Cyber crime is on the rise. Not a novel or new statement, but what is novel and new is the way that law enforcement, attorneys, and judges are dealing with this new area of the law. South Florida (Miami and Broward County) is no exception or stranger to the increased cyber crime. Cyber law crosses into various aspects of our current legal system – civil, domestic, criminal, etc. This list is meant to give you a glimpse into the world of cyber crime and what lies ahead for the defense bar. Combating these case is often timely and costly, but with the right strategy and defense, cyberspace may hold the key to vindication!
Here is part 1 of the Top 10 Do's and Don'ts on various issues concerning cyber crime cases (Part 2 to follow in the upcoming weeks):
6. Chat logs, are they what they purport to be? Has your agency caught up with the Jones’? What type of technology are they using to track your client’s chats? Most agencies are new at the whole cybercrime game, so they are doing things the old fashioned way; they are cutting and pasting the chat logs into a word file. Often times you can argue that is not the “best evidence,” as the data is easily manipulated and often times missing lines of text as well as other important text entries. There is software out there that allows the undercover agent to track the conversations, whereby they don’t have the ability to manipulate the data. Check your jurisdiction’s case law. But the best evidence is always the logs. Computers don’t generally retain chat logs, but often times forensically you can recover excerpts, which can be helpful.
7. IP Logs. Always check the little things that can be overlooked. I have seen it before, where an agency is investigating a crime and has subpoenaed IP logs, date/time, etc., but has either forgotten to include the appropriate time zone, the wrong time zone, or didn’t take into account daylight savings time. So make sure the government agency has subpoenaed the right IP logs. For example, if the issue is an AOL email that was sent containing suspected child pornography, the correct IP log to subpoena would be found in the header information of the email sent, not the IP log captured when the AOL screen name registered the account.
8. Is your client a collector? Generally speaking, someone who possesses child pornography has tendencies that are obsessive compulsive. They collect images and videos, and will usually have hundreds if not thousands of images. So what does that mean for the client who is found with one or two? Very important not to dismiss your clients statements as to how or why they are there. Computers these days do a lot of crazy things and if your client only has a few pictures, I would get ready to dig in your heals in order to determine where they came from and how they got there. (Refer back to No. 1 – Forensic Expert is key!)
9. Does the search warrant authorize what the agency actually did? Computer search warrants can be very technical and complex these days. With that being said, the judge who is reading the warrant often times doesn’t understand what the warrant specifically authorizes. Then again, sometimes neither does the affiant of the warrant. This tip on search warrants should be read it conjunction with number 3, because when you are deposing the affiant you want to grill them on the warrant to ensure that they accurately portrayed the sworn affidavit to the judge. Fruit of the poisonous tree…Additionally, information contained in a warrant may be inaccurate. For example, the affiant may have used an incorrect IP address as its source of probable cause, wrong property description, may not have had probable cause to believe the evidence they are seeking would be stored on a computer, and the list goes on. Furthermore, does the warrant even authorize a search of the computer and/or additional seized media post-seizure? If it does authorize a search, what does it authorize a search for? If it is documents, and they discover images of child pornography, do they continue to search without a warrant, or did they stop to secure a new warrant to search? Just a few issues to scratch the surface on warrants.
10. Consent, to what? Agencies often attempt to secure consent to search electronic media rather than get a search warrant. What you need to look for is what was seized, whose electronic media was it, did the person who gave consent have the ability to give consent (does that person use the computer on a regular basis, do they have their own login information, is the computer password protected…). Agency’s investigating cyber crime love to execute the knock-and-talk with a consent waiver in their hand. Target is usually not home and the girlfriend, wife, or adult child, signs on behalf of the target that has no idea what is going on. Later on appeal, the State argues they had probable cause and through inevitable discovery, they would have gotten a warrant. I submit to you that’s bogus. If they had probable cause, they would have come warrant in hand, and but for the consent to search form being executed by an individual without authorization, they would not have any evidence.
a. Additionally, depending on your workplace, your client may already have given their employer permission to search their workplace computer. Be it a form you signed on day one of your employment that informed you of the company’s computer policies, or a daily banner that comes up on your screen every time you logon, an employer may be able to give law enforcement what they are asking for. This scenario is wholly dependent on what the banner/notification policy states.
The litany of questions and hypothetical’s is too long for this list, but just be aware that in the land of cyberspace, there are always alternative theories and legal issues that will keep the government agencies on their toes and require exploration by the defense bar deep into the world of cyberspace!
David S. Seltzer is a former Miami-Dade County Cyber Crime State Prosecutor. His practice is limited to criminal defense with a specialty in cyber crime. For more information or to contact David S. Seltzer, please visit www.cybercrimesdefense.com.