Posted on April 15, 2011 by Anthony Lake

Ninth Circuit Upholds "Border" Searches of Electronic Devices Hundreds of Miles from Border

The Ninth Circuit Court of Appeals last week issued an opinion holding that Customs agents may seize electronic storage devices, including computers, hard drives, USB sticks, smart phones and digital cameras carried at the U.S. border and search the devices either at the port of entry or at an off-site forensic laboratory under the border search exception to the Fourth Amendment's prohibition against unreasonable searches and seizures. According to an article by Forbes magazine, the Court held that such searches must be reasonable, and the duration of the deprivation cannot be egregious. The opinion, U.S. v. Cotterman, may be viewed here.

The case arose from the prosecution of Howard Cotterman who crossed the U.S./Mexican border with his wife at Lukeville, Arizona, on April 6, 2007. U.S. Customs and Border Protection agents received a Treasury Enforcement Communications System alert to be on the lookout for child pornography, as a result of Cotterman's 1992 conviction for sex crimes involving children.

The agents screened Cotterman and his wife at the border and seized two laptop computers and three digital cameras. The agents conducted a search of the devices at the border, but were unable to find any alleged illicit material since much of the data on the computers was password-protected. The agents then returned the cameras to the Cottermans and allowed them to enter the U.S., but retained the computers and sent them to Tucson, Arizona, for forensic examination. A forensic examination discovered hundreds of images containing child pornography on Cotterman's laptop.

Cotterman was charged with possession of child pornography. The trial court granted his motion to suppress the evidence seized from his laptop as the result of an illegal search and seizure, and the government appealed. In its opinion, the Ninth Circuit reversed the trial court's decision, holding that whatever an individual brings into the U.S. can be searched and that such searches may take place hundreds or thousands of miles from the physical border. Border searches are distinguishable from other types of searches in that there is no reasonable expectation of privacy. Where a search is prolonged, however, the government must justify the search by showing a reasonable suspicion that the search may uncover contraband or evidence of criminal activity.
 

Tags: , , , , , , , , , , , , , , , , ,
Posted on March 26, 2010 by Anthony Lake

More Suggested Guidelines for Electronic Evidence in Federal Criminal Investigations from the National Law Journal

Today's National Law Journal has another article relating to electronically stored information in criminal investigations. For large organizations, subpoenas or requests for information by the government in a criminal investigation are always an unwelcome development, frequently as much because of the potential massive expenditures of time, money and resources they entail as because of their criminal nature. They must, however, be taken with the utmost seriousness, with extreme care to safeguard the rights of the corporation and individuals, and to guard against possible criminal exposure from the very act of responding itself.

The author advises corporations, on becoming aware of a criminal investigation, to issue a notice regarding preservation of evidence to every employee in the corporation, or in relevant offices or departments. Ideally, corporations should already have a comprehensive and thorough document and electronic information retention policy in preparation for any possible demands for information in not only criminal, but civil matters as well. Companies are also advised to take affirmative steps to gather and preserve evidence which might be relevant to a criminal probe upon learning of an investigation or inquiry.

The article also points out the fact that preservation of potential evidence is critical given the danger of obstruction of justice charges by the government. In numerous instances, the government has indicted on charges of obstructing an investigation alone, and not for any alleged underlying crime. The author also notes possible use by the government of any improper handling of evidence as evidence of the corporation's or employees' "consciousness of guilt."

The article recommends forensic management of the hard drives of relevant officers and employees.However, corporations must take care to carefully review the material on the hard drives for any privileged material, at the risk of possible waiver of privileges through disclosure to the government. The author stresses that, even after conducting their own review of the information on hard drives, companies should negotiate an agreement with the government as to a protocol which will ensure that the government's forensic review does not include reviewing privileged information before counsel for the corporation has an opportunity to review and identify the information as privileged. The government and the corporation may enter into a confidentiality agreement under Federal Rule of Evidence 502(e) to guard against possible waiver.

Tags: , , , , , , , , , , , , , , , , , ,
Posted on March 15, 2010 by Anthony Lake

The Iceman Goeth: Computer Hacker Gets 13 Years for $86.4 Million Credit Card Scheme

On Friday, Max Ray Butler, also known as the "Iceman" on the internet and by various other aliases, was sentenced to 13 years' imprisonment in the U.S. District Court for the Western District of Pennsylvania, according to a Department of Justice press release. The Court also ordered Butler to pay $27.5 million in restitution.

Butler was charged with engaging in computer hacking and identity theft on a massive scale, including hacking into financial institutions and credit card processing centers to steal customers' information. Butler would provide the victims' financial information to an accomplice, Christopher Aragon, who would use the information to purchase merchandise, or would sell information on the internet. Butler nd Aragon also created a website called "Cardersmarket," to acquire, use and sell credit card information Butler and Aragon recruited approximately 4,500 people through the site.

The Secret Service arrested in San Francisco Butler back on September 5, 2007 in San Francisco. A search of his computer revealed more than 1.8 million stolen credit card account numbers. Visa, MasterCard, American Express and Discover have reported that the amount of fraudulent charges on the cards totaled approximately $86.4 million.

Tags: , , , , , , , , , , ,
Posted on January 14, 2010 by Anthony Lake

The 00s:The Decade Technology Transformed the Practice of Law; Chinese Cyber-Attack on L.A. Firm

The Fulton County Daily Report's "The Snark" has illustrated, in a tounge-in-cheek manner, what has indisputably been the biggest change in the practice of law--including criminal law--over the decade just passed--technology. We have noted on this blog before that the technology boom of the last ten and more years has also presented inventive new avenues for crime and has created unusual challenges to the impartiality and sanctity of jury trials.

To be sure, e-mail had become widespread in the legal community by the late 1990s. However, as the comment notes, during the 2000s attorneys truly came into the full realization of the potential for e-mail as a more reliable and permanent way to document interactions between parties. The other edge of the sword is, of course, e-mail's evidentiary potential which can come back to haunt clients in various unpleasant ways. Few indeed are the defense attorneys who have not had at least one case where a client's computer was seized and imaged by the government, only to have e-mails alleged to be incriminating returned as highlights in government reciprocal discovery. While the positive side of e-mail is that it has made communication easy and easily preserved, the negative side of e-mail is... that it has made communication easy and easily preserved. E-mail is forever, and savvy 21st century lawyers would do well to counsel clients to be mindful not only of what they say, but of what they type and (increasingly in the decade ahead) of what they "text."

The comment also notes the changes in practice wrought by two other trends which began in the 90s: the continued spread of computer-assisted legal research and the growth of electronic filing. The need to page through compendious reporter volumes and indexes, or to spend hours at the local law library, has become an increasing rarity. Likewise, attorneys are increasingly relieved of the pressure to race to the courthouse before the clerk's office closes in order to file with the adoption of electronic case filing by more and more courts. The Blog notes that Case Management/Electronic Case Filing "CM/ECF," "PACER", a veritable blessing to both Federal courts and attorneys practicing in them, was first implemented by the Northern District of Ohio in 1996, and today is used by all Federal courts, a development which has heroically saved numerous acres of trees, millions in postage and reliance on the vagaries of the mails for reciept of notice of filings.

We close, fittingly, with a reminder of the challenges that the growth of technology will continue to pose for law and criminal enforcement. Ashby Jones at the Wall Street Journal Law Blog reports that the Los Angeles firm of Gibson Hoffman & Pancione has alleged that a cyber-attack originating in the People's Republic of China. The firm has alleged that its software code has been stolen by malicious e-mails which appeared to be sent by other members of the firm, and which contained a "Trojan" code enabling the takeover of the firm's computers. The firm coincidentally represents the California-based company CYBERsitter in a $2.2 billion lawsuit against China, alleging that filtering programs used by China contain over 3,000 lines of code illegally taken from content filtering software produced by CYBERsitter. The FBI is investigating the attack.

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,
Posted on January 4, 2010 by Anthony Lake

"J4guar17" a/k/a "Soupnazi" a/k/a Super Hacker Albert Gonzalez Pleads Guilty to One of the Largest Data Thefts in U.S. History

Once again demonstrating the massive potential for crime created by our digital age, 28 year-old Albert Gonzalez pled guilty to two counts of conspiracy to gain unauthorized access to payment card networks last week in the U.S. District Court for the District of New Jersey according to a DOJ press release. Gonzalez was charged with hacking into the computer networks of major financial and retail organizations and stealing data on tens of millions of credit cards and debit cards, in one of the largest data breaches in U.S. history. He gained unauthorized access to the payment card networks of New Jersey-based, Heartland Payment Systems; Texas-based convenience store chain 7-Eleven; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. He was indicted in New Jersey in August 2009. In September 2009, Gonzalez also pled guilty in the U.S. Distric Court for the District of Massachusetts to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft for hacking into retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. In the same month, he pled guilty to a count of conspiracy to commit wire fraud for hacking into the system of Dave and Buster's, a restaurant chain, in the U.S. District Court for the Eastern District of New York.

Gonzalez had several servers, or "hacking platforms," and would give access to the servers to other hackers. Gonzalez and others would use the platforms to store malicious software, or "malware," in launching attacks on their victims. Gonzalez's plea agreement states that it was forseeable that Gonzalez and his co-conspirators would have used the malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions.

Gonzalez tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea agreement, it was foreseeable to Gonzalez that his co-conspirators would use malware to Gonzalez was indicted in New Jersey in August 2009 for this criminal conduct. His plea agreement provides for a sentence of imprisonment between 17 and 25 years. He is scheduled to be sentenced in the Massachusetts, New York and New Jersey cases in March.

The charges against Gonzalez are staggering in their scope. They also demonstrate that would-be cybercriminals should consider their online aliases carefully, as they may resurface in a Federal indictment, as in the case of Albert Gonzalez a/k/a "j4guar17" a/k/a "soupnazi," etc.

Tags: , , , , , , , , , , , , , , , , , , , , , , ,