United States v. Hite, 2014 WL 5343626 (C.A.D.C.)

Facts: Appellant, a resident of Virginia entered an online chat room and began conversation with an undercover police officer. The undercover’s persona was that he had access to a 12 year old girl and a 3 year old boy, and had previously engaged in sexual activity with each. Appellant was very interested in gaining access to both the 12 year old and 3 year old and told the undercover that he had previously engaged in sexual activity with an 11 year old boy. I will spare you the details about the communications, but the highlights are that he wanted access to each, discussed the use of alcohol to relax the 12 year old, and Benadryl to distort the memory of the 3 year old; as well as the use of “jelly or honey to keep him enticed… to stimulate oral exploration.” When asked by the undercover if Appellant was into the reality of the encounter and not just the fantasy, Appellant was adamant that he was interested. He went into detail about what he had done to the 11 year old on a prior occasion. The undercover told Appellant that he was babysitting the 3 year old fairly soon. They agreed to meet in D.C. a day prior to the babysitting day in order to validate that neither were police officers. Appellant got cold feet and told the undercover that he was suffering from paranoia. To relieve his paranoia, the undercover offered to do a webcam session of “performing fellatio” on the 3 year old. Appellant responded, “Okay, fabulous.” Appellant was arrested in Richmond, the webcam session never took place.  He was convicted, and sentenced to 22 years.

Issues: 1) Does 18 U.S.C. 2422(b) require direct communications with a minor, or do communications with an adult intermediary suffice? 2) Did the lower court err in its jury instructions? 3) Did the lower court err in denying the defense expert witnesses’ testimony? Continue reading

Posted in Defenses, Expert Testimony, Technology, Uncategorized | Leave a comment

In the Matter of a warrant for all content and other information associated with the email account xxxxx@gmail.com maintain at premises controlled by Google, Inc. July 2014 (S.D.N.Y.)

* This is a magistrate’s written opinion, and has not yet withstood appellate scrutiny.  However the issues presented are important for future search warrant requests, and for general legal considerations in our cases. You can read the full opinion here Gmail SW.

This opinion is from a magistrate who authorized the seizure of all email associated with the aforementioned gmail account.   This opinion does a terrific job of laying out the state of the law, the splits within the Country, and distinguishing other contrary opinions. This is not a child sexual exploitation case, but the issue presented (seizing/searching all email associated with a particular email account) is integral to our work.

Facts: As part of an investigation into money laundering (and other white collar high tech crimes), an affidavit for a search warrant was submitted seeking to seize and then search all of the email associated with the gmail account of the target of the investigation. The affidavit laid out probable cause to believe that the target of the investigation was using that gmail account to engage in criminal activity, and that other information within that account (including email) would provide evidence of the criminal activity. The warrant calls fo “all content and other information within the Provider’s possession, custody, or control associated with” the email account, including all emails sent, received, or stored in draft form, all address book information, and a variety of other information associated with the account. The search warrant provides that law enforcement personnel “are authorized to review the records produced by the Provider in order to locate” certain specific categories of evidence described in the warrant.

Issue 1: First, is it appropriate to issue a search warrant that allows the Government to obtain all emails in an account even though there is no probable cause to believe that the email account consists exclusively of emails that are within the categories of items to be seized under the search warrant?

Law: The Stored Communications Act of 1986, 18 U.S.C. §§ 2701-2712. Section 2703 of that statute authorizes the Government to obtain the “contents” of an “electronic communication” that is in “electronic storage” or held by a “provider of remote computing service” — such as emails — pursuant to a search warrant under the Federal Rules of Criminal Procedure. See 18 U.S.C. §§ 2703(a), 2703(b)(1)(A). In addition to the Stored Communications Act, 4th Amendment jurisprudence presents issues to consider when granting a search warrant. Namely, general warrants (with a brief discussion about colonial times). Continue reading

Posted in Defenses, Fourth Amendment, Probable Cause, Search Warrant, Suppression | Leave a comment

Ohio v. Fielding, 2014 WL 3512910 (Ohio App. 10 Dist.), July 2014

Facts: This is a typical ICAC investigation using Roundup on the Gnutella Network. The officer made a direct connection with defendant, downloaded images of child sexual exploitation, and captured the IP Address. A subpoena was sent to AT&T for subscriber information. Following receipt, a search warrant was issued for defendant’s home. Items of evidentiary value were found in Defendant’s hard drive. He was charged with possession and pandering images. Defendant moved to suppress the subscriber information and all derivative evidence. Motion was denied. Defendant was convicted. He appeals that conviction.
Issue 1: Whether the Judge erred in denying the motion to suppress the subscriber information and derivative evidence. In other words, is there an expectation of privacy in one’s IP Address and Subscriber Information?
Law: Appellant specifically claims that AT&T wrongfully turned over the subscriber information based on a subpoena, when the ECPA requires a court-order.
The Electronic Communications Privacy Act (“ECPA”), which regulates the disclosure of electronic communications and subscriber information. In pertinent part, 18 U.S.C. 2703(c)(1) provides: “[a] governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity … (A) obtains a warrant using the procedures described… Continue reading

Posted in Defenses, Deleted Files, Expert Testimony, Fourth Amendment, Search Warrant, Suppression | Leave a comment

United States v. Ackerman, 2014 WL 2968164 (July 2014)

* This is a District Court Judge’s opinion and has not yet withstood appellate review, but is relevant to show a split in the courts regarding whether an ISP and NCMEC are  “Government Actors” triggering 4th Amendment scrutiny.*

AOL and its Image Detection Filtering Process (IDFP).  IDFP is an automated program that scans images sent, saved, or forwarded from an AOL email account.  AOL has a database of more than 100,000 hash values of pictures meeting the definition of child sexual abuse images.  If the IDFP hits on a hash value within the database, the email is captured, AOL terminates the users email account (pursuant to its terms of service).  Next, AOL generates a report and an email to send to NCMEC’s CyberTipline (pursuant to statutory requirement).  The report includes the captured email, the attached file, the user’s account information, and the IP address of the user at the time of the email.

NCMEC’s CyberTipline.  CyberTipline was launched in 1998 as a way for online users, members of the public, and internet service providers a way to report suspected child sexual exploitation.  The reports can be made online or via the hotline number.  By statute, NCMEC must forward any report to the appropriate local law enforcement agency.  Once a report is made, an analysis opens the file to determine if the photo meets the definition of child sexual abuse images.  The IP address and the email address provided in the report is then run through publicly available online tools to determine the geographic location of the user.  Law Enforcement uses NCMEC’s secure VPN to access the report and the images.

Facts: On April 22, 2013 AOL’s IDFP detected a match on a hash value associated with  a child sexual abuse image sent from Defendant’s email account.  The aforementioned process was triggered, and the Defendant’s location was Kansas.    The Kansas ICACTF solicited the help of DHS.  The DHS Agent reviewed the image and began his investigation.  A subpoena for the IP Address was issued on April 22, 2013.  Results revealed Defendant’s wife’s information, and that Defendant was an authorized contact on the account.  On May 22, a preservation letter to AOL was issued for Defendant’s user account.  A search warrant was also issued for Defendant’s home that same week.  Incriminating evidence was found during the search. In a non-custodial interview, two LEOs informed Defendant about the search just executed at his house.  Defendant told the LEOs he knew the search warrant must have been about “child pornography.”  Defendant was indicted for distribution of child sexual abuse images.

Procedural Posture: Defendant moved to suppress the email and its attachment arguing that it was obtained through an illegal search and seizure.

Issue:  Whether NCMEC and AOL are agents of the Government for 4th Amendment purposes.  Even if NCMEC is deemed to be a state actor, did it expand AOL’s search in a constitutionally significant way? Continue reading

Posted in Defenses, Expert Testimony, Fourth Amendment, Suppression | Leave a comment

Riley v. United States & United States v. Wurie, 573 U.S. ___(2014), June 2014.

*SCOTUS holds that cell phones may not be searched incident to arrest absent exigent circumstances or a warrant.*

Riley Facts: Riley was pulled over for expired tags. The officer soon learned that he also had a suspended license. The vehicle was impounded. The vehicle was searched pursuant to inventory, when concealed and loaded firearms were found. Riley was arrested, and searched (incident to arrest). The officer searched Riley and found items associated with the “Bloods” street gang. His cell phone was seized and the officer found names preceded by the letters CK (presumably in text messages or contact lists). “CK” the officer believed to stand for “Crip Killer.” Back at the station a gang detective further examined the phone, and found a photo of Riley standing next to a car they suspected had been involved in a shooting a few weeks earlier. Riley was charged in connection with that shooting among some of his charges. Riley was convicted and received an enhanced sentence of 15 to life.

Wurie Facts: An Officer observed Wurie making an apparent drug sale from his car. He was subsequently arrested and taken to the station. There, officers seized two cell phones from Wurie. One was a “flip phone.” That phone was repeatedly receiving calls while Wurie was at the station from “my house.” Police opened the phone and noticed that the wallpaper was a woman with a baby. They opened the phone, accessed the call log to find the number associated with “my house.” An online directory was used to trace the phone number to an apartment. At the apartment, a woman who resembled the phone’s wallpaper was observed. The house was secured pending a search warrant. Upon execution of the warrant, 215 g of crack cocaine, marijuana, drug paraphernalia, and a firearm with ammunition was seized (along with cash). At trial, on charges connected with the observed drug deal and the evidence found during the search, Wurie was convicted and sentenced to 262 months. He was also charged and convicted of being a felon in possession of a firearm and ammunition.

Procedural Posture: Both Riley and Wurie moved to suppress the evidence seized; both lost their motions. For Riley, the California Court of Appeals relied on California Supreme Court decision People v. Diaz, 51 Cal. 4th 84, 244 P.3d 501(2011), permitting a warrantless search of cell phone data incident to arrest, so long as the phone was immediately associated with the arrestee’s person. For Wurie, the First Circuit reversed the denial of his motion to suppress and vacated his convictions. The court held that cell phones are distinct from other physical possessions that may be searched incident to arrest without a warrant, because of the amount of personal data cell phones contain and the negligible threat they post to law enforcement interests.

Issue: Whether the police may, without a warrant, search digital information on a cell phone seized from an individual who has been arrested. Continue reading

Posted in Defenses, Fourth Amendment, Probable Cause, Search Warrant, Suppression, Technology | Leave a comment

Massachusetts v. Gelfgatt, — N.E.3d —-, 468 Mass. 512, 2014 WL 2853731 (Mass.), June 2014.

* Compelling decryption passwords from Defendants*

Facts: Gelfgatt (an attorney) used his computer to conduct a sophisticated scheme of diverting to himself funds that were intended to be used to pay off large mortgage loans on residential properties. He purportedly duped one side into believing that his sham company had acquired the mortgage on the home, and all money was to be paid to that company. On December 17, 2009, State police troopers arrested the defendant immediately after he retrieved what he believed to be over $1.3 million in payoff funds from two real estate closings. They also executed search warrants for his residence and for his vehicle. During the search of the defendant’s residence, troopers observed several computers that were powered on, and they photographed the computer screens. The troopers seized from the defendant’s residence two desktop computers, one laptop computer, and various other devices capable of storing electronic data. They also seized one smaller “netbook” computer from the defendant’s vehicle. Computer forensic examiners were able to view several documents and “bookmarks” to Web sites that were located on an external hard drive. However, all of the data on the four computers were encrypted with “DriveCrypt Plus” software.

During his post arrest interview, Gelfgatt admitted to having more than one computer, “everything is encrypted, and nobody is going to get it.” Continue reading

Posted in Defenses, Fifth Amendment, Suppression, Technology | Leave a comment

United States v. Ganias, 2014 WL 2722618, C.A.2 (Conn.) June 2014.

Ganias appealed his tax evasion conviction on two grounds: 1) the district court erred in denying his motion to suppress his personal computer records, which had been retained by the Government for more than 2 ½ years after it copied his hard drives pursuant to a search warrant calling for the seizure of his clients’ business records; and 2) the district court abused its discretion in failing to order a new trial where a juror posted comments on Facebook during trial. The Facebook issue was dealt with and denied quickly (but an interesting read).

Facts: Appellant had his own accounting business and provided services to McCarthy, who owned American Boiler and Industrial Property Management (IPM). IPM was hired by the Army for services. Army investigators (CID) received a tip that IPM employees were stealing copper wire and billing the Army for work that IPM employees performed for American Boiler (not for the Army). The source alleged that evidence of wrongdoing could be found at the office of American Boiler and IPM as well as Ganias’s office. A search warrant for Ganias’s office was issued Nov 17, 2003. The computers themselves were not seized, rather agents made forensic duplicates of the harddrives on the scene.   This necessarily entailed copying files beyond the scope of the search. Ganias expressed concern about this and one agent “assured” Ganias that they were only looking into IPM and American Boiler issues, everything else “would be purged once they completed their search.”

The Forensic Duplicates were copied onto two sets of 19 DVDs, to be maintained as evidence. 8 months later, the crime lab began to review the files. Investigators discovered suspiscious payments from IPM to an unregistered business (who had not reported income tax). As such CID invited the IRS to join the investigation. 5 months after starting work on the hard drives, investigators had isolated and extracted the relevant files covered by the search warrant. They did not however, purge the other content (non-responsive files). Over time the IRS became suspicious that Ganias was underreporting his own income. They knew that his personal financial records were seized in the original search. After asking for consent, and receiving silence; the Government obtained another warrant to search the preserved images of Ganias’s personal financial records from the 2003 search and seizure.

Issue: Whether the Fourth Amendment permits officials executing a warrant for the seizure of particular data on a computer to seize and indefinitely retain every file on that computer for use in future criminal investigations? Continue reading

Posted in Defenses, Deleted Files, Fourth Amendment, Search Warrant, Suppression | Leave a comment