Social Harms on the Internet: Sextortion, Revenge Porn, and Catfishing

•November 14, 2016 • 10 Comments

Technology has become an integral part of our everyday lives. Technology is present at work, at home, at the grocery store, and even in our personal relationships. There is no surprise that the presence of internet has transformed our private lives into being more public. But, for some people, the internet has been used to invite the public into the most private parts of life, or has been used to launch unwarranted character attacks. While most of these crimes existed before technology, the internet has changed the way that crimes are committed and how large of an audience the crime reaches.

Sextortion technically is not a legal term, but it describes “old-fashioned extortion or blackmail, carried out over a computer network, involving some threat…if the victim does not engage in some form of further sexual activity.”[1]  These cases usually involve hackers who target their victims by obtaining sexual images or videos to use as leverage to get what they want. [2] These hackers typically target several victims and the victims tend to be women or people under eighteen years old. [3] For example, Luis Mijangos victimized about 230 people by tricking them into downloading malware on their computer and then using that malware to access all of their files. [4] He would obtain images or videos of the victim and then email them demanding more pornographic material of the victim and threaten to post the images or videos online if the demands were not met. [5] He used the key logger to track everything the victim typed and he would threaten the victims further if he found out they were talking to anyone about the situation. [6]

Since sextortion is a relatively new crime, there are few laws that directly criminalize the behavior. Defendants are commonly prosecuted under crimes such as hacking, stalking, extortion, or child pornography. [7] This lack of specific laws also leads to inconsistent sentencing. [8] When the defendants are prosecuted under child pornography statutes, then they receive pretty stiff sentences. [9] But when they are prosecuted under other statutes, the sentences are much lighter. Luis Mijangos, for example, was only sentenced to six years despite the fact that he had “15,000 webcam-video captures, 900 audio recordings, and 13,000 screen captures on his computers…possessed files associated with 129 computers and roughly 230 people…and 44 of his victims were determined to be minors.” [10]

While the goal of sextortion is to obtain something (usually sexual images of the victim), non-consensual pornography (NCP) is another crime that harasses victims with sexual images for the mere sake of vengeance. [11] NCP is more commonly known as revenge porn. [12] NCP is “the act of distributing sexually explicit photos or videos over the Internet without the subject’s consent and with the intent to embarrass or shame the subject.” [13] This is commonly committed by jilted exes but can also be done by hackers. [14] There have been websites created just for this purpose that allow the user to also include personal information such as the victim’s name, social media profiles, or job. [15]

It is difficult for justice to be served for the victims of NCP. Victims cannot go after the website because, as distasteful and immoral as they are, the websites are protected by Section 203 of the Communications Decency Act. [16] Section 230 protects website providers from liability for user-posted content. [17] So, the CEOs of these websites cannot be prosecuted just because user Joe Schmo posted a sexual photo of his ex-girlfriend and included her name and workplace so that people could go harass her at work. The only way around Section 230 protection is if the website provider contributes to the post by editing or adding content. [18] Otherwise, the only person to prosecute is the user and laws against NCP are still in the trial-and-error phase of legislation in most states.

Some states have attempted to criminalize the behavior. Vermont passed a bill that penalizes someone with up to two years in prison and a $2,000 fine for posting sexually explicit photos of a person without consent. [19] The bill included language about requires the defendant to have intended to harm the victim and for a reasonable person to suffer harm because of the disclosure. [20]. The bill will hopefully punish the behavior without being overbroad. California laws attempt to encompass NCP under the cyber harassment statute. According to California Penal Code Section 653.2(a), it is illegal for a person to “inten[d] to place another person in reasonable fear for his or her safety…by means of an electronic communication device, and without consent of the other person, [and] electronically distributes, publishes, e-mails, hyperlinks, or makes available for downloading, personal identifying information, including, but not limited to, a digital image.” [21] The California law is likely to successfully criminalize the behavior because it is specific about the crime and intent without being too narrow. NCP laws in New Jersey, Idaho, and Wisconsin do not include the element of intent. [22] Therefore, the laws are restricting this content of the material posted rather than the defendant’s state of mind. [23] This is a problem because restricting content skirts the line of infringing on a person’s First Amendment rights.

Victims might have better luck in state court filing claims of intentional infliction of emotional distress, invasion of privacy, sexual harassment, or copyright infringement, depending on the facts of their case. [24] However, these claims are not always easy to win and even if the victim is awarded a judgment, the defendant might not have the ability to pay. At that point, the victim has gone through the emotional struggle of being harassed, the stress of a court case, and fronted the money for a lawyer to fight the case only to win a judgment that will never be paid out. Going to court also requires the victim to confront the issue head on and continue publicizing the information and the ordeal. Some victims are already so embarrassed by the defendant’s actions that they do not want to go through the anguish any longer. So, even though there are avenues in civil court for victims to take, there are plenty of reasons that someone might not see those as viable options. [25]

Imagine, you meet someone online, his or her social media page doesn’t raise and red flags to you and so you start chatting. Soon you have fallen for this person and you want to meet in real life. But, every time you plan to meet, this person bails at the last minute. Eventually you get suspicious and start researching this person a little more. Come to find out, this person is a total fake who stole some model’s photos and your whole relationship was built on lies. Congratulations, you have been catfished. Catfishing is another crime that has recently become more popular. The legal term for catfishing is online impersonation. [26] Online impersonation occurs when someone creates a fake online profile to deceive others, usually to bait the victim into a romantic relationship. [27] These relationships can result in a fake online relationship or cyberbullying, so legislation must be clear. [28] Unfortunately, social media websites are not required to verify identity of its users before a profile is created. [29] Sites like Facebook include prohibit online impersonation in their Terms and Conditions and provides users with the ability to report issues of online impersonation. But, this is all that they are required to do. [30] Many states are endeavoring to enact laws against online impersonation, but none have been passed and analyzed over time yet.

These social harms that are inflicted on the internet are becoming more and more prevalent. The states and federal government need to enact legislation to appropriately deal with the new behaviors. The biggest problem with enacting legislation to combat internet or technology crimes is that technology is always changing, so it is difficult to be proactive rather than reactive. There will always be a new behavior that victimizes people through the internet. Hopefully, the government can find ways to keep up with technological advances to prevent social harms from escalating too far.

 

  1. How do you think sextortion should be criminalized and prosecuted more consistently?
  2. Should Section 230 be amended to be narrower? If so, how should it be amended?
  3. Should these crimes all be criminalized or is it best for social harms to be left to civil court?
  4. Aside from criminal charges or civil complaints against the perpetrator, should there be any other recourse for victims?

 

[1] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[2] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[3] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[4] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[5] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[6] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[7] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[8] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[9] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[10] https://www.brookings.edu/research/sextortion-cybersecurity-teenagers-and-remote-sexual-assault/.

[11] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[12] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[13] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[14] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[15] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[16] https://www.law.cornell.edu/uscode/text/47/230.

[17] https://www.law.cornell.edu/uscode/text/47/230.

[18] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[19] http://legislature.vermont.gov/bill/status/2016/H.105.

[20] http://vtdigger.org/2015/04/23/senate-passes-revenge-porn-bill/.

[21] http://www.internetlawyer-blog.com/2011/12/california-online-harassment-laws.html.

[22] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[23] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[24] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[25] Emily Poole, Fighting Back Against Non-Consensual Pornography, 49 U.S.F. L. Rev. 181.

[26]  Kori Clanton, We Are Not Who We Pretend To Be: ODR Alternatives to Online Impersonation Statutes, 16 Cardozo J. Conflict Resol. 323.

[27]  Kori Clanton, We Are Not Who We Pretend To Be: ODR Alternatives to Online Impersonation Statutes, 16 Cardozo J. Conflict Resol. 323.

[28]  Kori Clanton, We Are Not Who We Pretend To Be: ODR Alternatives to Online Impersonation Statutes, 16 Cardozo J. Conflict Resol. 323.

[29]  Kori Clanton, We Are Not Who We Pretend To Be: ODR Alternatives to Online Impersonation Statutes, 16 Cardozo J. Conflict Resol. 323.

[30]  Kori Clanton, We Are Not Who We Pretend To Be: ODR Alternatives to Online Impersonation Statutes, 16 Cardozo J. Conflict Resol. 323.

 

Online Human Trafficking, Privacy, and 1st Amendment Concerns

•November 14, 2016 • 11 Comments

Human trafficking is an age old problem spanning millennia. In this millennium, it is a problem which has found its way into a new venue – the internet. In the internet, human traffickers have found a means through which they may market their product while disguising themselves from authorities and law enforcement. While there are many ways through which this may be done, with varying levels of success, one way that has been used successfully is the use of advertisements on the Deep Web. [1] 90% of the Deep Web does not appear to be indexed by search engines with which we are familiar – think Google, Bing, and Yahoo – and so are largely unknown spaces to most Internet users. [2] In this information vacuum could potentially be found any number of things or any amount of information that could be used in the fight against things like child pornography, money laundering, drug trafficking, and, the focus of this piece, human trafficking.

The Defense Advanced Research Projects Agency is a branch of the Department of Defense tasked with developing emerging technology for the U.S. military has stepped into the human trafficking sphere ever so lightly by developing a search engine that is capable of searching the internet for information concerning human trafficking that could lead to successful future prosecutions [3][4] The program that it has designed is known as “Memex”. [5] Think of Memex not just as a search engine, which reacts to the keywords entered by a user, but rather as a program finds information and returns it to the user AND also shows the user assorted patterns in data and stored information, relationships between different pieces of information and data (such as an e-mail address and all sex advertisements accessed by the holder of that e-mail address), and shows the user the places where the largest concentrations of specific kinds of information (such as where sex advertisements are being posted most frequently) [6]

The ramifications of widespread use of this technology seem clear – the technology could prove an excellent tool in the extermination of human trafficking through the Deep Web, it could also leave privacy rights activists a little queasy about the prospect of government having yet another means through which to monitor the activity of Internet users globally and domestically. One offshoot from the Memex program has taken place at Carnegie-Mellon University where a program called “Traffic Jam” has been created. [7] Researches at Carnegie-Mellon have even begun to research ways that the program could identify corresponding images in different pictures that could allow law enforcement to link different pictures to the same hotel room or other location in order to assist in the fight against human trafficking. [8]

While Memex is not yet being released for use by all of law enforcement or other organizations, it has been released to specific organizations for test use with varying levels of success (up to and including actual convictions). [9] In the meantime, the creators of Memex are attempting to test the program at increasing levels each quarter while simultaneously attempting to avoid any potential legal pitfalls regarding government surveillance. [10] The questions raised by the creation of the program are many but here are a couple worthy of classroom discussion:

  1. What constitutional/legal problems, if any, do you believe that the use of Memex could encounter?
  2. Does the fact that, allegedly, thus far only information available to the public has been used by the Memex program to find potential human traffickers in test runs give you peace of mind concerning how that information can then be used to map out the activity of users suspected of criminal activity?
  3. Do you believe that a user accessing a sex advertisement multiple times should constitute probable cause? How about 100 different advertisements? 1 advertisement?

 

Another avenue through which human traffickers have found success is the use of standard online advertisement sites such as Craigslist and Backpage.com – with some estimates showing that Backpage.com has held as many as 70%-80% of all American prostitution advertising at some points in time. [11] While Backpage.com is the current focus of a great deal of the anti-human trafficking crowd’s ire, Craigslist was once public enemy number one in this regard. After a great deal of public outcry, the Sheriff of Cook County, Illinois (Thomas Dart) filed suit against Craigslist alleging that users routinely used the erotic services section of Craigslist in the Chicago area openly offering money in exchange for sex and claimed this to be a public nuisance as well as the facilitation of prostitution.[12] The sheriff hoped to recover the funds his department spent policing Craigslist-related prostitution, as well as both compensatory and punitive damages. [13] The end result of this action was a victory for Craigslist in the courtroom but the larger result of note is that Craigslist shut down its “erotic” services page shortly thereafter.[14] [15]

Many of the arguments put forth by Craigslist in its case against Thomas Dart have now been used by Carl Ferrer and Backpage.com in a series of legal actions in the states of Tennessee, Washington, and New Jersey (what an odd set of bedfellows) as well as a subpoena from a U.S. Senate committee regarding Backpage.com’s practices  [16][17] Principal among these are that he is protected by the First Amendment, that he cannot be held accountable for the posts of third parties on Backpage.com, and that, according to the Communications Decency Act, he cannot be liable for posts by third parties on Backpage.com. [18]

Each of these arguments contains differing legitimate concerns for law enforcement, the general public, and First Amendment jurisprudence. First, Ferrer’s attorneys have argued that “The First Amendment bars the prosecution because imposing an obligation on publishers to review all speech to ensure that none is unlawful would severely chill free expression”. [19] The language used by his attorneys tracks that in Ashcroft v. ACLU but also, more importantly, in Backpage.com, LLC v. Cooper – one of the cases that Backpage.com has already won in which it prevented the State of Tennessee from enforcing a new law that would have criminalized Backpage.com’s role as the alleged intermediary between traffickers and customers. [20] The argument presented really strikes at two potential issues – forcing Backpage.com to review every single listing before it is published and the impact that would have on free speech. In other words, Backpage.com is arguing that it should not be forced to review every listing as that would be both unfeasible and unfair to Backpage.com since it is not creating the contents of the posts. [21] Additionally, doing so would chill free speech by not clearly stating what speech would be illegal and which would not and also by stalling listings as long as necessary for them to be reviewed. [22]

Intertwined with the last main argument presented by Backpage.com regarding the Communications Decency Act, is the second argument presented by Backpage.com – that it is not responsible for the posts of third parties on its site. This is because the federal Communications Decency Act, inter alia, mandates that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”[23] If that isn’t bad enough already for law enforcement and states trying to cut into human trafficking, the law also states that “…no liability may be imposed under any State or local law that is inconsistent with this section.”[23]

This means that the Communications Decency Act, in layman’s terms, states that Backpage.com cannot be treated as the publisher of information on its site provided by another individual and that no state or locality can do anything contrary to this notion. Regardless of any individual’s personal views on human trafficking, the First Amendment, and so forth, the law is clearly stated, and three separate cases in the area involving Backpage.com have all demonstrated, that the pre-emption line of attack is very strong. [24]

There are, however, a couple ways around this. One is completely hopeful, and a hope I have personally embraced: amendment of the Communications Decency Act to confront the reality of online human trafficking and passage of a corresponding federal criminal statute directly related to online human trafficking. This would focus federal attention and resources in on human trafficking while allowing states to attack the problem as they see fit within themselves (as well as allowing for the full litigation of issues regarding what language gives the public proper notice of what conduct is illegal and which is not, experimentation in different states of different enforcement models, what terminology is not overly broad nor too vague, etc.)

Another is an avenue through which only federal prosecutors could operate: the CDA expressly states that the law is not intended to compromise the ability of the federal government to enforce federal criminal law. [25] Given the proper test case and thorough litigation, this language could be a useful tool for federal prosecutors moving forward should a federal statute clearly and constitutionally criminalize online human trafficking, but would be unlikely to help states and localities combat online human trafficking as the CDA would still preclude them from passing laws contrary to the spirit of the CDA.

Among all this is the crucial backdrop that all content-based restrictions on free speech are, of course, subject to strict scrutiny by the judiciary – which means that, generally, when Backpage.com challenges the enforcement of a new statute anywhere in the country – it will be with the benefit of strict scrutiny analysis of its allegations. [26] What is clear is that current efforts to curb human trafficking are simply not effective enough as some estimates concerning the number of individuals currently being trafficked range into the several millions, hundreds of thousands in the U.S. alone, the majority of whom have been sold online at least once. [27] Yet, we should always be careful not to restrict speech without great care, just cause, and clear articulation of exactly what speech is illegal.

 

  1. What do you make of each of Ferrer’s three main arguments? (Generally speaking that is, the strength of these arguments do of course vary based on circumstances – such as whether Ferrer is being subpoenaed or if Backpage.com is fighting a new statute)
  2. How would you approach the problem of curbing online human trafficking if you were a member of Congress while also not running afoul of First Amendment concerns?
  3. Should Ferrer be held liable for the posts of other individuals even if a means through which to prosecute him can be found given he is not the producer of the posts? Why or why not?

 

[1]-[2] https://www.scientificamerican.com/article/human-traffickers-caught-on-hidden-internet/

[2] https://www.scientificamerican.com/article/human-traffickers-caught-on-hidden-internet/

[3] https://www.darpa.mil

[4]-[10] https://www.scientificamerican.com/article/human-traffickers-caught-on-hidden-internet/

[11], [15], [17] http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=2826&context=lawreview

[12]-[14] Dart v. Craigslist, Inc., 665 F.Supp.2d 961 (N.D. Ill. 2009)

[16], [18]-[19] http://arstechnica.com/tech-policy/2016/10/backpage-com-ceo-fights-pimping-charges-says-1st-amendment-protects-him/

[20]-[22] Backpage.com, LLC v. Cooper

[23] 47 U.S.C. § 230(c)(1) (2012)

[24] Backpage.com, LLC v. Cooper, Backpage.com, LLC v. McKenna, Backpage.com, LLC v. Hoffman

[25] 47 U.S.C. § 230(e)(1) (2012)

[26] United States v. Playboy Entm’t Grp., Inc., 529 U.S. 803, 818, 120 S.Ct. 1878, 146 L.Ed.2d 865 (2000).

Should DFS be Considered Gambling?

•November 6, 2016 • 9 Comments

Fantasy sports have become one of the most popular games in America over the past few decades. With the increase in technology and statistical tracking ability, fantasy sports have evolved from a hobby for only the most dedicated sports followers into the multi-million dollar industry that it is today. The basic concept of fantasy sports is that online fantasy players select real-world athletes based on their projected statistics in specified scoring categories to make up fantasy teams that will compete head to head. Depending on the fantasy sport, different statistical categories will be awarded different numeric point values to determine who wins the fantasy matchup. For example, in most fantasy football leagues a standard team is made up of one quarterback, two running backs, two wide receivers, one tight end, one kicker, one team defense, and what is called a flex player that can be either a running back, wide receiver, or a tight end. These different players earn points for the fantasy owner based on their actual performances in real-world games.

Today there are two main gameplay styles for fantasy sports: traditional and daily. The first is traditional fantasy sports (TFS) that run the full length of the season of the real life sport it is based on. TFS for the most part is considered a game of skill and is therefore legal and not considered to be gambling. The second is daily fantasy sports (DFS) that only one run for one day or one week depending on the sport the fantasy game is based on. The legality of DFS has been called into questions a number of times recently by a number of different states therefore DFS will be the main focus of this blog post.

Daily fantasy sports contests can vary in both entry cost and payout breakdown, depending on the type of daily fantasy sports contest. Some of the main types of daily fantasy sports contest offered on Draftkings and Fanduel are:

Guaranteed Prize Pools: Players pay a set entry fee to compete for a share of a fixed prize pool; GPPs run regardless of whether they fill up or not.

Cash Games”: Players can either join an existing league or create their own league, in which the best-performing fantasy teams win prizes. These are smaller than GPPs and not guaranteed to run.

Head-To-Head: A contest that pits two players against one another; the winner receives the entire prize pool.

50/50: The top half of the field nearly doubles their investment; the other half of the field receives nothing. [1]

DFS is a relatively recent addition to online fantasy sports. It was started in approximately 2007, one year after Congress essentially killed the online poker industry with the passage of the Unlawful Internet Gambling Enforcement Act (UIGEA), which contained a specific exception for online fantasy sports. [2] The language of the UIGEA exempts fantasy sports that meet certain conditions. One such condition is that, “all winning outcomes reflect the relative knowledge and skill of the participants and are determined predominantly by accumulated statistical results of the performance of individuals (athletes in the case of sports events) in multiple real-world sporting or other events.” Thus, in order to be exempt under the UIGEA, DFS must be based upon the skill of the fantasy participants; it must not be based upon chance. [3] Further, the UIGEA defines unlawful internet gambling as placing a bet using the internet where such bet is “unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made.”[4] Therefore, if a state, such as Florida, finds that daily fantasy sports constitutes illegal gambling under its state law, then it would be considered unlawful internet gambling under the UIGEA as well.

Under the common law, gambling is defined as those activities in which a person pays consideration for the opportunity to win a prize in a game of chance.  Because most games contain elements of skill and chance, this common law definition requires the court to determine whether a game is one of chance or skill.  “Skill has been defined as the exercise of sagacity upon known rules and fixed probabilities where sagacity includes, keenness of discernment or penetration with soundness of judgment; shrewdness; or the ability to see what is relevant and significant.”[5] Chance can be described as something that is not planned or designed. The participant in the game has absolutely no control over the elements of chance, which distinguishes them from the elements of skill. [6]

Recently the New York State’s attorney general filed lawsuits against two leading DFS companies, Fanduel and Draftkings, asking for an injunction to stop them from operating, saying that they are violating the prohibition on gambling that is part of the state’s constitution. In his complaint Mr. Schneiderman argued, “DFS is a new business model for online gambling. The DFS sites themselves collect wagers (styled as “fees”), set jackpot amounts, and directly profit from the betting on their platforms. DFS’ rules enable near-instant gratification to players, require no time commitment, and simplify game play, including by eliminating all long-term strategy.” [7] Mr. Schneiderman also argues that the instant gratification of DFS and ability to wager large sums of money could lead to gambling addiction. Due to this recent litigation the New York legislature has passed a bill recognizing DFS as a game of skill and creating different regulations for the DFS industry to follow to be considered legal in the state of New York. [8]

These regulations fall under three main categories: Registration and oversight for operators; Operator taxes; and Consumer protection. Under registration and oversight for operators the bill requires all paid entry fantasy sports operators wishing to do business in the state must apply with the New York State Gaming Commission. [9] Under operator taxes registered sites in the state must pay a 15% tax on gross revenues derived from New York players, plus an additional tax of 0.5% of revenues, with a $50,000 annual cap.[10] Under consumer protection sites must prevent play by minors. Also in advertisements and upon entry in a contest, operators must “make clear and conspicuous statements that are not inaccurate or misleading concerning the chances of winning and the number of winners.”[11] Lastly sites must ensure that player funds are segregated from operational funds. [12]

 

Questions for Class:

Do you think DFS should be considered a illegal gambling?

Do you think the UIGEA fantasy sports exemption should apply to DFS?

Do you agree with the New York Attorney General that DFS is a new business model for online gambling?

Do you think the New York legislation does enough to regulate DSF? If not what regulations would you add?

[1] http://www.legalsportsreport.com/daily-fantasy-sports/page/2/

[2] http://www.nytimes.com/2016/01/06/magazine/how-the-daily-fantasy-sports-industry-turns-fans-into-suckers.html

[3] 31 US Code Section 5362

[4] 31 US Code Section 5362

[5] ALEX RODRIGUEZ, A MONKEY, AND THE GAME OF SCRABBLE: THE HAZARD OF USING ILLOGIC TO DEFINE THE LEGALITY OF GAMES OF MIXED SKILL AND CHANCE. Cabot Law Review

[6] ALEX RODRIGUEZ, A MONKEY, AND THE GAME OF SCRABBLE: THE HAZARD OF USING ILLOGIC TO DEFINE THE LEGALITY OF GAMES OF MIXED SKILL AND CHANCE. Cabot Law Review

[7] http://www.nytimes.com/2015/11/24/business/dealbook/daily-fantasy-sports-sites-face-challenges-and-options.html

[8] http://www.legalsportsreport.com/10514/new-york-passes-fantasy-sports-bill/

[9] http://www.legalsportsreport.com/10514/new-york-passes-fantasy-sports-bill/

[10] http://www.legalsportsreport.com/10514/new-york-passes-fantasy-sports-bill/

[11] http://www.legalsportsreport.com/10514/new-york-passes-fantasy-sports-bill/

[12] http://www.legalsportsreport.com/10514/new-york-passes-fantasy-sports-bill/

Hacking Tor: Is it justified to protect children?

•October 23, 2016 • 11 Comments

The Tor Network (“Tor”) which is also known as “The Dark Net” allows individuals to secretly browse the internet. Tor provides anonymity to the users which makes it nearly impossible for the government to trace which sites a user visits. While such network can be helpful for people in an oppressive government, studies found that it is more frequently used for criminal activity. For example, child pornographic images are one of the most requested materials. So how does the Tor work? The Tor uses an encryption tool called The Onion Router to route data through randomly assigned computers located around the world in order to mask the user’s actual internet protocol address (“IP address”). Those proxy servers that are located all over the world are called “nodes”. When a user logs into Tor, that user’s computer first pulls various nodes from the Tor server. Next, the computer will randomly choose a node in order to log into the network. This means the user is already using a different IP address before even entering Tor. Once the user is logs into Tor, the user’s information is send from one node to another and each node only communicates with the immediately preceding and following node. Each time the user’s information passes through another node it is encrypted with a new layer. The information will then exit through the last node in order to reach the target webpage. Once it exits the Tor, all encryptions are removed. To simplify it, if a person uses Computer A to access a certain site through the Tor, and Computer B is the exit node, the accessed webpage can only trace communications to and from Computer B. The webpage cannot trace any information back to Computer A.  [1]

Since the government is aware of the criminal activities through the Tor Network, it created “Trojan Horse Devices”. Such devices come in various forms such as data extraction software, port reader, or network investigative techniques. Since the cases that are currently revolving around this issue of the government hacking the Tor adapted the term network investigative techniques (“NIT”), I will focus on that device. The NIT is installed on the target website and every time a user visits the target website the NIT will send a communication to the user’s computer. That communication results in the user’s computer delivering locating data to another computer. In the most recent cases, the computer that received the information was operated by the FBI. Without the NIT, the government can only communicate with the exit computer. However, thanks to the NIT, the government can direct the communication back through the different nodes in the Tor to give commands to the user’s computer. The government has used the NIT to command the user’s built-in camera to take pictures of the user without the user’s knowledge and send those pictures back to the government controlled computers. In order to implement such NIT, the government needs a search warrant. [2]

The main issue in the present cases with the government’s use of the NIT was whether the search and the warrant violated the fourth amendment and the Federal Rules of Criminal Procedure. The fourth amendment gives the people the right to be secure in their persons, houses,…, and effect, against unreasonable searched and seizures. [3] A search occurs when the government either physically intrudes a person’s home or invades an area in which the individual reasonably expected privacy. A seizure occurs when the government interferes with a person’s property or possession in a meaningful way. Additionally, Federal Rules of Criminal Procedure 41 provides that the term property includes, among other things, intangible objects and information.  [4]

Additionally, Fed. R. Crim. P. 41(b) provides when a magistrate judge has the authority to issue a warrant. The following lays out when a warrant can be issued:

1) The magistrate judge has authority to issue a warrant in his or her own district and the person or property is also located within that district.

2) The person or property is within the magistrate’s district while issuing the warrant, but is moved outside the district before the warrant is executed.

3) In regard domestic or international terrorism, a magistrate can issue a warrant in any district.

4) The magistrate can issue a warrant to have a tracking device installed on the person or property located within the district that allows the person or property to be tracked within and/or outside the district

5) A warrant can be issued within a district where “activities related to the crime may have occurred”

The different cases dealing with the governments use of the NIT to locate individuals accessing and distributing child pornography all resulted from the same FBI operation. [5]. In 2014, the FBI started to investigate a webpage called Playpen. Playpen is notorious for hosting child pornographic material. The FBI was able to locate the administrators in Naples, Florida. However, instead of shutting down the webpage, the FBI decided to move the webpage to the Eastern District of Virginia and operate it for 12 days. [6]. During those 12 days, the government allowed thousands of child pornographic images to be downloaded. [7]

In February 2015, a magistrate judge in the Eastern District of Virginia issued the search warrant so the FBI could implement the NIT. Once the NIT was implemented, the FBI was able to locate the user’s computer, even those that were outside of the Eastern District of Virginia. [8]

The NIT enabled the FBI to seize the following information

1) The user’s actual IP address

2) A unique identifier created by the NIT that allowed the FBI to differentiate the data received from one IP address from others.

3) What type of operating system the user is running on his computer and the username of such operating system.

4) Whether the NIT has been sent to the same computer previously.

5) The computer’s host name

6) The user’s media access control address. [9]

This enabled the government to search computes all around the world. [10] Once the FBI had the location, they would request another search warrant from a magistrate located within the user’s jurisdiction to search that person’s home and computer. Page 7. The FBI’s search resulted in 137 individuals being arrested and prosecuted for accessing and distributing child pornography. Now, many defendants are challenging the FBI’s use of the NIT. [11]

Two of the individuals arrested were an Oklahoma resident named Artebury and a Massachusetts resident named Levin. Based on the findings of the NIT, an FBI agent respectively obtained a search warrant from a Judge in Oklahoma and Massachusetts which lead to the arrest of both defendants. In both cases, the defendant moved for a motion to suppress on the ground that the initial warrant issued by the magistrate in Virginia exceeds the magistrate’s authority under Fed. R. Crim. P. 41 and is thereby invalid. Both defendants argued that the subsequent warrants were direct result from the NIT warrant and; therefore, tainted and any and all evidence produced by the warrants should be suppressed. [12]

In Artebury, the government tried to argue that Rule 41(b)(1) authorized the magistrate to issue the warrant. The defendant sent electronic data to Eastern Virginia when accessing Playpen and that such data was the property seized. In contrast, the defendant argued that the FBI seized his computer with the first warrant because the NIT allowed the FBI to command defendant’s computer that was located in Oklahoma to give up confidential information. The Court sided with the defendant and held that if Artebury would have really send the information to Virginia, the FBI would have not needed a decryption tool to locate him. The court ruled that the Virginia Judge lacked authority and; therefore, the search warrant was invalid. [13]

In Levin, the government made the same argument and claimed that by accessing the webpage, the defendant accessed property located within the Virginia district. Again, the Court sided with the defendant. It pointed out that the warrant describes the place to be searched to be the computers that were accessing Playpen and that, in fact, most of such computers were located outside of the we magistrate’s district. Additionally, the Court stressed the fact that it does not matter where the server and Playpen, is located since the FBI was not searching the webpage but the individual computers. [14].

In both cases the Court ruled that the NIT warrant was not valid under current law. However, the government also argued that even if the NIT warrant was not valid, suppression of the seized evidence would not be an appropriate remedy and the good-faith rule applies.  Violations of Rule 41(b) can either be procedural or substantive. A procedural violation, for example, would be if the magistrate fails to indicate on the warrant during what time period the search is to be executed or the officer fails to leave a copy of the warrant at the defendant’s house. Such violations   do not give rise to suppression. Here, the Court found that the violation is not merely procedural but is substantive.

A substantive violation occurred because it “constituted a jurisdictional flaw”. The Virginia magistrate never even had jurisdiction to grant the NIT warrant in the first place so the search warrant was void by matter of law. [15]

Evidence gathered in connection with an invalid warrant should be suppressed if the defendant can show prejudice. In Artebury and Levin, both Court agree that if the government would have adhered to Rule 41, the search could have not occurred. Therefore, both defendant clearly suffered from prejudice and the evidence should be suppressed.

The government additionally argued that even if the NIT warrant was in violation of law, the good faith exception should hinder suppression of the evidence. The good faith exception states that evidence should not be suppressed if the officers gathering the evidence acted in good faith. In Levin, the Court focused on the experience of the FBI agent. The agent had 19 years of experience, and the Court concluded that the agent should have known that the warrant was void. [16]. The Artebury Court also found the good faith exception inapplicable because the violation of the rule can be directly traced to the judges’ lack of authority to even issue the warrant. [17].

Now after analyzing two cases that granted the Defendant’s motion to suppress evidence, it is important to point out that the Courts are split on the issue. Two judges, in Washington and Milwaukee, sided with the government and found the FBI had probable cause. The Washington court denied the defendant Michaud’s motion to suppress evidence and stated that the search was constitutional because it is not likely that a person stumbles accidentally on a site like Playpen and the violation of Rule 41 was merely technical. Therefore, the search was reasonable. [18]

In addition to whether the search was legal or not. The entire sting operation also raises an ethical dilemma. The FBI allowed the distribution of child pornography to continue for 12 days. Some argue that this is equivalent to a police officer selling the drugs to a person and then arresting such person. [19]

The cases are not only important for the accused defendants but for all of us since the legal questions raised in the cases already resulted in a push for a change of current laws.

The Court in Levin raised the argument that due to the advancement in technology a magistrate judges should have the authority to issue NIT warrants outside their own jurisdiction. Currently, there is a proposal of the Department of Justice under consideration that would grant a judge jurisdiction in such instances. [20]. The proposal will go into effect on December 1, 2016 unless Congress acts to prevent the change. [21]

The proposed Rule 41(b)(6) will grant a magistrate judge the authority to issue a warrant for the government to use remote access tools “in any district where activities related to the crime may have occurred” to access electronic storage media and seize electronic copy of the stored information. Such warrant can be granted if the media or information is located has been concealed through technological means, or in computer fraud cases, the device that contains the information has been damaged without authorization.

Supporters of the proposed change argue that this would allow for searches to be conducted where the computer to be searched is adequately described in the warrant but the location of the computer is unknown. Additionally, it would enable an investigation to take place when various computers in different districts have to be searched. [22].

I will leave you with a few question regarding the current cases and proposal to Rule 41:

1) Does the government’s goal to deter child pornography justify the means used by the FBI?

2) Is operating the Playpen page for 12 days similar to a police officer selling drugs to a person?

3) Do you believe that the Court that ruled in favor of the government really found the search reasonable or were they persuaded by the subject matter?

4) Does the proposed regulation of Rule 41(b)(6) violates the fourth amendment?

5) Is a violation of the right to privacy justified in order to protect children?

[1]U.S. v. Artebury, Case No.: 15-CR-182-JHP (R.R. 2016) at https://www.documentcloud.org/documents/2813028-Arterbury-Cleary-RR-2016.html [Page 1-3]

[2] I.d. at page 4

[3] I.d. at page 8

[4] I.d. at page 9

[5] I.d. at page 11

[6] I.d. at page 6

[7]https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation

[8] U.S. v. Artebury, at page 6

[9] U.S. v. Levin, Case No.: 15-10271-WGY (Memorandum & Order 2016) at https://www.documentcloud.org/documents/2806358-16-4-20-Order-Motion-to-Suppress.html [page 5 footnote 5]

[10] https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation

[11] http://www.reuters.com/article/us-usa-crime-childporn-idUSKCN0V72D5

[12] U.S. v. Artebury, U.S. v. Levin

[13] U.S. v Artebury

[14] U.S v. Levin, at page 11-14

[15] U.S v. Levin, at page 15- 19

[16] U.S v. Levin, at page 16

[17] U.S v. Artebury, at page 26

[18]https://www.washingtonpost.com/world/national-security/courts-affirm-governments-right-to-hack-child-porn-sites-to-find-criminals/2016/01/29/a929a672-c69d-11e5-8965-0607e0e265ce_story.html

[19]https://techcrunch.com/2016/04/20/federal-judge-rules-fbi-didnt-have-proper-warrant-to-hack-child-porn-site/

[20] U.S v. Levin, at page 20 (footnote 13)

[21]http://www.zdnet.com/article/fbi-says-its-hacks-are-not-malware-because-they-are-used-to-catch-criminals/

[22] U.S v. Levin, at page 20-21 (footnote 13)

 

Does the FCC’s plan to “Unlock the Box” inadvertently unlock piracy?

•October 15, 2016 • 10 Comments

Today, 99% of cable and satellite customers pay an annual average of $231 per household to rent a set-top box from their service provider in order to view the programming they already pay for.[1] This rental fee results in an annual profit of almost $20 billion for the cable and satellite companies (aka “MVPDs” or multichannel video programming distributors), on top of the profits they already make from subscription fees.[2] As Federal Communications Commission (“FCC”) Chairman Wheeler explained, this “lack of competition has meant few choices and high prices for consumers.”[3]

Congress recognized this problem 20 years ago – passing the Telecommunications Act of 1996 and adding Section 629 to the Communications Act in order to increase the commercial availability of third-party set-top boxes.[4] Back then, Congress compared the idea to the telephone industry: if you can use a landline purchased at Walmart to call someone through your AT&T service, why should you be forced to rent a set-top box from your MVPD to watch their cable or satellite service? And Congress continues to make that analogy updating it with more modern technology like cellphones and wifi routers.[5] Unfortunately, Congress’s legislation did little to fix the problem.[6]

In order to meet Congress’s goal, the FCC established the Downloadable Security Technical Advisory Committee (“DSTAC”) in accordance with the STELA Reauthorization Act of 2014.[7] The Committee – consisting of MVPDs, device manufacturers, production companies, and public interest groups – compiled a report which outlined recommendations for creating a security system that would allow consumers to view their MVPD’s programming through a third-party set-top box while protecting that content from infringement.

MVPDs and the entertainment industry suggested a Proprietary Applications approach that allows MVPDs to retain control over the consumer experience.[8] MVPDs would create apps that could be downloaded onto third-party set-top boxes and devices like phones, smart TVs, and tablets. These apps would allow MVPDs to uniformly control how the programming is presented and what additional features are offered.[9] Additionally, MVPDs would utilize a security system of their choice supported by “royalty free and open source” HTML5. MVPDs explained that this option complied with copyright law and existing licensing agreements. (However, critics of this approach have noted that the market fails to be truly competitive if MVPD’s retain control over the consumer experience, since third-party manufacturers are not allowed to invent new features that entice consumers to purchase third-party set-top boxes instead.)

Consumer electronics advocates and the tech industry supported the Competitive Navigation approach which would use a virtual head end system and link protection (like DTCP-IP) in the cloud. Under this approach, MVPDs would transfer three Information Flows to third-party devices: service discovery data (information that provides viewers with details about the programming like channels, program titles, ratings, airtimes, etc.), entitlement data (information that protects copyright by ensuring viewers only access and copy programming which they are authorized to access or copy), and content delivery (the actual programming.) Additionally, third-party devices would be able to customize the viewing experience by adding additional features, by reordering how the programming appears, by adding additional content like YouTube videos, and more. Finally, in order to further prevent the theft and misuse of copyrighted programming, MVPDs would choose “at least one content protection system that is openly licensed on reasonable and non-discriminatory terms.” Third-party manufacturers would then develop boxes using at least one of those security systems and market those boxes to that MVPD’s consumers. This security regime was modeled after the smart TV industry and protects programming from piracy much as it is protected under the current CableCARD regime.

After reviewing these recommendations, the FCC choose the Competitive Navigation approach and issued the First Notice of Proposed Rulemaking which would allow MVPD subscribers to “watch what they pay for wherever they want, however they want, and whenever they want, and pay less money to do so, making it as easy to buy an innovative means of accessing multichannel video programming (such as an app, smart TV, or set-top box) as it is to buy a cell phone or TV.”

Senator Markey was a key player in the development of the above Acts and was thrilled to see the FCC finally formulating rules that could fix the problem:

“The FCC is using authority clearly provided by Congress to better allow consumers to choose which device to watch programming for which they have already paid. I applaud the FCC for its efforts and encourage the Commission to finalize these rules. It’s time we add set-top boxes to the list of all of the other consumer technologies that have benefited from strong rules that fostered choice, innovation, and competition.”[10]

While Senator Markey was joined by consumer advocates, tech companies, and other interest groups in supporting the proposal, the US Copyright Office, MVPDs, and the entertainment industry strongly opposed the rules for their implication on copyright law and licensing agreements.

At the request of Congress, the Copyright Office addressed the potential copyright implications of the proposal, supporting the goals but laying out five areas where copyright law was implicated. These five areas included the exclusive right to license; the exclusive right to perform, display, reproduce or distribute; the copyright interests of MVPDs; the security issues; and the enforcement issues. Only the second, fourth, and fifth have the most obvious criminal implications so they will be the focus of this blog post.

The Copyright Office claims the proposal could result in copyright infringement, because the Entitlement Data does not do enough to prevent infringement of copyright owners’ exclusive right to perform, display, reproduce, or distribute their work.[11] Taking it one step further, some in the entertainment industry voiced their concern that the proposal invites piracy of their copyrighted works.

Specifically, the entertainment industry believes the proposal creates an opening and an incentive for third-party manufacturers to create set-top boxes that are designed with piracy in mind.[12] They believe applications could be added to third-party set-top boxes in order to present pirated content alongside legally licensed programming. In reality, these “pirate boxes” already exist in the American marketplace. You can watch pirated content free of charge and free of commercials by buying a pirate box online or at your local shopping mall for about $350. (It is important to note, however, that these pirate boxes are very rarely used in America. In fact, the overwhelming majority of copyright piracy in America occurs via online file sharing.)

The Electronic Frontier Foundation (“EFF”), however, highlights that “nothing in the proposed rules permits any party to obtain unauthorized access to programming.”[13] Piracy and pirate boxes are illegal and will continue to be illegal if the proposal is enacted.

In regards to security issues, the proposal makes clear that each MVPD must choose at least one licensable security system, and each third-party box must license and utilize one of those security systems. These security systems are technological measures that control access to the MVPD’s programming.

The Digital Millennium Copyright Act forbids “circumvent[ing] a technological measure that effectively controls access” to copyrighted works online.[14] The DMCA protects copyright online, and those protections apply to third-party set-top boxes since they utilize internet protocol to deliver programming to the viewer’s television set. Thus, third-party manufacturers that make pirate boxes to circumvent or ignore Entitlement Data are breaking the law and are subject to criminal punishment. So to are consumers that use those boxes. Manufacturers and consumers can, should, and will be criminally punished if they seek to circumvent the security systems these set-top boxes use to protect copyrighted programming.

Finally, the Copyright Office suggests the FCC needs to more thoroughly analyze compliance enforcement mechanisms, because the proposal “underestimate[s] the barriers to invoking copyright remedies to redress potential violations by third-party actors purporting to operate under this rule.” For example, it is hard to enforce the DMCA against foreign pirate box manufacturer, and it is hard for a content creator to seek damages against a foreign pirate box manufacturer.

There are a number of reasons enforcement of copyright is difficult. First, MVPDs and content creators have no adequate way to monitor infringement. Second, copyright litigation is inherently expensive, time consuming, and uncertain. Third, foreign perpetrators are even harder to punish and successfully enforce a judgment against.

But that is not because of this proposal. Copyright is hard to enforce with or without these new regulations. The FCC points out that that the proposal does not change a copyright holder’s rights or remedies. Likewise, EFF echoes that “the Unlock the Box rules do not affect the status or enforcement of copyrights.” In essence, the rules do no legalize piracy or pirate boxes. The rules do not change the fact that it would be hard to punish or seek damages against a pirate box manufacturer. That is not the purpose of the proposal, and that is not the FCC’s job.

The FCC’s proposal does not alter the criminal protections or punishments for piracy. Piracy exists, but the FCC is not responsible for protecting copyright – the US Copyright Office is (or, where new legislation is necessary, Congress is.) The FCC cannot regulate copyright, so it should not attempt to do so in these rules. The FCC was asked to regulate the set-top box industry to ensure openness and competitiveness, and that is what these rules do. Thus, the first set of proposed rules should be enacted.

Unfortunately, the incessant lobbying of MVPDs and the entertainment industry has lead the FCC to abandon its first proposal in favor of a second which largely resembles the Proprietary Applications approach.[15] Not-so-coincidentally, the second proposal (which mind you was their idea in the first place) is now strongly opposed by MVPDs and content creators (which mind you are often in the same corporate family tree like NBCUniversal and Comcast) – essentially forcing the FCC back to the drawing board.

It looks like we may go another twenty years without enacting regulations that finally address Congress’s goal of opening up a competitive market for set-top boxes as laid into law in 1996.

I leave you with a few questions:

  • Do either, neither, or both approaches sufficiently protect copyrighted programming from piracy?
  • Should more be done to stop the proliferation of piracy and the potential proliferation of pirate boxes in America or is the current state of copyright law sufficient? If so, what should be done?
  • What can be done to ensure that the enforcement process is effective in punishing pirates and in providing copyright holders with an effective means for seeking damages against pirates?
  • Considering the fact that MVPDs now oppose both proposals including their own Proprietary Applications approach, are they really upset about the copyright implications or are they actually afraid of missing out on $20 billion worth of rental fees?

[1] http://www.markey.senate.gov/news/press-releases/markey-blumenthal-decrylack-of-choice-competition-in-pay-tv-video-box-marketplace

[2] https://www.wired.com/2016/02/fcc-set-top-box-rules/

[3] https://apps.fcc.gov/edocs_public/attachmatch/DOC-337449A1.pdf

[4] See Telecommunications Act of 1996, Pub. L. No. 104-104, § 304, 110 Stat. 56, 125-126 (1996)

[5] http://www.latimes.com/business/technology/la-fi-set-top-box-future-20151109-story.html

[6] THE FCC AND ANCILLARY POWER: WHAT CAN IT TRULY REGULATE?  36 Hastings Comm. & Ent L.J. 311 (Summer 2014)

[7] https://transition.fcc.gov/dstac/dstac-charter.pdf

[8] https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-18A1.pdf

[9] https://apps.fcc.gov/edocs_public/attachmatch/DA-15-982A2.pdf

[10] http://www.markey.senate.gov/news/press-releases/markey-and-blumenthal-commend-fcc-order-to-promote-competition-in-the-set-top-box-marketplace

[11] https://www.eff.org/document/letter-maria-pallante-fcc-re-set-top-boxes

[12] https://ecfsapi.fcc.gov/file/60001690774.pdf

[13] https://ecfsapi.fcc.gov/file/60001690699.pdf

[14] 17 U.S.C. § 1201

[15] https://www.techdirt.com/articles/20160908/14071835467/comcast-already-whining-about-new-fcc-cable-box-plan-despite-it-being-cable-industrys-idea.shtml

Bitcoin: A Risky Investment for All Consumers

•October 9, 2016 • 9 Comments

In 2009, Satoshi Nakamoto launched Bitcoin, the world’s first cryptocurrency, a decentralized digital currency which utilizes an encrypted payment system to allow its users to conduct transactions without the need of a financial institution or other “trusted third party”.  [1].  Without any government control over the money supply or interference from third parties, Bitcoin is a “currency” directly controlled by its users. Id.  There are many advantages to using Bitcoin such as low-cost transactions, increased privacy, encrypted security and a self-regulated money supply. [2].  In addition, Bitcoin is not only used as an alternate currency, it can be sold and converted to real cash which makes it an attractive investment asset. [3].  A recent article from the International Business Times stated that 80 percent of the users of Coinbase, a Bitcoin exchange company, are using Bitcoin for investment purposes. [4].    However, Bitcoin may pose as “currency”, it is not considered legal tender and there is uncertainty on how it should be treated under

However, Bitcoin may pose as “currency”, it is not considered legal tender and there is uncertainty on how it should be treated under current laws. [2]. This uncertainty puts investors at risk of significant financial loss with very few legal protections afforded to them. Id. For instance, a Hong Kong Bitcoin Exchange, known as Bitfinex, discovered a recent security breach and nearly 120,000 bitcoins were stolen. [5].  The theft resulted in a loss valued at 77 million U.S. dollars. Id.  Further, Bitfinex calculated as a generalized result of the breach, each user suffered an estimated loss of thirty-six percent of the value of their accounts. [6].  Without any involvement from a bank or financial institution, Bitcoins lost due to fraud or theft is difficult to trace. [7]. In addition, unlike U.S. dollars, Bitcoins are not federally insured which further limits a victim’s ability to recover for losses regarding Bitcoin. Id.

Several Federal agencies have made efforts to clarify the treatment of Bitcoin under relevant U.S. laws but it is still uncertain as to what exactly the government classifies Bitcoins as.  The Financial Crimes Enforcement Network (FinCEN) is a federal agency which serves the primary purpose of protecting against money laundering and other financial crimes. [8]   In a 2014 guidance, the FinCEN did not specifically define or categorize Bitcoin as a currency, commodity, security, etc. [9].  Instead, the agency held that the regulation of Bitcoin would be dependent on how the Bitcoins were being used. Id.  Further, the FinCEN guidance stated Bitcoin use could be divided into the following three categories:

  • Users – Users are merely individuals who use Bitcoin as a form of payment for goods and/or services. Users do not have to register as a money services business and are not subject to FinCEN regulation;
  • Exchangers – An Exchanger is a person or business who sells Bitcoins in exchange for real currency.  Exchangers must register as a money services business and are subject to FinCEN regulation.
  • Administrators – An Administrator is a person or business who controls the issuance and withdraw of virtual currency from regulation and like Exchangers, administrators must register as a money services business and are subject to FinCEN regulations. However, it seems Bitcoin would not apply to this category because its supply is not issued or reduced by a central authority. Id.

 The Commodity Futures Trading Commission (CFTC) issued an order against Coinflip, which operated Derivabit, an online website which Bitcoin users could engage in options and futures trading. [10].    In the order, the CFTC charged Coinflip for operating an illegal, unregistered options trading platform in direct violation of the Commodity Exchange Act (CEA). Id.  It is interesting because the CFTC’s reasoning was that they did not define Bitcoin as a “currency” and instead held that it would be treated as a commodity.  Id. A commodity is generally defined as “a basic good used in commerce that is interchangeable with other commodities of the same type.” [11].  The definition of a commodity under the CEA focuses more on agriculture products but includes that a commodity can be “all services, rights, and interests in which contracts for future delivery are presently or in the future dealt with.” [12].   Although the CFTC order seems to add further legal protections for consumers and investors who use Bitcoin, it is evident that ambiguity remains to how the cryptocurrency should be treated under the law.

 In SEC v. Shavers, a federal court in Texas added to the ambiguity surrounding Bitcoin regulation.  [13].  In Shavers, the SEC alleged that the Defendant fraudulently solicited lenders to invest into Bitcoin Savings and Trust (BTCST) promising at least a 1 percent return. Id.  Instead, Shavers’ false promises resulted in the investors suffering significant financial losses. Id. Shavers argued that the SEC did not have subject matter jurisdiction because Bitcoin were not securities and the transactions involved only Bitcoin and not any actual money. However, the federal court held that “Bitcoin is a currency or form of money, and investors wishing to invest in BTCST provided an investment in money.” In result, the Bitcoin investments were subject to federal security regulations and eventually Shavers was ordered to pay over $40 million in disgorged profits and prejudgment interest. [14].

As you can see, Bitcoin remains a risky “investment” due to its lack of uniformity under our current laws, leaving consumers and investors with little clarity of the protections afforded to them in their involvement with Bitcoin-related transactions.  Nevertheless, Bitcoin continues to develop as a promising technology used for business.  Despite the concerns with its regulation, Bitcoin has not lost any significant value, Bitcoin-related businesses continue to develop and many Fortune 500 companies such as Dell, Expedia and Microsoft now indirectly accept Bitcoin as payment. [15, 16].  It will be interesting to see if the government will continue to let federal agencies and courts interpret how Bitcoin should be regulated based on current law or if specific legislation will be implemented.

I’ll leave you with a few questions to consider:

(1) Do you think Bitcoin its best to classify Bitcoin as a commodity, currency, security, etc.?

(2) Should the federal government prevent people from investing in Bitcoin until more specific regulations are in place to protect its investors from losses due to fraud and/or theft?

(3) Do you think Bitcoin or another virtual currency will ever be considered legal tender in the United States?  Would this be a good or bad thing?

[1] Bitcoin: A Peer-to-Peer Electronic Cash System, Satoshi Nakamoto, https://bitcoin.org/bitcoin.pdf

[2] Bitcoin: Questions, Answers, and Analysis of Legal Issues, https://www.fas.org/sgp/crs/misc/R43339.pdf

[3] http://money.cnn.com/infographic/technology/what-is-bitcoin/

[4] http://www.ibtimes.com/how-buy-bitcoins-digital-gold-worth-investment-2350605

[5] Bitcoin Value Falls Off the Cliff after $77 Million Stolen in Hong Kong Exchange Hack, http://arstechnica.com/security/2016/08/bitcoin-value-falls-off-cliff-after-58m-in-btc-stolen-in-hong-kong-exchange-hack/

[6]  https://www.cryptocoinsnews.com/bitfinex-slowly-getting-back-online-users-suffer-36-loss/

[7] https://www.sec.gov/oiea/investor-alerts-bulletins/investoralertsia_bitcoin.html

[8] https://www.fincen.gov/about/mission

[9] FinCEN on Virtual Trading Platform, https://www.fincen.gov/sites/default/files/administrative_ruling/FIN-2014-R011.pdf

[10] Feds Target Bitcoin Options Site, Declare Cryptocurrencies as Commodities, http://arstechnica.com/tech-policy/2015/09/feds-shut-down-bitcoin-options-and-futures-trading-site/

[11] http://www.investopedia.com/terms/c/commodity.asp

[12] http://www.cftc.gov/ConsumerProtection/EducationCenter/CFTCGlossary/index.htm#C

[13] SEC v. Shavers,  http://ia800904.us.archive.org/35/items/gov.uscourts.txed.146063/gov.uscourts.txed.146063.23.0.pdf

[14] http://www.theracetothebottom.org/home/2015/2/25/sec-v-shavers-over-40-million-disgorged-in-bitcoin-fraud-cas.html

[15] Three Reasons Why Bitcoin Isn’t Dead Yet, http://arstechnica.com/business/2016/01/three-reasons-why-bitcoin-isnt-dead-yet/

[16] http://time.com/money/3658361/dell-microsoft-expedia-bitcoin/

How Bitcoin is treated in the context of Anti-Money Laundering Regulation

•October 9, 2016 • 9 Comments

Virtual Currency (VC) existed before Bitcoin but most of those attempts involved a centralized set up where the processing of payments and control over the currency reside ultimately under the control of some individual figure. Bitcoin operates differently because it’s based around peer-to-peer connections, similar to torrenting, which allow people to anonymously transmit Bitcoins. The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) uses the term “de-centralized convertible virtual currency” to refer to VC like Bitcoin noting the lack of a central repository and the ability of users to obtain the currency on their own.[1] For Bitcoin this process of obtaining currency without engaging in transactions is called mining. Due to the ability to obtain Bitcoin without engaging in transactions FinCEN makes sure to distinguish between three groups of persons and businesses involved with bitcoin. The first of these groups is a user which is someone who “obtains virtual currency to purchase goods and services” and they are not considered to be money transmitting businesses. The second is an exchanger which is someone who exchanges virtual currency for “real currency, funds, or other virtual currency.” The third is an administrator which is someone who issues or redeems virtual currency. The second and third groups are considered by FinCEN to be money transmitting businesses.

When combating money laundering authorities mainly turn to two different charges, unlicensed operating of a money services business and money laundering. While those charges often overlap (as they do in much of the Silk Road prosecution) there are important differences, starting with that unlicensed money services business does not require the State to prove the defendant had an intent to promote or facilitate unlawful activity. 18 U.S.C. § 1965(a)(1)(A) This expands the reach of anti-money laundering legislation and allows authorities to go after businesses that engage in borderline activity even if when evidence they knew of the illicit transactions is sparse. For both charges a central element is that “funds”, “money”, or a “payment instrument” must be involved, while this might seem self-evident it becomes important because the contention of many defendants is that Bitcoin does not qualify for these definitions and thus not for regulation or sanction under anti-money laundering legislation. See United State v. Ulbricht, 31 F.Supp.3d 540 (S.D.N.Y. 2014); United States v. Murgio, 2016 WL 5107128 (S.D.N.Y. Sept. 19, 2016); Florida v. Espinoza, F14-2923 (Fla. 11th Cir. Ct. July 22, 2016) (https://www.scribd.com/document/322422269/Florida-v-Espinoza)

Two jurisdictions have considered this issue and come to opposite decisions. The District Court of the Southern District of New York, in multiple cases, has determined that Bitcoin does count as money or funds. See Ulbricht, 31 F.Supp.3d 540 (S.D.N.Y. 2014); United States v. Faiella, 39 F.Supp.3d 544 (S.D.N.Y. 2014); United States v. Budovsky, 2015 WL 5602853 (S.D.N.Y. Sept. 23, 2015); Murgio, 2016 WL 5107128 (S.D.N.Y. Sept. 19, 2016). The 11th Circuit Court of Florida has held that Bitcoin is not money and does not fall within Florida’s anti-money laundering legislation. Espinoza, F14-2923 (Fla. 11th Cir. Ct. July 22, 2016).

In Ulbrict the Southern District of New York the United States charged Ulbricht with violating a variety of laws including anti-money laundering legislation based upon his creation and administration of the Silk Road site which acted as a market for illicit goods and services. Ulbricht, 31 F.Supp. 3d at 547. All transactions that occurred on the Silk Road involved Bitcoin rather than more traditional currencies and so if the court agreed with the defendant that Bitcoin is not money than all of those transactions would be unreachable with anti-money laundering legislation. Id. 548. Ultimately the court reasoned that because Bitcoins carry value, act as a medium of exchange, can be exchanged for other currencies, and derive their value from their ability to pay for things they should be treated as money. Id. The court noted the conflict between the view of FinCEN regulations which treats Virtual Currencies like Bitcoin as money and the IRS which treats Bitcoins as property for tax purposes and decided that the IRS’s treatment is irrelevant by looking directly at the statute’s definitions. Id. at 569. The court particularly noted that the anti-money laundering statute was intended by Congress to be broad and able to adapt to new ways that alleged criminals find to wash the proceeds of criminal activity. Id. at 570.

In Espinoza the court dismissed the information against the defendant holding that Bitcoin does not fall within Florida’s money laundering state. Espinoza, F14-2923, slip op. at 5. The defendant was targeted by police because he advertised on localbitcoins.com that he was available for bitcoin trades 24 hours a day under the username “Michaelhack.” Id. at 2. The only suggestion that the defendant was involved in criminal activity was the police asking if he’d be interested in purchasing stolen credit card information so which he responded ambivalently. Id. The court explained that there was “unquestionably no evidence that the Defendant did anything wrong” in this case. Id. at 7. The court argued that Bitcoin did not count as money because of its highly volatility and deferred to the IRS’s treatment of Bitcoin as property rather than currency. Id. at 3, 6. The Southern District of New York in Murgio addressed the decision of the court in Espinoza and expressed their significant disagreement, arguing that even under Florida law Bitcoin acted sufficiently like money to qualify for anti-money laundering regulation. Murgio, 2016 WL 5107128 at *8.

The questions I have for all of you is: (1) Do you believe Bitcoin should fall under anti-money laundering regulations?

(2) What factors and characteristics of Bitcoin make you think it should or should not be considered “money”?

(3) How important is the IRS’s treatment of Bitcoin as property when other parts of the government attempts to treat Bitcoin as currency?

(4) Do you think the lack of criminal activity by the defendant contributed to the Espinoza court’s decision that Bitcoin was not money?

 

[1] https://www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf