Cyber Crime Lawyer Blog

As a West Palm Beach cyber crime criminal defense lawyer, I work frequently with people who are charged with possession of child pornography. That means I keep an eye on the ongoing debate about the high sentencing requirements for federal child pornography crimes. And, as I have written here before, I agree with critics of the system that the mandatory minimums are too high. That’s why I was pleasantly surprised by a May 21 article in the New York Times, about a Brooklyn U.S. district court judge who is fighting the sentencing requirements out of his belief that they are too high to fit the crime of downloading child pornography. Judge Jack Weinstein is also advocating for defendant Pietro Polizzi, whose convictions he has thrown out twice.

Weinstein stressed that he does not approve of child pornography, but said he doesn’t believe the five-year mandatory minimum for possession is appropriate for the crime. In fact, he said, the sentencing guidelines for child pornography defendants “destroy lives unnecessarily.” This belief is echoed by some other federal courts, including the Second U.S. Circuit Court of Appeals. That court recently threw out a 20-year sentence in a child pornography case, saying the guidelines can lead to unreasonable sentences “unless applied with great care.” In fact, the Second said, child pornography possession sentences can be longer than some sentences for actual sexual abuse of a child.

Weinstein has taken some risks to apply his beliefs to the case of Polizzi, who is accused of possessing more than 5,000 images. His recommended sentence in federal court was 11 to 14 years in prison, with a minimum of five; it would have been four years in New York state court. As is usual, the jury that convicted Polizzi was not told what a high sentence he faced. After they came back with the guilty verdict, Weinstein explained the sentencing and asked if the jurors would have changed their votes if they’d known. Two said they would and five criticized the sentence, so Weinstein threw out the conviction. The Second Circuit overturned that decision, but Weinstein threw it out again on different grounds. He also refused to order electronic monitoring for Polizzi while he awaits another trial, and said he would inform the jury about the sentencing guidelines in any future case.

As a Fort Lauderdale cyber crime criminal defense attorney, I’m delighted to read about judges like Weinstein, who are willing to arouse public anger in order to do what they see as the right thing. The public is against child pornography, of course, and advocating for the rights of child pornography defendants does not make a judge popular. However, high sentencing guidelines and high mandatory minimum sentences have serious problems. As the judge (and the Second Circuit) said, high sentencing guidelines can create unjust sentences. The mandatory aspect means judges can’t deviate from the guidelines, even if they feel justice requires it. And by doing this, high mandatory minimums essentially substitute the judgment of Congressmembers who don’t attend the trials (but do want to get re-elected) for the judgment of the judges who do.

Like Weinstein and our society as a whole, I don’t approve of child pornography. But there’s a big difference between approving of something and understanding that penalties can go too far. Defendants like Polizzi create a demand for child pornography, which in turn is always created by the exploitation of children (if it’s not computer-generated or animated). But they don’t directly exploit children, and that distinction has been obliterated by high mandatory minimums and the hysteria that created them. It’s a distinction that matters a lot to defendants like Polizzi, and like my own clients as a Miami cyber crime criminal defense lawyer. Sentences for these defendants should allow judges to use their own good judgment in cases where a high sentence could destroy a life.

A few months ago, I wrote about the case of a Pennsylvania teenager who was falsely accused of taking drugs by his school district. School officials had seen Blake Robbins, a student at Harrington High School outside Philadelphia, eating pill-shaped Mike and Ike candies -- and thought he was popping pills. The twist to this story that interested me as a Fort Lauderdale cyber crime criminal defense lawyer: the school official didn’t see Robbins with the candy in person, but through a webcam installed on his school-owned computer. The case alerted parents in the school district to the district’s practice of using webcams on school-owned computers to remotely watch the students, causing a continuing local scandal. The district claims it used the cameras only to locate lost or stolen machines, while upset parents and students say webcams were routinely used outside of those circumstances.

Now, a federal district court judge has issued an order permanently barring the Lower Merion School District from using the webcams remotely, the Philadelphia Inquirer reported May 15. The permanent injunction, issued last week, will also bar other forms of remote monitoring. The district will be allowed to use a less intrusive theft-tracking system, but it must be disclosed to students and their parents, and families that wish to opt out will have an opportunity to do so. According to the article, the order confirms to the practices the district has already agreed to adopt. An attorney for the American Civil Liberties Union, which helped draft the order, said she hoped it would be a model for other school districts wrestling with the same issues.

The injunction comes as part of a lawsuit filed by the Robbins family. In fact, it may help resolve the family’s claims, since such an injunction was one of the requests the family made in its original claim. The family has recently dropped a bid for class-action status, reportedly because no other students are believed to have suffered an alleged invasion of privacy similar to his. Lower Merion students will soon find out, because the judge has also agreed to let students and their parents see pictures taken by the cameras, possibly before the pictures are destroyed.

The article notes that these orders have pleased almost all parties in the case, a rare situation. As a West Palm Beach cyber crime criminal defense attorney, I am pleased to see that the school district and the parents seem to have come to an understanding. I’m also pleased that the drug allegations against Blake Robbins have apparently been forgotten. The district is still under FBI investigation, reports say -- but as the Electronic Frontier Foundation notes, it’s difficult to say what crime the district would have committed. State and federal laws prohibit private citizens from spying on one another through non-computer technologies, including fairly recent technologies like recording of phone calls without permission. However, no federal law appears to prohibit video spying, which means it may be legal for organizations and individuals to tape-record one another without permission.

In my last post, I noted that video spying, like the alleged spying on Blake Robbins, would be unreasonable search and seizure when and if the government does it. Even without a law specifically forbidding such spying, I believe a reasonable court would come to that conclusion. But for the same reasons, I also support a federal bill like the one the EFF mentions in its post. It may seem odd for a Miami cyber crime criminal defense attorney to advocate yet another criminal law limiting what citizens may do on the Internet, and it’s true that laws can be abused by overzealous prosecutors. But by protecting us from spying by private parties, such a law would reinforce the protections against spying by government agencies -- including school districts -- as well.

As a Miami-Dade cyber crime criminal defense attorney, I have been following the case of Jason Chen with great interest. Chen is the blogger whose home was searched after he reviewed a prototype fourth-generation iPhone for the consumer electronics blog Gizmodo. A California state law enforcement squad broke into Chen’s home to search it for evidence of what they say was a theft, triggering cries of outrage that Chen should have been protected under journalist “shield” laws. Attorneys for numerous media organizations, including some devoted specially to Internet journalism, asked a court to unseal the search warrant used to search Chen’s home. On May 7, the San Jose Mercury-News reported that the judge in that case punted the decision to the judge who originally signed the warrant, who will likely hear the case this week. Prosecutors claim it should remain under seal to protect a confidential informant.

Chen is not accused of stealing the prototype iPhone himself. Rather, it’s now widely reported that Gizmodo bought the iPhone from Brian Hogan, 21, who claimed to have found it left behind in a bar. It is not disputed that Gizmodo paid the finder $5,000 for it. In this way, Gizmodo got a “scoop.” However, it also brought a special technology law enforcement squad to Chen’s home, from which he works. They took computers and equipment, saying they had reason to believe the equipment was used to commit a felony related to the iPhone. It was not clear what felony was involved, although most reports have speculated that police believe the iPhone was stolen. Chen has not been arrested or charged with a crime, and the phone was returned to Apple after the story was published. Investigators are reportedly not examining the seized equipment until its legal status is resolved.

Lost in all of the talk about the search warrant is an issue that interests me as a West Palm Beach cyber crime criminal defense lawyer: What crime was committed? Reports suggest that the crime in question was theft, but any theft was probably not performed by Chen or Gizmodo. Rather, the alleged theft would likely be by Hogan, who found the phone. Reports differ about whether, and how hard, he tried to give the phone back to Apple. California law does actually obligate people who find lost objects to give those objects back, and to keep them safe until they can be returned. Failure to do so could be interpreted as theft. Gizmodo could then be guilty of the crime of receiving stolen property -- but only if the decision-makers for the blog knew it was stolen. Once Gizmodo found out it was stolen, the blog would have had to return it to the rightful owner or risk prosecution.

It’s extremely likely that all of these issues will be explored in detail as time goes on -- in the criminal case that prosecutors are apparently preparing, and in any civil case that Gizmodo, Chen or the news organizations may want to pursue. From what I currently understand, however, I do not believe that Chen can reasonably be charged with theft or receiving stolen goods. Depending on the circumstances, charges against Gizmodo for receiving stolen goods may also be inappropriate. This makes it difficult to support the apparent strong-arm invasion of Chen’s home. After all, if Chen is not implicated in the crime, why not just ask him for the equipment?

As a Fort Lauderdale cyber crime criminal defense attorney, I suspect law enforcement didn’t ask because they knew Chen would invoke journalist shield laws -- and they also knew he was entitled to do so. This would make the search of his home an abuse of power and an end-run around state and federal journalist shield laws. These laws don’t bar law enforcement from getting the information it needs; they simply require officers to subpoena the information, which allows journalists to separate out the relevant information or fight the request in court. It’s interesting and potentially important that the technology law enforcement squad involved chose not to follow that process.

Some news from last Friday caught my eye as a West Palm Beach hacking criminal defense lawyer. According to the BBC, a Tennessee federal jury has convicted 22-year-old David Kernell of unauthorized access to a computer and felony obstruction of justice. Kernell was 20 and a student at the University of Tennessee when he briefly became famous for breaking into the Yahoo! email account of then-vice presidential candidate Sarah Palin. He is also the son of Tennessee state representative Mike Kernell, D-Memphis. The younger Kernell also faced a charge of wire fraud, of which he was acquitted, and a charge of identity theft, which ended with a hung jury. At his sentencing, he faces up to 20 years in prison for the obstruction of justice charge, a felony, and up to a year on the misdemeanor unauthorized access charge.

Although media reports say Kernell was accused of “hacking,” he did not get into the account through hacking as it’s generally understood. Rather, he used the “lost password” feature used by Yahoo! mail and other websites and used publicly available information about the candidate, or educated guesses, to answer the site’s “security questions.” After getting into the email account, the Associated Press reported during the trial, Kernell bragged about it in “obscenity-laced” Internet postings, and posted screenshots including family photos and the phone number of Bristol Palin, Sarah Palin’s eldest daughter. Bristol Palin and a former Palin aide said they received harassing calls, texts and emails because their information was compromised by Kernell. He may also have had access to information related to Palin’s former job as governor of Alaska.

One of the things that interests me about this case is that the bulk of the prison time Kernell faces comes from the obstruction of justice charge. That charge stems from his decision to delete the evidence from his computer before authorities could find it. My experience as a Miami cyber crime criminal defense attorney has repeatedly shown that it’s hard to delete things from a hard drive in a way that data recovery professionals cannot undo. Thus, Kernell faces up to 20 years in prison for deleting the evidence, but only up to one year for the actual crime, a misdemeanor. Of course, he may not be sentenced to all of that time; the decision is up to a judge.

Another interesting issue was the fact that the jury was hung on the identity theft law. The federal statute on identity theft has eight subsections, but none are quite right to describe what Kernell did; for example, he did not intend to defraud the United States, or knowingly possess five or more identification documents. It’s even debatable whether he possessed an “authentication feature” within the meaning of the statute. Kendall may be retried on that count, but some observers doubt it. However, it’s clear that Kernell’s behavior did fit the federal definition of “unauthorized access,” even though it wasn’t technically hacking. To convict someone under the relevant federal law, prosecutors only have to show that he or she “intentionally accesse[d] a computer without authorization or exceeds authorized access, and thereby obtain[ed]... information from any protected computer.” Florida’s state-law version, “offenses against computer users,” also sets a low bar.

I’d like to be clear that I don’t believe Kernell should face no penalties at all. No matter what your politics, it’s an invasion of privacy, not a harmless “college prank,” to break into someone else’s email account and post their personal information online. The testimony at trial about the effects on the lives of the Palins and their associates reflects that, as does the conviction for misdemeanor unauthorized access. But as a Fort Lauderdale hacking criminal defense attorney, I hope the judge sticks to the low end of the sentencing for the obstruction of justice charge, keeping in mind that the underlying crime was a misdemeanor. And if authorities do try to bring another identity theft charge, I hope they can mount a stronger case than the facts available to the public suggest they have. Guessing a password isn’t appropriate behavior, but it is not the financial fraud that identity theft laws were meant to penalize.