OUTLINE CYBERCRIME: Zakarin, Prof.

Chapter 1: Introduction
A. Overview of Computer Crime Law: Keep these in mind: 1. procedural issues: the posture of the case can vary the standard of what is being decided (Ex: 12(b)(6) hearing to decide if a jury MIGHT find an issue of fact is drastically different from merits of case being decided by a jury/judge. 2. substantive issues: law issues such as no precedent in most of these cases having to argue by analoguy mostly, attacjing statute for not considering this specific topic. 3. jurisdictional issues: state issues decided concurrently to federal statute violations etc (just remember this). B. Comparing physical Crimes and Computer Crimes:

Chapter 2: Computer Misuse Crimes:

(Df): offense that involve the interference of the proper functioning of computers. Can occur in two ways: 1-a user might exceed his privileges 2-deny others their privileges to use a computer Three most common types: Unauthorized access statutes, computer fraud statutes, and computer damage statutes. One FBI estimate put the cost of computer crimes, in at least 2004, at over $400 billion. (p. 11). CLASS#4: Traditional Crimes - Economic Crimes A. Why Punish Computer Misuse? B. Property Crimes as a Response to Computer Misuse Analysis: (1) Can a prosecutor charge a person a person under traditional property crime such as: Tresspeass, burglary, or theft? *burglary and trespass didnt work, but theft can stretched if the Court finds that the subject matter constituted property. (See US v. Seidlitz (finding that text-editing program was property allowing theft to be used to prosecute); State v. McGraw (finding that D didnt steal anything where there was no evidence to deprive the city, needed under state statute for intentional misappropriation). (2) Assuming that computer misuse should be criminalized, how should it be criminalized? Can traditional property laws address this, or should there be new laws? United States Seidlitz: D was convicted of two counts of fraud by wire (statute: 18 USC 1343-Wire Fraud Statute). WYLBER, a source code, was accessed by remote terminal Argument was over whether this was a trade secret, and further if so, was that property? BC Proper theft statute will apply. Ds arguments: (1) I was attempting to do this to show security flaws and weaknesses in the current state of the system; and (2) there are versions like this on the market everywhere, like Microsoft. Held: this could be considered property, and a trade secret.

State v. McGraw No intent, which was needed, insufficient evidence: in addition to being (i) considered property, this particular state required (ii) intent. He was allowed access, he was prohibited from personal use. HE was storing information for personal use. Held: Though he was storing information for personal use, this did not satisfy intent to use computers. Therefore, the D did not deprive the city of property, nor did he have the requisite intent to deprive them of the use of their property. Like a bookshelf, the D used empty space. C. Unauthorized Access Statutes: 1. Introduction: In response to perceived deficiencies of prosecuting computer misuse using theft laws, the federal govt and all 50 states enacted statutes specifically prohibiting computer misuse. *No two of these statutes or schemes is exactly alike. 18 USC 1030 Fraud and Abuse Act (CFAA). AKA the federal computer misuse statute 2. What is Access? State v. Riley (S.Ct. of Washington 1993): Defined access as: (by Websters): freedom or ability to obtain or make use of. (Easy). (Compare with: State v. Allen, 917 P.2d 848 (1996): suggests that a person accesses a computer only when he or she goes beyond the initial prompt and gains the ability to make use of the computer) 3. What is authorization? The Case of Code-Based Restrictions United States v. Morris (2d Circ. 1991) (applying 1030(a)(5)(A)) Issue: Whether the transmission of the MIT worm by the student constituted exceeding authorized access or accessing w/out auth.? Suggests 2 ways in which access to a computer can be without authorization: (1) by satisfying the intended function test: providers implicitly authorized users to us their computers to use the intended functions, but implicitly do not authorize users to exploit weaknesses in the program that allow them to perform unintended functions. When a user exploits weaknesses in a program and uses a function in an unintended way to access a computer, that is without authorization. (2) that gaining access to a computer by correctly guessing or using a stolen password can constitute access without auth. (See also p. 47 for addition case). 4. What is Authorization? The Case of Contract-Based Restrictions United States v. Drew (D.C. Cen. Cal.)( 1030(a)(2)(C) and 1030(b)(2)(A). User violated MYSPACE terms of service. Misuse of sensitive computers by govt employees: in these cases the apparent test for whether the D had violated an unauthorized access statute was whether the D had violated explicit workplace policies on computer access. Users frequently agree to be bound to contracts that condition their use of computer contracts. (*Remember also that contracts are civil and can only lead to civil damages but can be attendant to the se criminal changes). Is this making civil contract breaches criminal and is this a dangerous policy? In State v. Schwartz, 21 P.3d 1128 (Or. Ct. App. 2001): D argued that: the line that line between authorized access was so unclear that it was unconstitutionally vague in that the phrase

without auth. did not identify what sort of authorization is required, or from what source it must come from. The Ct. words without notice was sufficiently stated as to put a user on notice of the prohibited conduct. 5. What is Authorization? (COMPETITORS, i.e. non compete) The Case of Norms-Based Restrictions: access that violates general understood social norms on normal or reasonable computer access MIGHT access without auth or in excess of auth. (Ex: if employee uses computer in way that is contrary to the employers interest-cov not to compete). United States v. Nosal, (DC Northern Cal. 2009): D accused of accessing a computer without auth or in excess of auth to further a scheme to defraud in violation 1030(a)(4). Courts split as to the issue, whether initial permission granted by employer broadly covers auth to all conduct by employee based on this permission: (p. 62) Some Cts, including two courts of appeal, have broadly construed the CFAA to hold an employee acting to access an employers computer to obtain business information with intent to defraud, i.e., for their own personal benefit or the benefit of a competitor w/out auth or exceed auth in violation of the statute. (See p. 62 for addition cases). Other Cts have refused to hold employees w access and nefarious interests within the statute, concluding that a violation for accessing a protected computer w/out auth or in excess of auth occurs ONLY when initial access or the access of certain information is not permitted in the first instance. (These Cts tend to accord with the philosophy that this statute is intent was to combat hackers and not employees). (SEE Rons notes and p. 63 bottom for discussion of EF Cultural Travel, which illustrates the flaws in the reasonable expectations standard. (p. 68) While 1030 does not define without access, it does define (Df): exceeds authorized access in 18 USC 1030(e)(6): to access a computer with auth and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter. D. Computer Fraud Statutes: hybrids between unauthorized access statutes and fraud statutes. The federal computer fraud statute is 18 USC 1030(a)(4), these crimes are felonies; the maximum punishment is 5 years for the first offense. Unites States v. Czubinski, (1st Cir. 1997): ISR agent used his access to search or browse financial information on: ex girlfriends/wives, KKK members etc. but where he never supplied this to anyone and where it never led to affirmative actions taken by him. He won due to that the prosecutor could not prove that he intended to deprive, and the intent of the statute was to punish for stolen property and not for merely perusing it.

E. Computer Damage Statutes: 1030(a)(5): 3dr and final type of computer misuse statute. Can be divided into 2 types: (1) those focused on conduct that exceeds priveleges, (2) focuses on conduct that denies access privileges to other users. (Ex: deleting, damaging altering, etc on a victims computer). (p. 80) gives you the three different offenses. United States v. Middleton, (9th Cir. 2009): D was charged w causing damage to a protected computer without auth in violation of 1030(a)(5)(A). Issue: whether the conduct prohibited in 1030a5A caused the loss? Tyoes of costs included in the loss definition. It is quite broad and refers to any reasonable cost[/loss]. This subpart includes a non-exhaustive list of costs taken largely from the Middleton case.

(See p. 89). United States v. Carlson (3rd Cir. 2006): Phillies fan sending e-mails. Issue: whether he intended to cause damage when he sent emails (either diect or indirect) Two types of e-mails: 1. direct: sending multiple (here thousands) of e-mails to one user 2. indirect: sending one e-mail to a multiple accounts (Here, sending spam e-mails from spoofed accounts). Held: jury found this was (1) damage, and (2) there was intended the resulting damage. Statute was violated and appeal was affd. Cts (Df) of intent (p. 99). 1030(e)(8) defines damage as any impairment to the integrity or availability of data, a program, a system, or information. * Does not define intentionally this court has defined it in the criminal context as performing an act deliberately and not by accident. F. Computer Damage Statutes: 1030(a)(5) has 6 elements (p. 103). United States v. Salban: D was a D, after being fired and trespassing into her former place of employment used an old password to enter the mainframe changing several of the files and deleting others in violation of security procedures and federal law. D convicted of computer fraud under 1030(a)(5). D argued (after plea of guilty) on appeal that: DC wrongfully interpreted the elements of the statute And that the statute is unconstitutional (See p. 103 for good discussion and elements of 1030(a)(5)). Held: requiring the govt t to prove intentional access w/out authorization is sufficient to satisfy any Constitutional requirements without violating the Due Process Clause. (See p. 107). Claim #1: 1030(a)(5) is ambiguous as to the intentionally mens rea requirement (based on the punctuation). The district applied it as only applying to the access element (1 of 6). The 9th Cir. here responded as saying that (i) the comma did not clear up the ambiguity and (ii) general linguistic rules justify letting intentionally apply to the rest of the elements. The govt does not have to prove that the D intentionally damaged computer files. Claim #2: The SC has never required that mens rea is a constitutional requirement. In X-Videos however, it did say that a lack of scienter requirements would be suspect (to require knowingly or intentionally). D tries to argue this, but the Ct rejects this and the statutes mens rea requirements are valid.

Chapter 3: Traditional Crimes

The computers ability o process and transmit information quickly and with relative anonymity has led entire subcultures of criminal activity to migrate from the physical world to a digital environment. Q: How should criminal law treat cyber crimes? Merge them, or label them an extension? 1. Economic Crimes: such as theft and copyright infringement. (Laws protecting economic interests). 2. Crimes against persons: such as threats and harassment (via e-mail). 3. Vice crimes: such as internet gambling and obscenity-related offenses. (Usually federal? Offshore outside jurisdiction of our laws?) A. Economic Crimes: Whatever the source of a files value, that value depends on information control. The more widely available information becomes, the less valuable it tends to be. 1. Property Crimes: Originally designed to protect interests in physical property, the basic idea being that phys property has an owner who enjoys the right to exclude others from accessing their property or using it. Taking it away form the owner constitutes theft. Retaining the item, knowing its stolen origin, constitutes possession of stolen property. People v. Johnson: (Does not have to be tangible to be property). Is credit card number (written down and copied to later be used) stolen property? Held: It is a thing of value, and had similar value to property. (See notes for better explanation). United States v. Farraj: (Important if you were one of restricted few to have access to item). D (former paralegal) charged w counts of interstate transportation of stolen property in violation of 18 USC 2314, D defends on grounds that trial plan from former law office did not constitute property within the scope of this statute. Only Orick employees were permitted access to the Trial Pans. Arg by D: it was information, not a good. Held: lots of cases where intangible items were considered property in violation of this statute. Here, the transfer of electronic files across sate lines via the internet does fall within the purview of 2314. 2. The Economic Espionage: One alternative to charging info misuse (or concurrent charge) is when the legislature has made available new criminal statutes that punish computer misuse in specific contexts. This act is an example: The Espionage Act of 1996 (EEA): 18 USC 1831-39. Designed to punish information misuse in specific contexts, here to punish and deter the theft of a specific type of information, namely trade secrets United States v. Genovese (SDNY 2005): govt charged d with one count of downloading and selling a trade secret in violation of 18 USC 1832(a)(2). Here, the D advertised Microsofts source-code. D tries to 12b6 this on grounds that definition of trade secret in statute was (i) unconstitutionally facially overbroad in violation of 1st A and (ii) unconstitutionally vague as applied to him.

Held: Not so vague that it violated his due process. 1839(3) defines thos with sufficient definiteness. Here, valuable because generally not known. (p. 125). 3. Identity Theft and Access Device Fraud

The federal govt uses 2 main information misuse statutes that deal specifically with misuse of authentification and access device methods. 1. 18 USC 1028: federal identity theft statute. 2. 18 USC 1029: federal access device fraud statute. US v. Cabrera (1st Cir. 2009): Appeal form conviction of photocopying and falsifying
identification (fake IDS) or possession of a document making implement under 18 USC 1038. Equipment was primarily used to make document production. Affd. D first argued that his computer did not constitute a document-making implement w/in the meaning of the statute b/c there was no proof, directly or by inference, that it was specifically designed or generally used to produce identification documents, false identification documents or other document making implements. Ct found: (i) text was unambiguous, (ii) that Ds computer was specifically designed, as this prong was aimed at a class of instruments and not at a specific instrument. His setup was designed to facilitate counterfeiting It fit primary use prong as well. There was no proof that he had any other purpose besides counterfeiting. 4. Copyright Law: Designed to provide economic incentives for authors to create new and original works such as stories, books, novels, music, and movies (including the attendant industries needed to promote these people). As this is predominantly a civil law area it is still true that criminal law belongs here but there are very few of these cases. Central precept of copyright law is: For a limited time, an original work in fixed form may not be copied (or otherwise infringed) without permission. A) Introduction: Dabvid Goldstone-Prosecuting Intellectual: (see p. 136 for what is a property right, federal examples, how long it lasts, the five exclusive rights where infringement is a fleny, misdemeanor, four essential elments to a felony copyright infringement. B) The Willfulness Requirement: Some statutes for copyright infirngment (17 USC 506(a) and 18 USC 2319, need a willfulness element. United States v. Moran, (DC Neb. 1991): Police officer arrested for duping videotapes. He was simply backing up his own system. I: what is the meaning of willfull as applied by a reading of this statute 506(a). Held: The general rule that ignorance of the law or a mistake of law is no defense to criminal prosecution is deeply rooted in the American legal system. Based on the notion that the law is definite and knowable, the common law presumes that every person knows the law (constructive). Rule also is that there is strict liability for copyright infringement, C) Total Retail Value: United States v. Armstad, (4th Cir. 2008): after selling 100 bootleg tapes, and then selling 200 more to the same agent, D was indicted on a charge of two counts of 18 USC 2319(b)(1).

Calculations are used to make this transform form a misdemeanor to a felony. D) Intent to profit: United States v. Shabbazz, (11 Cir. 1984): It was not necessary that he actually made a profit. The only requirement is that he engaged in business to hopefully or possibly make a profit. Or proof that you D argues that there was no intent to profit and the govt cannot prove that tapes were made for commercial profit, as required by statute. It is not necessary however, just that he engaged in businedd to hopefully or possibly make a profit. E) Prosecutorial Discretion: United States Dept of Justice-Illegal Warez Organizations and Internet Privacy: (p. 161): These underground gangs are responsible for releasing movies, software, etc. It is estimated that approximately 8-10 of the largest warez release groups in the world are responsible for the majority of the pirated software, games, and movies on the internet. Should these members be prosecuted if caught? (See 164). B. Crimes Against Persons: When people use computers to effectuate criminal intent and conduct. There are Two major types: 1. Threats and harassment Purposes a. deter and punish the social harms associated with b. 2. invasion of privacy crimes: violate individuals sense of privacy and safety by online conduct. Three federal statutes governing this: (p. 166) 1. 18 USC 875, specifically 18 USC 875(c): broadly prohibits interstate threats to harm a person. 2. 47 USC 223: prohibits both threats and harassment. Originally enacted as a telephone misuse and harassment statute, it has expanded to other communication devices. Two provisions commonly used prosecute internet threats and harassment: 1. 47 USC 223(a)(1)(C) 2. 223(a)(1)(E) 3. 18 USC 2261A: known as the federal stalking statute (of 1996 and expanded in 2000). Expanded to address cyberstalking. 1. Threats and Harrassment: US v. Alkhabaz, (6th Cir. 1997): 18 USC 875(c): true threats Did not rise to level of true threat. Here, d claimed on appeal that certain mail messages did not constitute true threats under the 1st A, and as such, were protected speech. Held: Congressional intent. Ct said that to read statute literally would lead to absurd result, so do determine what Congress intended. Here, the nature and purpose of prohibiting threats. US v. Carmicheal (D.C. Alab. 2004): D arrested for marijuana distribution and one count of conspiracy to money launder. Here the D at carmichealcase.com contained the pics and info about the agents involved in the case, attorneys, etc. There was protective order and D argues that his free speech under the 1st A was infringed. Analysis p. 177): 1. Was this protected speech? (True Threat Doctrine). True threats are not protected, otherwise they

are protected and the website is allowed. Factors: consider the language itself; 2. The context; 3. testimony by the recipient. SC has not settled on a true threat def yet. Held; the language was not a threat. Neither the posters nor the website expressly threatened the plaintiffs. Also the website was not meant to incite harm therefore triggering the incitement doctrine used by eth SC. (Incitement Doctrine on p. 182). Carmichaels website was not a true threat. 2. Invasion of Privacy: better dealt with in the Fourth A context. See three federal statutes: Federal Wiretap Statute, Stored Communications Act, and Pen Register Statute, although complex surveillance statutes they are applicable by analogy to computers. C. Vice Crimes: (*p. 187) These affect the moral turpitude. Crimes like prostitution, gambling, narcotics, and pornography are sometimes labeled vice crimes. Prostitution, internet gambling (where not allowed), ect. All have stemming aspects addiction, tax evasion, ect. 1. Internet Gambling: US v. Cohen: (2d Cir. 2001) started off shore gambling enterprise that can be placed from anywhere. Safe harbor provision: how can he be held responsible where bets are made form areas where it is legal to place them. How is he to verify that these people are where they say they are? Where no foreign sanctions are available prohibiting this conduct in a foreign state, Internet casinos and gaming companies are legal and cannot be stopped. *This has led to the UIGEA (Unlawful Internet Gambling Enforcement Act (2006)). (p. 191). 31 USC 5363. This only makes it harder to individual bettors to place their bets via credit cards. company restrictions. Safe Harbor Provision in 1084(b). (p. 194). *Also, Wire Act (1034) only applies to those in the business of betting and wagering. 2. Obscenity: (p. 198) There are some types of pornography and other types of displays and images that have no redeeming social value but that can corrupt and coarsen the moral fabric of society. To protect that social order and express societys disgust for the corrupting materials, the law prohibits the display and distribution of obscene materials. Seminal case: SC has curtailed definition of what is deemed obscene: Roth v. US, p. 198. 2. Obscenity Miller v. California (SCOTUS 1973): Test for determining what is obscene material. A state offense must also be limited to works which, taken as a whole, appeal to the prurient interest in sex, which portray sexual conduct in a patently offensive way, and which, taken as a whole, do not have a serious literary, artistic, political, or scientific value. The basic guidelines for the trier of fact must be: (a) whether the average person, applying contemporary community standards would find that the work, taken as a whole, appeals to the prurient interest; (b) depicts sexual conduct specifically defined by applicable state law; and (c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value. We emphasize that it is not our function to propose regulatory schemes for the states. That must await their concrete legislative efforts.It is possible to give a few examples of what a state statute

could define for regulation under part (b) of the standard announced here. Douglass, J. dissenting: no one can be forced by government to disclose what he finds offensive. US v. Extreme Associates, Inc. (DC WD Penn 2009) (p. 209): (cites Ashcroft) ROL: Courts must continue to apply the traditional obscenity test from Miller v. California to cases involving internet obscenity. Here, the SC (2009) finally define as a whole community standards *Is the community national or regional by state, or locality? National community was rejected and instead, the standards of the community from which the jurors are drawn will be used, D, Child Exploitation Crimes (p. 215): 18 USC 2252, 2252A, 2256 A. Intro: (p. 215) The federal statute that prohibits the creation of child

pornography is found at 18 USC 2251: prohibits the creation of child pornography and provides for a mandatory minimum prison sentence of 15 years for the first offense. If the death of the child results, the death penalty is available, or as an alternative, mandatory 30 year sentence. B. Proxy Rationale: Another possible rationale for child pornography is offenses- albeit a rationale not used to justify their constitutionality-is the perceived correlation between possession of images and acts of child molestation. Its weak, but is found on p. 216. C. 18USC 2252: primary statute prohibiting child pornography distribution, receipt, and possession. Contains four distinct offenses: 1. 2251(a): prohibits knowingly transporting or shipping in interstate or foreign commerce a visual depiction of a minor engaged in sexually explicit conduct. 2. 2252(a)(2): prohibits receiving or distributing such depictions that have been transported in interstate or foreign commerce, which contain materials that have been transported in interstate or foreign, or reproducing such materials for distribution in interstate or foreign commerce. (3. & 4. Deal with possession-related crimes.) 3. 2252(a)(3) concerns selling or having possession with intent to sell 4. 2252(a)(4) concerns mere possession. Also permits Ds to raise affirmative defense (rare but see p. 218). D. 18 USC 2252A and 18 USC 2256: definitional part Child Pornography Prevention Act of 1996 (CPPA): Congress response concern that pedophiles could use computer software to create computer-generated pornography, either by morphing a digital image of a real childs face to a computer generated image of a childs body or by generating a life-like image of a real childs image entirely

by computer. CPPA was designed to expand the then existing child pornography laws to encompass tehse new forms of child pornography of amending old statute (i8 USC 2252) they just created a new one. 18 USC 2252A and 18 USC 2256. US v. Schaffer (10th Cir. 2007): Whether mens rea was needed for the application of knowingly. It was, and was not met here. (Kazaa). Issue: Did he distribute child pornography when he downloaded images and videos from a peer-to-peer computer network and stored them in a shared folder on is computer accessible by others on the network? Held: That he claims he was only a passive participant and not fitting the definition of distributing: must actively transfer possession to another by means is unhelpful, as is the statute. It does not define distribute. We look then to the pain meaning. Blacks: to divided amongst others on a class. Etc, to apportion. He allowed access to it and openly invited others in to access or download. (Like a selfservice gas station). Barton v. State (COA Georgia 2007): When agents showed up at his house, they retrieved on his computer 156 images constituting child porn, but they couldnt say whether he affirmatively viewed these images that were stored in his caches or his temporary internet folders. I: Does the possession in your cache constitute knowing possession? H: No. Not without an attendant affirmative act. Inchoate crimes are not enough, but in NY you may be entered on a database regardless affecting employment and domicile. F) Constitutional Issues: 1st A issues again. Child pornography laws raise a number of 1st A issues. While the Constitution permits the govt to criminalize possession of child pornography, it limits the definition of child pornography much like miller places limits on the definition of obscenity. Ashcroft v. Free Speech Coalition (SCOTUS 2002): Govt may not prevent the possession of virtual child pornography. Miller and Ferber control. F: stems form a challenge of a statute created under the CPPA alleging overbroad drafting. I: Whether the Child Pornography Prevention Act of 1996, 18 USC 2551 abridges the freedom of speech? H: It does. It is overbroad and unconstitutional. Prevent too much free speech. As a general principle, the First Amendment bars the government form dictating what we see or read or speak or hear. The freedom of speech has its limits; it does not

embrace certain categories of speech , including defamation, incitement, obscenity, and pornography produced with real children. (cites NewYork v. Ferber: upheld prohibition of sale and making of child pornography b/c the acts were intrinsically related to the sexual abuse of children. Various reasons. Osborne v. Ohio: same interests stated in Ferber justified a ban on te hpossesison of pornography using children. *(After, however, see p. 241: for notes on subsequent Congressional Act: PROTECT Act of 2003whcih now defines child pornography United States v. Marchand (DCNJ 2004): to satisfy possessing child porn in violation of CPPA, 18 USC 2252A(a)(5)(B): All prosecutors have to show is that (1) at least one of the children were real and that (2) he knew, in order to invoke criminal sanctions. 2. Traveler Cases and Entrapment: Second type of child exploitation case, involving immigrants, human trafficking of minors, foreigners which cross state lines with the purposes of engaging in sexual activities. State v. Davies (COA Arizona 2008): entrapment as an affirmative defense. F: D requested that entrapment instruction to be included. DC denied this request. He appealed here. In Arizona, you have to give an instruction as to any plausible defense. DC didnt. I: Should it have been read, and is this reversible error? Was there enough for a reasonable jury to find that this is viable. H: The error was not harmless and we must reverse Defendants conviction. (See this for def of harmless error, entrapment). Here, the idea to meet up, a juror could find, could have originated with the detective and not the perp. n.5 on p. 262: There is no private entrapment defense! Only if inducement was made by a govt actor. (262, n.5). Impossibility is another attempted, but seldom prevailing defense. (p. 264, n.8). It is not a viable defense.

Chapter 4: Sentencing
A. Are Comp Crimes Different? When a defendant is found guilty, a court must next impose a sentence. The law of criminal sentencing focuses on two issues: 1. Whether to impose a prison term, and the length if any; and 2. the conditions of any period of probation or post-incarceration supervised release. Chapter division: part I: as a policy matter should computer-related crimes have different sentences than equivocal physical crimes Part II: US Sentencing guidelines Neal Kumar Kaytal-Criminal Law in Cyberspace (Law review article) Pa. L.Rev. (2001). Premise: If the goal of criminal law is to deter, then it makes sense to punish the use of a computer to carry out a crime as if the computer were a co-conspirator. This rationale would affect: fraud artists, child pornographers, cyber-thiefs who wouldnt need additional manpower to effectuate there schemes. Should they be based on special skills then? United States v. Lee (USCOA 9th Cir. 2002): [special skills adjustment] F: Hawaii Marathon Japanese entry fee scheme defrauding Japanese entrants (Who couldnt register through the official site). And charging 165 instead of 65, the excess going to transportation and site seeing. He plead guilty. Lower court failed to evaluate for applicability of this. I: whether the District court could use the special skills adjustment could be used to enhance the time served by the D (who pleaded guilty) based on Lees use of the computer in his scheme? H: Keeping inline with the 6th Cir., a level of computer expertise like Lees did not justify imposition of the adjustment. (Two seminal cases) United States v. Peterson, 98 F.3d 502 (9th Cir. 1996): upheld SSA for professional hacker who hacked into national credit system and stole information. United States v. Green, 962 F.2d 938 (9th Cir. 1992): [USCOA] revd application of SSA where, to effectuate a money counterfeiting scheme, a student procured methods and materials for making fake money. We held that the printing and the photographic skills

were not specialized as to permit the DC to impose the adjustment. United States v. Godman, 223 F.3d 320 (6th Cir. 2000): another counterfeiting scheme, but here too, the SSA couldnot be applied as Godmans level of computer skills was not analogous tp the level of skil possessed by lawyers, doctors, pilots, etc. listed in eth application note (from Peterson fn.). Test/Analysis: Special Skill Adjustment: works as follows (two prong) (p. 275) Prong #1: If the defendant abused a position of public or private trust; or [disjunctive] Prong #2: Or used a special skill, in a manner that significantly facilitated the commission or concealment of the offense Sentencing guideline should have two part test: Whether it is a skill usually requiring substantial education, training, or licensing. B. Sentencing in Child Pornography Cases: (Under SCOTUS case, United States v. booker, guidelines determinations are not binding on sentencing judges. Six step process. Generally set by United States Sentencing Guidelines: limits wide discretion and invites uniformity. Steps: the type of offense, offinse level (Ex: Murder 1), Apply upward and downward adjustments, determine Ds criminal history category, find sentencing from sentencing table, lastly determine whether a non-guidelines sentence is appropriate. C. Sentencing in Computer Misuse Crimes: Offense guidline applying in most computer misuse crimes is USSG 2B1.1 aka the economic crimes guidline b/c it is broadly applicable in theft and fraud cases. D. Supervising Release and Probation Restrictions: Supervised releases: part of their restrictions are that they cannot use a computer for any reason. United States v. Paul (USCOA 5th Cir. 2001): DC judges have a wide discretion but are subject to specific permaiters. (p. 291). F: Prohibition of computer use while on probation was upheld. I: H: OK to limit his conditions as it related to his offense. The DC did not abuse its discretion in imposing this condition of supervised release. United States v. Sofsky (USCOA 2d Cir. 2002): special condition must be treasonably related to the to the statutory governing the selection of sentences.

F: Wholesale prohibition of computer access to internet or bullitenb board systems at any time unless approved by probation officer was too challenged. It is vacated here. Same prohibition was challenged. Also D guilty of child pornography. I: H: Much more lenient. Prohibition was revd. The probation officer can still check to see if your using child pornography sites. There are other ways of monitoring. Not reasonably related.

Chapter 5: The Fourth Amendment

4 governs law enforcement investigations of computer crimes. It evaluates the constitutional limits on the govts ability tot gather evidence, identify a suspect, and try to establish beyond a reasonable doubt that the defendant has committed the offense. Proscribes warrant requirement and search and seizure prohibition. To determine if government conduct violates the Fourth Amendment, one must: (1) first identify why there there was a search and (2) seizure and, if so, (3) was it reasonable or unreasonable. A search is reasonable if it was authorized by a valid search warrant or fits squarely into one of the exceptions to the search warrant requirement. A warrant is valid if it is based on probable cause and particularly describes the property to be searched and the items to be seized.
th

The usual remedy for violations of the Fourth Amendment is suppression of evidence obtained in any subsequent criminal case. (Using the exclusionary rule). A central question with computer crimes is whether the crime or suspected crime has happened on or off site with or without moving the computer. (Wireless laptop, routers, etc.). Standalone or network?

A. The requirement of government action The fourth Amendment does not regulate all searches and seizures. As the Supreme Court stated in US v. Jacobs, 466 US 109, 113 (1984), the Fourth Amendment is wholly inapplicable to a search or seizure , even an unreasonable one, effected by a private individual not acting as an agent of the government or with the participation or knowledge of any governmental official. United States v. Jarrett: Issue: Whether anonymous hacker was government actor: agency relationship test on (p. 303). F: Govt relied on an anonymous hacker to arrest Jarrett for violation of child pornography statutes. Unknown user was hacking into others computers and accessing child pornography. He was located at the time in Turkey. He would attach a Trojan horse to the picture to search once accepted to see what other pics were present. When he found other pics of other child pornography, he contacted the FBI and provided them w the files. I: Was the search valid as it was based on tip form anonymous hacker informant. Was he acting as a state actor [govt agent]? H: DC held it was suppressed as based on invalid PC and violated the Fourth Amendment. Govt appeals. We reverse as the govt did not know of, or in any way participate in, the hackers search of Jarretts computer at the time of the search, the hacker did not act as a govt agent. B. Defining searches and Seizures: 1. Searches: A Fourth Amendment search occurs when government action violates an individuals reasonable expectation of privacy. (See Smith v. Maryland, 442 US 735, 740(1979); originally found in Katz v. United States, 389 US 347 (1967)). Harlan in Katz: The Fourth Amendment protects people, not places. What protection is afforded to these people? First: (subjective) a person must have exhibited an actual expectation of privacy; second: (objective) that the expectation be one that society is prepared to recognize as reasonable. (Ex: home, phone booth when making a call, not public conversation). Unites States v. David:

F: After being picked up on suspicion of trafficking heroin into the US from Hong Kong, he was bargained to enlist as a cooperating informant. During one session where informant (who was in jail) used his computer, an agent stood behind his and glanced purposefully at his password and later used it to access the computer. I: Was the informant an agent of the government? Was this a search? If so, wa sit reasonable? H: It was a search, and it was in fact, unreasonable as it infringed upon Ds expectation of privacy. 2. Seizures: The Supreme Court has defined a seizure of property as some meaningful interference with an individuals property. Unites States v. Jacobson, 466 US 109, 113 (1984). Under this definition, a seizure occurs when a police officer takes property away, blocks a person form being in control of his/her property in a meaningful way, or interferes ith et the path of property in transit. Copying a file seizes it: Unites States v. New York Telephone Co., 434 US 159 (1977). Unites States v. Gorshkov: F: Russian identified through sting operation focused on international intrusions on computers located within American Businesses. There was a meeting after which he was arrested. I: Was the agents act of copying the data on the Russian computers was not a seizure under eth Fourth Amendment. H: Not a seizure under the Fourth as it (1) did not interfere with Ds or anyone elses possessory interest. C. EXCEPTIONS TO THE WARRANT REQUIREMENT (see intro pertaining to Fourth Amendment) 1. EXIGENT CIRCUMSTANCES The exigent circumstances exception permits the government to conduct warrantless searches or seizures when immediately necessary to protect public safety or preserve evidence. (See, e.g., Mincey v. Arizona, 437 US 385 (1978)). This long standing principle applies when circumstances would cause a reasonable person to believe that entrywas necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of the suspect, or some other consequences improperly frustrating legitimate law enforcement efforts. (United States v. McConney, 728 F.2d 1195, 1199 (9th Cir. 1984) (en banc). Also: Consent: search incident to lawful arrest. USSC has never articulated a clear test for exigent circumstances, and instead has applied a general balancing of interests to determine when and how broadly it

applies. As a general matter, interests often include the degree of urgency involved, whether or not a warrant could have been obtained, the seriousness of the crime investigated, the possibility of danger, the likelihood evidence may be destroyed, and the availability of alternative means of obtaining or securing evidence or protecting public safety. Further, an exigent circumstances search must be strictly circumscribed by which justify its initiation. Terry v. Ohio, 392 US 1, 25-36 (1968). Unites States v. Trowbridge: (See p. 326) for warrantless search of individuals home and exigent circ discussion). Issue: whether the investigators could initially seize Trowbridges computers, not whether the investigators could then search the computers. 1. Was there an exigency? D created it in stating that D was not home. 2. Did the agents manufacture the exigency? Gov established exigency. 2. CONSENT Powerful exception to the warrant requirement. Makes a warrantless search reasonable and therefore constitutional. Whether this is voluntary id determined by viewing the totality of the circumstances. Raises three basic questions: How should courts interpret the scope of consent?; When can a third party consent?; When can eth police reasonably rely on the apparent authority of a third party to consent? (a) Scope of Consent: Unites States v. Al-Marri, (330). Test on 334. What a typical reasonable person would have understood the consent to have included in light of the specific facts of the case. (b) Third Party Consent: Unites States v. Buckner: password protected files cannot vicariously accessed via search effectuated via consent of even owners spouse. Here it is challenged that while a search allowed by his wife, the accessing of his hard drive (password protected) by agents was not included under the consent given by the wife. Ct agrees. Under the Trulock rationale, Buckner did not have actual authority to consent to a search of her husbands password protected files b/c she did not share mutual use, general access or common authority over these files. *Her consent was valid to allow them to search the computer, just not for the personal password protected files [affirmative steps]. Apparent authority: Unites States v. Andrus: (see p. 346) apparent authority will justify a reasonable belief by officer (good faith). Ds 90 something year old father gives consent to police to search after the dad told the police even where party is lacking in authority to consent.

*Totality of circumstances is used. Search incident to lawful arrest: Once arresting a person, PO can search full search and search containers wallets, or anything else on his person or in grabbable area. United States v. Murphy, 552 F.3d 405 (4th Cir. 2009): contents of cell phone. Here the Ct allows it, but others (See p. 356) do not extend this privilege to the contents of cell phones (ND Cal 2007)(P. 356). Appeal form a conviction for conspiracy for possession with intent to cocaine hydromorphon. D was arrested. Fourth Amendment. Argument: Murphy argues that the warrantless search of the contents of the cell phone was unlawful. Facts: Here, he was pulled over for VTL violation (95 mph) failed to provide license, and arrested for obstruction of justice; attendant to this the PO. Border Searches: apply at our borders or their functional equivalent. US v. Ortiz. as in this context, you dont have 4th and 5th requirements, does this apttitude extend to searching files on a computer? Unites States v. Arnold (9th Cir. 2008): cAn customs officials at LAX search contents of laptops without reasonable suspicioin? D at LAX Inter., he was randomly searched and they searched his laptop and they found child porn and he filed motion to suppress. 9th allowed admission of evidence of child porn found in this random search. DC: This was not fair, you overstepped your bounds. COA: Revd DC. Thos is not needed to border searches. Is this too broad and expansive to give an unfettered discretion to border agents? This Cir. Does not think so. Government workplace searches: Leventhal v. Knapek, 266 F.3d 64 (2d Cir. 2001) (Sotomayor, J.) (This is a government employer! Remember a private employer cant violate ) Issues: As you need a state actor to constitute a search two begin with, can the government search its own employees? Legality of searches. Analysis: Was there notice given to the employee, and if so, was the search reasonable? Did this search violate hi s4th Amendment expectation of privacy? If so, to what degree? Here, the special needs [maintenance] grounds of the employer justified the search and lent to the limited administrative searches. Held: DOT idd not violate Fourth Amendment.

D. Searching and Seizing Computers With A Warrant: Searches and seizures are constitutional when authorized by a valid and properly executed search warrant. A search warrant is a court order signed by a judge that authorizes govt agents to enter a place and seize property. Probable Cause and Particularity: There is a two step process currently: (1) agents will first execute a physical search and take away the computer, then (2) they will execute the electronic search, searching the seized computer for evidence. This raises a lot of questions: should the PC focus on PC to believe evidence is located inside the particular computer? Where is the physical place to be searched? Where the search occurred or the electronic search, or the computer itself? PC a fair probability that contraband or evidence of a crime will be found in a particular place. Illinois v. Gates US (1983) Purpose of particularity is an outright ban on general searches, reflecting the intent of the Framers and their opposition to the English and early Colonial experiences that the Framers observed. Maryland v. Garrison, US (1987) The remedy, due to exception like the good faith standard, make the remedy for violations of these two constitutional requirements considerably narrower than the rights themselves. United States v. Leon, US (1984). Good faith example in: Malley v. Briggs, US (1986). The standard by which to judge challenge a search warrant involving a civil suit or motion to suppress, is: a victim of the search pursuant to a defective warrant can obtain relief only if it would be clear to a reasonable officer that his conduct was unlawful in the situation he is confronted with at the time of the search. Sacier v. Katz, US (2001). How do the requirements of the Fourth apply to the warrants and the search and seizure of the computers? United States v. Adjani (9th Cir. 2006): Specificity used to justify affadavit or warrant. Apparent access. Roommates computer containing evidence of extortion. I: Are the e-mails from another persons computer if not mentioned specifically in the warrant, constitutionally valid? FBI agents seized conspirators computer in addition to named suspect. DC granted motion to suppress as to the e-mails contained on the coconspirators computer and unnamed in the warrant. 9th Cir. Revd this holding that the specificity of the warrant was satisfactory, the PC was sufficient, as well as the scope. H: That the co-conspirator roommate was unnamed does not vitiate it, thats not how a

warrant is evaluated. The items were described as well as the place with enough specificity. The warrant provided the precise identity and nature of the items to be seized. THE PHYSICAL SEARCH STAGE United States v. Hill (9th Cir. 2006): Good faith exception to the warrant requirement. *Compare subpoena requirement I: Whether it was reasonable under the Fourth A for the police to take all of Hills computer storage media from his home (they did not find his computer) so they could conduct their search offsite in a police laboratory, rather than carrying out the search onsite? H: It was properly admitted. While we do not encourage the blanket removal of all computer storage media for later examination, there was good faith and the warrant was specific enough. THE ELECTRONIC SEARCH STAGE United States v. Kearns (NDGeorgia 2006): Plain view and attempts at justifying PC. what is the limit of plain view doctrine as applied to this stuff. F: Secret Service Agent secured a warrant to search Ds residence for Ds computer, credit cards, and automobile. In searching for financial records, the agent found child porn. I: Did he legally obtain the info? H: Yes. The warrant was specific enough, so he was where he was wheen he found, within the rummaging, the child porn. 1. particularity is met. 2. The search may be as reasonable as needed to locate and seize items described in the warrant. The reasonableness of the search and seizure depends on the complexity of the crime being committed. Does the officer need to execute a new or additional warrant to further effectuate this search? Tenth Cir, says (Carey), depends on whether the search was abandoned. IN Carey, it was abandoned, so it was admitted. This Court makes the distinction that here, the agent never abandoned the original search. ROL: If never abandoned, the plain view can be used to justify the admission. Also, traditionally plain view doctrines stated: 1. the agent must be lawfully be in the place where the seized item was in plain view; 2. the items incriminating nature must have been immediately apparent; and 3. the agent had a lawful right of access to the object itself. 4. Encryption: When you encrypt is there a heightened REP? a diminished? 4th and 5th.

The 5th privilege against self-incrimination protects a person against being incriminated by his own compelled testimonial communications. For the privilege to apply, the communication must be compelled, testimonial, and incriminating in nature. Subpoenas require compliance and therefore constitutes compulsion. In re Boucher (USDC Vermont 2007): foregone conclusion doctrine when authorized to search for files, they encountered password. Upon subpoena, he refused to comply and moved to quash the subpoena in violation of his Fifth Amendment right not to incriminate himself by compelled testimony. I: Is this a testimonial communication? H: Subpoenas require compliance and thereby they do constitute compelled testimony. Testimonial acts compared to non-testimonial acts/ -Subpoena is compelling the production. -Since the information is being compelled, it cannot be under the forgone conclusion doctrine and the act of production privilege remains. *Know testimonial vs. non-testimonial, p. 423. [Lock key vs. combination analogy]. Testimonial acts vs. Non-testimonial acts: In distinguishing [] the Supreme Court has compared revealing the combination to a wall safe to surrendering the key to a strongbox. The combination conveys the contents of ones mind; the key does not and is therefore not testimonial. A password, like a combination, is in the suspects mind, and is therefore testimonial and beyond eth reach of the grand jury subpoena. (Textbook, p. 423). Foregone Conclusion Doctrine/Rule: No privelege will apply where an act of prduction if the existence and location of the subpoenaed evidence is known to the govt and the production would not implicitly authenticicate the evidence. Here, the subpoena can be viewed as either compelling the production of the password itself or compelling theprodiction of the files on the drive. E. The Fourth Amendment and Computer Networks: How the Fourth Amend. Applies to the collection of computer data sent over or stored on remote computers. Internet communication are sent across the network by being broken into packets. Know: Katz: SC found REP in use of phone booth. Wiretapping a persons phone amounts to a Fourth Amendment search. (This will erode Olmstead trespass doctrine Smith v. Maryland: found no REP in anything where third party transmission occurs such as a pen register. Forrester: extends Smith to to/form addresses within the internet. (Both Smith and Forrester use the analogy of ogysical mail in that contents inside are

protected until receipt (Unless fourth class mail or contents of protable phone) but not to the outside of the envelope (here applied equally to the to/from lines in e-mials). Quon: found REP where PO paid additional charges for added texts later searched by PD. 1. Analogies to speech, letters and telephone. It may be argued by analogy to either i. speech, ii. Postal letters, iii. And telephone calls. Speech: Hoffa v. United States. According to Hoffa: a person assumes the risk that those within earshot of their speech will hear and understand the speech and will share it with the police. The perosns Fourth Amend rights are not violated. Letter: Existing: Individuals who send letters and packages retain a reasonable expectation of privacy in the contents of their sealed containers, but not in the exposed exteriors of those containers. Telephone: pretty much the same as letter, but less in tah it not a tangible effect. 2. Non-content Information: Information cvan be divided into either: (i.) content information and (ii.) non-content information. Content info: communication sent to another user Non-content info: comm. That the network generates to facilitate the transmission and storage of the content information. US v. Forrester: (9th Cir. 2007) Appeal form conviction of ecstasy manufacturing. The computer surveillance that enabled the government to learn the to/form address of his email messages, the Internet protocol (IP)addresses of the websites that he visited and the total volume of information transmitted from his account was analogous to the pen registry that the Supreme Court held in Smith v. Maryland which did not constitute a search for fourth Amendment purposes. The evidence here and the pen register are identical and fit squarely within the physical mail rule: exterior of mail is subjected to invasion as well as inside when it reaches recipient. 3. Content Information: *REMEMBER: Always compare Katz (phone booth) with Smith (pen register). (See p. 445-46). Add Forrester. Quon v. Arch Wireless Operating Co. (9th Cir. 2008): Issue: whether persons have a REP in the contents of texts? (Do they count as e-mails?) Review of text messages sent to recipient, Jeff Quon, a Sergeant and member of the City of Ontarios SWAT team. PO that had to pay for the extra texts past 2500 characters in the citys plan. This officer opted for this option and was later audited to reveal sexually explicit texts. Held: Court here held expectation of privacy reasonable existed as a matter of law that PD would not review the content.

*Contents of cordless phone call or fourth packages, neither will be protectedby the Fourth Amendment. (See p. 447: context-sensitive inquiry will be used to determine whether the expectation of privacy was reasonable). *Contents of cordless phone calls and Fourth class mail are not protected by a reasonable expectation of privacy. Password or no password can change the contours of protections.

CHAPTER 6: STATUTORY PRIVACY PROTECTIONS Compare: (1) Stand Alone environments: here the 4A is the primary protection tha regulates government access to data. (2) Network environments: Here, 4A are supplemented be an important set of statutory laws. *Most computer crime investigations begin in a network environment. (Ex: a computer misuse investigation usually begin where a system administrator realizes that his server has been attacked; a threat investigation might begin with the victims receipt of an e-mail containing the threat; a child pornography case might begin when an undercover investigator is contacted in a chat room). Also, as delineated in the prior chapter, distinguish between: (1) content of the communications (analogous to inside of mail) (2) non-content information (analogous to outside of tangible mail) Statutes: 1. Federal Statutes: There are three federal statutes that regulate access to computer network communications in criminal investigations. a. The Wiretap Act: (18 USC 2510-22) regulates efforts to collect evidence by intercepting the contents of the internet communications in real time. b. Pen Register Act: (18 USC 3121-27) regulate collecting evidence by obtaining non-content information in real time. c. Stored Communications Act: (18 USC 2701-11) in response to perceived deficiencies in the aforementioned statutes, it regulates access to stored content and noncontent records held by ISPs d. Electronic Communications Privacy Act, Pub. L. No. 99-508 (1986) (ECPA). 1. expanded the Wiretap Act to include a new category of protected communications, electronic communications now broadly including computer communications.

2. created a new category of statute to regulate access to stored electronic communications known as the Stored Communications Act was not equipped to handle computers. Created a new statute, generally known as the Pen Register Statute that responds to Smith v. Maryland and regulates the use of pen registers. 2. State counterparts: Seminal and other relevant cases: Berger v. New York, 388 US 41 (1967): articulating Constitutional requirements for wiretapping Katz v. US, 389 US 347 (1967): articulated Constitutional limits on bugging (Phone booth-reasonable expectation of privacy that society (limited to what scope of region?) would agree to have protected. Smith v. Maryland, 442 US 735 (1979): the 4th A does not provide a robust privacy potection in a network environment context. Smith made clear that the 4A di not regulate the use of pen registers, and left uncertain how computer networks may be applied. Weeks v. US, 232 US 383m 391-92 (1914): Wong Sun v. US, 371 US 471, 485 (1963): A. The Wiretap Act: 1. Basic Structire: OBrien v. OBrien (5th Cir. 2005): types (different functions of) spyware. Interprets a FLA state law. Facts: Suspecting her husband of cheating, a wife, unbeknownst to him, installed surreptitious spyware to log her husbands computer activity. She logged him, while he was engaged in playing Yahoo Dominoes, chatting with other women. This software stored and copied electronic communications between him and the other women. Wife argued: electronic communications do not fall under this act because these communications were retrieved from storage and, therefore, are not intercepted communications. Husband argued: was in transmission and therefore illegally obtained under this Act Issue: Did the interception of information happen contemporaneously enough to satisfy the FLA statute? It was off by milliseconds when recorded in spyware. (Analogous to substantial performance in K Law). Held: TC held: were illegally obtained. Here the wife appeals and it is held that: (1) As to whether the commincations were intercepted: a valid distinction exists between a spyware similar to Steigler (simply nreaks into computer and teals information already stored, and a spyware that (like installed by wife here) copies the information as it is transmitted and routes the copy to a storage file in the computer.

(2) As to whether, now that they are deemed as intercepted, may be introduced in to evidence: not excludable. (3) TC did not abuse its discretion. (See 465) Content vs. non content withregard to Packet sniffers : Ex: FBIs Carnivore program (phased out by 2003 due to improvements in the commercial packet sniffers controls of controls to ignore content or non content better). Remedies: suppression (exclusionary rule?) 2. The Consent Exception: Like the 4thA, the Wiretap Act has a consent exception: 18 USC 2511(2)(c) and (d): Allows aperosn to give prior consent. Griggs-Ryan v. Smith, (1st Cir. 1990): Landlady intercepted his telephone calls, she calls police he gets busted for marajauna trafficking. He later files civil suits against her in violation of this statute prohibiting taping of communications. I: at issue is whether these statements were admissible in the DC decision convicting him. Held:His consent, after repeatedly being told by landlord that calls would be recorded. Is consent, albeit not explicit, was manifest. No more was required. He could have used some other instrument. 3. The provider exception: regulates both the interception and the disclosure of communications. If a provider wants to moniter communications and disclose them to the govt under the provider protections, both steps must been independently justified. In contrast, exceptions such as the consent exception focus entirely on interception; when a communication has been intercepted permissibly under the consent exception, eth Wiretap Act places no additional restrictions on its use or disclosure. US v. Auler,(7th Cir. 1976):scope of the authority of a common carrier to intercept and disclose wire communications (18 USC 2511(2)(a)(i)). *(See McClelland, p. 491)telephone companies which intercept calls pursuant to 2511 (2)(a)(i) may forward to the police no more of the content of those calls than is necessary to protect the telephone company rights). D was convicted of violating the Wire Fraud Statute, 18 USC 1343, and sentenced to 6 months. I: H: this was not govt action; the FBI did not participate in or tacitly approve of

interception. Thereby requiring a warrant McClelland v. McGrath (Dist. Ct. Illinois 1998): That the provider exception will not apply if the police are the ones guiding its use. 4. COMPUTER TRESSPASSER EXCEPTION 18 USC 2511(2)(i) is the narrowest exception to the Wiretap Act. It shall not be unlawful under this chapter for a person acting under color of law to intercept the wire or electronic communications of a computer trespasser transmitted to, through, or from the protected computer. 5. T3s and FISA warrants. B. THE PEN REGISTER 18 USC 3121-27: Like a non-content cousin of the Wiretap Act. It generally deals only with noncontent information. Designed as a statutory response to Smith v. Maryland, 442 US 735 (1979). (see p. 498). It prohibited use of pen registers or collectors of to and from information for telephone calls, namely pen registers and trap devices. The definition of pen registers and trap device in 3127(3)-(4) Section 216 of the USA PATRIOT Act replaced the telephone-focused language of the 1986 Act with more general language that covers non-content addressing information for both telephone calls and Internet communications. Title III. FISA. Types of warrants that may be obtained to wiretap. Case: (Illustartes the difference between use of the Wiretap Act and content information and The Pen Register statute and non-content information: In re application of the United States of America, 849 F. Supp. 1555 (DC Fla. 1994). C. THE STORED COMMNUICATIONS ACT (SCA) Third and final anti-piracy law. 18 USC 2701-11.
(ECS) providers of electronic communication service, (RCS) providers of remote computing service. Regulates the retroactive surveillance of telephone and internet communications Governs the interactions between government investigators and system administrators in the case of stored content and non-content records. ECS and RCS. Stored Communications only apply to Ways to compel non-content information: (i) 2703(d) order, (ii) search warrant, (iii) consent, (Iv) telemarketer fraud. (v) where Congress has regulated further. 1. Basic Structure. 2. Compelled Disclosure Under 2703 When we want to compel a service provider (of ECS) of temporary custody, the govt must obtain a search warrant (ECS 180 days or less). When it is greater than 180 or- when

compelling a provider of RCS, they can use less than a warrant if: (i) subpoena and (ii) court order (non warrant) US v. Kennedy, 81 F. Supp. 2d (DC of Kansas 2000): Failed to meet d order or that version of specificity req., (i) articulable facts and (ii ) specific reasons. Ct ordered that the application should have been mores pecific, however, suppression is not available here, sanctions are. 3. Voluntary Disclosure: 2702: Sometimes someone wants to assist (or disclose. E.g. marketing info) but there are limitations where the y would violate the SCA: where they provide services to the public. (Ex: AOL, Yahoo). 8 exceptions: you can divulge the contents by law, to deliver communications, or if a person who rights are at stake consents, when necessary, when a provider discovers a crime, discovers child pornography. Anderson Consuling LLP v. UOP: e-mails were leaked to the Wall Street Journal during a counter suit situation of breach of contract between consulting firm and subcontractor. Argument wa smadea sto the definition of public. If public, and the ocntractor provided e-mails service to the public, they are susceptible to the purview of the SCA. They tried to redefine public. Held: this is provite, and the Ct did not buy it. Deemed them private and a private company can consent to disseminate anything it wants. If Touro account is leaked, Jayne v. Sprint PCS: upon good faith belief form police asserting an exigent circumstances demand in order to thwart a kidnapping, Sprint disclosed information (GPS and cell phone). It was upheld under 4A analysis. Putting the Pieces together: p. 516 Theofel v. Fare-Jones, 359 F.3d1066 (9th Cir. 2004) (p. 514): all e-mails held by a server are protected under the ECS rules until the underlying message has expired in eth normal course, regardless of whether eth e-mail has been accessed. This appears to be fact sensitive etst: a server acts as a provider of ECS with respect to a message until both the user and the ISP no longer need the e-mail message. *ISP is porvider.