of the U.S. As I've explained, so far most federal courts have held that the exception does apply to laptops and other electronic devices that store data. What this means in practice is that Customs officers can treat a laptop like a suitcase, i.e., they can open it up (turn it on) and look through its contents to see if they find anything that is illegal in and of itself (contraband) or anything the person otherwise shouldn’t be carrying across the border.This post is about a case in which the officers’ reliance on the exception proved to be problematic, according to a U.S. Magistrate Judge: U.S. v. Cotterman, 2009 WL 465028 (U.S. District Court for the District of Arizona 2009). The case began on April 6, 2007 at 9:57 a.m., when Howard and Maureen Cotterman came to the Lukeville Port of Entry (POE) in Lukeville, Arizona seeking admission to the United States: In primary [inspection], a Treasury Enforcement Communication System (`TECS’) hit was observed based on Mr. Cotterman's convictions for child sex crimes in 1992. Based on the TECS hit, the Cottermans were referred to secondary [inspection]. . . . [T]hey were told to exit the car, leave their belongings. . . . and wait in the small lobby at the POE. They were not handcuffed, but since they could not access their car, for pragmatic purposes they were not free to leave.
Two border inspectors searched the . . . car for one and a half to two hours. . . . [T]hey found . . . two laptop computers which they turned over to Agent Alvarado for inspection. . . .Agent Alvarez examined the . . . laptops, but was unable to discover any contraband. However, on one of the computers, certain files were password protected. Agent Alvarez then went on to attend to other duties.
The TECS hit was . . . assigned to . . . agent Riley. Riley and . . . Agent Brisbine traveled to Lukeville, arriving about 3:30 p.m. . . . Riley interviewed Mr. and Mrs. Cotterman separately. Mr. Cotterman offered to assist in accessing his computer, but Riley declined due to concerns [he] might . . . sabotage [it]. . . . Brisbine drove the laptop[s] . . . to Tucson, arriving between 10:30 p.m. and 11:00 p.m. He turned the[m] over to John Owen for forensic evaluation, which Owen began immediately. The Cottermans were finally allowed to leave Lukeville at approximately 6:00 p.m.
Owen continued the forensic examination on Saturday and Sunday. . . .On Sunday it was determined there was no contraband on Mrs. Cotterman's laptop. . . . [but] 75 images of child pornography were on Mr. Cotterman's laptop in unallocated space.
Mrs. Cotterman's laptop was returned Monday morning. However, a copy of the laptop was made by Owen and is still in his file. . . . Mr. Cotterman was asked to come to the Tucson ICE office and provide the passwords. [He said] he would have to call some business associates to get the password(s), and would be in later. . . . [O]n Monday, [he] boarded a plane for Mexico, ultimately traveling to. . .Australia. . . .
[B]efore she arrived in Lukeville [Riley] determined that . . . computers would be taken to Tucson for forensic evaluation. . . . Brisbine determined that `one way or another’ those computers were going to Tucson because ICE field guidelines required it. . . . Owen was at work in Tucson on April 6, 2007, and was notified at work sometime around lunch that the laptop computers would be brought in. He was not asked to travel to Lukeville.
U.S. v. Cotterman, supra. Mr. Cotterman was apparently apprehended at some point and charged with a crime (presumably possessing child pornography), because he moved to suppress “all evidence seized from him by Customs Inspections at the Lukeville Point of Entry.” U.S. v. Cotterman, supra. The prosecution argued that the search of both laptops was a legitimate border search. U.S. v. Cotterman, supra. The federal magistrate judge who ruled on the motion found that this case differed in an important regard from the four prior border search of a laptop cases:In . . . these cases, evidence of child pornography was found at the border inspection station or the international airport and within a matter of hours. In this case, the first evidence of child pornography was discovered 170 miles from the Lukeville port of entry, and at least two days after the Cottermans entered the United States.
This case poses the question, can the government seize property at the border, move it far away from the border and hold the property for days, weeks or months without any heightened scrutiny? Under those circumstances, the law requires the Government to have reasonable suspicion before extending the search in both distance and time away from the border.
U.S. v. Cotterman, supra. As I noted in the earlier posts, there are two kinds of border searches: A routine search does not require that the agent have reasonable suspicion to believe there’s contraband in a container; a nonroutine border search – which is much more intrusive than the routine search – does require reasonable suspicion. The government claimed this was not a nonroutine border search because it didn’t involve bodily intrusions (body cavity search) or damaging the Cottermans’ property. When the lawyers for the two sides were arguing the issue, the federal prosecutor “warned the Court that a time and distance restriction on border searches would be establishing new law”, which I assume the prosecutor indicated would be a bad idea on this judge’s part. U.S. v. Cotterman, supra. The judge, though, found that an established rule of law – the extended border search doctrine – applies when agents search property long after it has been seized and at a place “away from the border.” Courts have held that since these searches represent “a greater intrusion on the person”, they must be based on reasonable suspicion of criminal activity. U.S. v. Cotterman, supra. The judge also noted that at some point [t]he discrepancy in time and distance will become so great it is no longer an extended border search, thus requiring probable cause and a warrant. . . . [H]ad the forensic examiner in this case placed the Cottermans electronics equipment at the end of the queue, conducting the examination in a month or two, it could be argued the search was so removed in time as to no longer be an extended border search. We need not reach that question here, where the facts show reasonable diligence . . . in conducting the . . . examination. Therefore, the Government need only show reasonable suspicion. . . .
U.S. v. Cotterman, supra. As this judge explained, reasonable suspicion is less than probable cause. “Reasonable suspicion exists when an officer is aware of specific, articulable facts, which together with objective and reasonable inferences, form a basis for suspecting that the particular person to be detained has committed or is about to commit a crime.” U.S. v. Cotterman, supra.
The judge found that the officers in this case did not have reasonable suspicion to conduct the nonroutine examination of the Cottermans’ computers because there were only twocircumstances that support any suspicion; the TECS hit reflecting Howard Cotterman's 1992 conviction for child molestation and the . . . password protected files on his laptop computer. After almost two hours of searching the Cotterman's car and electronic equipment, no basis for suspicion was determined, other than the existence of the password protected files. Using password protection can be for legitimate purposes as well as nefarious purposes. In fact, the witnesses at the hearing conceded that legitimate use of password protection on laptop computers was commonplace. . . .
[T[he TECS hit alone does not establish reasonable suspicion. The fact that password protection has innocent explanations does not necessarily negate this from being considered in determining reasonable suspicion. However, in this case, the additional fact of password protected files on Howard Cotterman's computer does not amount to reasonable suspicion for three reasons. First, it is undisputed that Howard Cotterman offered to open the files at the Lukeville port of entry. Second, the facts show that Officer Riley had determined that she was taking both laptops in for a forensic evaluation before she left Sells to travel to Lukeville. Third, perhaps most importantly, the customs officers also seized Mrs. Cotterman's laptop, which was not password protected.
U.S. v. Cotterman, supra. The judge also found the agents’ intention to seize the laptops was based on ICE field guidelines, which tell agents they can copy, image or seize electronic media if a violation of the law is “immediately apparent” or if they want to have it examined by a technical expert. The judge found that the guidelines do not incorporate the 4th Amendment’s requirement of reasonable suspicion for nonroutine border searches, which makes them problematic in situations like this one. Finally, the judge found the agents had no 4th Amendment justification for holding onto the copy of Mrs. Cotterman’s hard drive: “At the hearing [on the motion to suppress], Mr. Owen suggested some vague, speculative ways in which the hard drive could possibly, but apparently not actually, contain probative information. If there is probative information on the hard rive, seventeen months is more than enough time to determine that.” U.S. v. Cotterman, supra.The federal magistrate judge therefore (i) granted Mr. Cotterman’s motion to suppress all of the evidence seized in the border stop and (ii) ordered the government to return the copy of Mrs. Cotterman’s hard drive and “retain no copy of it.” U.S. v. Cotterman, supra.
This post is about a case in which Facebook was implicated in a claim of witness tampering. Before we get to the facts of the case, we need to review the law at issue.Section 1512(b)(1)- (2) of Title 18 of the U.S. Code makes witness tampering a crime:Whoever knowingly uses intimidation, threatens, or corruptly persuades another person, or attempts to do so, or engages in misleading conduct toward another person, with intent to. . . cause or induce any person to . . . withhold testimony, or withhold a record, document, or other object, from an official proceeding. . . shall be fined under this title or imprisoned not more than 20 years, or both.
Section 1515 of Title 18 of the U.S. Code defines “official proceeding” as “a proceeding before a judge or court of the United States”, i.e., a federal civil or criminal case. The case we’re dealing with is Maldonado v. Municipality of Barceloneta, 2009 WL 636016 (U.S. District Court for the District of Puerto Rico 2009). Here’s what it’s about:The matter before this court is a motion to issue a protective order barring Julio DĂaz from having further contact with witness Alma Febus. The request arises from a series of contacts between DĂaz, a defendant in a different case borne of the same nucleus of facts, and Febus, witness for the plaintiff in the instant case. On January 14, 2009, DĂaz offered an invitation on Facebook to join his Facebook ‘group’. Febus ignored this invitation. On January 30, 2009, DĂaz sent a ‘Facebook message’ to Febus. Febus claims that as a result of receiving the message, she is now fearful of DĂaz. Plaintiff asserts that this contact violates the federal witness tampering statute and seeks a protective order.
Maldonado v. Municipality of Barceloneta, supra.The opinion the judge issued on the witness tampering claim doesn’t tell us what that other case is about, but I googled Julio Diaz and Alma Febus, and came up with this:Puerto Rico Superior Court Judge Nelson Canabal ruled . . . that Julio Diaz and two other Animal Control Solutions employees must stand trial for multiple charges of animal cruelty. The three men stand accused of confiscating approximately 80 pets from the residents of public housing facilities and hurling them from a 50-foot bridge in Barceloneta, Puerto Rico. Few animals survived the fall and those who did received serious injuries.
The incident generated worldwide outrage and a boycott of Puerto Rico, which is a territory of the United States. Officials estimated a loss of $15 million in tourism revenue between October and December 2007.
`What I would like to get is some justice for all the dogs and cat that died October 8, 2007’. . . comments Alma Febus, one of the investigators of this case. . . .
Diaz continues to deny the charges and his lawyer states they will appeal the ruling.
Since the bridge they talk about in this story was in Barceloneta, and since this case involves the Municipality of Barceloneta, I assume the Diaz and Febus whom the story talks about are the same people involved in this witness tampering claim. The issue the federal magistrate judge had to resolve was whether what Diaz did constituted witness tampering or attempted witness tampering under the federal statute. Here’s the translation of the message:If you want to see the evidence that exists against the municipality let me know so that you can inform yourself well and please consult with a lawyer your civil responsibilities as far as defamation. Soon we will be filing a lawsuit and you could be included. My only request is that you are objective when mentioning my name.
Maldonado v. Municipality of Barceloneta, supra. Each side had a very different take on what the message meant:Febus interprets this statement as a veiled threat, causing her `fear and apprehension regarding her safety and of the possible consequences of her providing information regarding her testimony in the instant case.’ Febus remains ready to be a witness at trial. The defense unsurprisingly interprets the message much differently. To them, DĂaz' message `in essence, advises her to be better informed, cautions her against future defamation towards him[,] and mentions a potential civil action.’ The defense also appears to assert as a defense to witness tampering Febus' `defamatory’ language on the Facebook group page she subscribes to. Defamation is not a defense to witness tampering, and will not be addressed further.
Maldonado v. Municipality of Barceloneta, supra.The court noted that there also seemed to be confusion as to the classification of the message in question. Defendants incorrectly claim the message constitutes a `blog.’ See Quixtar Inc. v. Signature Mgmt. Team, LLC, 566 F.Supp.2d 1205, 1209 n. 3 (D.Nev.2008) (defining a blog as `[a] frequently updated web site consisting of personal observations, excerpts from other sources, etc.') Plaintiffs incorrectly claim the message constitutes an e-mail. . . . This type of communication, a message sent on Facebook, . . . which has not been considered by this circuit or in any other circuit to the court's knowledge, is likely a hybrid of the two. The message in question is clearly in the latter category: messages sent to a user's Facebook inbox are not publicly viewable. Thus, they are not in the `public domain,' where First Amendment rights might attach.
Maldonado v. Municipality of Barceloneta, supra.The federal magistrate judge ruling on the motion also noted that Diaz’ message “raises issues of hearsay”, but that wasn’t a problem because 18 U.S. Code 1512 specifically allows hearsay and other inadmissible evidence to be considered in assessing a witness tampering claim. Maldonado v. Municipality of Barceloneta, supra.The judge ultimately held that Ms. Febus was not entitled to a protective order because Diaz’s message did not constitute witness tampering or attempted witness tampering:Regardless of how the parties choose to construe the message, plaintiff's motion runs afoul of the section 1512 scienter requirement. To violate the statute, it is required that one knowingly use intimidation or physical force, which has been interpreted by the courts to require a culpable mens rea. There is no evidence, neither raised by the plaintiff nor observable through inference, that DĂaz intended to intimidate Febus. Plaintiff further fails to provide evidence of a corrupt purpose behind DĂaz' words. This court can only see one threat in his Facebook message: the threat of future litigation. This is an insufficient basis for finding witness tampering. Plaintiff fails to provide this court with proof of DĂaz' intent to intimidate Febus, a required element of section 1512.
Maldonado v. Municipality of Barceloneta, supra.This is the only reported case I can find in which a claim of witness tampering was based on the use of Facebook. I don’t see why using Facebook or MySpace can’t provide the basis for a valid witness tampering (or attempted tampering) claim, as long as the facts indicate what just was not present here. If Diaz had sent an overtly threatening or otherwise coercive Facebook message to Ms. Febus, then that would certainly qualify as tampering or attempted tampering. As I’ve noted here before, the method someone uses to commit a crime should usually be irrelevant. As long as what the defendant did inflicted – or was intended to inflict – the harm the criminal statute outlaws, the defendant has violated the statute and can be held liable (or become the subject of a protective order, I assume).
As I’ve noted before, cyberspace erodes the importance of territorial boundaries and, in so doing, erodes the efficacy of the approaches we’ve traditionally used for maintaining order within a society (criminal law + law enforcement = controlling crime) and among societies (military forces = repel and discourage military attacks).
That means we need to come up with ways to modify these approaches and/or adopt new approaches that are either added to the ones we currently use or supplant them.It’s easy to say we need to come up with new approaches, and difficult to actually do so. One of the possibilities I’ve written about in law review articles and in my latest book, is trying to incorporate civilian participation into the law enforcement effort (and maybe into an intermingled law enforcement-military effort to maintain order in cyberspace, but that’s a really challenging possibility). As I noted in an earlier post, we tried that in the past with spectacularly disappointing results. The problem is that if we delegate law enforcement authority – on even a VERY minor level – to civilians, things can go sadly awry; the obvious solution is to have law enforcement personnel carefully monitor what the civilian deputies (in essence) do, but that pretty much defeats the purpose. In other words, using law enforcement personnel to monitor civilians who are supposed to be helping with the law enforcement effort may not be the best use of law enforcement personnel. I’ve done presentations recently on topics that touch on these issues, and I’ve had the same proposal come up twice: revive the use of letters of marque and reprisal. As you may know, Article I § 8 of the U.S. Constitution gives Congress the “Power To . . . grant Letters of Marque and Reprisal”. As a recent law review article notes, this power gives Congress sole authorityto commission privateers. `The privateer, as understood at the outbreak of the war for American independence, was a ship armed and fitted out at private expense for the purpose of preying on the enemy's commerce to the profit of her owners, and bearing a commission, or letter of marque [and reprisal], authorizing her to do so, from the Government.’ Although the United States used privateers extensively from the period extending from the Revolutionary War through the War of 1812, Congress did not issue any letters of marque and reprisal after the War of 1812.
William Young, A Check on Faint-Hearted Presidents: Letters of Marque and Reprisal, 66 Washington & Lee Law Review 895, 896 (2009) (footnotes omitted).
In 1856, a treaty known as the Declaration of Paris banned the use of letters of marque and reprisal, but the United States never signed the treaty, and therefore is still not bound by it. A month ago, Representative Ron Paul joined “a growing number of national security experts” to ask Congress to use letters of marque and reprisal as a tool against the Somali pirates. Others, like the author of the article I quoted above, note that issuing letters of marque and reprisal in today’s legal environment “could violate customary international law and the sovereignty of a foreign power, not to mention appearing as an act of aggression”. Young, A Check on Faint-Hearted Presidents, supra. I can’t assess the merits of this dispute because I know nothing about letters of marque and reprisal. This post, though, isn’t about using letters of marque and reprisal on the high seas, which is how they were historically used. Instead it’s about whether the constitutional power to issue letters of marque and reprisal could be adapted for use in cyberspace. The first step is parsing what a letter of marque and reprisal really authorizes. According to another law review article, “[m]arque and reprisal evolved from the medieval practice of reprisal, which allowed people to cross borders to obtain redress for a specific injury they suffered at foreign hands.” Eugene Kontorovich, The Piracy Analogy, 45 Harvard Journal of International Law 183, 211 (2004). The letter of marque a reprisal lets the owner pass the border of his country (“marque”) and exact reprisal on the person(s) who caused him injury. According to Professor Kontorovich, what began as a general power had by the 1600’s morphed into “a general license to prey on foreign shipping” on behalf of one’s sovereign. Other sources tend to describe marque and reprisal as purely focused on seizing the assets of citizens who are subjects of a country that is at war with or otherwise feuding with the country that issues the letters. Since I don’t see how a power that is limited to seizing assets could be particularly useful in the cybersecurity context, I’m going to approach marque and reprisal in the general, medieval sense: as a power to cross national borders to exact reprisal on someone who has injured you. If we construe the constitutional power to issue letters of marque and reprisal in this way, it almost sounds like the strike-back option that has been floated as a way to deal with cybercrime. I wrote about that option in a post I did a couple of years ago; the premise seems to be that just as I have a right to use force to repel someone who is trying to steal or damage my property, I should have a right to use cyberforce to strike back at someone who is attacking or has attacked my computer system. As I wrote in that post, I see a lot of problems with the strike-back option, the most important of which is that it can be an invitation to vigilantism. I might be tempted to do more than just make the person who hacked my system or is trying to hack my system back off; I might go after them seeking revenge for that and other attacks and go too far. I might also go after the wrong target, which could cause all kinds of problems as well as maybe getting me charged with a crime (unauthorized access + damage to a system). Marque and reprisal could put a different gloss on strike-back because instead of simply acting on my own, I would be acting with Congressional approval. I would in effect be a soldier – an online privateer – defending the United States from cybercriminals and other cyberthreats. I can see problems with that, though: What if, in my enthusiasm, I were to attack a computer system belonging to another government, North Korea, say?
If I’m acting on my own, that could be a cybercrime and the North Koreans could ask the U.S. government to extradite me so I could be prosecuted in North Korea. If I’m doing in on behalf of the United States, does that transform my conduct into something more . . . into an act of war, perhaps? I don’t think we know the answer to that; when letters of marque and reprisal were used in the eighteenth century, they were issued by a country (the United States) that was at war with another country (England). Since the countries were already at war, you didn’t have the “is this an act of war?” problem. Let’s assume we could come up with some way to avoid the online-privateeer-starts-a-cyberwar issue and consider the utility of cyber-letters of marque and reprisal. I guess my first question would be about motivation: Letters of marque and reprisal used to be popular with ship owners because they could engage in piracy legally; they could seize ships and cargos and sell both, keeping the money for themselves.
If we were to decide to use cyber-letters of marque and reprisal, I’m not at all sure we should incorporate the “use this power to enrich yourself” aspect of the old letters. I’m quite sure people could use the cyber-letters to enrich themselves by hacking into criminal systems and taking whatever could be sold or redeemed for profit. I’m just not sure it’s a good idea; earlier I noted that the best-intentioned efforts to incorporate civilians into the process of law enforcement can go awry because things get out of hand. (If you haven’t seen it, the movie The Oxbow Incident comes to mind.) It seems to me things could REALLY get out of hand if we add a profit motive into the mix. Another problem I see with trying to adapt letters of marque and reprisal for use in the cybersecurity arena is the need to define who’s fair game and who isn’t. As I noted above, when the letters were in use three or four hundred years ago, they were used when countries were already at war with each other; so defining who was and who was not fair game was easy. The enemy was the target, the only legitimate target.
There aren’t any (declared) states of cyberwarfare at the moment, so we don’t have that criteria to use in defining who’s fair game and who’s off limits. And even if we are in a state of cyberwarfare at some point, with a declared enemy nation-state, I don’t think it would be a good idea at all to bring civilians into the mix, especially not if they’re motivated by a desire for profit. Entities in cyberspace don’t – to the best of my knowledge – fly flags or do other things that clearly identify who they are, so I can see a real potential for error (and overreaching) by our hypothetical cyber-privateers. Even if we were to limit the cyber-privateers’ operations to cases of cybercrime, I still see problems (in addition to those noted above). Knowing very little about the old high-seas privateers operating under letters of marque and reprisal, my sense is that one of their strengths was that they were a nimble, evasive force that could attack and defeat civilian shipping with ease, after which they retreated to their home country to sell the booty.
If we were to authorize cyber-privateers to deal with cybercriminals, it seems to me we’d be opening up the possibility of essentially reversing that dynamic: I’m assuming that the cyber-privateers would be representatives of legitimate U.S. businesses and other entities who are going after online criminals as redress (reprisal) for prior attacks on them or on other U.S. businesses or entities. If I’m correct in assuming that, then it seems to me our cyber-privateers could make the entities they work for sitting ducks. The cybercriminals are likely to be the nimble, evasive force in this scenario, while the cyber-privateers are likely to be working for stable, easily identifiable entities . . . and targets. So all they might do is provoke more attacks as a type of counter-revenge.
As I explained in a post I did last year, criminal charges against someone are brought in a charging document, which is usually an indictment (charges returned by a grand jury) or an information (charges brought by a prosecutor without using a grand jury).
As I also explained, each criminal charge – each accusation of violating a specific criminal statute – is brought in a separate “count” of the indictment or information.That post was about the rules that are used to decide the scope of the charge that can be put in a single count. This post is about a related but different issue: Deciding what crimes arose from a particular course of conduct. To analyze that issue, we’re going to use the facts and charges in State v. Wolf, 2009 WL 1152183 (Ohio Court of Appeals 2009). Here are the facts, as set out by the court:Larry Wise, the Superintendent of the Shelby City Wastewater Treatment Plant, was cleaning out some old files from the city-owned computer at the plant during which he found a nude photograph of one of his employees, Richard Lee Wolf. . . . Wise immediately shut down the computer and reported the situation to the Shelby Utilities Director, Brad Harvey. Mr. Harvey . . . contacted the Shelby Police Department, asking to speak to Chief Mike Bennett personally for advice on how to proceed. The chief was unavailable that day, so Mr. Harvey directed Mr. Wise to take the computer, and lock it in the trunk of his car where it would be secured for the weekend.
The following Monday morning, Larry Wise took the computer to the Shelby Police Department and turned it over to Sergeant David Mack, who was assigned to conduct the investigation. Sgt. Mack immediately made contact with [Wolf] . . . and took a statement regarding his activities on the city's computer during working hours. [Wolf] admitted he joined a website called `Adult Friend Finder’ . . . to meet women. Several . . . women asked for his picture, so he bought a digital camera . . . and took some naked pictures of himself. [Wolf] admitted he used the city-owned computer in the wastewater treatment plant to upload and send those photographs while he was on the clock. He also accessed various pornography websites . . . . [Wolf] admitted his conduct was in violation of established work practices, and was `unethical and wrong;’ however, he did not believe that he committed a crime. . . .
Sgt. Mack contacted Detective Scott Dollison of the Westerville Police Department to conduct a forensic analysis of the . . . hard drive. . . . Dollison determined there were several inappropriate web sites that were accessed on the city-owned computer. In the computer's temporary internet files, Detective Dollison located 703 pornographic photos and several sexually explicit e-mails in which [Wolf] was soliciting services from a dominatrix named Madam Patrice. Comparing the dates and times the photographs and e-mails were accessed to the time cards from the wastewater treatment plant, Sgt. Mack determined [Wolf] was working during those times.
Following the forensic analysis of the computer, Sgt. Mack met [Wolf] at the wastewater treatment plant. . . . [and] took another statement from [him]. [Wolf] admitted he used the internet on the City of Shelby's computer during hours he was working for the City of Shelby. [He] estimated that he spent over a hundred hours on the internet for personal business when he should have been performing work for the City of Shelby.
Payroll records maintained by the City of Shelby indicated [Wolf]'s hourly wage in December, 2005 was $17.19 an hour plus benefits. . . . [and, later,] $17.71 an hour, and with benefits it was $23.92. Therefore, for the hundred hours [Wolf] was on the internet while he should have been working, he would have been paid $2,392.00.
State v. Wolf, supra. Wolf “was indicted by the Richland County Grand Jury on one count of theft in office, with a specification that the value of the property or services stolen was more than $500 and less than $5000, in violation of [Ohio Revised Code §] 2921.41(A)(2), a fourth degree felony” and on “one count of unauthorized access to a computer, with a specification that the value of the property or services stolen was more than $500 and less than $5000, in violation of [Ohio Revised Code § 2913.04(B), a fifth degree felony”. State v. Wolf, supra. He pled not guilty, went to trial and was convicted.On appeal, Wolf argued, among other things, that there was “insufficient evidence to establish the elements” of either crime. State v. Wolf, supra. The Ohio Court of Appeals rather cursorily disposed of his argument that the evidence was not sufficient to support his conviction for unauthorized access to a computer:Upon review, we find that the crux of the State's `unauthorized use’ case was based on the proposition that [Wolf] was acting outside the scope of his authorization to use the computer by engaging in criminal conduct, i.e. soliciting prostitution.
Having found that the State presented evidence [Wolf] used his computer to upload nude pictures of himself onto adult dating sites and to access certain pornographic websites to support the charge of solicitation. . . we find such conduct was `beyond the scope of the express or implied consent” and the charge of `unauthorized use of a computer’ was based upon sufficient evidence.
State v. Wolf, supra. The Ohio statute, Ohio Revised Code § 2913.04(B), based an unauthorized access charge on the defendant’s accessing a computer or computer system “without the consent of, or beyond the scope of the express or implied consent of, the owner of the computer” or computer system. So the crime Wolf was convicted of is really an exceeding authorized access (insider goes too far in using the system he is authorized to use) crime, rather than an unauthorized access (outsider “breaks into” a system he/she isn’t authorized to use). I think the Court of Appeals was correct; while I’m sure the City of Shelby didn’t have a policy telling its employees they weren't not to use city computers to access porn sites and/or upload nude pictures of themselves to adult sites, I suspect its employees knew they weren’t supposed to do this. Since Wolf admitted he “established work practices” at the wastewater treatment plant, the evidence proved beyond a reasonable doubt that he knowingly used the city computer in a way he was not authorized to. Wolf had much better luck with the theft in office charge. As I noted, that charge was brought under Ohio Revised Code § 2913.02, which proves as follows:(A) No person, with purpose to deprive the owner of property or services, shall knowingly obtain or exert control over either the property or services in any of the following ways:
(1) Without the consent of the owner or person authorized to give consent;
(2) Beyond the scope of the express or implied consent of the owner or person authorized to give consent;
(3) By deception;
(4) By threat;
(5) By intimidation.
(B)(1) Whoever violates this section is guilty of theft.
The Court of Appeals also dealt with this issue cursorily, but this time Wolf came out ahead:[T]he State is alleging [Wolf] deprived the City of Shelby of his services while he was engaging in the unauthorized use of his computer.
Upon review, we find that while the State presented evidence [Wolf] spent approximately 100 hours over a five month-period utilizing internet websites that were not related to his job, there was no evidence presented that his job performance suffered or that he failed to perform his job duties.
Furthermore, even if it could be shown that [Wolf] failed to perform such job duties, while it could certainly serve as a basis for termination from his employment, such could not be the basis of a criminal theft in office charge.
State v. Wolf, supra. The Court of Appeals therefore affirmed Wolf’s conviction on the unauthorized access charge but reversed his conviction on the charge of theft in office and vacated the sentence the trial court had imposed on him. State v. Wolf, supra. I’m not sure I agree with that result. One of the judges wrote a dissent, in which he said the other judges had “written an additional element into the theft in office charge that does not exist.” State v. Wolf, supra (Delaney, dissenting). Judge Delaney pointed out that Wolf “spent over 100 hours of his paid work time over a five-month period in which he solicited prostitution, uploaded nude photos of himself and perused pornographic websites on a city-owned computer, Internet, and email system.” He thought, and I tend to agree, that this would qualify as theft of services, since Wolf was getting paid for time he devoted to non-work activities. I can’t find another case involving similar charges and similar facts, but there are fraud cases in which the fraud consisted of taking a salary while doing something other than working for the person’s employer. It seems to me Wolf did engage in theft of services because his employer “lost” something – the money it paid him to do his job for those hours when he was frolicking on the computer. I don’t see why his not getting his work done changes that, but I could be missing something . . . .
This post was inspired by a question I got from someone whose computer, computer equipment and storage media were seized by police pursuant to a search warrant. The police clearly had probable cause to obtain the search warrant and, we’ll assume, were within the scope of the warrant when they seized the computer equipment. So we’ll assume the seizure of the equipment was reasonable under the 4th Amendment. As I’ve explained in earlier posts, the 4th Amendment creates a right to be free from unreasonable searches and seizures, which means that reasonable searches and seizures do not violate that amendment.
As I’ve also explained in earlier posts, the default way for a search and seizure to be reasonable under the 4th Amendment is for them to have been conducted pursuant to a warrant, which is what happened in the hypothetical case we’re going to analyze. So there are no 4th Amendment problems with the police’s searching for and seizing the stuff that belonged to the person who asked me the question – John Doe, we’ll call him. And his question didn’t go to the propriety of the seizure of his computer equipment. It went to a different issue entirely: The search warrant was based on probable cause to believe he had hacked a computer system and done some damage, maybe quite a bit of damage. John Doe said he had “pirated software, movies, music” on the computer, and he wanted to know if the police could keep that material or whether they would have to give it back. His question there was really a scope question; that is, it went to whether the police could lawfully seize – and keep -- this material since it had nothing to do with the hacking allegations that were the basis of the warrant. He also had another, related question: whether the police could use the pirated material they found on the computer to bring charges against him for copyright violations and other crimes. I responded to John Doe directly, but I’m going to use this post to analyze the issues raised by his two questions. We’ll take them in order.The first issue is whether the police could lawfully seized the pirated material they found on John Doe’s computer. As I explained in a post I did last year, in executing a search warrant police have to stay within the scope of the warrant; that is, they can only search things that could contain what they’re looking for (so if they’re looking for a stolen big screen TV, they can’t search dresser drawers) and they can only seize items that fall within the scope of the warrant (the big screen TV). As I also explained, there is a rule – called the “plain view doctrine”—that lets police seize items that are not within the scope of the warrant as long as it is immediately apparent -- when they look at the items -- that they are either contraband or evidence of a crime. So if the officers executing a warrant to search for and seize evidence of hacking saw what they immediately recognized as a bag of cocaine sitting by the computer, they could seize the bag of cocaine; they couldn’t search for any more cocaine or other evidence of drug possession unless they got a search warrant that specifically authorized such a search. In the Doe case, I’m assuming the circumstances were a little different. I’m assuming the officers executing the warrant seized Doe’s computer and later found the pirated material on it. The plain view doctrine applies when police officers are searching in a computer, as well as when they’re searching for a computer, as long as when they search the computer they stay within the scope of the warrant. In our hypothetical, that means they’d be examining the computer for evidence of hacking; so as long as they found the pirated material while they were searching for evidence of hacking, the plain view doctrine would apply.What does that mean? It means that if the officer analyzing the hard drive of Doe’s computer saw the pirated material and immediately recognized it as what it was, the officer was legally authorized to seize the material, i.e., make a backup copy of it, say. The officer would not be authorized in searching for more pirated material under the plain view doctrine; he/she would have to get a new search warrant to do that. If, of course, more pirated material popped up as the officer continued to search the hard drive for evidence of hacking, then the plain view doctrine would apply to that material, as well. Now we come to the question of whether, having lawfully seized the pirated material, the police can keep it or whether they have to return it to John Doe. Lawfully seizing the material means that the officer who found it had probable cause to believe it was either contraband or evidence of a crime. (The Supreme Court has said that the immediately recognized standard just means the officer had probable cause, as soon as he or she looked at the thing, to believe it was contraband or evidence of a crime.) For the purposes of the 4th Amendment, it really doesn’t matter whether the material was contraband or evidence of a crime. Either works under the plain view doctrine. Whether the material is contraband or evidence of a crime does matter when it comes to deciding if the police can keep it forever or if they have to return it at some point.To understand why it matters we need to define the terms. Contraband is “any property that is illegal for a person to acquire or possess under a statute, ordinance or rule”. Ohio Revised Code § 2901.01(13). Or as Black’s Law Dictionary says, contraband is “property whose possession is unlawful”. Cocaine and child pornography are both contraband; it is illegal to possess either one. No one, therefore, has the right to possess contraband, under any circumstances. (Police and court systems obviously possess contraband of varying types, but that’s not personal possession; it’s possession for law enforcement purposes, basically, and so is not illegal . . . at least not unless and until a police officer or a member of the court appropriates some of it for personal use).Contraband is obviously evidence of a crime, but evidence of a crime is not necessarily contraband. All kinds of things can be evidence of a crime: John Doe’s computer, a gun, forged documents, a cell phone, etc. The evidence of a crime category is a residual category that captures items that can be used to convict someone of a crime but the possession of which is not illegal in and of itself.If, as I assume, John Doe’s pirated material was contraband, then it will never be returned to him, just as child pornography is never returned to the person on whose computer it was found. If we assume, for the purposes of analysis, that it does not constitute contraband but is merely evidence of a crime, then it is possible for John Doe to get it back. As I explained in a post I did a couple of years ago, someone in his position can file a motion for return of property; such a motion asks the court to require the police to give back items they seized as evidence. To prevail on such a motion, the person filing it has to show either of two things: One is that the property was improperly seized; so John Doe would have to show that the police had no justification for seizing his pirated material. That doesn’t sound likely. The other option is for the property owner to show that the court system and/or the police no longer need the items that were seized, and used, as evidence. In the earlier post, I talked about a case in which the owner of two computers did just this; he had already pled guilty and been sentenced, and asked the court to return the computers to his fiancĂ©. The government opposed the motion, arguing that the case wasn’t over because the guy seeking the return of the computers hadn’t exhausted his right to appeal the conviction or sentence or his right to seek relief in a habeas corpus action. As I recall, the man who owned the computers lost, which is pretty common. It’s difficult to get property seized as evidence of a crime returned to its original owner . . . which, of course, doesn’t mean that John Doe can’t try to get his pirated material back. Before I quit I should say a few words about John Doe’s other question: whether the police could use the pirated material to bring charges against him for copyright or other crimes. As long as the pirated material was lawfully seized under the 4th Amendment (plain view doctrine, again), the government can use it to charge John Doe with these crimes even though they have nothing to do with the probable cause on which the search warrant was based. Analytically, the government’s seizure of John Doe’s computer equipment was lawful under the 4th Amendment because it was based on a valid search warrant; and the government’s seizure of the pirated material was valid (or so we’re assuming) because it was seized pursuant to the plain view doctrine.
This post is a follow up to a post I did last year, which dealt with consents to search a person or property. In that post, I explained that consent is an exception to the 4th Amendment’s requirement that officers get a warrant to search a person or a place. In that post, I also explained that consent acts like a contract: the officer’s search will not violate the 4th Amendment as long as the search stays within the scope of what I consented to. So if an officer stops my car and says, “Can I search your car for a stolen rifle?” and I say “yes,” the officer can search the car only in places where a rifle could be. The officer could not, for example, open the glove compartment. If the officer goes outside the scope of the search I consented to, that portion of the search violates the 4th Amendment and any evidence the officer found will be suppressed. This post is about a recent opinion that considered whether the search of a computer exceeded the scope of the owner’s consent to the search. The case is U.S. v. Luken, 2009 WL 875033 (U.S. Court of Appeals for the Eighth Circuit 2009). Here are the facts that led to the court’s considering the scope of consent issue:An Immigration and Customs Enforcement investigation revealed that two credit card numbers believed to be Luken's were used in 2002 and 2003 to purchase child pornography from a website in Belarus. On July 25, 2006, three law-enforcement officers visited Luken at his place of employment. One of the officers, Agent Troy Boone of the South Dakota Department of Criminal Investigation, informed Luken that the officers believed Luken's credit card had been used to purchase child pornography. Boone told Luken the officers wanted to speak with Luken privately about the matter and look at his home computer. Luken agreed to speak with them at his home and drove himself to his house to meet them.
Upon arriving at Luken's home, Luken allowed the officers to enter his house. Luken's wife was home, so Boone offered to speak with Luken privately in Boone's car. Luken agreed. Once inside the car, Boone informed Luken that Luken did not have to answer any questions, was not under arrest, and was free to leave. Luken nevertheless agreed to speak with Boone. Luken discussed the nature of his computer use and knowledge. He admitted to purchasing and downloading child pornography for several years. He also admitted to looking at child pornography within the previous month. He stated, however, that he believed he had no child pornography saved on his computer.
After Luken admitted to viewing child pornography, Boone asked Luken if officers could examine Luken's computer. Boone explained the nature of computer searches to Luken and told Luken that, even if files had been deleted, police often could recover them with special software. Boone asked Luken if a police search would reveal child pornography in Luken's deleted files. Luken stated that there might be `nature shots’ on his computer, i.e., pictures of naked children not in sexually explicit positions, that he recently viewed for free. Boone then asked Luken to consent to a police search of Luken's computer, and Boone drafted a handwritten consent agreement stating, `On 7-25-06, I, Jon Luken, give law enforcement the permission to seize & view my Gateway computer.’ Luken signed and dated the agreement.
After seizing Luken's computer, Boone obtained a state search warrant to examine it. Boone . . . sought a warrant because he feared Luken would revoke his consent. That warrant, which . . . was good for ten days, gave police permission to search the computer for `[c]ontraband, the fruits of crime, or things otherwise criminally possessed’. . . . Boone removed the hard drive from Luken's computer and sent it to a state laboratory for analysis. He then left the state for computer-forensics training.
When Boone returned to South Dakota in late August, he discovered the state crime lab was backlogged and had not yet analyzed Luken's hard drive. At Boone's request, the lab returned the hard drive to Boone and Boone used forensic software to analyze it. Boone discovered approximately 200 pictures he considered child pornography. After speaking with a federal prosecutor, Boone randomly selected 41 of those pictures for which to prosecute Luken. Based on those 41 pictures, a grand jury indicted Luken for possession of child pornography.
U.S. v. Luken, supra.Luken moved to suppress the evidence found on his computer, arguing that Boone’s search of the computer hard drive violated the 4th Amendment for either or both of two reasons: (i) It exceeded the scope of the consent he gave Bone; and/or (ii) it was not justified by the search warrant because Boone’s search was conducted weeks after the search warrant expired. Appellant’s Brief, U.S. v. Luken, 2008 WL 822651.In moving to suppress, Luken argued that he consented to law enforcement’s “viewing” the computer, not searching it. Neither the federal magistrate nor the federal district court judge who each ruled on Luken’s motion bought his argument:The magistrate held in his report and recommendation that Luken's consent to a `view’ was sufficient to permit a full forensic examination of his computer's hard drive because that is what Boone, who wrote out the consent, assumed it meant. The district court adopted this reasoning. In judging the scope of Luken's consent, however, it is not what Boone believed that mattered but what Luken reasonably intended. Since Boone chose the language and wrote the consent Luken signed, any ambiguity or discrepancy between what Boone thought he had done and what Luken believed he was permitting must be resolved strictly against Boone as the drafter of the document. . . .
Appellant’s Brief, U.S. v. Luken, 2008 WL 822651. (In the federal system, federal magistrates often make the initial decision on a motion to suppress evidence by writing what's called a report and recommendation; a federal district court judge usually reviews the magistrate’s decision and either accepts it or comes up with an alternative decision.) Luken appealed the federal district court’s denial of his motion to suppress to the U.S. Court of Appeals for the Eighth Circuit. On appeal, he reiterated his argument that he consented to viewing the hard drive, not searching it:What Boone meant by his use of the term `view’ was unclear. Though Boone claimed it was obvious because he had been talking to Luken about how deleted images could be retrieved from a computer using special software, Boone, for whatever reasons, chose not to make it clear in the consent he drafted that this was actually what he intended to do. Obviously, Boone could have clearly said what he later claimed to have meant. He did not do so, however.
The words chosen by Boone when he drafted the consent are not just words. Those words have a meaning. In common parlance, the term view normally means nothing more than to `look at.’ Any reasonable person would have understood the term `view’ in this context to mean that Boone wanted to turn on Luken's computer and look through the files readily viewable on the machine.
The prosecution must show a reasonable person in Luken's position would have understood Boone, by use of the term `view,’ meant to conduct a full scale forensic examination of the hard drive in Luken's computer using special software not already on the computer to discover hidden files unknown to Luken. This the prosecution did not do. The subsequent forensic examination of the hard drive and discovery of thumbs.db files cannot, therefore, be justified by Luken's consent for Boone to `view’ his computer.
Appellant’s Brief, U.S. v. Luken, 2008 WL 822651.The Eighth Circuit didn’t buy Luken’s argument:[W]e agree with the district court that a typical reasonable person would have understood that Luken gave Boone permission to forensically examine Luken's computer. Boone made it apparent to Luken that police intended to do more than merely turn on Luken's computer and open his easily accessible files. Boone explained that police possessed software to recover deleted files and asked Luken specifically if such software would reveal child pornography on Luken's computer. Luken responded by telling Boone such a search would likely reveal some child pornography. He then gave Boone permission to seize and view the computer. In that context, a typical reasonable person would understand the scope of the search that was about to take place.
U.S. v. Luken, supra. The Eighth Circuit also held that since Luken had consented to the search of his computer, there was no need for it to consider his residual argument, i.e., that the search was invalid because the search warrant expired before it was conducted. Aside from anything else, this case illustrates how important it is for officers to use very precise language when they ask someone to consent to a search (or, to a lesser degree, to a seizure of property). The consent exception works like a contract: I give up my 4th Amendment rights to the extent -- and only to the extent -- that I specifically surrendered those rights to the officer who asked me to do so. If the officer's request isn't clear, that can cause problems for the prosecution down the road.
Here's the example I use to illustrate this in my criminal procedure class: Officer Doe stops Sam Smith's car because Smith is speeding. After Doe gives Smith a ticket for speeding, the stop should be over, but Doe wonders if Smith might have drugs in his car. Since Doe doesn't have probable cause to search the car under the vehicle exception, the only way he can search it is if Smith consents.
So Doe says to Smith, "Mind if I search your car?" If Smith says "no," has he consented to a search of the car? If Smith says "yes," has he consented to a search of the car?
There are a few state cases that deal with this exact issue. The "Smith" in one of them said that when the officer asked, "mind if I search your car?" he said "no," meaning "no I don't want you to search my car." He said that when the officer went ahead and searched the car, he thought he couldn't stop him, because, he claimed, the officer had ignored his original refusal.
Alternatively, if the person says "yes" when the officer asks if he can search the car, that could mean the person is in effect saying "no -- don't search my car" or it could mean "yes -- you can search my car."
If the officer just asks, "can I search your car for drugs?", that avoids any ambiguity and any need to resolve those ambiguities on a motion to suppress and/or on appeals from the denial of a motion to suppress. And the same principle applies whether the officer is asking for consent to search a car, a house or a computer.
A couple of days ago, I did a post on the recent case in which the Supreme Court held that to commit identity theft under the federal statute, you have to know you’re using the personal identifying information of a “real person.” In a comment to the post, someone asked what “real person” means, i.e., whether it’s someone who’s alive or can also be someone who has died.It’s a good question, one the federal statute at issue in that case doesn’t explicitly answer. I found some state statutes that do address this issue, but I’ll get to them in a minute. The question as to whether 18 U.S. Code § 1028A, the statute at issue in the Supreme Court case, encompasses a deceased person’s identity has been addressed by two of the U.S. Circuit Courts of Appeal. The U.S. Court of Appeals for the Eighth Circuit dealt with this issue a year ago in U.S. v. Kowal, 527 F.3d 741 (2008).
Kowal was charged with multiple violations of § 1028A, was convicted and appealed, arguing in part that the convictions on two of the counts should be reversed because “the statute does not cover the theft of a deceased person’s identity.” U.S. v. Kowal, supra.Since the statutes doesn’t SAY it encompasses the identity of one who’s deceased, the Court of Appeals had to rely on a general parsing of the term “person:”[T]here are varying dictionary definitions of `person.’ Some pertain only to living persons while others are not so limited. In common usage, however, the adjectives `living’ and `deceased’ may both properly be used to narrow . . .the meaning of the noun `person.’ The word `person' thus encompasses both the living and the deceased, and each of such persons possesses an identity which is susceptible to misappropriation. It is reasonable to assume Congress considered it unnecessary to distinguish between theft of the identity of a deceased person as opposed to a living person because the word `person’ is broad enough to cover both.
The context in which `person' is employed supports this conclusion. General principles of statutory construction provide that we look to the structure of the statute and the language surrounding the term to ascertain its meaning. When two statutory provisions employ the same word in close proximity, the `normal rule of statutory construction that identical words used in different parts of the same act are intended to have the same meaning' carries even greater weight. Both 18 U.S.C. §§ 1028A(a)(1) and 1028A(a)(2) prohibit the use `without lawful authority, of a means of identification of another person,’ but § 1028A(a)(2) adds an additional phrase prohibiting the use of a `false identification document.’ Section 1028A(a)(2) deals with identity theft related to acts of terrorism and imposes a mandatory five year sentence upon conviction. Cf. § 1028A(a)(1) (two year mandatory sentence). To interpret § 1028A(a)(2) to apply only to those terrorists who steal a living person's identity would be inconsistent with what otherwise appears to be an effort to achieve broad coverage, as evidenced by the statute's prohibition of false identification documents in addition to `means of identification of another person’ and the congressional purpose to prevent aggravated identity theft, as well as the provision for more serious sentences for violations of this subsection. Reading `person’ . . . to include a deceased person avoids the illogical result of limiting the scope of the terrorist provision, and the close proximity of the identical phrase in § 1028A(a)(1) leads to the conclusion that `person’ has the same meaning in both subsections. We conclude that the term “person” as used in § 1028A(a)(1) is not ambiguous.
The legislative purpose in protecting individual identity by passage of the aggravated identity theft statute supports this interpretation. An identity stolen from an actual person based on a real name, a real social security number, and a real birth date makes detection of the theft more difficult than if a perpetrator had fabricated a false identity. An identity stolen from a deceased person, however, is far less likely to be uncovered than one stolen from a living person. [Section] 1028A(a)(1) imposes a stiffer penalty on these types of identity thefts precisely because they are more difficult to uncover.
U.S. v. Kowal, supra. So this court held that the statute at issue in the Supreme Court case applies both to living and deceased persons; and the U.S. Court of Appeals for the First Circuit reached essentially the same conclusion in U.S. v. Jimenez, 507 F.3d 13 (2007). I also found a decision from a federal trial court, which agreed with these appellate courts. It seems, then, that a deceased person is a “real person” under the federal identity theft statute . . . unless and until the U.S. Supreme Court decides to address that issue, which I seriously doubt will happen. That led me to wonder if the states have addressed this issue and if so, how they’ve dealt with it.I found a few state statutes that do what the federal statute doesn’t, i.e., expressly state that identity theft can involve using the personal identifying information of someone who is deceased. Here, for example, is North Carolina’s identity theft statute:A person who knowingly obtains, possesses, or uses identifying information of another person, living or dead, with the intent to fraudulently represent that the person is the other person for the purposes of making financial or credit transactions in the other person's name, to obtain anything of value, benefit, or advantage, or for the purpose of avoiding legal consequences is guilty of a felony punishable as provided in [North Carolina General Statutes] 14-113.22(a).
North Carolina General Statutes § 14-113.20(a). Ohio has a similar provision (Ohio Revised Code § 2913.49(A), as do these states: Oklahoma (21 Oklahoma Statutes § 1533.1), Rhode Island (Rhode Island General Laws § 11-49.1-3), Utah (Utah Code § 76-6-1102(2)), Virginia (Virginia Code § 18.2-186.3(B1) and Washington (Washington Code § 9.35.020).Missouri does something a little different. Its statute makes identity theft a crime, just like the federal and other state statutes. It also creates a civil cause of action that lets the living victim of identity theft sue the perpetrator for damages. Missouri Statutes § 570.223. And then the statute includes this provision: “If the identifying information of a deceased person is used in a manner made unlawful by [this statute], the deceased person's estate shall have the right to recover damages pursuant to” the provision I just mentioned. Missouri Statutes § 570.223(6). I don’t think this provision means that the statute’s criminal provisions don’t apply to identity theft involving a deceased person. Another part of the Missouri statute says that the civil remedies do not “depend on whether a criminal prosecution has been or will be instituted” against the perpetrator. Missouri Statutes § 570.223(8).Kentucky’s identity theft statute also does something different. The statute makes it a crime (identity theft) to knowingly possess or use “any current or former identifying information of the other person or family member or ancestor of the other person”. Kentucky Revised Statutes § 514.160(1). I’m not really sure what that means in practice. As to the “family member” element, I don’t know why the statute makes it a crime to use John Doe Junior’s father’s identity, instead of just making it a crime to use John Doe Senior’s identity. And then there’s the ancestor issue: Maybe the ancestor element is just another way of addressing the issue of using the identity of a deceased person. If that’s true, then I don’t know why it matters that they have a descendant; in other words, it seems as if the crime would be using the deceased person’s identity, not using-the-identity-of-an-ancestor-of-John-Doe. Maybe I’m missing something. Washington’s identity theft statute used to have a similar provision, but they deleted it when the statute was revised in 2001. Washington Laws 2001, chapter 217 § 9. I have no idea why Washington did that.Finally, here’s my favorite identity theft statute. Oregon makes it a crime if someone “with the intent to deceive or defraud, obtains possesses, transfers, creates, utters or converts to the person’s own use the personal identification of another person.” Oregon Revised Statutes § 165,800(1). The Oregon statute then defines “another person” as “a real person, whether living or deceased, or an imaginary person.” Oregon Revised Statutes § 165,800(4)(a). Though I’m tempted to speculate otherwise, I assume the term “imaginary person” is intended to let Oregon prosecute someone who uses, say, “a fake social security card containing a fabricated social security number.” Mandujano-Real v. Mukasey, 526 F.3d 585 (U.S. Court of Appeals for the Ninth Circuit 2008). That’s what the Ninth Circuit Court of Appeals concluded in the Mandujano-Real case, and it’s probably correct. Either way, I can see a defendant using the Flores-Figueroa case, the Supreme Court case I mentioned earlier, to argue that the Oregon provision is unlawful because identity theft (as a generic crime) necessarily involves using the identification information of a “real” person . . . and imaginary persons are, I believe, definitely not real.
In 2001, I published an article on “virtual crime.” It analyzed the extent to which we needed to create a new vocabulary – and a new law – of “cybercrimes.” The article consequently focused on whether there is a difference between “crime” and “cybercrime.” It’s been a long time, and cybercrime has come a long way, since I wrote that article. I thought I’d use this post to look at what I said then and see how it’s held up, i.e., see if we have any additional perspective on the relationship between crime and cybercrime. In the article, I began by noting that in the Anglo-American common law tradition crimes have 3 elements: conduct (actus reus), intent (mens rea) and a forbidden result or “harm.”
Historically, crimes were committed in the real world, which means all 3 elements occur – more or less simultaneously – in the physical world. The law of crimes is has therefore been concerned with imposing liability and sanctions (e.g., death, incarceration, fines) for conduct that results in the infliction of corporeal harms, such as injury to persons or property or the unauthorized taking of another person’s property.As I wrote in an earlier post, we tend to conceptualize cyberspace as if it were a “place,” probably because we lack a better analogy. For the purposes of this discussion, though, I’ll assume the analogy is apt. If we assume cyberspace is a domain that exists along with but apart from the real world, the question arises as whether the principles of criminal law we apply in the real world are adequate to address crimes the commission of which exploits the unique advantages of cyberspace. To answer this question in the negative (real world criminal law is not adequate for cybercrime), we have to conclude that crime and cybercrime differ as to the conduct used to inflict harm and/or as to the harms inflicted. Criminal law is, after all, about preventing the infliction of harm.We should not simply assume criminal conduct vectored through cyberspace represents an entirely new phenomenon, i.e., cybercrime. It may represent nothing more than perpetrators’ using cyberspace to engage in conduct that has long been outlawed. The development of the telephone, for example, made it possible to perpetrate fraud in new and different ways, but fraud itself has been outlawed for centuries. If cyberspace is simply an implement that is being used to commit traditional crimes, then there probably is no need to recognize a separate category of “cybercrimes” and develop specialized legislation to deal with them; existing laws should be adequate to do so. Law has, for example, long made it a crime intentionally to cause the death of another human being. For the most part, law defines this generically as homicide, rather than differentiating types of homicide depending on the method used to cause death. That is, we do not have method-specific crimes like “homicide by firearm,” “homicide by poison,” “homicide by stabbing,” etc. Instead, we focus on the harm that results from specific conduct -- conduct which is intended to cause the death of another person- -- and define a crime that encompasses that harm. In analyzing whether cybercrime is distinct from crime, it is useful to consider whether law has confronted other situations in which the infliction of a harm sufficiently severe to warrant the imposition of criminal liability has been predicated on conduct that did not occur entirely in the real, physical world. I’ve found two instances in which this occurred. The English Treason Act of 1351 made it a crime to “compass or imagine the death of our lord the King, or of our lady his Queen or of their eldest son and heir”. This is an example of a “thought crime,” i.e., a crime which does not require that the perpetrator commit a volitional act in our shared, external reality which causes, attempts to cause or threatens to cause harm to someone or something. The Treason Act of 1351 punished people for their thoughts alone. (Please don’t ask me how often it was used; I’d like to know that myself, but haven’t found any data on the topic.)The Treason Act of 1351 is an historical aberration: Anglo-American law has for a long time rejected the use of thought crimes, for various reasons. One is that as long as I do nothing more than think bad things, I have not caused harm in the real-world; criminal law is concerned with controlling harmful behavior, not internal malice. Another reason is that laws like this are obviously subject to abuse; when I read this statute, I imagine Lord A, who’d like to get Lord B out of the way as a potential rival, accusing Lord B of imagining the death of the King; I’ve no idea what, if any evidence Lord A had to produce to get the King to act on that claim. I fear it wasn’t much, which is yet another reason why Anglo-American law, anyway, doesn’t criminalize thoughts: There’s too much room for such a law to be abused. And then there is the matter of freedom -- of letting people think what they choose as long as they don’t act on it.The first instance in which Anglo-American law departed from predicating criminal liability on conduct that did not occur in the real-world is therefore not helpful in thinking about cybercrime. If may have been simply a symbolic gesture, a way of underlining the extent to which subjects should respect the Royal Family.The other instance was definitely not symbolic; it resulted in thousands of prosecutions and executions in Europe in the 15th, 16th and 17th centuries. I refer, of course, to witchcraft.Unlike imagining the king’s death, a crime no element of which manifested itself in the real world, witchcraft incorporated both virtual world and real world elements. Until 1951, English law made it a crime to engage in witchcraft, which was defined to include “invoking any evil spirit, or consulting, covenanting with, . . . or rewarding any evil spirit . . . or killing or otherwise hurting any person by such infernal arts” or using them to enrich oneself. United Kingdom - Witchcraft Act 1735. This crime targeted the harm of using one’s power over the virtual world to summon evil spirits to injure others, harm their property and/or enrich oneself. As I said, thousands and thousands of people were convicted of witchcraft.We no longer have the virtual crime of witchcraft because we no longer believe one can manipulate forces in the “spectral world” to influence things in the real world. For the purposes of argument, though, let’s assume we still entertain such a belief and therefore still have the crime of witchcraft. That crime would consist of using evil spirits for any of the purposes noted above, i.e., hurt someone, damage property and/or reap a profit. If we believe it is possible to manipulate evil spirits to this end, then it is reasonable to use this crime to impose liability on those who do this; unlike those who committed the thought crime of imagining the king’s death, those who commit this crime are using virtual world forces to have an effect on persons and property in the real world. In that regard, I can see an analogy between witchcraft and cybercrime: In both instances, the perpetrator is physically situated in the physical world, which means that at least a portion of the actus reus plus the offender’s mens rea are real world phenomena. In both, the perpetrator manipulates virtual world forces to harm someone or some thing in the real world. So what?, you ask. In the article I argued that even though cybercrime – like witchcraft – departs from the traditional model of crime insofar as it involves the use of “otherworldly” forces, this, alone, does not justify creating specific cybercrime offenses. In other words, I argued that even though it involves conduct vectored though a non-corporeal reality, cybercrime is merely a method crime, i.e., crime the commission of which is distinct due to the tool the perpetrator uses. So I argued that we do not need a “law of cybercrimes;” we can address cybercrime by using traditional offenses that are revised, as necessary, to encompass the digital versions of these crimes. And I haven’t changed my mind. I have been thinking about the witchcraft trials a bit, but not because of the crime-cybercrime issue. I’ve been thinking of an issue that came up during the Salem witchcraft trials: spectral evidence. In the Salem trials, as in earlier witchcraft trials held in England, the judges had to decide if it was permissible to admit spectral evidence, i.e., evidence that (allegedly) came from evil spirits and other denizens of the non-corporeal reality that (allegedly) supported witchcraft. The concern was whether or not the evidence was reliable because, of course, only the person who’d “conversed” with the evil spirit could verify what it said. There was quite a debate about that. Cotton Mather, a prominent minister involved in the Salem trials, wrote a book – Wonders of the Invisible World -- defending the use of spectral evidence. He also cautioned that a conviction should not be based purely on spectral evidence because of its innate uncertainty. Cotton’s father – Increase Mather – disagreed; he said spectral evidence should not be used in witch trials. Increase Mather famously said “It were better that Ten Suspected Witches should escape, than that one Innocent Person should be Condemned." And does that have to do with cybercrime, you ask? I’m not sure. I find myself thinking of the spectral evidence issue because I wonder if there are any analogies to digital evidence. I spoke at a conference recently where I was on a panel with a prosecutor; the prosecutor said, at one point, that defense attorneys are not, as yet, doing a good job of challenging prosecutors when it comes to digital evidence. He seemed to think they’re not as conversant with the technology and the issues it raises (can be used to raise) as they could be, and certainly will be. When I have conversations like that, I for some reason think of the old debate over spectral evidence. Maybe because it’s the only previous instance I know of in which courts had to consider the admissibility of “otherworldly” evidence.
The U.S. Supreme Court recently decided a case that deals with an issue I wrote about in an earlier post. So I thought I'd update that post a bit.
The post was on an issue that had arisen under federal criminal law: whether someone can be convicted of identity theft if they did not know they were using the identity of a real person.
As I explained in that post, the federal identity theft statute makes it a crime “knowingly” to use the means of identification of another person. In the case I wrote about, the defendant cloned her Social Security number; that is, she used it to produce a series of fabricated Social Security numbers, at least one of which turned out to belong to a real person. She argued that she could not be convicted of violating the statute because he had no idea she was using a real person’s identity; she though she was committing fraud, not identity theft. In the post, I said I think she should win because what she committed is fraud and could therefore be prosecuted as fraud. The premise behind identity theft statutes is that they reach harmful conduct we haven’t already criminalized, i.e., using someone else’s personal identifying information without their permission.As you may have heard, the U.S. Supreme Court decided a case raising this issue on Monday of this week. The case is Flores-Figueroa v. United States, 2009 WL 1174852. The Flores-Figueroa Court held that to convict someone of identity theft in violation of 18 U.S. Code § 1028A “requires the Government to show that the defendant knew the means of identification at issue belonged to another person.” In reaching this result, the Court noted that the statute has both a fraud crime and a theft crime, and thatCongress separated the fraud crime from the theft crime in the statute itself. The title of one provision (not here at issue) is `Fraud and related activity in connection with identification documents, authentication features, and information.’ 18 U.S.Code § 1028. The title of another provision (the provision here at issue) uses the words “identity theft.” § 1028A (emphasis added) Moreover, the examples of theft that Congress gives in the legislative history all involve instances where the offender would know that what he has taken identifies a different real person. H.R.Rep. No. 108-528, at 4-5, U.S.Code Cong. & Admin.News 2004, pp. 779, 780-81 (identifying as examples of``identity theft` ‘dumpster diving,’ `accessing information that was originally collected for an authorized purpose,’ `hack[ing] into computers,’ and `steal[ing] paperwork likely to contain personal information’).
Flores-Figueroa v. United States, supra. I assume those, like the woman I wrote about last fall, who were convicted by courts that did not instruct the jury the defendant had to know the identification documents belong to another person will be bringing appeals. Sometimes, when the Supreme Court issues a decision it specifies that the decision is only prospective; that is, it doesn’t apply to cases already decided.
The Court does this when it’s deciding criminal procedure cases, e.g., cases that set the rules police have to follow in investigating crimes. If the Court changes a rule that tells police what they can and cannot do in, say, searching a car, it applies that rule prospectively because officers in the past cannot be expected to have followed it. You can’t follow a rule that didn’t exist.Here, though, the Court is saying that this statute has always required that the defendant know the identification information belonged to a real person. This means that any case in which a defendant was convicted without the jury being told they had to find that the government proved beyond a reasonable doubt that the defendant (like the one I wrote about last fall) knew the identification information belonged to a real person resulted in a conviction that is null and void (unless courts can come up with some way around that, which I doubt).
This post is, as the title indicates, about using a specific kind of evidence to impose a sentence on someone who has been convicted of a crime.
As I explained in an earlier post, the rules of evidence bar the use of hearsay in trials and in other judicial proceedings unless the hearsay in question falls into one of a number of exceptions to the general rule barring hearsay. As I explained, hearsay is “a statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted.” Federal Rules of Evidence, Rule 801(c). The federal system and every state define hearsay similarly, and they all recognize the same set of exceptions to the rule. As I explained earlier, hearsay isn’t allowed, as a general rule, because it denies the party against whom it is introduced an opportunity to effectively challenge its accuracy and reliability. A rumor would be hearsay; so if I took the stand and said I’d heard a rumor that you’re an axe murderer, you couldn’t do much to attack the basic accuracy of the content of the rumor. You could try to attack my credibility, but since I’m saying I heard this story from John Doe, and I trust John Doe, you’re pretty well stymied in attacking the inherent believability and accuracy of the axe murderer story. One of the exceptions is the “business records” exception. As Wikipedia explains, the rationale of this exception is the premise that “employees are under a duty to be accurate in observing, reporting, and recording business facts. The . . . belief is that special reliability is provided by the regularity with which the records are made and kept, as well as the incentive of employees to keep accurate records (under threat of termination or other penalty).” The presumptive accuracy with which business records are kept is assumed to overcome the law’s skepticism about admitting regular hearsay. The records are hearsay because the contents – the statements – they contain are being introduced to prove the truth of the matter(s) they attest to.That brings me to the case this post is about: Whitley v. State, 1 So.3d 414 (Florida Court of Appeals 2009). Here’s how the court described the issue in the case:Whitley . . .appeals his judgment and sentence as a prison releasee eoffender (PRR). [He] argues . . . that the trial court erred in relying on a printout from the Department of Corrections' website to establish the date of his release from prison for purposes of PRR sentencing, as the printout constituted hearsay and was unauthenticated.
Whitley v. State, supra.PRR sentencing is created and governed by a state statute: Section 775.082(9)(a)(1) of the Florida Statutes defines a “prison releasee reoffender” as a “defendant who commits” any of a list of specified crimes within “3 years after being released from a . . . correctional facility . . . following incarceration for an offense for which the sentencing is punishable by more than 1 year in this state.” Robbery is one of the crimes specified in this section. If a prosecutor determines that a defendant qualifies under this section, the prosecutor can “seek to have the court sentence the defendant as a prison releasee reoffender. Florida Statutes § 775.082(9)(a)(3). If the prosecutor offers proof thatestablishes by a preponderance of the evidence that a defendant is a prison releasee reoffender . . . such defendant is not eligible for sentencing under the sentencing guidelines and must be sentenced as follows:
a. For a felony punishable by life, by a term of imprisonment for life;
b. For a felony of the first degree, by a term of imprisonment of 30 years;
c. For a felony of the second degree, by a term of imprisonment of 15 years; and
d. For a felony of the third degree, by a term of imprisonment of 5 years.
Florida Statutes § 775.082(9)(a)(3). Someone sentenced as a PRR is not eligible for parole; they will be released only after they have served all of the sentence imposed on them. Florida Statutes § 775.082(9)(a)(3).Mr. Whitley therefore had an obvious incentive to challenge the court’s sentencing him as a PRR. His argument, as noted above, is that the prosecutor relied on inadmissible hearsay to prove he qualified for PRR sentencing:[Whitley] was convicted of robbery following a jury trial. At sentencing, the State sought to have [him] classified as a PRR. . . . To justify this classification, the State was required to show that [he] committed the instant robbery within three years of his release from a correctional facility. . . . The State offered a printout from the Department of Corrections' website to establish [Whitley’s] prison release date. [He] objected, arguing that this printout was hearsay. . . . The trial court overruled the objection, finding that the printout was admissible as a business record. Ultimately, it found that [Whitley] was a PRR and sentenced him accordingly.
Whitley v. State, supra. The Florida business records exception appears in another statute. Section 90.803 of the Florida Statutes says the rule barring hearsay does not apply to the items listed in this statute, which include the following: A memorandum, report, record, or data compilation, in any form, of acts, events, conditions, opinion, or diagnosis, made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity and if it was the regular practice of that business activity to make such memorandum, report, record, or data compilation, all as shown by the testimony of the custodian or other qualified witness, . . . unless the sources of information or other circumstances show lack of trustworthiness. The term `business’ . . . includes a business, institution, association, profession, occupation, and calling of every kind, whether or not conducted for profit.
Florida Statutes § 90.803(6)(a). The Department of Corrections would, therefore, qualify as “business” for the purposes of applying the exception. Notwithstanding that, the Florida Court of Appeals agreed with Whitley:The trial court should have sustained [Whitley’s] objection to the printout. For a document to be properly admitted under the business record hearsay exception, it must be created at or near the time of the event, from information transmitted by a person with knowledge, and must be kept in the course of regularly conducted business. . . . These requirements must be shown `by the testimony of the custodian or other qualified witness’ or must be properly certified. . . . In the instant case, the State did not introduce the testimony of a records custodian, and the printout from the website was not certified. Therefore, the trial court erred in admitting the printout from the Department of Corrections' website under the business record exception to the rule against hearsay.
Whitley v. State, supra. The Court of Appeals therefore affirmed Whitley’s conviction for robbery but reversed the sentence that had been imposed on him and remanded the case back to the trial court for resentencing. It noted that “[a]t resentencing, the State is not precluded from proving [Whitley] is a PRR by a properly-authenticated record." Whitley v. State, supra.Basically, the prosecutor simply messed up. I found an earlier decision from the same court in which it upheld the courts using a Department of Corrections printout in sentencing another defendant. Desue v. State, 908 So.2d 1116 (Florida Court of Appeals 2005). In that case, though, the Department of Corrections’ (DOC’s)custodian of records, Diane Thompson, testified that the `Crime and Time Report’ was an official document copied from DOC records, that an inmate's admit and release dates are recorded at or near the time the inmate is jailed or released, as the case may be, and that records of inmates' release dates are kept in the ordinary course of DOC's business.
Desue v. State, supra.
In an earlier post, I explained that the federal system and every U.S. state – and many other countries – criminalize what is commonly known as hacking.
As I explained there, U.S. statutes, anyway, tend to define hacking as “accessing” a computer without being authorized to do so. And as I noted in another post, the federal system – and at least some states – also make it a crime to access a computer without authorization in order to commit fraud. I just ran across a recent case that involved a charge of computer crime under Colorado law. What I find interesting about the case is that the statute the defendant was charged under doesn’t define computer crime in terms of “access.” It uses a different term, but we’ll get to that in a moment. First I need to describe how the prosecution arose and what the charges were.The case is People v. Robb, 2009 WL 1013744 (Colorado Court of Appeals 2009). Bruce Robb was convicted of one count of securities fraud and one count of computer crime, and appealed his conviction to the Colorado Court of Appeals. Here are the facts that led to his being charged with both crimes: Kidztime was created by owners and associates of an affiliate of the Children's Cable Network (CCN). Kidztime was intended to provide nonviolent television programming for children. . . . to air on various cable stations in different geographical locales throughout the United States. Each Kidztime franchise was . . . an independent partnership.
Capital Funding paid commissions to its independent sales offices for selling general partnership interests in Kidztime and CCN. The . . . offices would contact Capital Funding with sales leads for potential investors. Prospective partners were provided with a sales brochure that included information about the partnership and with a partnership agreement. The brochure was known as the `green brochure.’ Computers were used as part of this process, including generating copies of the green brochure that were sent to potential investors. . . .
Beginning in 1995, Robb worked . . . as one of Capital Funding's first commissioned salespersons. Robb left . . . to pursue another job opportunity . . .was asked to return as a salesperson for Kidztime, which he did. Shortly thereafter, Robb . . . became a lead salesperson at an independent sales office in Colorado, where he supervised a team responsible for sales of partnership interests. . . .
In Robb's role as salesperson, he contacted people to tell them about investment opportunities with Kidztime. Robb followed the same script all the salespeople used when giving his sales pitch. If he found an interested prospective investor, that person's name was given to a staff member at Capital Funding, who would send out a copy of the green brochure to the potential investor. Robb received at least a fifteen percent commission for the units he succeeded in selling. . . .
The premise of the business model . . . was that local affiliates would generate revenue through advertising, which would fund . . . the programming . . . . Under . . . the partnership agreement, approximately eighty-five percent of the money raised was dedicated to fundraising expenses and . . . acquiring the programming. The remaining fifteen percent would serve as working capital for the affiliate. However, very few advertisements were sold. Because of this, the affiliates quickly ran out of money and could not continue to pay the leased access costs. After the advertising plan failed, the owners and operators of the organization attempted to conduct event-based marketing. . . . [but] very little money was generated . . . and the affiliates ran out of money.
In 2001, a . . . grand jury charged fourteen codefendants, including Robb, in an . . . indictment relating to the fraudulent sale of partnership interests during . . . . 1995-1998.
People v. Robb, supra. Robb was convicted and appealed, arguing that the evidence presented at trial was insufficient to show that he committed either securities fraud or computer crime. We, though, are only concerned with the computer crime charge, which was brought under this statute: Any person who knowingly uses any computer, computer system, computer network, or any part thereof for the purpose of . . . executing any scheme or artifice to defraud; obtaining money, property, or services by means of false or fraudulent pretenses. . . commits computer crime.
Colorado Statutes § 18-5.5-102(1). A related statute defines “`to use’” as “to instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer . . . or computer network.” Colorado Statutes § 18-5.5-101(10). As I explained in the post I did on hacking as access, many states define “access” – as in gaining unauthorized access to a computer – in essentially the same way.In his appeal, Robb claimed the evidence presented at trial “was insufficient to establish that he `used’ a computer or . . . network as the term `use” is defined in . . .Colorado's computer crime statute”. People v. Robb, supra. The Court of Appeals agreed:The evidence of Robb's use of a computer is sparse and shows that his interaction with computers at Capital Funding and Kidztime was remote and attenuated at best. Robb testified on direct examination that he was computer illiterate and did not even have a computer in his office, with the exception of a short period . . . before a computer left behind by the last person using the office was removed. He testified that he did not use that computer and . . . never even turned it on. On cross-examination, the prosecution did not ask Robb any questions about computer use. Nor have the People pointed us to any other evidence in the record (including documentary evidence such as emails) indicating that Robb used a computer or even directed the use of a computer. . . .
Indeed, the People's theory on appeal, as it was at trial, appears to be that evidence that other personnel in the organization actually used computers was sufficient evidence to convict Robb of computer crime, given his role as a salesperson. Thus, the record reflects that when Robb, in his role as a salesman, identified potential investors interested in purchasing a Kidztime unit, he gave those names to other staff members at Capital Funding. However, there is no evidence that Robb used a computer to do so. A staff person sent the potential investors materials about Kidztime, including the green brochure, which were apparently generated by a computer. However, according to [one witness], Robb and the other salespeople were not involved in generating those materials or sending them out to investors. . . . [T]he computer crime charge against Robb was not prosecuted on a complicity theory (nor was the jury so instructed). Thus, the People were required to prove beyond a reasonable doubt that he personally `used’ a computer as that term is defined in the statute, rather than that he simply aided and abetted others who may have actually used a computer in the sales process.
People v. Robb, supra. The Court of Appeals therefore held that the evidence was not“sufficient to prove use of a computer, where Robb simply provided information about prospective investors to another person, who sent out computer-generated materials to those prospects.” People v. Robb, supra. It therefore reversed Robb’s conviction on this count (but it affirmed his conviction on the securities fraud count). I think the Court of Appeals clearly reached the right result, in terms of the evidence the state offered to prove the computer crime charge. What I find interesting about the case is, as I noted before, that the Colorado statute predicated criminal liability on “using” a computer, rather than “accessing” a computer to commit fraud. Given the structure of the charge and the fact that the related statute defined “uses” in essentially the same way as other statutes define “accessing” a computer, the difference in terminology was really irrelevant; the crime and the conduct involved in committing the crime were the same as in “access” crimes.I wonder, then, why the Colorado legislature changed the statute Robb was prosecuted under. The indictment against Robb (and his codefendants) was returned in 2001, but it was based on conduct that occurred from 1995-1998. So he had to be charged under the version of the computer crime statute that was in effect during that period. That’s the version quoted above. In 2000, the state legislature rewrote the state’s computer crime statute, replacing “uses” with “accesses” in MOST of its provisions. (The exceptions are a section that makes it a crime to transmit malware and another section that makes it a crime to “use” a software application to circumvent limits on the online purchase of event tickets.) I can’t find any legislative history or articles or news stories that tell me why they made the revisions. My guess, and it’s only a guess, is that the legislature wanted to make the terminology used in Colorado’s computer crime statute consistent with the terminology in other U.S. computer crime statutes. So for all the appropriate crimes, they substituted “access” for “use.”
This is another post about the rules that dictate what police can and cannot do in seizing evidence, including computers and laptops.
