Recently the Massachusetts Supreme Judicial Court ruled that under certain circumstances, a court may compel a criminal defendant to provide the password to encrypted digital evidence without violating the defendant’s constitutional rights. This is an increasingly prevalent issue that has divided courts across the country and may be presented to the United States Supreme Court for review soon.
Leon Gelfgatt was indicted in 2010 for allegedly operating a mortgage fraud scheme that fraudulently collected more than $13 million. During the investigation, Massachusetts state troopers seized four computers, all of which were protected by encryption software that Gelfgatt refused to remove. Lawyers for the Commonwealth of Massachusetts filed a motion in Superior Court asking the court to compel Gelfgatt to enter the password for his encryption software so that law enforcement could review the contents. The Superior Court denied the motion, stating that the Commonwealth was asking for the defendant’s assistance in accessing potentially incriminating evidence.
In a 5-2 ruling, the Massachusetts Supreme Court reversed the lower court ruling and held that police could compel Gelfgatt to decrypt his files, because he told investigators that the computer belonged to him and he had the encryption key. The majority opinion reasoned that Gelfgatt’s disclosure to investigators that he had the password to access the encrypted materials was sufficient to satisfy the “foregone conclusion” exception to the Fifth Amendment protection against self-incrimination. The court did not specify if Gelfgatt would have been compelled to decrypt the computers if he did not tell law enforcement that he owned the computers and had the ability to decrypt them, which may limit the reach of this opinion.
In a strong dissenting opinion, two justices found compelling a criminal defendant to decrypt the files is the functional equivalent to forced self-incrimination.
After the decision, one of Gelfgatt’s lawyers indicated that they planned to appeal the decision to the U.S. Supreme Court, which has not yet considered the issue that has divided jurisdictions across the country. In 2012, the U.S. Court of Appeals for the Eleventh Circuit held that a man under criminal investigation could not be compelled to decrypt his computer hard drives for the government without a showing by the government of specific knowledge about the contents of the hard drive, an opinion referred to by the dissenting opinion in this case.
In a time when law enforcement is increasingly relying on digital evidence in building cases against criminal defendants, issues regarding encryption and password protected materials will continue to arise. We hope the Supreme Court will grant an appeal and clarify that law enforcement cannot compel criminal defendants to decrypt files without violating the Fifth Amendment right against self-incrimination.
U.S. Court of Appeals Decision: Cell Location Data is Protected Under Individual’s Expectation of Privacy
The U.S. Court of Appeals for the Eleventh Circuit recently considered whether cell site location data is protected by the Fourth Amendment. On June 11, 2014, the court issued its decision in favor of privacy rights: the court held that cell site location information is within the cell phone subscriber’s reasonable expectation of privacy. If officers want the data, they must obtain the subscriber’s consent or a judicial warrant supported by probable cause.
The court’s decision in United States v. Davis pertained to Quartavius Davis, a federal defendant who was convicted in Florida on multiple counts of robbery, conspiracy, and possession of a firearm. For his crimes, Davis was sentenced to roughly 162 years in prison.
On appeal, Davis argued that his convictions and sentence should be reversed. Among other things, Davis argued that the trial court erred in denying his motion to suppress cell site location data, which the prosecution used to place Davis near the various crime scenes. Investigators were able to obtain the data without a probable-cause warrant. They did so under a provision of the Stored Communications Act, which states that a court may order production of non-content cell phone records based on reasonable grounds to believe the records are material to an ongoing criminal investigation. Davis objected that the evidence in his case should be suppressed because it was the product of a warrantless search conducted in violation of his constitutional rights.
The Eleventh Circuit agreed with Davis, holding that cell site location information is within the subscriber’s reasonable expectation of privacy. Speaking for the three-judge panel, Judge Sentelle discussed two distinct views of the interests subject to Fourth Amendment protection: property interests and privacy interests. The court determined that the privacy theory applied to Davis’ case. Because Davis had a reasonable expectation of privacy in his cell site location information, the government’s warrantless collection of that data violated Davis’ Fourth Amendment rights.
The Davis opinion is arguably the most protective of individual rights as compared to similar appellate decisions. In September 2010, the Third Circuit held that officers can obtain cell site data under the Stored Communications Act as long as they meet the reasonable-grounds standard. But the court also added that, in exceptional cases, a judge may impose a warrant requirement for data that can be used to track an individual’s movements in a private location, such as the home.
In July 2013, the Fifth Circuit issued a less-protective decision. In that case, the court held that individuals do not have a reasonable expectation of privacy in non-content cell site data. Therefore, the court must order the production of such information when the government meets its burden of proof under the Stored Communications Act.
The Supreme Court has yet to decide the issue. But past Fourth Amendment cases suggest that no fewer than five sitting Justices favor the privacy theory that Judge Sentelle relied on. They are likely to agree that cell phone subscribers have a reasonable expectation of privacy in their cell location data.
Court: Police Need Warrant to Search Phone. But Guess What? They Get to Keep Your Phone While They Get One.
Will cops still get access to cell phone data post arrest? You bet. Today’s Supreme Court decision just means they need to get permission from a judge before they start searching who you have been texting. And odds are very good, that permission will be granted.
In a unanimous decision authored by Chief Justice Roberts, the United States Supreme Court held that law enforcement officers may not conduct warrantlesssearches of cell phones that are seized incident to an arrest. But just because police cannot immediately search mobile phones, doesn’t mean they cannot immediately seize them in connection with an arrest. Indeed, the benefit of today’s decision by our country’s highest court may be limited to the two defendants who brought the case (and of course any similarly situated defendants).
The named defendant in Riley v California is David Riley. After Riley was stopped for a traffic violation, he was arrested and the police officer seized his cell phone incident to that arrest. When the officer accessed the data on the phone (without a search warrant), he noticed the repeated use of an identifier associated with the Bloods street gang. Later, a detective reviewed the cell phone records and noticed gang-related content, including a photo of Riley standing in front of a car that was used in a shooting weeks earlier. Riley was convicted of multiple crimes related to that shooting and received a sentence of 15 years to life.
The second case resolved today involved Brima Wurie, who had been arrested in connection with a drug sale. After Wurie’s arrest, police took him to the police station where officers confiscated his flip phone. A few minutes later, Wurie’s phone showed an incoming call from “my house.” The officers opened the phone, accessed the call log to determine the number of the incoming call, and then traced the number back to Wurie’s apartment, which they secured. After obtaining a search warrant, the officers searched the apartment and seized drugs, a gun, ammunition, and cash. At trial, Wurie was convicted on three drug-related counts and sentenced to more than twenty years in prison.
The key here to note is that in neither case did law enforcement obtain prior permission to search the cell phones belonging to Riley and Wurie. The narrow question presented to the Court therefore was whether it is permissible for law enforcement to search cell phone data incident to an arrest where no court has authorized such a search. In holding that such a search violates the Fourth Amendment of the US Constitution, the Court considered but rejected as not relevant prior cases where so-called “warrantless” searches passed constitutional muster. For example,
· In Chimel v. California, the Court recognized that the Fourth Amendment permits warrantless searches of the arrestee and areas within his immediate control if necessary to protect officer safety or to preserve evidence.
· In Arizona v. Gant, the Court held that officers may search a car incident to arrest if the arrestee is unsecured and within reaching distance of the passenger compartment or if the officer reasonably believes evidence of the crime of arrest may be found.
Because there were no such exigent circumstances present in Riley or Wurie’s arrest, the Court concluded that the need for cell phone data searches does not outweigh the corresponding intrusion on individual privacy, and thus a warrant was required. This of course is the right result. Digital cell phone data does not, by itself, of course, threaten officer safety. And a warrantless search of cell phone data is not necessary to preserve evidence. The Court recognized an individual’s privacy interest in digital cell phone data is considerable: cell phones have immense storage capacity, collect many types of records in one place, and often contain years’ worth of data.
In this regard, today’s decision is a victory for privacy rights. Law enforcement officers will not be permitted to conduct warrantless searches of cell phones for digital evidence. But if you are arrested, don’t assume law enforcement will let you keep your phone. Today’s decision may not allow for a warrantless search of your phone, but there is nothing prohibiting law enforcement from securing a phone post-arrest and seeking permission from a court to search it. And the chances that a court will grant such a request are close to 100%.
In a sentencing hearing yesterday in the Southern District of New York, yet another judge reached the conclusion that the quasi-mathematical formulaic approach of the United States Sentencing Guidelines fails to account adequately for differences between criminal defendants. But, in this case, the result was to the detriment of the individual being sentenced in that case.
Judge Jed Rakoff made headlines in October 2012 when he sentenced former Goldman Sachs director Rajat Gupta to a two-year prison sentence despite an advisory Guidelines range of 6-1/2 to 8 years (and an even higher range pressed by prosecutors and the Probation Department). As we wrote here at that time, in ordering a significant downward variance, Judge Rakoff bemoaned the Guidelines’ attempt to treat human beings and their attendant complexities as “commodities,” and the “bizarre results” that follows that approach.
In yesterday’s sentencing hearing for Anatoly Golubchik, Judge Jesse Furman focused on a different manner in which the Guidelines fail to account for differences from case to case. Golubchik had entered a guilty plea to a single count of participating in a racketeering conspiracy from in or about 2006 through in or about April 2013. The government alleged that this racketeering conspiracy engaged in illegal gambling, threats of violence, and laundering of approximately $100 million.
Under Section 2E1.1 of the Guidelines (applicable to racketeering), Golubchik’s base offense level was the greater of 19 or the base offense level applicable to the underlying conduct. That underlying conduct was the operation of an illegal gambling business, for which Section 2E3.1 provides a base offense level of 12. Thus, Golubchik’s base offense level was 19, and, despite the laundering of millions of dollars, the Probation Department calculated the advisory Guidelines range as 21 to 27 months.
In its submission prior to sentencing, the government argued that the Court should grant an upward variance from that range based, in part, on the failure of the Guidelines to reflect adequately the extent of Golubchik’s offense. The Court ultimately ordered the parties to be prepared to address at sentencing whether it should grant an upward departure under Section 5K2.0 on the ground that the offense conduct presented a circumstance of a kind or to a degree not adequately taken into consideration by the Guidelines. The issue was joined, in large part, simply because the Guidelines applicable to illegal gambling – unlike the Guidelines applicable to many other offenses – do not include an upward enhancement based upon the amount of money involved according to the loss table set forth in Section 2B1.1 of the Guidelines. (The Guideline applicable to money laundering (Section 2S1.1) directs the application of the offense level for the underlying conduct if that level can be determined; otherwise, it would incorporate an enhancement from the loss table.)
During argument on this issue, Judge Furman pushed Golubchik’s counsel to “concede that two defendants, one convicted of racketeering offenses involving gambling amounting to $2,000 and two, a defendant convicted of racketeering offenses [involving] gambling involving $100 million” are treated the same under the Guidelines. Transcript of April 29, 2014 Hearing at 56.After hearing the parties’ argument, Judge Furman ordered an upward departure on that basis:
I do believe and find that a departure is warranted under Section 5K2.0, whether the problem is with the gambling guideline, namely 2E3.1, or the money laundering guideline, namely 2S1.1, by de-linking completely the offense conduct from the amount of money involved with the direct money laundering, the guidelines failed to distinguish, in my view, between run-of-the-mill gambling cases and run-of-the-mill racketeering cases involving gambling, and cases like this one involving a massive, sophisticated gambling operation that spans continents and involves upwards of $100 million.
Id. at 61. In addition to noting the failure of the gambling Guideline to consider the amount of money involved, Judge Furman noted the “anomaly created by the fact that for third-party launders the loss table is used to calculate the guidelines range.” Id. Based in large part on this issue, Judge Furman sentenced Golubchik to 60 months in prison – a sentence more than double the top of the advisory Guidelines range.
Our purpose in commenting on this hearing is not to criticize Judge Furman’s ultimate decision in sentencing Golubchik. Rather, we do so because Judge Furman’s identification of the “anomaly” created by the gambling and money laundering Guideline sections presents yet another manner in which the Guidelines simply fail to deliver on their promise to provide a mathematical formula for determining a sentence consistent with the mandate in Title 18, United States Code section 3553. Of course, one solution would be simply to tie those Guideline sections to the loss table. But given the growing – and, in our view, well-deserved – criticism of the application of the loss table in the Guidelines, this would simply make matters even worse. We instead view the analytical conflict identified by Judge Furman as yet another factor that should ultimately lead to the demise of the Guidelines as a useful tool for federal sentencing.
Appellate courts do not often reverse a trial judge’s decision to grant a new trial, so we took notice when the First Circuit did so in United States v. Carpenter. Given the case history, the First Circuit decision should help to answer an important question: How much leeway do prosecutors have when summarizing evidence in closing arguments?
In 2005, a jury convicted Daniel Carpenter on nineteen counts of wire and mail fraud. The charges pertained to Carpenter’s operation of Benistar, a company that handled “like kind” exchanges for owners of investment property. Under federal law, investors may defer capital gains on the sale of investment property if they exchange it for another property of like kind. In order to qualify, the seller or “exchangor” must complete the exchange within 180 days of the initial sale and must not take possession of sale proceeds in the interim. To meet the requirements, exchangors usually rely on a qualified intermediary to hold the exchange funds until they are reinvested. Benistar’s business as a qualified intermediary gave rise to the charges against Carpenter.
The government alleged that Carpenter obtained investors’ exchange funds by fraud. At trial, the prosecution argued that Carpenter persuaded investors to contract with Benistar by misrepresenting that their funds would be managed conservatively for a modest return of 3 to 6%. According to prosecutors, Carpenter made the representations knowing full well that the money would be used for high-risk trades. The jury apparently agreed, returning a guilty verdict on all counts.
Carpenter requested a new trial, which the trial judge granted due to the government’s repeated use of a gambling metaphor in closing arguments. The court noted that the evidence against Carpenter was sufficient for a conviction, but not overwhelming. The government may have tipped the scales by arguing that Carpenter had gambled with investors’ money hoping to make millions for himself. It was possible the jury convicted based on moral disapproval of gambling rather than evidence of fraud.
In a divided opinion, the First Circuit affirmed, largely deferring to the trial court’s assessment.
At the end of the re-trial, the government omitted the gambling metaphor, focusing instead on Benistar’s marketing materials, contracts with investors, and Carpenter’s profit motive. Again, the jury returned a guilty verdict on all counts having deliberated for roughly two hours.
At Carpenter’s request, the trial judge ordered a third trial, but not for reasons advanced by the defense. This time, the judge was troubled by the jury’s two-hour deliberation. He observed that it would be nearly impossible for jurors to walk through the evidence for nineteen different counts in two hours. They must have taken a shortcut. Thus, the judge ordered a new trial on grounds that the prosecutor had invited jurors to employ certain presumptions based on mischaracterizations of evidence. For one, the government implied that Benistar’s marketing materials made express misrepresentations about the safety and security of investor funds. In reality, the marketing materials supported only an inference to that effect. The government also invited jurors to presume that qualified intermediaries are prohibited from using exchange funds for high-risk trades, when that is not the case. Moreover, by emphasizing Carpenter’s profit motive, the government may have encouraged jurors to convict for “greed” rather than fraud.
On appeal, the First Circuit disagreed and reinstated the guilty verdict. A unanimous panel held that the prosecution’s statements were permissible summations of the government’s theory of the case, not mischaracterizations of record evidence. The government had argued that Carpenter took in millions based on false pretenses that Benistar would keep the exchange funds safe and secure. That argument was not improper, as the trial court found, because the prosecution followed it with a discussion of specific evidence supporting that conclusion. Similarly, the government argued that “like kind” transactions are typically conservative—not so the jury would convict based on some imaginary statutory violation or breach of contract, but to establish that Carpenter knew Benistar’s risky investment strategy differed from investors’ expectations. And the government’s references to Carpenter’s profit motives were equally permissible. Those comments went to prove Carpenter’s specific intent for the fraud, which was to make more money.
A comparison of the two appellate decisions suggests that the district court erred because it failed to see the forest for the trees. By treating each of the government’s questionable statements in isolation, the court found support for a new trial. But the statements had to be considered in context. In context, the prosecution’s comments were not mischaracterizations of evidence but main points of the government’s theory, which the prosecution supported from the record.
Given Carpenter’s pro-defense trial judge, it’s unclear why the defense opted for a third jury trial. In hindsight, Carpenter may have fared better by ditching the jury request in favor of a bench trial.
Last month, federal prosecutors in Nevada filed a motion to dismiss an indictment that shined a bright light on overly broad federal criminal statutes and the abuse of prosecutorial discretion in using them.
John Kane and Andre Nestor were each charged in an indictment in January 2011 with one count of conspiracy to commit wire fraud and one count of computer fraud in violation of the Computer Fraud and Abuse Act (CFAA), the same law that was used to prosecute Internet activist Aaron Swartz and Andrew Auernheimer.
The indictment alleged that Kane and Nestor used an exploit on video poker machines to defraud casinos and win money that they were not entitled to, which “exceeded their authorized access” on the machines in violation of the CFAA. Kane, who reportedly spent an extremely significant amount of time playing video poker, discovered a bug in the software of the video poker machine that allowed for him, and later his co-defendant Nestor, to achieve large payouts on certain slot machines through a series of moves where he switched games and made bets at different levels. There is absolutely nothing illegal about pressing buttons on slot machines to change the amount of money you are betting or to switch games you are playing, but the prosecution alleged that doing this exceeded lawful access. The court agreed with the defendants and ruled in favor of their motion to dismiss the CFAA count in the indictment.
The CFAA was enacted in 1986 to protect computers that there was a compelling federal interest in protecting, such as computers owned by the federal government and certain financial institutions. The CFAA has been amended numerous times since it was enacted to cover a broader range of computer related activities and there has been recent discussion on Capitol Hill of amending it further. The CFAA prohibits accessing a computer without proper authorizationor it is used in a manner that exceeds the scope of authorized access. The law has faced steep criticism for being overly broad and allowing prosecutors wide discretion by allowing them to charge individuals who have violated a website’s terms of service.
In November, after filing nine stipulations to continue the trial date, the government filed a motion to dismiss the remaining conspiracy to commit wire fraud charges against both Kane and Nestor because “the government has evaluated the evidence and circumstances surrounding court one [wire fraud conspiracy] and determined that in the interest of justice it should not go forward with the case under the present circumstances.”
Although the charges were ultimately dismissed,the issue remains that these charges never should have been brought in the first place. Kane and Nestor had to deal with open criminal charges against them for nearly three years. There are proper uses for statutes such as the CFAA, but the people and the courts should demand that the government only use them for their intended purposes. Prosecutions taking broad and unjustified interpretations of these statutes are not justified.
Cybersecurity, Federal Criminal (Other), Federal Criminal Procedure, Fraud, White-collar crime
District Court Holds Anti-Retaliation Provision of Dodd-Frank Act Does Not Apply in Case Virtually Lacking Any U.S. Connections
A recent decision in the United States District Court for the Southern District of New York has reinforced the United States Supreme Court’s jurisprudence on the extraterritorial application of federal statutes.
In Liu v. Siemens A.G., the plaintiff asserted that he was fired as a consequence of his disclosure of business practices by his employer in connection with sales in China and North Korea that he believed to be in violation of the Foreign Corrupt Practices Act, and sought damages from Siemens under the anti-retaliation provision of the Dodd-Frank Act. But the multinational character of the case – with almost no contacts with the United States – led the Court to grant Siemens’ motion to dismiss on the ground that the anti-retaliation provision of Dodd-Frank has no extraterritorial application.
In Morrison v. National Australia Bank, the United States Supreme Court significantly limited the extraterritorial reach of federal statutes that do not affirmatively provide for such application. That case involved alleged fraud in the shares of an Australian bank whose shares were not sold on any American exchange, and involved purchases of those shares outside of the United States. Though the bank had American Depositary Receipts (ADRs) the Supreme Court affirmed dismissal of the securities fraud claims in that case.
The Liu case reaffirmed this principle based on a tailor-made set of facts. As the Court explained: “This is a case brought by a Taiwanese resident against a German corporation for acts concerning its Chinese subsidiary relating to alleged corruption in China and North Korea.” The Court noted that the only contact with the United States was that Siemens had ADRs traded on an American exchange, just as was the case in Morrison.
In granting Siemens’ motion to dismiss, the court observed that the anti-retaliation provision of the Dodd-Frank Act is silent as to extraterritoriality – a fact that the court viewed as weighing heavily against a finding of extraterritoriality. The court also noted that other parts of the Dodd-Frank Act do provide for extraterritoriality – making the silence of the anti-retaliation provision even more meaningful. The court also observed that the only other court to consider this issue also ruled against extraterritorial application of this portion of the statute.
While the court engaged in a lengthy discussion of whether the disclosures at issue fell within the scope of the statute, it ultimately concluded that there was no need to resolve that issue given that the statute simply did not apply to this conduct lacking almost any connection to the United States. The court’s decision signals a willingness of the federal judiciary – at least in the context of civil litigation – to limit the extraterritorial reach of federal statutes where Congress has failed affirmatively to provide for such an application of the statute. On the other hand, the case leaves open the question of whether a court might rule otherwise in a case in which there were greater contacts with the United States.
Privacy and national security interests are notoriously tricky to balance. Lean too far one way, and you lose an important tool in preventing and detecting crime; lean too far the other way, and you are depriving Americans of their liberty through persistent government intrusion and observation. This balancing act has been an especially hot topic given recent revelations about the National Security Agency’s surveillance and data-gathering networks. While attention has been focused on the NSA and the mass surveillance disclosures that took place earlier this summer, a particularly startling revelation about the FBI’s actions has flown largely under the radar.
A recent New York Times article revealed that the FBI has been gathering information from suspects by remotely hacking into their electronic devices and covertly tapping into the information that can be found on and through the devices. The FBI accomplishes this in much the same way that criminal, civilian hackers do: by delivering spyware to the devices through web or email links. When the user clicks on the link, either on a computer or a smartphone, the government can use the spyware either to collect existing files or to activate the device’s recording devices for continuing surveillance. According to the article, one former U.S. official confirmed that the FBI can remotely activate the microphones in phones running the Android operating system to record conversations.
This sort of government intrusion goes well beyond the NSA’s acknowledged collection of telephone and email metadata. This spyware is programmed to collect full conversations, real-time photos and videos, and stored files of all types, from devices that people have near them 24 hours a day. This type of intrusive government intrusion into a device in which an individual has a reasonable expectation of privacy is the type that the Constitution’s Fourth Amendment is meant to address. And, in theory, it does. The FBI and other law enforcement agencies are required to obtain a warrant each time that they implement this technology to gather content such as computer files, and must meet a stricter standard for wiretaps when conducting surveillance using the webcam or microphone.
As technology advances, it becomes easier for the government to watch our every move. Whereas once the government could listen to conversations only on wiretapped telephones or bugged areas, it is now able to keep an open microphone on a device that people keep on them no matter where they are. We hope that law enforcement and the courts will seek and allow the use of this incredibly invasive and effective technique only rarely where no other surveillance is sufficient and not as a matter of course in standard investigations.
A split among the U.S. courts of appeals is taking shape over the threshold requirements for the government’s ability to obtain historical cell phone location data, in the wake of a July 30, 2013, ruling by the U.S. Court of Appeals for the Fifth Circuit.
That court held that a U.S. district court must order a cell phone service provider to produce a subscriber’s cell site data when the government presents specific and articulable facts showing reasonable grounds to believe that the records are relevant and material to an ongoing criminal investigation.
The case began in 2010, when federal authorities in the Southern District of Texas filed applications for cell phone data in connection with three criminal investigations. The applications, submitted under § 2703(d) of the Stored Communications Act, requested 60 days of subscriber information and cell site data for specific cell phone numbers.
Section 2703 states that the government may require third-party service providers to turn over their subscribers’ cell phone data as long as the requisite burden is met. Generally speaking, authorities may obtain substantive communications, i.e., “content” records, without notice to the subscriber, but only based on probable cause as required by the Fourth Amendment. “Non-content” records, on the other hand, may be obtained on a lesser showing.
Thus, service providers may be compelled to turn over details of a subscriber’s call history, including numbers called, session times, and the duration of calls. To obtain non-content data, the government must offer “specific and articulable facts showing that there are reasonable grounds to believe that the . . . information sought [ is] relevant and material to an ongoing criminal investigation.” The statute provides that an order may be issued by any court of competent jurisdiction and shall be issued only if the government makes the required showing.
The magistrate reviewing the applications granted the government’s requests for subscriber information but denied the requests for cell site data. Although the government had met its burden under the statute, the magistrate held that compelled production of location data would constitute a warrantless search in violation of the Fourth Amendment. The district judge affirmed.
On appeal, the Fifth Circuit considered two issues. First, the court considered whether the Act requires the issuance of an order for non-content records when the government meets the “specific and articulable facts” standard or, alternatively, whether district courts may impose a higher burden. Second, the court considered whether the compelled production of cell site data constitutes a “search” under the Fourth Amendment.
On the first issue, the court held that an order must issue when the government meets the “specific and articulable facts” standard: the test is both a necessary and sufficient condition for an order under § 2703. The court resolved the tension between the statute’s permissive and mandatory terms by explaining that any court of competent jurisdiction may order the production of historical location data; but, if the government meets its burden under the statute, the court must issue an order compelling production of non-content data. Under such circumstances, district courts may not deny the government’s request or impose a warrant requirement.
The Fifth Circuit answered the second question by holding that compelled production of cell site data is not a “search” under the Fourth Amendment. The court’s decision rested on its conclusion that location data are simply the service provider’s business records, not data from a tracking device. As the court explained, the service provider stores and collects cell site data voluntarily for its own business purposes, not on behalf of the government. Additionally, the records concern commercial transactions to which the service provider is a party. Unlike content data, the subscriber’s location information is intended solely for the provider, who needs it to complete the subscriber’s calls.
The court explained further that subscribers do not have a reasonable expectation of privacy in cell site data. Subscribers know full well that phone service depends on transmission of the caller’s location data. And even if that were not common knowledge, subscribers would still have no reasonable expectation of privacy in location data because the provider’s terms of service and privacy policies explain how the data are used, collected and stored. Armed with that knowledge, subscribers make informed choices about whether and how they use their cell phones.
The Fifth Circuit opinion is fascinating, especially because of the tension it creates with a Third Circuit case decided just weeks before the government filed its applications in Texas. Like the Fifth Circuit, the Third Circuit considered whether a court may deny an order for historical non-content records when the government makes the requisite showing under § 2703(d).
First, that court held that orders based on “specific and articulable facts” are not per se unconstitutional. But unlike the Fifth Circuit, the Third Circuit held that § 2703(d) establishes the conditions necessary, but not the conditions sufficient, for an order. In other words, courts can still require probable cause in limited circumstances. The court’s holding followed logically from its conclusion that, at least in some cases, cell phones are like tracking devices. And when historical cell site data is used to track a suspect’s physical movement in places where the suspect has a reasonable expectation of privacy – the home, for example – the Fourth Amendment may require a showing of probable cause. The Third Circuit held that, in such cases, district courts may require a warrant.
Disputes over government access to historical cell site data are far from over. If these cases are any indication, these rulings will hinge on whether courts deem cell phone location data to be more like third-party business records or more like data from a tracking device. Since a clear split among the circuit courts seems to be developing, it appears fairly likely that the U.S. Supreme Court will take up the issue soon.
A recent decision by U.S. District Judge John Gleeson in the Eastern District of New York may be the harbinger of new limits on the government’s ability to use a prosecutorial tool of which it has become very fond lately – the deferred prosecution agreement. Judge Gleeson’s assertion that a district court has a right to approve or disapprove the use of a DPA in a criminal case has the potential to change entirely the way in which the government uses these agreements.
The government frequently uses DPAs in criminal cases against large companies as a means of leveraging the threat of criminal conviction to get the company to correct practices that the government believes to be illegal.
A DPA is a formal written agreement that customarily provides that criminal proceedings against the company will be held in abeyance for a period of years during which the company agrees to take steps, subject to monitoring, to correct its past misdeeds. The DPA is commonly filed along with a criminal information that commences a criminal case, and the parties then request that the court stay any proceedings in the case for the period defined in the DPA. If the company complies with the terms of the DPA, the government will dismiss the case at the conclusion of that period.
Because the government implements a DPA through the commencement of a criminal proceeding, however, it must contend with the application of the speedy trial statute during the period of deferral. The parties usually request jointly that the time period be excluded from the calculation of the 70-day period within which the trial must otherwise commence pursuant to statute. 18 U.S.C. § 3161(c)(1).
In United States v. HSBC Bank USA, N.A., 12-CR-763 (E.D.N.Y.), the government filed an information on December 11, 2012, charging HSBC Bank USA, N.A. with violations of the Bank Secrecy Act, 31 U.S.C. § 5311 et seq. (including, among other things, willfully failing to maintain an effective anti-money laundering policy) and with willfully facilitating financial transactions on behalf of sanctioned entities in violation of the International Emergency Economic Powers Act, 50 U.S.C. §§ 1702 & 1705 and the Trading with the Enemy Act, 50 U.S.C. App. §§ 3, 5, 16. On that same day, the government also filed a DPA, a Statement of Facts, and a Corporate Compliance Monitor agreement. The government filed these documents as exhibits to a letter requesting that the court hold the case in abeyance for five years in accordance with the terms of the DPA and that the court exclude that time from the speedy trial clock.
In responding to this request, Judge Gleeson surprised the parties by asserting that he had the authority not only to rule on the request to exclude time from the speedy trial clock, but also to accept or reject the DPA itself. In a written opinion issued on July 1, 2013, Judge Gleeson acknowledged that the court’s authority did not stem from Fed. R. Crim. P. 11(c)(1)(A) (dealing with plea agreements to predetermined sentences) or from Section 6B1.2 of the United States Sentencing Guidelines (which addresses policy statements on the acceptance of such pleas). Rather, Judge Gleeson concluded that the court’s general supervisory power over criminal cases – to ensure that the integrity and fairness of those proceedings – vested the court with authority to approve or reject the DPA.
In so concluding, Judge Gleeson noted that the government retains “absolute discretion not to prosecute,” and noted that a non-prosecution agreement “is not the business of the courts.” Judge Gleeson further noted that the government “has near-absolute power under Fed. R. Crim. P. 48(a) to extinguish a case that it has brought.” But once the government and the defendant chose to build into their DPA the filing and maintenance of a criminal prosecution – albeit one expected to be held in abeyance – the government gave up its largely unfettered discretion. “There is nothing wrong with that,” Judge Gleeson observed, “but a pending federal criminal case is not window dressing.”
“Nor is the Court,” Judge Gleeson noted, using Brendan Sullivan’s famous observation from the Iran-Contra hearings, “a potted plant.” If the parties chose to seek the court’s imprimatur on the DPA by involving the court in the process, they also subjected the DPA to the review and approval of the court pursuant to its supervisory authority over its proceedings.
Judge Gleeson’s self-described “novel” application of the court’s supervisory powers in this context is part of a pattern of increased judicial scrutiny of certain tools used in obtaining the cooperation of companies that are the focus of criminal investigations. Judge Gleeson noted the recent history of cases in which efforts to gain corporate cooperation had run afoul of companies’ attorney-client privilege and work product protections or its employees’ Fifth or Sixth Amendment rights, and noted that there are other hypothetical situations in which a company’s obligation to cooperate could be used in an improper manner.
Ultimately, Judge Gleeson approved the DPA in this case but also noted that the court’s approval was subject to continued monitoring of its execution and implementation.
If other judges follow Judge Gleeson’s lead, this may signal a change in the way in which prosecutors use DPAs. Historically, a DPA permitted the government to retain virtually unlimited discretion in its dealings with the party that entered into that agreement. To the extent that courts will now be more alert to potential abuses of cooperation arrangements, DPAs may be fairer to companies but may also become less attractive to prosecutors.
In asserting authority to approve or reject a DPA, Judge Gleeson readily acknowledged the broad discretion of the Executive Branch in exercising prosecutorial discretion. But if DPAs continue to incorporate the filing of criminal informations that are then held in abeyance, the courts may indeed be more than just drop-boxes for those filings – or more than just potted plants.