It sits in your house, passively recording everything you say. It knows what you like. It knows what you listen to. It knows what you buy. It knows who’s in the room with you. And now, it might tell the police all about it.
“It” is the Amazon Echo, a revolution in the “internet of things.” The Echo is a smart speaker that connects directly to Amazon’s cloud-based personal assistant service, Alexa. It can play music; give you the traffic, weather, and news; handle your shopping; put things on your calendar; play games; and even respond appropriately to a wide array of cultural references, all in response to voice commands. If you have the right add-ons, Alexa can even control your entire home, dimming your lights, adjusting the thermostat, and locking the doors.
It does this by passively listening for a given activation phrase—the default is “Alexa.” Generally, Alexa does not record anything else (although it may store up to sixty seconds at a time in a buffer). Once it hears its name, Alexa will begin recording and will send what follows to Amazon for processing—both to respond to a given request, and to store to improve responsiveness later. On one hand, this means that Amazon is not actually recording everything you say, but only those specific commands directed to Alexa. On the other hand, it means that Alexa is always listening.
This became relevant in a recent murder case in Bentonville Arkansas, in which police obtained a warrant for recordings from Amazon of commands given to the suspect’s Echo. It is far from clear what police hope to gain from these recordings; they have a large amount of traditional evidence and, unless the murderer specifically asked Alexa for help, the recordings are unlikely to be incriminating. Nevertheless, an attempt by police to seek recordings from a device that is virtually always listening to us in our homes is extremely disturbing.
These efforts are made even more concerning by recent court rulings on cell phone location data. According to two federal appellate courts, because cell phones send this information to a third party (that is, to cell phone and app providers), it is not considered sufficiently private for protection from searches and seizures. That means that police can access this data—which often allows an individual to be physically tracked from moment-to-moment—without even requesting a warrant.
If this principle is upheld by the Supreme Court (which, so far, has refused to consider the issue), it would mean that police could access daily recordings from the privacy of your own home on little more than a hunch and an informal request. Though many may say they have nothing to hide, I doubt most of us would be comfortable knowing a police officer was looking over our shoulder twenty-four hours a day.
There is one barrier to that terrifying outcome, which is that Amazon has refused to comply with the Bentonville warrant and officers there have decided not to press the issue. Like Apple, Amazon has taken it upon itself to protect its customers’ privacy. But a private company cannot be expected to be the defender of its customers’ civil rights forever.
But until the law catches up to the state of technology, every one of our devices is capable of being turned into an informant against us. And though Alexa can do a lot, it has yet to learn how to invoke its Fifth Amendment right to remain silent. Until it does, you might want to think twice before inviting Alexa–and potentially the police–into your home.
Data breaches are as common as the common cold—unfortunately, just as incurable. Run a news search on “data breaches” and you’ll find that all kinds of institutions—major retailers, tech companies, universities, even government agencies—have been vulnerable at some point. Now run a search on “data breaches,” but include the word “lawsuit.” You’ll find that many of these cases are going to court, but ultimately getting dismissed. What’s going on?
First, you should look at some of these lawsuits more closely: are they filed against the alleged perpetrators of the data breach? Many of them aren’t; those perpetrators are usually hackers who live outside the country or are unable to pay a money judgment. (In legal parlance, that’s known as being judgment proof.) Faced by those limitations, individual victims of data breaches frequently settle for the next best thing: going after the institutions that endured the breach.
Often, this isn’t fair—the institutions are victims too. The point here is that although going after the institutions looks like an easy win from “deep pockets,” that seldom turns out to be the case.
It’s with the third and final point—demonstrating injury—that plaintiffs have the most trouble. Why? Because courts view injury in fiscal terms; you need to show that you actually lost something, not simply that you might. So even if you were the victim of a data breach, as long your data hasn’t yet been compromised, it doesn’t really count as injury.
There have been exceptions, when the court greenlit cases based mainly on speculative injury, but these usually ended in a settlement before a legal precedent could be set. (See cases against Home Depot, Target, Adobe, and Sony.) For the most part, the fiscal view of injury has prevailed—reinforced in 2013, when the Supreme Court, weighing in on Clapper vs Amnesty Int’l, determined that a plaintiff cannot proceed with a data breach lawsuit unless he or she can demonstrate actual injury or at least imminent threat of injury, each one measurable in economic loss. Otherwise, mere perception of injury is too tenuous to establish legal standing, which a case requires to go forward, and the lawsuit will probably get tossed.
The challenge of establishing legal standing recently made its way to the Supreme Court in Spokeo v. Robins. In that case, a plaintiff filed suit against the “people search engine” Spokeo for publishing false information about him. The issue before the Court was this central question of how much injury must be shown for a case to go forward. Prospective plaintiffs were optimistic that the high court would affirm a lower court’s decision that speculative injury was indeed enough. Alas, the Supreme Court sidestepped the issue and punted it back to the lower court for further review. The Court nonetheless reinforced the general tenets that, for a plaintiff to have standing to bring a case, he must allege an “injury in fact” that is both “concrete and particularized.” There is still room for the lower court to broaden the approach to what constitutes an injury, but the Supreme Court’s ruling keeps the status quo in place.
For now, individuals whose data has been compromised generally must be satisfied with what the institutions offer them after a breach occurs: free credit checks and/or access to credit monitors. Do checks and monitoring seem inadequate? Not if you think about what type of harm people face after a data breach. Individuals can detect and report problems in the event someone actually misuses their data. If they keep on top of it, their credit scores will not be impacted. Moreover, credit card companies and other financial institutions will bear the cost of any unapproved charges. In the event of further problems, plaintiffs can then take their injury to the legal system and have their day in court. But at this point, the courts are right to keep this type of class action litigation at bay.
FBI Director James Comey took a rare break from the posturing typical of investigators and prosecutors in the current showdown between Apple and the FBI. While prosecutors argue that Apple’s privacy concerns are a smokescreen to avoid “assist[ing] the effort to fully investigate a deadly terrorist attack,” Comey posted a statement over the weekend in which he took the position that the tension between security and privacy “should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living. It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before.”
Comey’s statement highlights a crucial problem with the development of privacy law: it often is developed in the context of important criminal cases. This comes at a real cost. We all know that Syed Farook committed a horrific crime, and any rights he once had against government searches are now forfeit. But though Apple may have chosen to serve as a limited proxy for its consumers in the San Bernardino case, often the interests of private citizens are wholly absent from the courtroom (or, often, judge’s chambers) when issues of fundamental privacy are debated.
This leads to a serious imbalance: Apple is talking about the diffuse privacy rights of its consumers and the risks of potential incursions by more restrictive, less democratic governments such as China. On the other hand, Manhattan District Attorney Cyrus Vance can point to 175 Apple devices that he cannot physically access even though those devices may contain evidence helpful to the government.
New York Police Commissioner Bill Bratton and one of his deputies put an even finer point on it in an Op-Ed in The New York Times, citing a specific case of a murder victim in Louisiana (more than one thousand miles outside of Mr. Bratton’s jurisdiction) whose murder is unsolved because officers cannot unlock her iPhone, which is believed to contain her killer’s identity. “How is not solving a murder, or not finding the message that might stop the next terrorist attack, protecting anyone?” asks Bratton.
But in assuming that private citizens have no greater fear than whether the police can investigate and prevent crimes, Bratton begs the question. In reality, citizens may see law enforcement as a threat of itself. Learning that the NSA was engaging in comprehensive warrantless surveillance likely has given many law-abiding Americans a greater incentive to protect their data from being accessed by the government. Indeed, in light of the NYPD’s record over the last few years—including a finding by a federal judge that they were systematically violating the rights of black New Yorkers and a lawsuit over religion-based spying on Muslims—it is not hard to see why citizens might want protection against Bratton’s police force.
But even if the police were the angels they purport to be, opening a door for a white hat can easily allow access to a black one. Less than a year ago, hackers used a “brute force” approach to exploit a flaw in iCloud’s security, and dozens of celebrities had their private photos shared with the world. These sex crimes are all but forgotten in the context of the San Bernardino shootings, even though the security weakness the FBI wants installed in Farook’s iPhone is markedly similar to that exploited with respect to iCloud.
Nor do those who wish for privacy need to invoke hackers or criminals. A private, intimate moment with a spouse or loved one; a half-finished poem, story, or work of art; or even a professional relationship with a doctor or mental health professional cannot exist unless they can remain private. Once these interactions took place in spoken, unrecorded conversations or on easily discarded paper; now many of our daily activities are carried out on our mobile devices. Even if one has nothing to hide, many citizens might balk at the prospect of having to preserve their private conversations in a format readily accessible by the police.
But if Mr. Comey has shown unusual insight, Mr. Bratton’s one-sided, myopic question illustrates the importance of Apple’s position and the inability of law enforcement officials to be objective about the interests at stake. Police and prosecutors are not always your friends or your defenders. Their goals are—and always will be—investigating and solving crimes and convicting suspected criminals. The less an officer knows, the harder it will be to investigate a case. As a result, privacy rights—even when asserted by innocent, law-abiding citizens—make their job more difficult, and many officers see those rights as simply standing in their way.
This is hardly news. Nearly sixty years ago the Supreme Court observed that officers, “engaged in the often competitive enterprise of ferreting out crime,” are simply not capable of being neutral in criminal investigations. For precisely that reason, the Fourth Amendment requires them to seek approval from a “neutral and detached magistrate” before a search warrant may issue.
That is why Mr. Comey’s acknowledgement that the FBI is not a disinterested party is so refreshing. Pro-law-enforcement voices have been clamoring to require Apple to compromise the security it built into the iPhone, invoking their role as public servants to buttress their credibility. But when it comes to privacy, the police do not—and cannot—represent the public interest. As Comey acknowledged, they are “investigators,” and privacy rights will always stand as an obstacle to investigation.
Last July, we reported on United States v. Davis, an Eleventh Circuit decision in favor of privacy rights. In that case, a three-judge panel held that cell phone users have a reasonable expectation of privacy in their cell phone location data. If the government wants to collect the data, it must first obtain a probable-cause warrant, as required by the Fourth Amendment.
The groundbreaking decision seemed a clear victory for privacy rights, but the victory proved to be ephemeral. Last year, the en banc court agreed to revisit the question and, weeks ago, declared that subscribers do not have a reasonable expectation of privacy in their cell tower location data. As a result, the government can collect such data from third-party service providers if it shows reasonable grounds to believe the information is relevant and material to an ongoing criminal investigation.
In February 2010, defendant Quartavius Davis was convicted on multiple counts for robbery and weapons offenses. Davis appealed on grounds that the trial court admitted cell tower location data that the prosecution had obtained from a cell phone service provider in violation of Davis’ constitutional rights. An Eleventh Circuit panel agreed with Davis. Speaking for the court, Judge Sentelle explained that Davis had a reasonable expectation of privacy in the aggregation of data points reflecting his movement in public and private places. The government’s collection of the data was a warrantless “search” in violation of the Fourth Amendment.
To reach that decision, the panel leaned heavily on a 2012 Supreme Court case called United States v. Jones. In Jones, the Court announced that the government must have a probable-cause warrant before it can place a GPS tracking device on a suspect’s car and monitor his travel on public streets. The Court so held based on a trespass (or physical intrusion) theory. Absent probable cause, the government could not commandeer the suspect’s bumper for purposes of tracking his movement, even if each isolated movement was observable in public. Several Justices went further, suggesting that the same result should obtain even without a trespass. They hinted that location data might be protected because individuals have a reasonable expectation of privacy in the sequence of their movements over time. It was this persuasive but nonbinding privacy theory that guided the Eleventh Circuit’s panel decision.
On rehearing, the en banc court rejected the panel’s approach. The court noted that Davis could prevail only if he showed that a Fourth Amendment “search” occurred and that the search was unreasonable. He could show neither. To demonstrate a search, Davis had to establish a subjective expectation and objective expectation of privacy in his cell tower location data. But this case involved the collection of non-content cell tower data from a third-party provider who collected the information for legitimate business purposes: the records were not Davis’ to withhold. According to the court, Davis had no subjective expectation of privacy in the data because cell phone subscribers know (i) that when making a call, they must transmit their signal to a cell tower within range, (ii) that in doing so, they are disclosing to the provider their general location within a cell tower’s range, and (iii) that the provider keeps records of cell-tower usage. But even if Davis could claim a subjective expectation of privacy, he could not show an objective expectation. In the court’s view, Supreme Court precedent made clear that customers do not have a reasonable expectation of privacy in non-content data voluntarily transmitted to third-party providers. Because there was no “search,” there could be no violation of Davis’ constitutional rights.
The en banc court explained further that Jones did nothing to undermine the third-party doctrine. For one, Jones involved a government trespass on private property. But the records in Davis were not obtained by means of a government trespass or even a search, so Jones did not control. Additionally, Jones involved location data that was first collected by the government in furtherance of a criminal investigation. By contrast, Davis involved location data that was first compiled by a service provider in the ordinary course of business. Simply put, “[t]he judicial system does not engage in monitoring or a search when it compels the production of preexisting documents from a witness.”
Court: Police Need Warrant to Search Phone. But Guess What? They Get to Keep Your Phone While They Get One.
Will cops still get access to cell phone data post arrest? You bet. Today’s Supreme Court decision just means they need to get permission from a judge before they start searching who you have been texting. And odds are very good, that permission will be granted.
In a unanimous decision authored by Chief Justice Roberts, the United States Supreme Court held that law enforcement officers may not conduct warrantlesssearches of cell phones that are seized incident to an arrest. But just because police cannot immediately search mobile phones, doesn’t mean they cannot immediately seize them in connection with an arrest. Indeed, the benefit of today’s decision by our country’s highest court may be limited to the two defendants who brought the case (and of course any similarly situated defendants).
The named defendant in Riley v California is David Riley. After Riley was stopped for a traffic violation, he was arrested and the police officer seized his cell phone incident to that arrest. When the officer accessed the data on the phone (without a search warrant), he noticed the repeated use of an identifier associated with the Bloods street gang. Later, a detective reviewed the cell phone records and noticed gang-related content, including a photo of Riley standing in front of a car that was used in a shooting weeks earlier. Riley was convicted of multiple crimes related to that shooting and received a sentence of 15 years to life.
The second case resolved today involved Brima Wurie, who had been arrested in connection with a drug sale. After Wurie’s arrest, police took him to the police station where officers confiscated his flip phone. A few minutes later, Wurie’s phone showed an incoming call from “my house.” The officers opened the phone, accessed the call log to determine the number of the incoming call, and then traced the number back to Wurie’s apartment, which they secured. After obtaining a search warrant, the officers searched the apartment and seized drugs, a gun, ammunition, and cash. At trial, Wurie was convicted on three drug-related counts and sentenced to more than twenty years in prison.
The key here to note is that in neither case did law enforcement obtain prior permission to search the cell phones belonging to Riley and Wurie. The narrow question presented to the Court therefore was whether it is permissible for law enforcement to search cell phone data incident to an arrest where no court has authorized such a search. In holding that such a search violates the Fourth Amendment of the US Constitution, the Court considered but rejected as not relevant prior cases where so-called “warrantless” searches passed constitutional muster. For example,
· In Chimel v. California, the Court recognized that the Fourth Amendment permits warrantless searches of the arrestee and areas within his immediate control if necessary to protect officer safety or to preserve evidence.
· In Arizona v. Gant, the Court held that officers may search a car incident to arrest if the arrestee is unsecured and within reaching distance of the passenger compartment or if the officer reasonably believes evidence of the crime of arrest may be found.
Because there were no such exigent circumstances present in Riley or Wurie’s arrest, the Court concluded that the need for cell phone data searches does not outweigh the corresponding intrusion on individual privacy, and thus a warrant was required. This of course is the right result. Digital cell phone data does not, by itself, of course, threaten officer safety. And a warrantless search of cell phone data is not necessary to preserve evidence. The Court recognized an individual’s privacy interest in digital cell phone data is considerable: cell phones have immense storage capacity, collect many types of records in one place, and often contain years’ worth of data.
In this regard, today’s decision is a victory for privacy rights. Law enforcement officers will not be permitted to conduct warrantless searches of cell phones for digital evidence. But if you are arrested, don’t assume law enforcement will let you keep your phone. Today’s decision may not allow for a warrantless search of your phone, but there is nothing prohibiting law enforcement from securing a phone post-arrest and seeking permission from a court to search it. And the chances that a court will grant such a request are close to 100%.
Today, the United States Supreme Court denied New Jersey’s petition for a writ of certiorari to hear an appeal from lower court decisions that invalidated its sports wagering law. This ends a three year fight to bring sports betting to New Jersey’s casinos and racetracks, but NJ State Senator Raymond Lesniak, who has spearheaded efforts to bring sports betting to the state has vowed to continue on.
Last September, the U.S. Court of Appeals for the Third Circuit, in a 2-1 vote with a strong dissenting opinion, affirmed the decision of the district court striking down the state’s sports wagering law as conflicting with the federal Professional and Amateur Sports Protection Act of 1992 (“PASPA”). In February of this year, the state of New Jersey filed a petition for a writ of certiorari asking the Supreme Court to hear the case, which today the Court denied.
The case has far reaching implications, well beyond the future of legalized state sponsored sports betting in the United States, but the Court decided the time was not right to hear the case. In the Supreme Court, the states of West Virginia, Wisconsin, and Wyoming filed an amici curiae brief in support of New Jersey’s petition because of the belief that the Third Circuit decision “raises serious federalism concerns” by forcing states to implement federal policy. The states of Georgia, Kansas, Virginia, and West Virginia filed a similar amici brief in the Third Circuit.
This case raised numerous interesting constitutional issues regarding federalism and the federal government’s ability to dictate state policy, something that the Supreme Court has considered recently in other cases. Last June, in a Voting Rights Act (“VRA”) case, the Supreme Court struck down a provision of the VRA that provided a formula for determining which states are subject to the provisions of the VRA, as unconstitutional. The dissenting opinion in that case specifically recognized PASPA as a statute that treats states disparately and that its validity may now be in question under the equal sovereignty principles that the Court outlined in its opinion.
This is a temporary setback in the fight to bring legalized state sponsored sports betting to states other than Nevada, but the fight will continue. Senator Ray Lesniak has said that he will introduce legislation quickly with the goal of offering sports betting in the state by the start of the NFL season. Although unsuccessful thus far, Congress may also step in to author legislation to amend or eliminate PASPA.
The U.S. Supreme Court recently held that Sarbanes–Oxley extends whistleblower protection, not just to employees of public companies, but to employees of private contractors and subcontractors that serve public companies. In a 6-3 decision, the Court rejected the First Circuit’s narrow construction of the statute in favor of the Labor Department’s more expansive interpretation. Now more than ever, affected contractors and subcontractors need to ensure they have robust policies in place for addressing whistleblower complaints.
Congress passed the Sarbanes–Oxley Act in 2002, the year after Enron’s collapse. The Act was intended to protect investors in public companies and restore trust in financial markets. It achieved these goals in part by providing whistleblower protection: 18 U.S.C. § 1514A makes it unlawful for employers to retaliate against employees who report suspected fraud. The provision certainly protects employees of publicly traded companies. It was less clear whether § 1514A protects employees of private contractors that service public companies. The plaintiffs in Lawson v. FMR, LLC, claimed it did.
Jackie Lawson and Jonathan Lang were employees of private companies that serviced the Fidelity family of mutual funds. As is often the case with mutual funds, the Fidelity funds were subject to SEC reporting requirements, but had no employees. Private companies contracted with the funds to provide accounting and investment advisory services. In this case, the private companies were Fidelity-related entities referred to collectively as FMR. Lawson was a 14-year veteran and Senior Director of Finance for her employer, Fidelity Brokerage Services. She alleged that she was constructively discharged after raising concerns about cost accounting methods for the funds. Zang was an 8-year veteran of Fidelity Management & Research Co. He alleged that he was fired for raising concerns about misstatements in a draft SEC registration statement related to the funds. Both plaintiffs sued for retaliation under § 1514A.
FMR responded by asking the district court to dismiss the claims on grounds that § 1514A protects employees of public companies, not employees of privately held companies. The trial judge rejected FMR’s argument, but the First Circuit Court of Appeals reversed. Months later, the Labor Department’s Administrative Review Board issued a decision in another case, making clear that ARB agreed with the trial judge. Last year, the Supreme Court agreed to consider the question.
On March 4, the Court issued its opinion that § 1514A shelters employees of private contractors, just as it shelters employees of public companies served by those contractors. Speaking for the majority, Justice Ginsburg explained that the Court’s broad construction finds support in the statute’s text and broader context. As relevant to the plaintiffs’ claims, § 1514A provides, “‘No public company . . . , or any officer, employee, contractor, subcontractor, or agent of such company” may take adverse action “against an employee . . . because of [whistleblowing or other protected activity].’” Boiled down to its essence, the phrase in question states that “no . . . contractor . . . may discharge . . . an employee.” In ordinary usage, the phrase means that no contractor (of a public company) may retaliate against its own employees. After all, those are the people contractors have power to retaliate against. According to the Court, if Congress had intended to limit whistleblower protections to employees of publicly traded companies, as FMR argued, Congress would have said “no contractor may discharge an employee of a public company.” The statute doesn’t say that because Congress was not attempting to remedy a nonexistent problem. Enron did not collapse because its private contractors retaliated against Enron employees who tried to report the company’s fraud.
The Lawson Court explained further that its interpretation flows logically from the statute’s purpose to prevent another Enron debacle. Often, the first-hand witnesses of corporate fraud are employees of private companies that service a public company—law firms, accounting firms, and business consulting firms, for example. Without adequate protections against retaliation, contractor employees who come across fraud in their work for public companies will be less likely to report misconduct. The Court’s point was particularly relevant with respect to the Fidelity funds. Like most mutual funds, the Fidelity funds had no employees. A narrow reading of § 1514A would insulate a $14 million industry from retaliation claims. Congress could not have intended that result.
Given the Court’s decision in Lawson v. FMR, LLC, privately held companies that service public companies should consider how best to deal with whistleblower complaints. At a minimum, robust whistleblower policies will (i) safeguard whistleblower anonymity to the extent possible; (ii) encourage whistleblowers to exercise discretion without discouraging them from reporting misconduct; (iii) address the preservation of evidence relating to putative fraud; and (iv) establish procedures for the conduct of internal investigations into suspected fraud.
Supreme Court Grants Cert to Resolve Circuit Conflict on Intent Required to Prove Federal Bank Fraud
On December 13, 2013, the United States Supreme Court granted a certiorari petition in a case that squarely poses the question of what the government must prove with respect to intent in order to convict a defendant of federal bank fraud. There is wide agreement among the Courts of Appeal that, in order to secure a conviction under Title 18, United States Code section 1344(1) (making it illegal “to defraud a financial institution”), the government must prove that the defendant intended to defraud the government and to expose it to a risk of loss. With respect to subdivision 2 of the statute, however (making it illegal to obtain money and the like of a financial institution “by means of false or fraudulent pretenses, representations, or promises”), the Circuits are split six to three – with the First, Second, Third, Fifth, Seventh and Eighth Circuits holding that the same intent requirement applies under either subsection of the statute, and Sixth, Ninth and Tenth Circuits holding that subsection 2 establishes an independent crime that requires only intent to defraud someone (and not necessary a bank) and some nexus between the fraudulent scheme and a financial institution.
In the case in question, Kevin Loughrin v. United States, the defendant was convicted of bank fraud arising from a scheme to make fraudulent returns at a Target store despite the undisputed fact that he did not intend to cause (nor actually caused) any risk of financial loss to the bank. The Tenth Circuit acknowledged that it took the minority view of split Circuits, but nevertheless upheld the conviction, and Loughrin filed a petition for certiorari to the Supreme Court. In his petition, Loughrin emphasized that having different standards for each subsection regularly led to opposite results in factually similar cases.
The Court’s decision in this case could be a game-changer for the way in which prosecutors use the federal bank fraud statute. In many cases – for example, the Black Friday poker cases in the Southern District of New York – bank fraud charges pose the most serious consequences for a criminal defendant but are asserted in cases in which there is no intent to expose the financial institution to loss. A change in the law will change the way such cases are charged by prosecutors, and alter the dynamics of how such cases are negotiated and tried. Whatever the Court’s ultimate decision on the issue, it will bring badly needed clarity to this area of the law.
In a key sentencing decision handed down this year, the United States Supreme Court held that the Ex Post Facto Clause is violated when a defendant is sentenced under provisions of the Federal Sentencing Guidelines promulgated after he committed the crime and those new provisions result in an increased risk of greater punishment. In addition to clarifying the proper application of different versions of the Sentencing Guidelines, this is a particularly significant decision because the Supreme Court has now held that even post-Booker, an error in calculating merely advisory guidelines ranges still invalidates the sentence.
Marivn Peugh and his cousin Steven Hollewell were charged in 2008 with nine counts of bank fraud in connection with a check kiting scheme from 1999 to 2000 that allegedly caused the bank to suffer over $2 million in losses. Hollewell pleaded guilty to one count of bank fraud and was sentenced to one year and one day imprisonment. Peugh pleaded not guilty and went to trial where he testified that he had not intended to defraud the banks. Peugh was nonetheless convicted by the jury of five counts of bank fraud, although he was acquitted of the remaining counts.
At the time of Peugh’s offense (in 1999 and 2000), the 1998 Guidelines were in effect. Under the 1998 Guidelines, the base offense level applicable to his offense was six, and thirteen levels were added for a loss amount of over $2.5 million, creating a total offense level of nineteen. The government argued for an additional two level enhancement for obstruction of justice, which brought the total offense level to 21. Since Peugh was a first time offender in criminal history category I, he had an advisory sentencing range of 37-46 months under the 1998 Guidelines.
When Peugh was sentenced in 2010, the district court applied the 2009 Guidelines which were then in effect. Under the 2009 Guidelines, the base offense level applicable to Peugh’s conduct was now seven, and the enhancement for a loss value of over $2.5 million added an additional eighteen levels. After adding the two level enhancement for obstruction of justice, Peugh’s total offense level under the 2009 Guidelines was 27 – six levels higher than under the 1998 Guidelines. With a criminal history category of I, the advisory range for sentencing was 70-87 months – roughly double the range under the earlier version of the Guidelines. The district court sentenced Peugh to 70 months imprisonment, at the low end of the advisory Guidelines and he appealed the decision.
The U.S. Court of Appeals for the Seventh Circuit affirmed the sentence from the district court and quickly dismissed Peugh’s argument that the sentence violated the Ex Post Facto Clause. Relying on its own 2006 decision in United States v. Demaree, the Court held that the advisory nature of the Sentencing Guidelines post-Booker makes moot any argument that the application at sentencing of an increased Guidelines range at sentencing was not in effect at the time of the offense violates the Ex Post Facto Clause. This ruling was no surprise given that the Seventh Circuit has reaffirmed this proposition twice since it issued its 2006 ruling in Demaree.
The Supreme Court granted certiorari to resolve a Circuit split on this issue. On appeal, the focus of the Court’s analysis was on whether the Guidelines – which, post-Booker, are admittedly advisory – are sufficiently material to judges’ decisions about sentencing to warrant application of the Ex Post Facto Clause. In support of his argument, Peugh relied upon empirical evidence showing the judges are indeed influenced in their sentencing decision making by the Guidelines even if those Guidelines are not binding. On the other hand, the government argued that there was no precedential basis for the application of the Ex Post Facto Clause to a provision of law that is merely advisory.
In its holding the Court emphasized that the intent of the Ex Post Facto Clause was that it “ensures that individuals have fair warning of applicable laws and guards against vindictive legislative action.” Even where these concerns are not implicated, the Court held that the Ex Post Facto Clause also “safeguards a fundamental fairness interest.” The Court noted that, while the Guidelines are advisory, judges are still required, under Gall and by statute to begin their sentencing determination by correctly calculating the applicable Sentencing Guidelines range. The Court noted that continued vitality of the Guidelines in encouraging uniformity in sentencing by creating procedural hurdles that make the imposition of a sentence outside the guidelines range less likely. In doing so, the majority rejected the argument in Justice Thomas’ dissent that the advisory nature of the Guidelines means that do not “meaningfully constrain” a judges’ discretion.
The ruling in Peugh provides clear guidance to district judges that the version of the Sentencing Guidelines to be applied is the one in place at the time that the defendant committed his or her conduct constituting an offense. Of course, the Court’s ruling does not resolve how that principle will apply in cases involving charges such as conspiracy that may occur over a substantial period of time during which there may be multiple versions of the Guidelines. That issue and others will undoubtedly be the subject of litigation to come.
A recent D.C. Circuit Court of Appeals decision narrows the ability of the government to revisit uncharged crimes against a person whose plea has been vacated due to a change in the law.
In 2007, Russell Caso had pleaded guilty to conspiracy to commit honest-services wire fraud, in violation of 18 U.S.C. §§ 371, 1343 and 1346, based on certain conduct during his employment as U.S. Rep. Curt Weldon’s chief of staff. Caso was sentenced to three years’ probation, including a 170-day term of home confinement. In entering its plea agreement with Caso, the government had forgone the right to charge Caso also with a violation of the false statements statute for failing to include certain payments on his annual disclosure statement required by virtue of his status as a federal employee.
Shortly after Caso was sentenced, the U.S. Supreme Court handed down its decision in Skilling v. United States, 130 S. Ct. 2896 (2010) – a decision that substantially limited the permissible reach of Section 1346, the honest-services fraud statute – with the result that Caso was indisputably innocent of the crime for which he was charged and convicted. The government did not dispute this point but nevertheless opposed Caso’s motion to vacate his conviction.
The government argued that Caso had procedurally defaulted his Skilling challenge because he had not directly appealed his conviction on the ground that the conduct to which he pleaded did not constitute an offense, and therefore was barred from raising this issue on a habeas petition. The government also argued that Caso had failed to satisfy the narrow conditions for excusing such a default that the Supreme Court set out in Bousley v. United States, 523 U.S. 614 (1998): (1) “cause” for the default and “actual prejudice” resulting therefrom; or (2) that the defendant is “actually innocent.”
In denying Caso’s petition (which argued only the second of these exceptions), the District Court agreed with the government, and focused on the Bousley Court’s rule that, “[i]n cases where the Government has forgone more serious charges in the course of plea bargaining, petitioner’s showing of actual innocence must also extend to those charges.” (emphasis added) Based on that rule, the District Court held that Caso had to demonstrate his “actual innocence” not only of the crime for which he was charged and convicted (honest-services wire fraud) but also of the separate uncharged offense of making a false statement, a crime that the government argued was at least equally serious as the honest-services fraud charge. Because Caso could not show his actual innocence of the false statement charge in light of the admissions he made as part of his plea agreement, the District Court denied his motion to vacate his conviction and sentence.
The D.C. Circuit reversed this decision based its reading of what constitutes “more serious charges” under Bousley. In doing so, the appeals court rejected the government’s argument that seriousness is to be determined based on the statutory maximum sentence for each crime, and found it far more logical to base the question of seriousness on the way in which each crime is treated in the United States Sentencing Guidelines. Quoting the Supreme Court’s Gall decision, the court noted that Guidelines calculations are still “the starting point and initial benchmark” for every sentencing decision and that “district courts must begin their analysis with the Guidelines and remain cognizant of them throughout the sentencing process.”
The court also noted that the United States Attorneys’ Manual, in directing prosecutors to charge “the most serious offense that is consistent with the nature of the defendant’s conduct,” explains that “[t]he ‘most serious’ offense is generally that which yields the highest range under the sentencing guidelines.”
The court also noted that statutory maxima provide the parties with little useful information in the context of plea negotiations, in part because courts rarely sentence defendants to the statutory maxima. Because the Guidelines treat a violation of the false statements statute less seriously than honest-services fraud, the Court of Appeals held that the forgone false statement charge was not “more serious,” and that Caso need not show his innocence of that charge to support his claimed right to vacating of his conviction for honest services fraud.
The fact that that the D.C. Circuit relied upon the Guidelines as the justification for its ruling is particularly interesting given that recent attacks on the reasonableness of some of the Guidelines (particular the Section 2B1.1 loss tables) have sapped the Guidelines of some of their authority. It is possible that this ruling could change the way in which prosecutors structure their pleas, but circumstances such as this one, in which a defendant is found innocent of convicted charges because of a change in the law, are rare enough that this is not likely. To the extent that courts face similar cases, they will have to address issues left unresolved by the D.C. Circuit, such as whether there must be contemporaneous evidence that prosecutors considered the forgone charge at the time, and whether a crime of “equal seriousness” (and not “more serious”) falls within the Bousley rule.