Cyber Crime Lawyer Blog

In India an individual charged with a cyber crime now has to prove their innocence (Onus on IP address owner to prove innocence). Is the United States any different? I refer you to one of my earlier posts - Presumption of Innocence, Where Did It Go?

Being involved in the cyber crime world I see it all the time. IP addresses, an individual's fingerprint in cyberspace can be manipulated, spoofed, make someone virtually untraceable. So how can an ordinary individual be expected to protect themselves against a sophisticated cyber criminal and then have to prove their innocence?

Florida and the rest of the United States is not there yet, but I can assure you that an individual charged with a cyber crime case is not going to take it lying down. Yes, the State has the burden of proof and the ability and resources to secure necessary evidence, but do they always do it? IP logs are retained for a limited amount of time depending on the internet service provider ("ISP"). Yahoo!, EBAY, Facebook, Hotmail, AOL, etc., all have retention periods for logs that can range from 45 days and up. Once the data is purged, it is gone forever. Which can make defending yourself extremely difficult, if not impossible.

It has been my experience that ISP's are friendlier to law enforcement and give private attorney's the run around at every corner. So I have taken it one step further on the advice of a colleague. I have recently had a local police department investigating one of my clients served with a Brady Notice, as well as the local State Attorney's Office. The State can get the potentially exculpatory evidence with ease, which may vindicate my client; thus, close their investigation, so why wouldn't they want it? The name of the game is cover your A$$. Make sure if there is potential computer evidence out there that can help your case, it's preserved. Even if the State won't issue a subpoena, ask that a preservation letter be sent to the ISP so that they evidence can be preserved in its current state for 90 days. At least that way you have some time to fight with the ISP for the records. If you can't get it done in 90 days, on the 89th day, have the State send another one extending the time period.

Remember, it is not possible to store all the data our computers generate on a daily basis. It just doesn't make sense for the ISP's financially, so the key is preservation, because at the end of the day, you may be the one proving your client's innocence rather than the State meeting it's burden of proof.

People always wonder, do athletes get special treatment? The answer is, in typical lawyer speak, "it depends." There are programs around the country designed to give first time offenders a break. A "get out of jail free card," if you will. In Miami, Florida, the program is called Pre-Trial Intervention ("PTI"). The purpose is to show an individual who has committed a qualifying crime what contact with the system is like in hopes to deter any future contact. Generally the conditions of PTI range from fines, donations, courses, to community service hours. Once the conditions are completed, the case is dismissed, the individual is eligible to have their record sealed and expunged, and life goes on!

So, athletes and celebrities who are also first time offenders are entitled to the same treatment. Just because they are in the public eye doesn't mean we should treat them differently. As I was working earlier today, I received a call from my home town of Montreal from Mitch Melnick at radio station Team 990. He wanted to know more about the Montreal Canadians hockey player whose case was dismissed in Tampa, Florida earlier today. As I understand the facts of the case, Ryan O'Byrne, along with a teammate Tom Kostopoulos, were charged in Tampa in February for an incident relating to theft and resisting arrest. Kostopoulos' case was dismissed; however, O'Byrne's remained open until today when it was dismissed in exchange for an apology and community service hours. (Charges dropped against Habs' O'Byrne after court apology, community service)

There are a whole host of reasons why a case gets dismissed, but again if a first time offender is taking responsibility and cooperating with the authorities, this type of result is not uncommon, famous or not. People make mistakes in life and the criminal justice system is supposed to be "somewhat" rehabilitative, no?!

Florida Lawyer Segment

Cyber crime is on the rise. Not a novel or new statement, but what is novel and new is the way that law enforcement, attorneys, and judges are dealing with this new area of the law. South Florida (Miami and Broward County) is no exception or stranger to the increased cyber crime. Cyber law crosses into various aspects of our current legal system – civil, domestic, criminal, etc. This list is meant to give you a glimpse into the world of cyber crime and what lies ahead for the defense bar. Combating these case is often timely and costly, but with the right strategy and defense, cyberspace may hold the key to vindication!

Here is part 1 of the Top 10 Do's and Don'ts on various issues concerning cyber crime cases (Part 2 to follow in the upcoming weeks):

6. Chat logs, are they what they purport to be? Has your agency caught up with the Jones’? What type of technology are they using to track your client’s chats? Most agencies are new at the whole cybercrime game, so they are doing things the old fashioned way; they are cutting and pasting the chat logs into a word file. Often times you can argue that is not the “best evidence,” as the data is easily manipulated and often times missing lines of text as well as other important text entries. There is software out there that allows the undercover agent to track the conversations, whereby they don’t have the ability to manipulate the data. Check your jurisdiction’s case law. But the best evidence is always the logs. Computers don’t generally retain chat logs, but often times forensically you can recover excerpts, which can be helpful.

7. IP Logs. Always check the little things that can be overlooked. I have seen it before, where an agency is investigating a crime and has subpoenaed IP logs, date/time, etc., but has either forgotten to include the appropriate time zone, the wrong time zone, or didn’t take into account daylight savings time. So make sure the government agency has subpoenaed the right IP logs. For example, if the issue is an AOL email that was sent containing suspected child pornography, the correct IP log to subpoena would be found in the header information of the email sent, not the IP log captured when the AOL screen name registered the account.

8. Is your client a collector? Generally speaking, someone who possesses child pornography has tendencies that are obsessive compulsive. They collect images and videos, and will usually have hundreds if not thousands of images. So what does that mean for the client who is found with one or two? Very important not to dismiss your clients statements as to how or why they are there. Computers these days do a lot of crazy things and if your client only has a few pictures, I would get ready to dig in your heals in order to determine where they came from and how they got there. (Refer back to No. 1 – Forensic Expert is key!)

9. Does the search warrant authorize what the agency actually did? Computer search warrants can be very technical and complex these days. With that being said, the judge who is reading the warrant often times doesn’t understand what the warrant specifically authorizes. Then again, sometimes neither does the affiant of the warrant. This tip on search warrants should be read it conjunction with number 3, because when you are deposing the affiant you want to grill them on the warrant to ensure that they accurately portrayed the sworn affidavit to the judge. Fruit of the poisonous tree…Additionally, information contained in a warrant may be inaccurate. For example, the affiant may have used an incorrect IP address as its source of probable cause, wrong property description, may not have had probable cause to believe the evidence they are seeking would be stored on a computer, and the list goes on. Furthermore, does the warrant even authorize a search of the computer and/or additional seized media post-seizure? If it does authorize a search, what does it authorize a search for? If it is documents, and they discover images of child pornography, do they continue to search without a warrant, or did they stop to secure a new warrant to search? Just a few issues to scratch the surface on warrants.

10. Consent, to what? Agencies often attempt to secure consent to search electronic media rather than get a search warrant. What you need to look for is what was seized, whose electronic media was it, did the person who gave consent have the ability to give consent (does that person use the computer on a regular basis, do they have their own login information, is the computer password protected…). Agency’s investigating cyber crime love to execute the knock-and-talk with a consent waiver in their hand. Target is usually not home and the girlfriend, wife, or adult child, signs on behalf of the target that has no idea what is going on. Later on appeal, the State argues they had probable cause and through inevitable discovery, they would have gotten a warrant. I submit to you that’s bogus. If they had probable cause, they would have come warrant in hand, and but for the consent to search form being executed by an individual without authorization, they would not have any evidence.

a. Additionally, depending on your workplace, your client may already have given their employer permission to search their workplace computer. Be it a form you signed on day one of your employment that informed you of the company’s computer policies, or a daily banner that comes up on your screen every time you logon, an employer may be able to give law enforcement what they are asking for. This scenario is wholly dependent on what the banner/notification policy states.

The litany of questions and hypothetical’s is too long for this list, but just be aware that in the land of cyberspace, there are always alternative theories and legal issues that will keep the government agencies on their toes and require exploration by the defense bar deep into the world of cyberspace!

David S. Seltzer is a former Miami-Dade County Cyber Crime State Prosecutor. His practice is limited to criminal defense with a specialty in cyber crime. For more information or to contact David S. Seltzer, please visit www.cybercrimesdefense.com.