Last month, we posted on the senate hearings on whether the feds need to get a warrant before getting emails and other stuff stored in the cloud.  The Obama administration would rather let the feds continue to get such stuff without bothering to get a warrant, as they now can do under (very outdated) current law.  As we put it:

As the law currently stands, if an email is more than 180 days old, the feds are allowed to snag it without a warrant, under the 1986 Electronic Communications Privacy Act.  In yet another bit of Orwellian fractal weirdness, the ECPA was designed to ensure that online communications had just as much privacy protection as anything in the offline world.  (Given the erosion of Fourth Amendment protections in the brick-and-mortar world, a cynic might be tempted to crack that the ECPA has lived up to its expectations.)

And we quoted Sen. Patrick Leahy, who last year argued to drag law enforcement and the Fourth Amendment into the modern era:

Today, ECPA is a law that is often hampered by conflicting privacy standards that create uncertainty and confusion for law enforcement, the business community and American consumers.

For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent. There are also no clear standards under that law for how and under what circumstances the Government can access cell phone, or other mobile location information when investigating crime or national security matters. In addition, the growing popularity of social networking sites, such as Facebook and MySpace, present new privacy challenges that were not envisioned when ECPA was passed.

Simply put, the times have changed, and so ECPA must be updated to keep up with the times.

Well, today Sen. Leahy proposed a new bill that might do just that.  The bill (pdf here) would get rid of that 180-day loophole, and require the feds to get a warrant no matter how old the email or data might be.

-=-=-=-=-

Obviously, we’re in favor of that.  But this bill goes farther than that.  If adopted, this bill would also:

1. Prohibit cloud services from knowingly divulging emails or other stored data “to any governmental entity.” (We approve.)
2. Require the government to give notice to you within 3 days after your emails/data were searched pursuant to a warrant, including a copy of the warrant. The 3-day period can be extended on a showing of good cause similar to that in eavesdropping cases. (We approve.)
3. Permit the government to subpoena subscriber names, addresses, phone numbers, network addresses, phone call data, and payment info (including credit card data). (Can’t they already subpoena all this stuff already? To the extent this is nothing new, we have no opinion.  To the extent it’s new authority, we strongly disapprove.)
4. Prohibit the government from using your cell phone or iPad or what-have-you to get your physical location, without a warrant or FISA order or an immediate life-or-death/mafia/national security need. (We approve, except for the mafia exception. Mere “conspiratorial activities characteristic of organized crime” is a hole big enough to drive a busload of special agents through, and has nothing to do with immediate urgency.)
5. Prohibit the government from getting historical data of your physical location without a warrant or FISA order.
6. Require suppression of evidence obtained in violation of the statute. (We approve.)
7. Protect cloud services from lawsuit for complying with authorized government demands. (We approve.)

On the whole, not a bad bill.  There’s some room for improvement, as we’ve pointed out, but that’s what committee is for… right?

Our jury’s still out, and there’s so much stuff to catch up on.  There’s the 5th Circuit’s denial of Jeff Skilling’s appeal, even though the Supreme Court had struck down the “honest services fraud” charge last summer.  We were so ready to write something about it yesterday, but work intervened, and now we’re not in the mood.  Maybe this weekend.

Instead, we’re all intrigued about the Senate hearings earlier this week on whether federal law enforcement ought to get a warrant before doing any search and seizure out there in the cloud.  Apparently, the Obama administration says the warrant requirement is just too much of a hassle.

The term “cloud computing” covers a lot of things, but for these purposes we’re talking about people storing data not on their own hard drives, but out there somewhere in the ether of the internet.  Of course, “out there somewhere” means “stored on someone else’s servers.”  Which means it’s there for the taking (or destruction) if those remote servers were to be compromised.  And of course, that means it’s out there for the seeing if law enforcement decides to go poking around in the cloud.

As the law currently stands, if an email is more than 180 days old, the feds are allowed to snag it without a warrant, under the 1986 Electronic Communications Privacy Act.  In yet another bit of Orwellian fractal weirdness, the ECPA was designed to ensure that online communications had just as much privacy protection as anything in the offline world.  (Given the erosion of Fourth Amendment protections in the brick-and-mortar world, a cynic might be tempted to crack that the ECPA has lived up to its expectations.)

As Vermont senator Patrick Leahy put it last September, when the Senate first starting considering changes to the ECPA, the statute

was a careful, bipartisan law designed in part to protect electronic communications from real-time monitoring or interception by the Government, as emails were being delivered and from searches when these communications were stored electronically. At the time, ECPA was a cutting-edge piece of legislation. But, the many advances in communication technologies since have outpaced the privacy protections that Congress put in place.

Today, ECPA is a law that is often hampered by conflicting privacy standards that create uncertainty and confusion for law enforcement, the business community and American consumers.

For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent. There are also no clear standards under that law for how and under what circumstances the Government can access cell phone, or other mobile location information when investigating crime or national security matters. In addition, the growing popularity of social networking sites, such as Facebook and MySpace, present new privacy challenges that were not envisioned when ECPA was passed.

Simply put, the times have changed, and so ECPA must be updated to keep up with the times

Think of it this way:  You’re storing your emails on a third party’s servers.  Isn’t there some lessening of your privacy expectations in that situation?  And on top of that, until maybe six or seven years ago, it wasn’t that outrageous to deem emails left on a third party’s servers for more than six months — instead of storing them to one’s own hard drive or local server for preservation — to be “abandoned.”  AOL users lost their emails after just a month or so.  If you didn’t actively save it to your hard drive, you didn’t want it.  (Forget, of course, the user’s reasonable expectation that the email would no longer exist in the first place.  Do not waste brain cells wondering whether one can abandon something that one believes to have already been destroyed.)

The point is, the law sort of made sense back in the 80s.  And it still kinda made sense when Google was new and Facebook was still in the future.

But now, things have changed.  In ways that are both dramatic and obvious to anyone who might be reading this post.  Now, by default, the vast majority of users do not store their emails locally (if they even know how to do so).  Emails are almost always accessed through a third party’s servers.  Almost nobody downloads their emails — and even if they do, the original remains on the server.

The vast majority of users expect that their emails, protected by their usernames and passwords, will remain private.  Even though the emails are stored out there in the cloud, the ordinary reasonable expectation is that they are private.

As we all know, the Fourth Amendment prohibits the search and seizure of stuff where there is a reasonable expectation of privacy, unless law enforcement gets a warrant based on a showing of probable cause to believe that particular evidence of a particular crime will be discovered by the search.  (For those of you desiring a quick primer on the various exceptions that apply, you can certainly do worse than to listen to N. Burney and G. Mehler’s brilliant CLE lecture, “Search and Seizure in 60 Minutes“)

The exceptions to the Fourth Amendment essentially boil down to situations where the evidence would cease to exist if a warrant were sought, or there’s some other thing we want the police to be able to do (such as make sure people are safe) that might be deterred if they weren’t allowed to use evidence observed in the process.  None of the exceptions are based on a policy of “we probably wouldn’t have probable cause to search in the first place.”

But that is precisely the policy offered by the Obama administration this week.  We kid you not.  Here’s associate deputy attorney general James A. Baker, testifying on why the administration doesn’t want to have to get a warrant to search the cloud:

In order to obtain a search warrant for a particular e-mail account, law enforcement has to establish probable cause to believe that evidence will be found in that particular account. In some cases, this link can be hard to establish.

And if they aren’t allowed to search in cases where they cannot establish probable cause in the first place?  The consequences would be dire, he says.

The government’s ability to access, review, analyze and act promptly upon the communications of criminals that we acquire lawfully, as well as data pertaining to such communications, is vital to our mission to protect the public from terrorists, spies, organized criminals, kidnappers and other malicious actors.

They’ve gotta be kidding.  This is about as outrageous a policy as we’ve come across.  Justifying it because “omigod, think of the horrible things that could happen if we had to comply with the law” is something we’d have little patience for if uttered by a sophomore in college.  Hearing it from the Justice Department is not amusing.

Fortunately, the at least one of the courts doesn’t seem to be in agreement with the administration on this one.  The 6th Circuit ruled a few months ago that a warrant is, indeed, required for a search of cloud-based emails.  Here’s hoping that others follow.

Of course, what would be better would be for Congress to amend the ECPA so people don’t have to get convicted based on illegally-seized evidence first, and incur the expense of a trial and a couple appeals, before the other circuits are able to weigh in.

Now that Julian Assange has been arrested in the U.K., his fight for the moment is to prevent extradition to Sweden, which wants to arrest him for questioning about allegations of sexual misconduct.  But given the comparative laxity of any punitive measures Sweden might impose even in the worst case scenario, a more troubling concern is the possibility of extradition to the United States for criminal prosecution for espionage.

If that happens,  however, he might have a pretty good shot at winning.

The Espionage Act of 1917, 18 USC §§792-799, is what he’d have to deal with (there are reports that the DOJ is already preparing these charges).  Here are the parts that are most likely to apply:

§793(c) gets you up to 10 years in prison for receiving anything pertaining to U.S. national defense, if you did it while having “reason to believe” that it was illegally obtained, and that it would be used either to the injury of the U.S. or to the advantage of another country.

§793(e) gets you up to 10 years in prison if you’re in possession of such stuff, and you have “reason to believe” that it “could be used” either to the injury of the U.S. or to the advantage of another country, and you go ahead and disseminate it or cause it to be disseminated.

Well, wait, you say.  Those sound pretty much exactly like what Assange freely admits to having done.  A private in the U.S. Army apparently downloaded a whole bunch of confidential documents, and provided them to Wikileaks.  Assange ordered the documents to be released, publicized what he was doing, and publicized that it would likely injure the United States.  Forget all of Assange’s bluster about the harm being minimal.  His actions seem to hit all the statutory elements.  So how can he win?

As several have now pointed out, including Gabriel Schoenfeld in the WSJ (link behind paywall), Assange’s actions may be protected by First Amendment freedom of the press.  Wikileaks is a kind of journalism, as it is in the business of acquiring information the public doesn’t already know, and reporting that information.  It’s sort of (but not quite) like the New York Times publishing the Pentagon Papers, which the United States Supreme Court ruled 6-3 it could do because there was no imminent grave harm that would justify a prior restraint such as an order to stop the presses.

Some, like Schoenfeld, say Wikileaks is not really like the Times, because the Times is trying to inform the public rather than harm the government’s ability to carry out its policies.  But that’s frankly hogwash.  Anyone with half a brain understands that, if the Times got its hands on stuff that would obstruct policies its editorial board disapproves of (which includes most of the U.S.’s foreign policy), they’d publish it in a heartbeat.  See, e.g., the Pentagon Papers.  Or the Washington Post and the whole Valerie Plame ordeal.  Cf the Times’ reporting on the Climategate emails (“The documents appear to have been acquired illegally and contain all manner of private information and statements that were never intended for the public eye, so they won’t be posted here”).

A 5-justice majority in the Pentagon Papers case did say in dicta that, if the Times went ahead and published the materials, they might well be liable for prosecution under the Espionage Act.  The actual ruling only has to do with prior restraint, however, and does not reach the issue of whether the First Amendment trumps the Espionage Act here.

That said, any difference between the NYT and the Washington Post and Wikileaks is only a matter of degree, and not a substantive difference.  All three publish secrets willingly, even when they have reason to believe that the published secrets may harm the U.S. in some way or be to the advantage of another country.  It happens all the time, and nobody gets prosecuted for it.

If Wikileaks winds up resulting in criminal prosecution here — where nothing “Top Secret” was released, and the government chose not to do anything when explicitly given the chance to identify documents that might endanger people if released, and where the U.S. isn’t really harmed (since every diplomat knows these kinds of things get said, and so while mildly embarrassing it’s not likely to damage relations with other countries, any whom might be next) — Assange is going to have a good argument that he knew it wouldn’t be so bad, and so he had no reason to believe that it could be used to injure the U.S. or put it at any real disadvantage.  That blows the mens rea element out of the water.

On top of that, you can bet your sweet bippy that the U.S. press corps will pile on with all kinds of amici filings to make it go away.  Because they do realize there’s not a whole lot different between what they do and what Wikileaks did.  And if there’s precedent for criminalizing Wikileaks’ only slightly more extreme behavior today, that precedent could easily be applied tomorrow to their own conduct.

Throw some top-notch lawyers in the mix, representing Assange and the press and the various interest groups, and Assange’s chances look better by the minute.

We don’t approve of what Wikileaks did.  It was potentially dangerous, and certainly malicious.  But as things stand, it’s a fair bet that Assange would win if the DOJ goes after him.

The Monitor reports that a 17-year-old Texas boy is now facing child porn charges, after getting a 16-year-old friend to send him a topless photo of herself from her cell phone.

Child porn is a very VERY serious charge. Even those who themselves would never commit a sex act against an actual child still go to prison for a long time just for downloading pictures that may be more than a decade old. You don’t ever want to get charged with it. We defend people charged with it, we know of what we speak. (Heck, we wrote the book on it.)

So when this whole “sexting” thing hit the news in ’09, we posted a warning that teens might unwittingly be exposing themselves [Ed.- Was that necessary?] to criminal charges that are in many ways life-ending.

Fortunately, there are prosecutors and judges out there with good judgment, who won’t go after teens for stupid teenage indiscretion with other teens. But there are also school administrators who can get themselves in trouble for possessing the photos during their own investigations.

Will this kid wind up getting prosecuted? Who can say. It’s up to that local DA’s office. The feds probably won’t touch it, but state prosecutors typically only go after child porn cases that are too marginal for the feds in the first place.

What do you think, should existing child porn laws be modified so teens sharing each other’s photos won’t face prison? Is there an analogy to statutory rape schemes where teens are involved? We’re not talking about little kids here, so maybe there’s room for change. We’d like to hear what our readers think.

As everyone reading this is probably aware, last Monday the website Gizmodo announced an exclusive look at Apple’s iPhone 4, which hasn’t been officially released yet. In their post (here), they said “you are looking at Apple’s next iPhone. It was found lost in a bar in Redwood City, camouflaged to look like an iPhone 3GS. We got it. We disassembled it. It’s the real thing, and here are all the details.” The post was written by blogger Jason Chen, and featured video of him showing details of the phone, and a lot of photos.

As time went on (see all the posts here), it came out that Gizmodo had paid $5,000 for the phone. The guy they bought it from wasn’t the phone’s owner, but had merely found it in a beer garden back in March. An Apple employee had lost it there.

So, if they bought it from someone who wasn’t the owner, and they knew it was supposed to be a secret, did the folks at Gizmodo commit any crimes here?

Law enforcement got involved very fast. By Friday, law enforcement in San Mateo had gotten a search warrant (viewable here) to seize Jason Chen’s computers, disks, drives, and any records pertaining to the Apple prototype 4G iPhone.

The search warrant was executed that same day, and a bunch of computer stuff was seized (the inventory is also viewable here).

Yesterday, the chief deputy district attorney for San Mateo County told the WSJ’s “Digits” blog (here) that nobody’s saying a crime happened or not. They’re still investigating.

Meanwhile, however, Gawker Media (the owner of Gizmodo) issued a letter on Saturday (viewable here) stating that “under both state and federal law, a search warrant may not be validly issued to confiscate the property of a journalist.”

In support of that statement, Gawker Media cited California Penal Code §1524(g) (viewable here), which prohibits search warrants for items described in Evidence Code §1070.

Evidence Code §1070 (here) says a judge can’t hold a journalist in contempt for refusing to disclose his sources, or for refusing to disclose unpublished information gotten while preparing a story.

So we have to ask, does Gawker Media know what it’s even talking about?

-=-=-=-=-

There’s a big difference between a search warrant and an order to disclose information.

A search warrant is an order from a court, giving cops permission to search a particular place, and seize specified physical evidence. A search warrant does not give the police any authority to ask questions. It does not compel anybody to disclose any information to law enforcement. All the cops get is the stuff they’re searching for.

Now, the stuff they seize can contain all kinds of information. Search warrants routinely turn up documents, accounts, notes and computer data — all of which can be extremely revealing. But that’s not the same as making a person disclose information.

What the California statutes are talking about, on the other hand, is court orders to compel a journalist to give up his sources and his confidential information. That’s an order making the journalist himself tell that information to law enforcement. There is a big difference between seizing documents and forcing a journalist to betray his confidences.

There’s a good policy underlying section 1070. California wants its journalists to be able to report stories whose sources are people who want to speak on conditions of anonymity. Those who would reveal abuses of power are not likely to do so if those in power could retaliate against them. So anonymity is a good thing. And California says the policy protecting anonymity is more important than any judicial order directing involuntary disclosure.

But the same thing is going on here as with confessions and fingerprints. The state can’t coerce a confession against your will, but it’s perfectly fine for it to take your fingerprints, which can be just as damning. One is an involuntary disclosure, which Americans tend not to approve, and the other is an evidentiary seizure, which the Fourth Amendment says is perfectly fine so long as you have a warrant based on probable cause.

But what about Penal Code §1524(g)? Doesn’t it extend the protection specifically to preclude search warrants to identify confidential sources and information gathered along the way?

Well, for one thing, that’s pretty clearly only applicable to discovery issues. Journalist doesn’t want to disclose source. Court says do it. Journalist refuses. Court issues warrant. Section 1524(g) says you can’t do that.

But that’s not all §1524 says. The very first things it says you can get a search warrant for are:

(1) When the property was stolen or embezzled.

(2) When the property or things were used as the means of committing a felony.

. . .

(4) When the property or things to be seized consist of any item or constitute any evidence that tends to show a felony has been committed, or tends to show that a particular person has committed a felony.

So you can get a warrant to search for stolen property, stuff that was used to commit a felony, and stuff that is evidence of a felony.

Grand theft — and something of this value clearly falls within the definition of grand theft — is a felony in California. A first offender can still wind up doing 16 months.

And receiving stolen property — what Chen and Gawker may or may not have committed — is also a felony that could result in state prison time.

That’s pretty much what the law explicitly says search warrants are for.

Nobody’s saying anyone committed these crimes or not. All that’s needed is probable cause — in plain English, reason to believe it’s more likely than not that a crime was committed, and that evidence of that crime would be found in the place to be searched.

Just from reading Gizmodo posts (like this one), both the buyer and the seller knew it didn’t belong to the seller, that it belonged to Apple, that it was fucking valuable, and that it hadn’t been returned. That may or may not make anyone actually guilty of a crime, but on the face of it it’s good enough for a judge to issue a warrant.

-=-=-=-=-

So Gawker seems to have gotten it wrong. That doesn’t mean law enforcement did it right, and it certainly doesn’t mean anyone committed a crime. But Gawker’s lame and snide letter isn’t doing them any favors.

We see it wasn’t written by a criminal defense attorney, but by Gawker’s COO and “legal representative.”

Let that be a lesson to you, Gawker. Lawyers aren’t fungible. You wouldn’t hire a criminal defense attorney to structure your next merger, would you? Next time the police are pounding on your door, the only reason you should be calling in-house counsel is to get the cell phone number of a good defense attorney.

What would a good defense attorney have done? He certainly wouldn’t have sent the poor guy a lame letter to show to the cops in the hopes of somehow preventing the search. He might get on the phone to the DA and get to the bottom of things. He might physically show up to make sure his client’s rights are protected. He might make sure his client doesn’t say anything, no matter how innocent-seeming, that the cops might later use against him. He might take a look at that search warrant before it’s executed and seek an emergency court order staying its execution. There’s all kinds of things he might do, depending on the facts on the ground. But I guarantee you he’s not going to to what Gawker’s COO did.

[Secret bonus link for Dilbert fans who've read this far.]

No law today. Let’s have a police procedural for a change. We’re in the mood for some white-collar stuff, so here goes.

Forget about the Madoff case. Most financial crimes are nowhere near as headline-worthy, nor do they involve such massive amounts of other people’s money. But smaller scams are just as likely to get prosecuted, and they’re just as much a felony as the big ones. And though the news may not report it, people get caught and convicted all the time.

And like Al Capone, the smaller scammers aren’t caught by the gun-toting detectives so much as by the green visor-wearing accountants.

It’s usually a case of self-incrimination. Defendants usually create the very evidence that puts them behind bars, in their financial books and records. Of course, most of them aren’t doing it on purpose. They’re not creating blatant records that flatly proclaim “here there be crimes.” Most take pains to avoid creating records of improper doings, and to conceal or camouflage the rest. But it is often those very attempts to hide their activities that wind up calling attention to them.

-=-=-=-

Every law enforcement agent knows that, to catch the “bad guys,” you need to follow the money. Who wound up with the cash or the assets? How did the money get from person A to person B, and so on to Mr. X?

One easy way to start is to look at public documents. Lots of records get publicly filed, for anybody to look at, and they can be good leads. Does Mr. X own a house? Pull the deed from the county clerk’s office. There’s going to be information that leads to the mortgage itself, and then Mr. X’s bank records are just a subpoena away. Probate records lead to the estate, which leads to more bank records and real estate records. Does someone have a rap sheet already? Maybe they had to post bond in an earlier case. That’s going to show the source of the lien, and lead to more assets. Dun & Bradstreet and similar records can tell whether someone has a lien against Mr. X — such people are often more than willing to give more information to law enforcement. Heck, even newspapers can be a source of leads to get an investigation started.

Paper begets paper. Or computer data. It is nigh impossible to have dealings of any significance without some record being kept somewhere, in some form.

When following leads, the investigator ought to have an idea of what he’s looking at. What kind of business is this company in? Where are they located? What do they spend money on? The investigator can’t tell whether something is unusual unless he knows what the usual looks like.

Maybe this is a kickback scheme. If I am demanding kickbacks from you, or bribes, or extortion payments so I allow you to keep doing business with me, then maybe I don’t want that money coming directly to me. And maybe you don’t want it coming directly from you. So perhaps I set up a “consulting” company to receive payments from you. Or maybe you set up a “customer” company to make payments to me. Or perhaps we do both. Maybe we have lots of shell companies, or only one. If the investigator figures it out, though, our cautions might turn around to condemn us.

Maybe you pay me with a no-show job. If so, you’d better be careful about who is holding back my payroll checks or delivering them to me. And is my pay typical of my job? A steady, constant paycheck is more typical of an office worker than a blue-collar worker, after all. These are possible tipoffs to an investigator. And paper begets paper.

-=-=-=-

So how else do they get the paper, apart from going to public records?

Subpoenas are the main stock-in-trade of the white-collar investigation team. Smart teams won’t subpoena the world, of course, because that just makes for far more work than necessary, while increasing the odds of tipping off Mr. X to the existence of the investigation. Instead, they’ll just limit their subpoenas to what they really need. Narrow requests also make more subpoenas necessary down the road, which keeps open a line of communication.

A shotgun subpoena followed by a narrower one just tips off defense attorneys like us. We see something like that, we have a chat with the client, and figure out what the investigators are probably looking for. We get all that extra time to prepare our defense.

When in doubt, utility bills are a common lead-generator, to figure out how someone is paying for their phone, cable, electricity, etc.

One thing they’ll probably want to see are old tax returns, especially for a business. Tax returns can be a mine of useful information, such as who formed the business, who the officers are, how much they get paid, who their accountant is (always a good person to interrog… ah, interview). And if the tax returns don’t match reality, well that’s another charge for the grand jury to hear, isn’t it?

The company’s accountant often did the tax returns for the owners and officers, too. Investigators can request the accountant’s retained copies of those returns, and find out all kinds of information about assets, mortgages, sources of income, etc.

Canceled checks are a high-want item. They’re one way of seeing who’s paying money to whom.

Bright investigators don’t settle for photocopies, but insist on originals. Critical information could have been whited out before copying. Photocopies are often illegible, and may not include the all-important information on the back of checks showing who deposited it and to what account.

In general, subpoenas are going to be issued to non-targets. There’s little point in asking the suspect to provide the evidence that will hang him. All it does is raise him up. And a savvy defense attorney is going to bring that client in to present the documents to the grand jury — because here in New York, for example, it is far too easy for the prosecutor to slip up and confer total transactional immunity on the client right there in the grand jury. (That’s a topic for a whole nother post.)

No, suspects aren’t usually the ones who get subpoenaed. They get searched.

-=-=-=-

Search warrants are a unique chance for the investigators to get all that stuff they never would have gotten from a subpoena. The “second set of books,” rather than the official set they keep for the IRS and other outside eyes. The secret records. (Although these can sometimes be viewed by an undercover posing as a legitimate potential buyer of the business.)

That’s what the investigators are hoping for: a “smoking gun” document of some kind. Original documents with all the info that got whited out in the subpoena response. Records of illicit payments made, cash skimmed, investors gypped. Evidence that customers were told one thing, but reality was something else entirely. It may be buried somewhere in all those boxes of docs and all those hard drives, but they can’t wait to find it.

These records may be as simple as a notebook or a wad of scratch paper. They could be as detailed as anything. Maybe there’s evidence of a cash payroll — which leads to questions of where that cash came from (the bank? really?) on top of issues of tax and benefits evasion. Maybe there’s a little black book recording paid bribes, or extortion payments received.

Search warrants are often a fine way to gain evidence of embezzlement. Maybe those personal expenses were paid for with the business’s money, or with investors’ deposits. A good search warrant team will have agents who know what they’re looking for, others speaking to the subject. Others will be busy talking to witnesses, family members, employees and others at the location, letting them think the cops know exactly what’s going on, so they’d better come clean.

In a suspect’s home, the search team might see pictures of that really nice boat, or expensive collections, or the like. Investigators love to see things like that, especially when the checkbook doesn’t show those expenses. A lifestyle and possessions beyond one’s official means is going to make them poke around for illegitimate sources of cash.

Obviously, the execution of a search warrant means the investigation ain’t a secret any more. So these usually come at the end of an investigation.

-=-=-=-=-

So how about some examples. Let’s say I have ABC company. Law enforcement subpoenaed or seized a bunch of payroll checks. Every week, my company is cutting a few dozen checks to employees. They all look totally legit, until one of the forensic accountants notices that Joe Blow tends to deposit four or five checks at a time, all on the same day. That means he’s probably not getting them each week like a normal employee, but is receiving a bunch of them once a month. That is typical of a no-show job. Joe Blow and I are now just that much closer to getting caught. Thanks, Joe.

Meanwhile, my manufacturing company DEF sends out invoices every month or so to Jack Nimble, charging tens or hundreds of thousands of dollars for all kinds of different products being delivered. Payment is due on receipt, send the check to my headquarters at 1405 Blank Lane, Suite 120. Unfortunately, the forensic accountant noticed that each month’s invoice number is one more than the previous month’s. Do I only have one customer, for all these things I’m selling? And Suite 120 turns out to be a mail drop box number. Suspicious. They’re going to watch that box and I.D. who uses it, and maybe figure out who’s paying for it. And due on receipt? Someone’s standing on the loading dock with a check for a couple hundred grand? No way. And anyway, how come there are no bills of lading, shipping records, or anything else indicating this really happened? This looks like Jack Nimble is paying me some kickbacks through a shell company.

Original checks are a treasure trove. I’m cutting tons of them to small suppliers, nothing more than $9500 or so. Oddly enough, however, they all tend to get cashed at the same check-cashing joint. They’re not deposited to anyone’s accounts. Looks like I’m laundering some money. Investigators are going to check up on these companies to see if they’re legit, maybe subpoena invoices, bills of lading and purchase order forms to see what’s going on.

Remember the Lori Drew case? She’s the mom who was convicted last Thanksgiving for creating a fake MySpace persona, which she then used to harass a teenaged girl until the girl committed suicide.

After she was convicted, we argued that her conviction stretched the meaning of the statute too far. Here’s what we wrote:

The underlying statute, the Computer Fraud and Abuse Act, is a federal law intended to prevent hacking. Drew created a fictitious MySpace account, which was used to harass the girl. In doing so, Drew violated MySpace’s terms of service, though she apparently never read them. By violating the terms of service, Drew got unauthorized access to MySpace’s servers, and the prosecution went out on a limb to argue that this technically violated the CFAA.

But does it really?

Plenty of pundits are now doubting that the verdict will survive an appeal. Congress clearly intended the law to criminalize hacking into someone else’s computer. That’s different from creating a fictitious screen name — a very common and socially acceptable occurrence.

Terms of service are conditions imposed by websites which govern permissible use, and which almost always prescribe penalties that may be imposed for violations. These penalties normally range from warnings and temporary disabling of access, to permanent denial of access. The relationship is essentially contractual.

But if the prosecution’s theory is upheld on appeal, then breaching such conditions would have criminal consequences.

Criminalizing this kind of behavior isn’t exactly far-fetched. Crime is essentially that behavior which society considers so threatening that the guilty must be punished with a restriction on liberty or a loss of property. The existence of a civil remedy does not preclude something from being criminal — a thief is civilly liable to return what he stole, but still faces jail regardless. And there may be something to an argument for criminalizing the false personas on social networking sites frequented by minors, to protect society from predators.

But that’s clearly not what Congress was trying to do here. Furthermore, the prosecution’s stretched interpretation is just too overbroad. Rather than being narrowly tailored to focus on those who violate the TOS of a child-used site for the purpose of committing a nefarious or dangerous crime, the prosecution’s theory simply criminalizes all violations of any site’s TOS agreement. A court of appeals is likely to find that an improper application of the law.

Lori Drew was scheduled to be sentenced today. (Well, technically yesterday. Thursday. We’re still working, so it’s still Thursday to us.)

But she wasn’t sentenced. Instead, Judge Wu threw out her conviction. According to CNN, he refused to uphold the jury’s verdict because the guilty verdict would set a bad precedent that anyone who violates a site’s TOS could also be found guilty of a misdemeanor. Criminalizing all violations of a site’s TOS agreement is not what the law is designed to do. Because it technically allows such improper application of the law, it is probably unconstitutional for vagueness.

This was just an oral decision. Wu is expected to issue his written decision soon.

Great minds think alike!

GEN. MELCHETT: Field Marshall Haig has formulated a brilliant new tactical plan to ensure final victory in the field.

CPT. BLACKADDER: Ah… Would this “brilliant plan” involve us climbing out of our trenches, and walking very slowly towards the enemy?

CPT. DARLING: How could you possibly know that, Blackadder? It’s classified information!

CPT. BLACKADDER: It’s the same plan that we used last time. And the seventeen times before that.

GEN. MELCHETT: Ex-ex-ex exactly! And that is what is so brilliant about it! It will catch the watchful hun totally off guard. Doing precisely what we’ve done eighteen times before is exactly the last thing they’ll expect us to do this time! There is, however, one small problem.

CPT. BLACKADDER: That everyone always gets slaughtered in the first ten seconds.

GEN. MELCHETT: That’s right.

From “Blackadder Goes Forth” Plan A: Captain Cook

(Quoted scene begins around 8:30)

Because of the frankly horrible topic of this post, we thought we’d dilute it a bit with a bit of Atkinson, Fry and Laurie. But it’s on point. As this clip illustrates, it simply defies common sense to try the same thing repeatedly and expect a different outcome.

But in child porn cases, defendants and their attorneys keep trying the same thing over and over, and all that happens is they go to jail.

We’re talking about the “I was only doing it for research” defense. Pete Townshend of The Who tried it, to no avail (although possession charges were dropped six years ago today, when no porn was found to be in his possession, he was still put on the sex offenders registry for paying to visit a child porn site). Any number of less-well-known defendants have also tried it and failed. Washington Post reporter Lawrence Charles Matthews tried it, and he actually had done a radio series on the subject, and he still got time (and his case, U.S. v. Matthews, 200 F.3d 338 (4th Cir. 2000) specifically held that there is no exception for journalistic or other allegedly-legitimate uses of child porn). A law enforcement officer, Michael McGowan, claimed to have been doing his own investigation on his own time, and wound up getting 20 years. Talk show host Bernie Ward claimed he was doing research for a book, and got 87 months last year.

Even though the defense never works, people keep trying it. And so we come to erstwhile war hero Wade Sanders, the former assistant deputy Secretary of the Navy who came to national prominence when he vouched for former presidential candidate John Kerry, who just got sentenced to federal prison.

First, some background. CAUTION: EXTREMELY DISTURBING CONTENT FOLLOWS.

During an apparently typical investigation, an undercover FBI agent logged onto a peer-to-peer file sharing service (where members can copy files from each other’s computers), and searched for computers containing files with the term “pthc,” which is shorthand for “preteen hardcore.” The agent found several child porn files on Sanders’ computer, including a photo of a preteen naked girl lying on her back with ejaculate on her stomach, a 10 minute video of adult males inserting their penises into the mouths of prepubescent naked girls with one scene of ejaculation, and a photo of two naked prepubescent boys engaged in anal intercourse. It was easy to identify the location of the computer where the files were located, and a search warrant was obtained. On executing the search warrant, three computers and an external hard drive were seized, all of which contained many more equally disturbing photos and videos. (This is common. Most offenders who possess child porn possess a large quantity of it.)

During the search, Sanders spoke with the agents. When asked if any child porn would be found, he only said that he sometimes encountered it while downloading adult porn, and always deleted it. At no time did he suggest that he was conducting research that might explain any child porn they might find. And he wasn’t found to actually have any research notes or materials.

The evidence appeared strong enough that he decided to plea to the charge, under 18 U.S.C. § 2252(a)(4)(B). Under the Guidelines, his offense level was adjusted upwards for having materials involving under-12 kids, using computers, distributing materials, and possessing over 600 images, to level 29. He got the standard 3E1.1 three-level reduction for accepting responsibility, getting him to level 26, with a sentencing range of 63 to 78 months.

At sentencing, the prosecution asked for the low end of 63 months. Sanders sought probation.

In his own defense, Sanders claimed that he was researching child porn, but with a twist. He started by saying he’d gone through hell in Vietnam combat. Then, in 2004, he started supporting John Kerry for president, and was criticized by other veterans. This criticism made him feel betrayed, and sparked an onset of post-traumatic stress disorder. This PTSD manifested itself with obsessive-compulsive behavior. He then stumbled on an image of child porn, was horrified by it, and became overly protective of the little kids. So he obsessively began trying to find out where the kids came from and the conditions they lived in.

The judge, Thomas Whelan, flatly stated that he didn’t buy it. He found no evidence that Sanders was telling the truth about being involved in any research. Sanders never mentioned this during the search, either. And his own story didn’t explain the stuff he’d downloaded before 2004. Judge Whelan also pointed out that the “I was only doing research” claim, even if true, is still not a valid defense under the law.

So, although the judge did come down off the Guidelines sentence, Sanders still received 37 months in prison — at the end of which he will be 105 years old. In all likelihood, this is a life sentence for the man.

* * * * *

What puzzles us is why people keep trying this defense, when the law doesn’t recognize it and it never ever works?

If we might be a little shameless here, we’d recommend that people try our piece titled “Understanding the Investigative Process to Better Defend Your Client,” in Inside the Minds: Strategies for Defending Internet Pornography Charges (2008). Or they might take our online CLE on defending internet porn cases, (the first in our “Hope for Hopeless Cases” series with West LegalEdcenter, which also includes that chapter in the course materials.

These cases rarely go to trial. Like Sanders, defendants usually plead out because the evidence appears overwhelming. Still, appearances can be deceiving, and there are often ways to attack the evidence itself. Maybe not enough to justify taking the case to a jury, but perhaps enough to negotiate a better deal. (Not implying that was the case with Sanders, nor impugning his attorney in any way, of course.)

What is most likely to work, however, is not trying to explain it away. Rationalizing the evidence is only going to hurt your credibility, as it did to Sanders.

Instead, what is most likely going to work is to attack the evidence itself. This is time-consuming and expensive, and isn’t guaranteed to work. After all, investigators have the luxury of building their own cases, and cherry-picking the strongest cases from the enormous number of possibles they could charge. Ideally, you want to be able to give the prosecution a new way of looking at the evidence, so that they realize it’s not necessarily as strong as they originally thought. It takes deep understanding and analysis by experts, as well as compelling advocacy. But even in a less-than-ideal situation, the more you can put the prosecution on the spot to defend its evidence — that the photos are real, that they depict real people, that the kids really are minors, etc. — or the more you can raise doubt about how incriminating it is, the better your chances of a decent plea offer.

Prosecutors rarely change their assessment of what a case is worth based on excuses and rationalizations. They made up their mind based on the evidence they have. A good defense is going to give them a new way of looking at that evidence, to get them to re-assess the defendant’s culpability, their chances of success, or (yes) the amount of work they’re going to have to do if this goes to trial.

And FOR THE LAST TIME, PEOPLE, “I was only doing research” is NOT going to do the trick.

There has been a spate of news articles over the past week about a supposedly new teen trend called “sexting” — basically kids taking nude photos and sending them to each other’s cell phones and computers. The articles follow a Today Show interview with the mother of a girl who committed suicide last July after her photos started getting spread around. Most of the articles out there are of the “how do we protect our children from themselves” variety, but there is also a legal consideration. A lot of this activity could count as child porn, and could result in criminal prosecution.

Jesse Logan was a high school student in the Cincinnati area. Like plenty of teenage girls before her, she gave her boyfriend some nude photos. Unlike the Polaroids of previous generations, she sent them electronically, either by cell phone or by email.

Also unlike physical Polaroids, making copies of these photos would be free and easy. A potentially unlimited number could be sent off to others, just as she had sent them to her boyfriend. When they broke up, the ex-boyfriend sent copies to other high school girls. The photos spread around from cell phone to cell phone, and she started getting harassed at school. She became miserable, stopped going to school, and even went on a local TV station to tell her story.

Two months later, one of Jesse’s acquaintances committed suicide. She went to the funeral, then came home and hanged herself.

Hers is only the most tragic case making the news right now. But it happens all the time. There are reports that nearly half of all high school boys these days have seen nude photos of girls in their school. Some of those are spread by the girls’ boyfriends after a breakup, but most seem to have just been disseminated through normal teen chat.

If those ex-girlfriends were under 18 — and most of them probably were at the time, this being high school — then those photos are child porn. Distributing child porn, possessing it, and disseminating it to minors are all crimes that can get those high schoolers in serious trouble.

The consequences could be very severe. The ex-boyfriends and others who spread their photos could be charged with child porn, receive real jail sentences, and spend the rest of their lives as registered sex offenders.

Realistically, a teenage boy with a nude photo of his girlfriend isn’t likely to be charged with child porn. But someone who sends that photo to others, or posts it online, or otherwise spreads it around… that’s a whole ‘nother story.

It doesn’t even have to be intentional. Alan Grieco, a psychologist who treats Florida sex offenders, told Tampa Bay Online about a client who, when a young 20-year-old man, had dated a 17-year-old girl. He had a nude photo of her on his cell phone, which he did not share with anyone else. But after breaking up, his new girlfriend found the photo and sent it to the first girl’s parents. That young man was then charged with child pornography, and is going to spend the rest of his life living with that.

The kids who voluntarily send nude images of themselves aren’t thinking about how easy they will spread, how permanent such things are once they’re in the wide electronic world, and how much of an embarrassment they could be in the years ahead. That’s bad enough. But what’s worse is that the kids who receive, post and pass around these photos could be putting themselves in very hot water indeed.

We were away last week, achieving an unqualified victory in a case brought by the Antitrust Division. But while we were gone, Lori Drew got convicted of three criminal counts of accessing a computer without authorization. Drew is the mom who was accused of harassing a teenaged girl over the Internet to the point where the girl committed suicide.

The underlying statute, the Computer Fraud and Abuse Act, is a federal law intended to prevent hacking. Drew created a fictitious MySpace account, which was used to harass the girl. In doing so, Drew violated MySpace’s terms of service, though she apparently never read them. By violating the terms of service, Drew got unauthorized access to MySpace’s servers, and the prosecution went out on a limb to argue that this technically violated the CFAA.

But does it really?

Plenty of pundits are now doubting that the verdict will survive an appeal. Congress clearly intended the law to criminalize hacking into someone else’s computer. That’s different from creating a fictitious screen name — a very common and socially acceptable occurrence.

Terms of service are conditions imposed by websites which govern permissible use, and which almost always prescribe penalties that may be imposed for violations. These penalties normally range from warnings and temporary disabling of access, to permanent denial of access. The relationship is essentially contractual.

But if the prosecution’s theory is upheld on appeal, then breaching such conditions would have criminal consequences.

Criminalizing this kind of behavior isn’t exactly far-fetched. Crime is essentially that behavior which society considers so threatening that the guilty must be punished with a restriction on liberty or a loss of property. The existence of a civil remedy does not preclude something from being criminal — a thief is civilly liable to return what he stole, but still faces jail regardless. And there may be something to an argument for criminalizing the false personas on social networking sites frequented by minors, to protect society from predators.

But that’s clearly not what Congress was trying to do here. Furthermore, the prosecution’s stretched interpretation is just too overbroad. Rather than being narrowly tailored to focus on those who violate the TOS of a child-used site for the purpose of committing a nefarious or dangerous crime, the prosecution’s theory simply criminalizes all violations of any site’s TOS agreement. A court of appeals is likely to find that an improper application of the law.