Gaming Companies Aspire and Struggle to Enter Online Gambling

•September 6, 2018 • Leave a Comment

In 2012, the global gambling market was estimated to be worth $417 billion.  According to H2 Gambling Capital, only 8.1% of that $417b came from online or interactive gambling.[1]  In light of those numbers, the opportunity for enormous revenue growth by gaming companies via online gambling is obvious and has not gone unnoticed.  A prime example of a gaming company’s attempt and struggle to capture their share of the gambling market is Zynga.

But there is hope.

The recent ruling in Spry Fox, LLC v. LOLApps, Inc., shows the legal theory surrounding game copyright may be slowly expanding in a way that offers developers more protection for more parts of their work.[2]  Spry Fox is the maker of Triple Town, a popular match-three/village-building game. They are suing 6waves Lolapps, which cranked out the extremely similar Yeti Town after backing out of negotiations to make an iOS Triple Town port.[3] The games are practically identical from a basic gameplay and progression perspective, right down to the prices of analogous items in the in-game stores and similar language in explanatory dialogue boxes.[4] Yeti Town‘s main innovation seems to be small cosmetic differences—the enemy characters are changed from bears to yetis, the graphics are rendered in 3D polygons rather than 2D sprites, etc.


Although Spry Fox cannot copyright the basic rules and idea of Triple Town, the court noted that Spry Fox can claim copyright protection for things like “plot, theme, dialogue, mood, setting, pace, and character” (the court compared games to movie screenplays in this regard. And while 6waves’ Yeti Town didn’t precisely copy any of these elements from Triple Town, the court found the similarities in these areas were great enough to let the case go forward. The court noted: “A writer who appropriates the plot of Gone with the Wind cannot avoid copyright infringement by naming its male protagonist “Brett Cutler” and making him an Alaskan gold miner instead of a southern gentleman. The differences between Triple Town and Yeti Town are more meaningful, but it is at least plausible that they are insufficient to overcome the similarities.”[5]

So how does this impact the digital world? Hopefully, video game copyright owners will soon receive more protection against copycat developers. Since courts seem to be getting more familiar with disputes involving video games. This was not the case in 2007. Then the big question was: What happens when one avatar tries to sue another avatar for copyright infringement in an actual court? Kevin Alderman, known in Second Life as Stroker Serpentine, one of SL’s leading entrepreneurs tried to do just that. He believed Volkov Catteneo Catteno was selling unauthorized copies of his SexGen bed, a piece of furniture with special embedded animations that enable players to more or less recreate an adult film with their avatars.[6] Alderman sold his version for the L$ equivalent of USD$45, while Catteno sold his alleged knockoff for a third that price, undercutting him. Alderman threatened to sue, but he had one small issue: He didn’t know who to sue, since he didn’t know the real life identity of the person behind the avatar. Maybe he would have better luck in today’s courts.

How does this affect Machinima production? I will admit, yesterday I’d never heard of machinima. Even after reading the materials, I was still clueless. Now, after watching a few videos on, I understand the concept. Machinima has become increasingly popular, not just among video game fans, but among independent artists in general, for its low cost and time efficiency relative to live action film or other forms of computer animation. According to, the target group is males aged 18-34; this could be why I didn’t know about it.

For those like me who are also clueless, “the word ‘machinima’ is a of ‘machine’ and ‘cinema’ and refers to the process of creating real-time animation by manipulating a video game’s engine and assets.[7] Essentially, it is filmmaking using the computer-generated images of a video game. The three-dimensional physics engines of modern video games provides computer animation in real-time, without the need for time-intensive rendering. Screen capture technology, available in most video games, allows a user to record the action as various players control characters in the game. Then, voice-overs are recorded independently and layered onto the visual recording.[8]

Machinima video will be considered an infringing derivative work of the particular video game used in production.[9] Most examples of machinima incorporate graphics (known as art assets) directly from the video game, which would qualify as infringement. While video game publishers may be reluctant to sue fans that distribute machinima videos for free, commercial machinima works are more liable to face legal challenges from copyright holders. Nevertheless, video game copyright owners would benefit from granting licenses to machinima producers since a it could serve as an effective marketing device for the video game title, and also build brand loyalty.

The bottom line: even though machinima productions may infringe upon copyrighted video games, these legal issues are not likely to impede the development of the genre as a whole. On the other hand, holders of video game copyrights have strong incentives to license their intellectual property in order to encourage this art form.[10]


Social Media and Law Enforcement

•April 14, 2018 • 14 Comments

The privacy individuals enjoy at home and in private has not been extended to our social media presence and law enforcement organizations have begun using this information to investigate, corroborate and prosecute individuals. The internet is currently the wild west for law enforcement and they are using social media to slowly corrode the Fourth Amendment rights guaranteed by the constitution. The Fourth Amendment protects American citizens against unreasonable searches and seizures, yet the current law enforcement practice has only been slowly analyzed by the courts. The rights of individuals are slowly encroached upon by law enforcement officials until courts step in to state that individuals have rights. Social media offers them glimpses into the lives of the accused at the simple click of a button. This blog post will focus on the ongoing use of social media by law enforcement to investigate and surveil individuals to fight crime and whether the use of social media may be overstepping into citizens Fourth Amendment rights

U.S. v. Blake

On cases involving computer warrants there seem to be an evolving point of view as to what the police may have access to when executing a search warrant.[1] The U.S. Court of Appeals for the 11th Circuit seems to be leaning toward placing a limit upon use of social media and email to prosecute individuals. In Unites States v. Blake, the defendants challenged the way that the government obtained the corroborating information that they were running a prostitution ring. The Court expressed some concerns over the use of the warrant to search the defendant’s email and Facebook account.

In Blake, the FBI arrested and charged the appellants, Dontavious Blake and Tara Jo Moore with crimes related to sex trafficking. The FBI managed to obtain warrants for Moore’s Facebook and Microsoft accounts. The Facebook warrants were not limited to specific data or to a specific timeframe. The Microsoft warrant was limited to emails linked to the charges against appellant.

The Eleventh Circuit Court stated that the search of the Microsoft account was lawful because it was limited in scope, the search of the emails to be turned over to law enforcement was limited to those that could contain potential evidence. However, the court did make a point that the Microsoft warrant not having a time period limit as to when the conspiracy was occurring was an overreach, but let it stand as the search was decently limited in scope to those that could be connected to the alleged crimes.[2] On the other hand the Facebook search was a clear overreach according to the court because law enforcement received all of the content of the account regardless of whether it was related to the alleged crime or not. The Court found that with regards to private messages contained within the social media account the search should have been limited to messages sent to or from persons suspected at that time of being prostitutes or customers.[3] Nonetheless the Court found that even though the warrants were overly broad they were supported by probable cause and the “good-faith” exception.

Law Enforcement use of Social Media

Law enforcement has begun using social media to monitor individuals, even those with no criminal activity or suspicion thereof on their record.[4] A 2014 survey of more than 1,200 federal, state, and local law enforcement professionals found that approximately 80 percent used social media platforms as intelligence gathering tools.[5]

The issue with law enforcement use of social media has raised several questions particularly in areas where law enforcement has used social media to monitor peaceful protests,[6] assembled social media activity as evidence for criminal conspiracy charges,[7] or created fake profiles or impersonated individuals online.[8] Law enforcement use of social media in these ways has raised some longstanding concerns over a potentially disproportionate law enforcement focus on people of color, religious minorities and low-income communities. The use of social media has stoked fears of how its use may affect both the First Amendment, which protects free speech, and the Fourth Amendment, which protects against unreasonable searches and seizures.

In 2014, law enforcement used social media to crack down on the Heartless Felons gang after a rapper affiliated with the gang posted videos on social media where he admitted to selling drugs.[9] Law enforcement used the videos and raps to corroborate other evidence and crack down on members of the gang. While this may be a positive situation the overextension of surveillance is a slippery slope where courts have no bright line rule.

On the other hand of adequate effects there are situations like Ferguson where law enforcement used social media to monitor peaceful protests.[10] Documents released by the Department of Homeland Security’s Office of Operation of Coordination indicated that the department frequently collects information, including data, on Black Lives Matter activities from social media accounts. The surveillance of peaceful protests by the federal government is a dangerous road that has been traveled before, most notably by the programs ran by the FBI against civil rights movements. It would be easy to say that law enforcement would never again indulge in such activities, but that is not something that should be left to chance and courts should act to curb law enforcement use of social media for such purposes.

Face Morphing Technology

The evolution of face morphing technology allows individuals to superimpose facial features into preexisting video with relatively little effort.[11] The ability to know place people in situations they may never have been in creates issues when law enforcement use social media posts to investigate individuals. The biggest issue with face morphing is placing celebrities in pornographic scenes in which they were never involved.[12] However it is not hard to see this technology being used to frame individuals whether it be by law enforcement or other individuals. Facebook uses facial recognition software that identifies the individuals in pictures or videos.[13]

The scenario where an innocent individual may be superimposed into a video is not farfetched anymore. Celebrities find themselves fighting fake celebrity porn, but it is not hard to imagine law enforcement basing their investigation on fake images.[14] The danger of law enforcement using these fake images is more dangerous especially with the fast spread of social media and the everyday use by individuals.

Questions for Discussion

  • Do you think the court in United States v. Blake was correct in allowing the search and seizure of defendant’s accounts even though the search went beyond the scope of the warrant?
  • Do you think law enforcement should be able to use social media to monitor the accounts of individuals who have not been accused of any crime?
  • Do you think face morphing technology will make video evidence less trustworthy in the coming future?



[2]See United States. v. Blake, No. 15-13395 (11th Cir. 2017)

[3] Id. at 21

[4] Alexandra Mateescu et al., Social Media Surveillance and Law Enforcement Data & Civil Rights (2015), (last visited Mar 29, 2018).

[5] Id.

[6] George Joseph, Exclusive: Feds Regularly Monitored Black Lives Matter Since Ferguson The Intercept (2015), (last visited Mar 29, 2018).

[7] Meredith Broussard, When Cops Check Facebook The Atlantic (2015), (last visited Mar 29, 2018).

[8] Jacob Gershman, Police Online Impersonations Raise Concerns The Wall Street Journal (2015), (last visited Mar 29, 2018).

[9] James F. McCarty, Police arrest dozens of West Side Cleveland gang members accused of waging reign of terror (2014), (last visited Mar 29, 2018).

[10] Joseph, Supra note 45

[11] Chang, James. “Deepfakes, Privacy Rights and the AI-Powered Blurring of the Lines.” Internet & Social Media Law Blog, 14 Feb. 2018,

[12] Id.

[13] Constine, Josh. “Facebook’s Facial Recognition Now Finds Photos You’re Untagged In.” TechCrunch, TechCrunch, 19 Dec. 2017,

[14] Palmer, Annie. “Reddit User Who Revealed Disturbing AI That Can Make Fake Porn Videos Using Celebrities’ Faces Has Now Launched an App so ANYONE Can Do It.” Daily Mail Online, Associated Newspapers, 25 Jan. 2018,

Online Gambling Serial Blog – Regulations Dealing with Online Promotions to Children (Blog Post 7 of 7)

•April 14, 2018 • 9 Comments

Since online gambling in the United States has caused many legal uncertainties, including how individual states have dealt with various online gambling issues and how the advancements in internet-based technologies have created uncertainty enforcing online gambling issues, it is necessary for there to be more clear rules and regulations regarding legal issues relating to online gambling in the United States. This blog will discuss various online gambling issues in a seven-part serial blog. The seventh blog post will step away from online gambling issues and focus in on how regulators are dealing with advertisements and promotions directed towards children.

How Americans, especially children, consume media has changed dramatically in recent years. The regulatory framework for advertising to children, however, has not changed very much since the 1990s. [1] Mobile devices, such as smart phone and tablets, are a major platform for reaching young people because children tend to be avid users of these devices. A Nielsen survey found that if these devices are available in a household, 69% of children aged 8 to 10 use them. [1] Another study found that children prefer watching and spend more time viewing video on hand-held devices than on television. [1]

Many children watch YouTube even though YouTube’s terms of service explicitly state it “is not intended for children under 13. If you are under 13 years of age, then please do not use the Service.” [1] A survey done in 2014 found that 66% of children aged 6 to 12 visit YouTube daily, including 72% of 6 to 8-year-olds. [1] Much of the content initially available on YouTube consisted of “user-generated” videos produced by amateurs. Typical examples include videos of cats, cute babies, and people playing video games. Over time, many of these video creators built up a large following. They have come to be known as “YouTube celebrities” or “influencers.” [3] Young people especially tend to follow YouTube celebrities more than traditional celebrities. [4] Brands collaborate with influencers because “they certainly know how to grab the power of social media and use their credibility to affect their followers’ views (and even their purchasing decisions). [5] Influencer marketing works because “[p]eople value influencers for their authenticity, as their endorsement matters to them and this helps a brand increase its human element of the wider marketing strategy.” [5]

The Federal Communications Commission (“FCC”) and the FTC are the two government agencies primarily responsible for regulating advertising to children. However, each agency enforces different laws, has different means of developing policies and rules, and uses different enforcement methods. [1] The regulatory efforts of the FCC and the FTC are supplemented, to a limited extent, by industry self-regulation. [1]

FCC rules apply only to television delivered by means of broadcast, cable, and satellite television. They do not apply to motion pictures (even if shown on television), video games, or online videos. [1] The FCC’s children’s advertising policies have not changed much since 1974. [1] Congress passed the Children’s Online Privacy Protection Act of 1998 (“COPPA”). [1] A major purpose of COPPA was to limit advertising targeted to children by prohibiting the collection, use, and dissemination of personal information from children without informed, advance parental consent. [1] Section 5 of the Federal Trade Commission Act gives the FTC the power to prevent deceptive and unfair marketing practices in interstate commerce, regardless of the medium employed.  [2]

Using influencer videos that do not appear to be advertising takes unfair advantage of children’s cognitive inability to appreciate the nature and purpose of advertising. [1] Because children naturally love toys and characters, market forces cannot be relied on to protect children from excessive, deceptive, or unfair advertising. [1]

Currently, Google facilitates influencer marketing on YouTube in several ways. The YouTube Partners Program allows creators to monetize content on YouTube by letting Google stream advertisements in exchange for a portion of the advertising revenue. [6] Recently, YouTube has been accused of violating child protection laws in the US, by a collection of 23 consumers, child safety and privacy advocacy groups. [7] The coalition has filed a complaint with the FTC alleging that YouTube collects data from children aged under 13. [7] The group alleges that YouTube collects location data and the browsing habits of its users – even if they are children – and uses it to target advertising. [7] Google said its advertiser tools did not include the option to target advertisements at under-13s. It also said it offered the YouTube Kids app “specifically designed for children”. [7]

New legislation will be required to protect children from excessive and deceptive marketing practices in the digital environment. That legislation should provide ample legal authority, resources, and the political support for the FCC, FTC, or perhaps some other agency, to develop new rules and enforce them across all platforms.

Academics who study marketing to children are finding that existing regulations are ineffective in a digital environment and have called on policy makers to take action. For example, one study concluded that the “nature of contemporary advertising demands a radical revision of our conceptualization of ‘fair’ marketing to children,” and urged policy makers “to reconsider policies and regulations concerning child-directed advertising.” [1]

Do you think YouTube should be held responsible for advertisements placed in front of viewers under the age of 13 when a lot of the content on YouTube seems to be directed toward younger audiences? What potential legislation do you think should be in place to limit the effects of “influencers” on susceptible children? These are some interesting questions that have to be answered as the digital age has greatly changed the way younger Americans are influenced by advertisements on a daily basis.


[2] Federal Trade Commission Act, 15 U.S.C. §45(a)(1)


[4] pewdiepie-1201544882/








Copyright Law: DMCA and Fair Use

•April 14, 2018 • 10 Comments

Digital Millennium Copyright Act (DMCA)

The DMCA was signed into law by President Clinton in October of 1998. The act was created to implement two World Intellectual Property Organization (WIPO) treaties. First, the WIPO Copyright Treaty and second, the WIPO Performances and Phonograms Treaty.[1] In addition to implementing the WIPO treaties the DMCA also added new laws to existing American copyright law. This post will discuss two of the laws added by the DMCA that have been controversial, §1201 the “anti-circumvention” rule and §512 the “safe harbor” protections.

Section 1201 Anti-Circumvention:

Section 1201 states “No person shall circumvent a technological measure that effectively controls access to a work protected under this title”[2] The act defines circumvention of a technological measure as a means to descramble a scrambled work, to decrypt an encrypted work or to otherwise avoid, bypass remove, deactivate, or impair in some was technology used to protect a work without the permission of the copyright owner. [3] It then defines a technological measure as an operation that “effectively controls access to a work.[4] On the surface this protection seems common, it allows for copyright holders to use technology to prevent infringement of their works. However, it has been used excessively and the DMCA gives these “technological measures” special protection in copyright law.[5]

Digital Rights Management (DRM) are the typical access controls that are used by copyright holders and protected under §1201.[6] The term DRM is very broad and can be applied to many different methods used by copyright holders to restrict unauthorized access and use of their works. Examples of DRM use include: preventing a user from skipping advertisements on a DVD, preventing a customer from listening to an MP3 on multiple computers. DRM technology can be used to achieve many different goals of a copyright owner, from advertising new products to preventing copying, but all uses of the technology are intended to prevent unauthorized use of a copyrighted work. A simple definition may be that the DRM’s are technological limitations put in place by IP owners to restrict full, unfettered use of a protected work by consumers.[7]

The problems with the DRM technological limitations is they have been applied in an over broad and sometimes excessive way. Examples of when DRM’s caused problems for consumers include: purchasing an ebook but not being able to read it on certain ebook readers, video games unable to play because the “authentication servers” are offline, purchasing a smartphone that can only be used on certain service providers networks.[8] It is a common belief that once a product is purchased it belongs to that person and it may be used in whatever way preferred, but the use would be illegal if is required tampering with a DRM.[9] Tampering with DRM technology and circumventing the restrictions they create can lead to being convicted of a crime carrying a five-year prison sentence and up to a $500,000 fine for a first offence.[10] The protections provided under §1201 have gone as far as to say that when a security expert discloses a defect in a copyrighted product that the experts have violated laws that protect DRM.[11]

Section 512 Safe Harbor

Section 512 provides protection from secondary copyright infringement for service providers whose users post or share copyrighted works. The sections states that a service provider shall not be liable if five conditions are met. The five conditions are: (1) the transmission of the material was initiated by or at the direction of a person other than the service provider; (2) the transmission, routing, provision of connections, or storage is carried out through an automatic technical process without selection of the material by the service provider; (3) the service provider does not select the recipients of the material except as an automatic response to the request of another person; (4) No copy of the material made by the service provider… is maintained on the system or network in a manner ordinarily accessible to anyone other than the anticipated recipient; (5) the material transmitted through the system or network without modification of its content.[12]

While §512 may protect the service providers from secondary liability, it also includes a provision that allows copyright holders to require the service providers to “expeditiously” remove copyright-infringing content, otherwise known as “take down notices[13]” in order to remain under the protection of the safe harbor.[14] What constitutes expeditiously has become a debated question in the courts and seems to be a case by case determination when all relevant facts are considered.[15] Courts have held that seven months and a week were not expeditious enough, but other courts have said seven days and one day are expeditious enough. In one case that included notifications for 170 videos the court found that three-and-a-half months was expeditious.[16] There is not hard a fast rule for what will be considered an expeditious removal and what is not.

Fair Use USCS §107

Fair use, as stated in U.S. Code section 107, is a statutory right to a non-infringing type of use of a copyright protected work.[17]  In the case A & M Records v. Napster the court explains the element requirements for fair use.  A person claiming fair use must show that each factor is supportive of a finding of fair use. The factors are: (1) the purpose and character of the use; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion of the copyrighted work used, in relation to the work as a whole; and (4) the effect of the use upon the potential market for the work or the effect on the value of the work.[18]  The factors are each considered and then a balancing test is applied to determine if all the factors taken together either weighs for, or against the use of the work being considered a fair use.[19]

Safe Harbor Take-Downs vs. Fair Use

As I am sure you can imagine, with copyright holder’s abilities to issue take down notices came the abuse of the use of those notices. One of the most famous incidents where a copyright holder issued a take-down notice that was contested is the case Lenz v. Universal Music Corp. In this case Lenz posted of video of her young children dancing to the Prince song “Lets Go Crazy” on YouTube.[20] The Universal employee who decided to send the take down notice did so based on the fact that the song was recognizable in the background of the video[21],  that the song played for the full length of the video (29 seconds), that the video’s title contained the name of the song, and that during the video Lenz stated “do you like the music” to her son as he danced around.   He ultimately concluded that the video infringed on the copyright because it was “very much the focus of the video.”[22]

The court analyzed the reviewing guidelines and noted that none of the considered factors included the factors of fair use, nor was fair use considered at all in determining whether to send a takedown notice to YouTube.[23] After discussing the codification of the four factors of fair use into 17 USCS §107, the court determined that because of this codification fair use was no longer an affirmative defense but was intended by Congress to be a statutory right, and a type of use authorized by law that did not qualify as infringement.[24] Leading to the ultimate decision that a copyright holder is required to consider fair use before issuing a takedown notice, and that failure to do so raises a triable issue as to whether the copyright holder formed a subjective good faith belief that the use was not authorized by law.


(1) The DMCA provides protections for copyright holders and Fair Use prevents the abuse of those protections, do you think the existing law has done a good job of striking a balance between the two?

(2) The Dodge-Ram commercial that used Dr. Martin Luther King’s speech and was later altered using a different section of Dr. King’s same speech was considered fair use. Based on the four factors of fair use, why do you think this use would qualify?

(3) Is the case by case determination of what constitutes expeditiously an effective way to enforce take-down notices or should the courts create a more bright line rule of what is or is not fast enough?

If you think there should be a bright line, what do you think it should be?

(4) What are your thoughts on the §1201 anti-circumvention laws, should there be exceptions to these types of protections?



[1] The Digital Millennium Copyright Act of 1998: U.S. Copyright Office Summary,, (last visited Apr 14, 2018).

[2] 17 USCS § 1201

[3] Id.

[4] Id.

[5] Cory Doctorow, America’s broken digital copyright law is about to be challenged in court The Guardian (2016), (last visited Apr 14, 2018).

[6] Id.

[7] What is DRM?, Digital Rights Management, (last visited Apr 14, 2018).

[8] DRM, Electronic Frontier Foundation, (last visited Apr 14, 2018).

[9] Supra, America Broken Digital Copyright.

[10] Id.

[11] Id.

[12] 17 USCS § 512

[13] 17 USCS § 512(c)

[14] Carolyn S. Toto, When It Comes to the DMCA, a Red Flag Becomes Harder to Fly Internet & Social Media Law Blog (2016), (last visited Apr 14, 2018).

[15] Carolyn S. Toto & Kimberly Buffington, The Complicated Relationship between DMCA Takedown Notices and the Word “Expeditious” Internet & Social Media Law Blog (2016), (last visited Apr 14, 2018).

[16] Id.

[17] Lenz v. Universal Music Corp., 801 F.3d 1126, 1133

[18] A&M Records v. Napster, Inc., 239 F.3d 1004, 1014 (9th Cir. Cal. Feb. 12, 2001).

[19] Id. (A&M)

[20] Lenz, 1126.

[21] Music video of “Lets Go Crazy” to compare with video from Lenz for recognizably

[22] Lenz, 1130.

[23] Lenz, 1130.

[24] Lenz, 1133

Government Surveillance and Fourth Amendment Implications

•April 7, 2018 • 11 Comments

Stored Communications Act

Congress enacted the Stored Communications Act (SCA) as Title II of the Electronic Communications Privacy Act (ECPA).[1]It regulates when an electronic communication service provider may disclose a customer’s e-mails, text messages, tweets or other electronic communications.[2]It usually prohibits a service provider from revealing the contents of any communication to any person other than the addressee or intended recipient, except as authorized by applicable law.[3]

This law authorizes the government to obtain cell service providers’ records under certain circumstances.[4]The Stored Communications Act was added to the United States code in 1986, and has been amended several times since then.[5]The Act allows electronic communication providers to provide the government with contents of a wire or electronic communication with a valid warrant.[6]Thereafter, the electronic communications service is required to provide the government officials with the name, address, telephone connection records, length of service, telephone number,  and payment information of the named defendant.[7]The government entity receiving this information need not provide the defendant with this information.[8]

Third-Party Doctrine

The third-party doctrine is a legal proposition that permits the government to access a vast amount of information about individuals through service providers.[1]

U.S. v. Carpenter

One of the most recent effects of the Stored Communication Act and cell-site location information on the Fourth Amendment are in U.S. v. Carpenter.[1]In this case, now before the Supreme Court of the United States, the main issue is whether the government can conduct a search for Fourth Amendment purposes when it obtains business records from a defendant’s wireless carriers for cell phone service, containing cell tower locational data.[2]Timothy Carpenter and co-defendant Timothy Sanders were convicted of nine armed robberies.[3]At trial, the government’s evidence included business records from the defendants’ wireless carriers showing that they used their phones within a half-mile to two miles of the locations where certain robberies occurred.[4]The government was able to retrieve this evidence by obtaining an order from the magistrate pursuant to the Stored Communications Act.[5]Under the Act, the government may require electronic communication services to disclose certain communication records when “specific and articulable facts show[] that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”[6]The court used the two-part Katztest in this investigation to determine whether the retrieval of the defendants’ cellular data was considered a search under the Fourth Amendment.[7]This two-part test looks at whether (1) the defendant “exhibited an actual (subjective) expectation of privacy, and (2) whether this expectation was “one that society is prepared to recognize as reasonable.[8]If both of these elements are met, the investigation will constitute a search under the Fourth Amendment.[9]

In arriving at its conclusion, the court made a distinction with personal communications noting that although the content of personal communications is private, the information necessary to get those from point A to point B is not.[10]The Sixth Circuit also ruled in favor of the government, holding that while the Fourth Amendment “protects the content of the modern-day letter,” courts have not yet “extended those protections to the internet analogue to envelope markings, namely the metadata used to route internet communications, like sender and recipient addresses on email, or IP addresses.”[11]

Lawyers for Carpenter moved to suppress the cell-site evidence, arguing that the “reasonable grounds” standard necessary for the information under the federal law was too low of a bar.[12]Instead, they argued that the Fourth Amendment required the government to obtain a search warrant pursuant to a higher standard of “probable cause” before obtaining the data.[13]On appeal Carpenter’s lawyers also argue that “[a]llowing law enforcement to obtain such records free and clear of any Fourth Amendment restrictions would dramatically shrink the amount of privacy that people enjoyed from the time of the Framing through the dawn of the digital age.”[14]

Cell-site Simulators

Cell-site simulators impersonate cell phone towers, so cell phones can recognize the device as the strongest cell tower in the area and connect with them.[1]The simulator then identifies that cell phones using its unique International Mobile Subscriber Identity (IMSI).[2]Law enforcement agencies use these devices in vehicles as well as in planes.[3]The issue with the cell-site simulators from airplanes are that is that they cover such a wide geographic range, that when deployed over populated areas, phones with no connection to criminal activity are also surveilled.[4]

[A]bsent proper oversight and safeguards, the domestic use of cell-site simulators may well infringe upon the constitutional rights of citizens to be free from unreasonable searches and seizures”.[5]Because a lot of this technology is used overseas in the military, the Federal Bureau of Investigation (FBI) assists the sta. Part of the conditions for being able to sell cell-site stimulators to state and local law enforcement agencies are that the manufacturers must first notify the FBI.[6]And the agencies must sign a non-disclosure agreement with the FBI that expressly prohibits them from publicly disclosing their use of this technology, even in prosecutions where the technology was at issue.[7]Back in 2015, federal law enforcement entities could obtain a court’s authorization to use cell-site simulators by meeting a standard that was less than probable cause.[8]Until this time, the Department of Homeland Security (DHS) and the Department of Justice (DOJ) had different policies and procedures governing their use of cell-site stimulators.[9]They also were not always obtaining a search warrant to deploy the devices.[10]Now, their current policies require a warrant supported by probable cause.[11]

Currently, state laws vary as to what court authorization is necessary to deploy cell-site stimulators.[12]In California, Illinois, Utah, Virginia, and Washington, law enforcement agencies are required to obtain a warrant or order based on probable cause before using cell-site stimulators.[13]However, in many other states, law enforcement agencies only need to meet a “relevance-based standard” to use cell-site stimulators, which is lower than the standard of probable cause.[14]


  1. In theU.S. v. Carpenter case, Justice Gorsuch suggested that the case should be decided on trespass grounds instead of taking a privacy-based approach. Do you agree?
  2. What are some of the Fourth Amendment violations that could arise from the cell-site simulators that are specifically on airplanes?
  3. Prosecutors have accepted plea deals to hide their use of cell-site simulators and have even dropped cases to avoid revealing information about their use of technology. What other ethical concerns do you see possibly stemming from the use of cell-site simulators?
  4. The Electronic Frontier Foundation as well as others, have argued that it is time for the Supreme Court to revisit the third-party doctrine because it is outdated. One of the main challenges that will present itself in the Carpenter case is trying to figure out how to reset the parameters of the third-party doctrine for this current digital age, or determine whether the third-party doctrine should be extinguished altogether. What are your thoughts?


Stored Communications Act
[1]18 U.S.C. §§2701-2712 (2017).
[3]18 U.S.C. §§2702(a)(3)-2703.
[5]18 U.S.C. §2703 (2017).
[7]18 U.S.C. §2703
[8]18 U.S.C. §2703
Third Party Doctrine
[1] Richard M. Thompson. The Fourth Amendment Third-Party Doctrine.2014.
U.S. v. Carpenter
[1]U.S. v. Carpenter, 819 F.3d 880 (6th Cir. 2016).
[2]Id. at 884.
[6]Carpenter, 819 F.3d at 884 (citing 18 U.S.C. §2703(d)).
[7]Carpenter, 819 F.3d at 886 (citing Katz v. United States, 389 U.S. 347 (1967).
[8]Carpenter, 819 F.3d at 886 (citing Katz v. United States, 389 U.S. 347 (1967).
[9]Id. at 886.
[11]Ariane de Vogue, Supreme Court takes on Major Fourth Amendment case, (Nov. 29, 2017),
[12]Vogue, supra at 76.
[13]Vogue, supra at 76.
[14]Vogue, supra at 76.
Cell-site Simulators
[1] U.S. Dep’t of Justice, Department of Justice Policy Guidance: Use of Cell-Site Stimulator Technology at 2 [hereinafter DOJ Cell Site Policy], how cell-site simulators function).
[2] DOJ Cell Site Policy, supra note 80, at 2.
[3] See, e.g., Devlin Barrett, Americans’ Cellphones Targeted in Secret U.S. Spy Program, WALL ST. J., Nov. 13, 2014, available at– 1415917533; Kim Zetter, The Feds Are Now Using ‘Stingrays’ in Planes to Spy on Our Phone Calls, WIRED (Nov. 14, 2014, 2:14 PM),
[4]Committee Report, p. 10.
[5]Committee Staff Report Page 2
[6]Committee Staff Report Page 3
[7] Briefing by Fed. Bureau of Investigation to H. Comm. on Oversight & Gov’t Reform staff (Feb. 11, 2015); see also Letter from Ernest Reith, Acting Assistant Dir., Operational Tech. Div., Fed. Bureau of Investigation, to Frederick H. Bealefeld, III, Police Comm’r, Baltimore Police Dep’t, et al. (July 13, 2011); Pell & Soghoian, supra note 3, at 38.
[8]Committee, p. 4
[9]Committee, p. 4
[10]Committee, p.4
[11]Committee, p.5.
[12]Committee, p.5.
[13]Committee, p.5.
[14]Committee, p.5.



Malware, Ransomware, and Digital Extortion

•April 7, 2018 • 13 Comments

Earlier this year, a hospital in Greenfield Indiana paid a $50,000 ransom to hackers in an effort to retrieve the patient data that was hijacked.[1] The SamSam ransomware attack accessed Hancock Health’s computers through an outside vendor’s account on Thursday, locking out data and changing names of more than 1,400 files to “I’m sorry”.[2] The virus demanded four bitcoins for unlocking the data, which included patient medical records and company emails.[3] At that time the four bitcoins was the equivalent to $50,000. If this happened prior to 1984, prosecutors would have been forced to rely on existing statutes, like wire fraud, to prosecute individuals because there were no specific computer criminal statutes. Today, prosecutors in Internet crime cases punish the release of viruses, worms, or malware to penetrate a computer’s firewall in order to destroy data. 18 U.S.C. § 1030(a)(5).[4] Section 1030(a)(5) criminalizes those who deliberately attack computers or infect data with harmful code.[5]

Malicious software or malware is a specific type of computer software that damages a computer or network of computers through the use of: viruses, spyware, and worms that have the ability to pilfer personal information, send spam, and commit fraudulent transactions without the consumer’s knowledge or consent.[6] Ransomware is computer malware that is installed covertly on a victim’s computer and preventing access to it, followed by demands for a ransom payment in exchange for returning access or not publishing or exposing data held on the computer.[7]Ransomware is a serious threat. Between 2005 and 2014, $57.6 million in ransom payments were made by healthcare organizations to ransomware hackers.[8] Electronic patient records hold much more private information that simply a credit card or debit card number. Social security card numbers, addresses, birthdates, emergency contact information, and more all are included within a patient’s records. A stolen debit card can be replaced, but the information found in medical records can be used repeatedly. But beyond the healthcare setting, there are other businesses and computer users who share similar risks and vulnerability to ransomware attacks. Ransomware can affect various types of computer technology, including desktop computers, laptops, and mobile.[9] Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc.[10] Yahoo, MySpace, Target Corp., Anthem Inc. and Equifax Inc., have all been breached.[11]

The most important federal statute used to prosecute cybercrime is the Computer Fraud and Abuse Act (CFAA), which punishes and deters computer hackers.[12] Most of the computer crimes that the CFAA prohibits are those that involve accessing computers without authorization or exceeding the authorization, and then obtaining information or damaging computer data. Section 1030(a)(5) criminalizes those who deliberately attack computers or infect data with a harmful code. If the result in damage or loss of $5,000 during the year, or modify medical care of a person, cause physical injury, threaten public health or safety, or damage to computer systems used for justice, national defense, national security, or civil liability, then under section 1030(a)(5) the offense is a felony. Section 1030(a)(7) of the CFAA address extortion. This section strictly prohibits threats to harm a computer or data. Here, however, prosecutors have to prove that the defendant has: (1) intent to extort money or any other thing of value, (2) transmitted the threat in interstate or foreign commerce, and (3) made a threat to damage a protected computer, reveal confidential information, or demand money in connection with extortion.[13]

Cybercrime respects no national borders and is often difficult to detect because although online criminals sometimes leave digital footprints, there is no traditional crime scene. The Internet enables anonymous communications that are difficult to trace because of false email headers and anonymous email re-mailers.[14] Beyond the identity issue, there’s also an added issue of jurisdiction. Computer crimes are a global issue and because of the nature of computer networks, malicious computer activity can pass easily through countries. Despite a hacker’s ability to be anywhere in the world when hijacking your computer, for some countries there are Mutual Legal Assistance Treaties (MLATs) put in place. These agreements are between two or more countries, which create obligations under international law for governments to assist one another in criminal investigations and prosecutions.[15] Law enforcement officers or prosecutors use them when they need help to obtain evidence from within another country’s jurisdiction.

However, despite some movements to promote international cooperation one basic problem in the international realm is that there is no consistent definition of what is a computer crime. The Cybercrime Convention covers definitions of computer terminology, appropriate measures taken at the national level, various forms of computer-related offenses, corporate liability, and computer crime procedural law.[16] There is currently no international court for the prosecution of computer crimes. No international court leaves room for jurisdiction issues, which the Convention does not provide a definite or binding answer on. However, in Article 22 of the Cybercrime Convention it states that “when more than one party claims jurisdiction over alleged offense established in accordance with this Convention, the parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution.”

So the questions for discussion are:

  1. Do you think Article 22 of the Cybercrime Convention leaves enough guidance for two parties claiming jurisdiction over an individual for an alleged computer crime offense?
  2. With the difficulties of prosecuting computer crime criminals in mind, would you advise victims of ransomware attacks to comply with a ransom? Why or Why not.
  3. Should there be an international court for the prosecution of computer crimes?
  4. What methods would you advise an everyday computer user to take to reduce the likelihood of an ransomware attack?

[1] Rychaert, Vic, Ransomware attack prompts Hancock Health to pay $50,000 to hackers, IndyStar (Jan. 17, 2018, 12:15 PM),

[2] Id.

[3] Id.

[4] Rustad, Michael J., Global Internet Law in a Nutshell, 236 (2016).

[5] Id.

[6] Podgor, supra note 4

[7] Laws Addressing Hacking, Unauthorized Access, Computer Trespass, Viruses, Malware, National Conference of State Legislatures (Jan. 18, 2018 12:24 PM), [hereinafter NCSL Computer Crime Statutes]

[8] 10-Minute Guide to Healthcare Ransomware Protection, XTIUM (Jan. 21, 2018 11:35 PM),;

[9] Incidents of Ransomware on the Rise, U.S. Fed. Bureau of Investigation (Jan. 17, 2018 2:35 PM), [hereinafter FBI].

[10] Newcomer, Eric, Uber Paid Hackers to Delete Stolen Data on 57 Million People, Bloomberg Tech. (Jan. 17, 2018 9:35 AM),

[11] Id.

[12] 18 U.S.C. § 1030. (The CFAA creates liability for a person who: (1) intentionally access a computer without authorization or exceeds authorized access, and thereby contains information from an protected computer, in violation of § 1030(a)(2)(C), (2) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, in violation of § 1030(a) (4), or (3) intentionally accesses a protected computer without authorization and as a result of such conduct, recklessly causes damage, or causes damage and loss, in violation of § 1030(a)(5)(B)-(C).

[13] 18 U.S.C. § 1040 (a)(7)

[14] Id. at 233

[15] Mutual Legal Assistance Treaties (Jan. 2018),

[16] Id.

Online Gambling Serial Blog – Online Esports Betting (Blog Post 6 of 7)

•April 7, 2018 • 10 Comments

Since online gambling in the United States has caused many legal uncertainties, including how individual states have dealt with various online gambling issues and how the advancements in internet-based technologies have created uncertainty enforcing online gambling issues, it is necessary for there to be more clear rules and regulations regarding legal issues relating to online gambling in the United States. This blog will discuss various online gambling issues in a seven-part serial blog. The sixth blog post deals with the growth of online esports betting.

Over the past decade, major esports leagues such as those for popular games like League of Legends, Overwatch, and Counter-Strike: Global Offensive continue to rise in value at a meteoric pace, projecting to be worth $906 million in 2018 — a figure that includes sponsorships, advertising, media rights, game publisher fees, merchandise and tickets.  [1] It would represent 38% annual growth from 2017, according to market research firm Newzoo. [1] The gambling market that has been created from esports has exploded in recent years. Even with sports betting illegal in the vast majority of the United States, global wagering on esports was projected at $6.7 billion for 2018 in a report by software analytics company Narus and research firm Eilers & Krejcik Gaming. [1] That same report expected the total to approach $13 billion by 2020. [1] By comparison, a 2013 report by the BBC estimated global soccer betting at between $49 billion and $70 billion, which, like the esports report, included both legal and illegal wagers. [1]

In a recent tournament for the League of Legends 2017 Season World Championship, there was a prize pool of $4,596,591. [2] For the 2018 Call of Duty World League Championships, the prize will be $1.5 million. [2] A tournement for Dota 2 broke the record for the largest prize pool in eSports history at $24,787,916. [2] Numerous betting sites have popped up that allow spectators to bet on eSports events and tournaments in the same way they would a football, basketball, baseball, or hockey game. Gamblers can view odds and place bets through bookies on CS:GODota 2League of Legends, and other matches. [2]

A vast majority of cash bets are placed online and are wagered on the outcomes of games and tournaments, much like the traditional sports betting found in Las Vegas. [1] Some other wagers involve fantasy teams or head-to-head matchups in which the bettor is playing, similar to a poker match or a drag race, in which players bet on themselves to win. [1]

Unikrn, as well as companies such as Betway, Pinnacle, William Hill, Ladbrokes, and, offers a sports book and odds via its website, taking bets on the outcomes of esports league and tournament games. [1] Unikrn accepts bets using cash and later this month will accept them using a proprietary cryptocurrency called UnikoinGold — similar to bitcoin — that raised $31.4 million in its Initial Coin Offering (ICO). [1]

Advocates of esports betting believe legalized sports betting will have a significant impact on the esports gambling market, noting that with more sports books taking legal bets in more states, those books inevitably will adopt esports into their betting offerings, given the rapid growth of competitive gaming. [1]

Just as traditional sports have encountered instances of fixed games, so too has the fledgling esports scene. [1] Twenty-one players accused of fixing competitive matches for the game Counter-Strike: Global Offensive were banned from future professional events for orchestrating the outcomes of matches in 2015. [1] In March, two men, one who ran an illegal gambling site and the other a pro player, were arrested for fixing a StarCraft tournament match. [1] Recently, James Watson, head of esports at Sportradar, stepped down from his role as after it emerged that he was betting on professional esports matches. [3] Sportradar said Watson had placed the wagers via licensed esports betting website Unikrn, thus violating company policy. [3] Sportradar provides data streams for various professional sports to bookmakers and uses this data to work alongside a host of organizations to ensure integrity in matches. [3] However, while Sportradar acknowledged Watson had been betting on matches, after conducting an internal review on the matter, the company also said that its integrity services for esports were not impacted in any way by the incident. [3] As Yegor Zubarets, the founder of CyberBet.Ninja, an esports betting site put it best, “[t]the main trouble is the maturity of eSports audience and big amount of fraud from the site of the eSports betting sites that lead to great disappointment and lack of trust from the gamers worldwide.” [4]

Like the United States, many countries have vague or intolerant gambling laws that leave esports betting and online betting in ambiguity. However, residents of the following countries may legally bet on esports: The United Kingdom, New Zealand (at overseas websites), Australia, Spain, Taiwan, Macau, Korea, and Japan. [5] While rules and regulations are in place for traditional sports and traditional sports betting, the same isn’t true for esports and online betting. This means that there is no legal support in the case of cheating, bet manipulation, or failures to pay out. [5]

In Nevada sports books, esports betting falls outside of the state’s sports betting structure. Instead, esports are listed under “other events,” as are bets on the NBA draft or the Heisman Trophy winner, for example. [1] Questions thus remain on whether esports will be regulated similar to regular online sports betting or will be considered a different type of online betting such as in Nevada.

Should esports betting be classified as sports betting for regulatory purposes? With a lack of information on some esports league, how can esports leagues create a better environment to ensure that the integrity of the games is guaranteed and no match-fixing takes place? Should there be an “integrity” fee added to sports betting sites if they allow esports betting in the future? This is a new online gambling field and I look forward to seeing how the esports betting industry continues to grow into the future.