Archive for the 'Criminal Law' Category

Don’t Forget: Trump’s Name Found in Panama Papers

Just a few days back, multiple Pulitzer Prize winning journalist Jake Bernstein released a report detailing the first appearance of President Trump in the financial scandal that is the Panama Papers. This is not the only time Trump’s name appears in the papers, the name Trump is in there nearly 3,500. But not all of these necessarily involve Trump himself and, frankly, just being in the papers at all isn’t always an issue by itself. It’s important to understand the context of Trump’s appearance and exactly what the Panama Papers–and the later Paradise Papers–are.

The Panama Papers, leaked back in 2015, are so named because they were taken from a Panama based law firm specializing in forming offshore corporate entities known as Mossack Fonseca. The leak was substantial, 11.5 million financial documents involving nearly 215,000 offshore corporate entities substantial. Offshore entities aren’t illegal in and of themselves–although they’re obviously illegal when used for tax fraud. However, these documents quickly became infamous both for the high profile individuals and companies whose names appeared therein or were connected to those who appeared and because an enormous number of entities turned out to be shell corporations involved in tax evasion, fraud, money laundering for criminal organizations, and evading international sanctions.

Obviously the sheer number of documents made parsing the information contained within a herculean task, thus the revelations still coming out years later. This situation was made even more overwhelming as the Paradise Papers were leaked in last few months.

Second only to the Panama Papers in sheer amount of the data leaked, they incorporated even more documents than their denser predecessor with 13.4 million documents on offshore investments. The documents came from a law firm known as Appleby. This leak dealt mostly dealt with situations that involved legal tax havens–although there were certainly several sketchy situations that caused embarrassment and drew greater scrutiny on companies such as Apple–already investigated by the U.S. Senate in 2013 over allegedly taking advantage of tax havens in Ireland and Bermuda.

It’s important to distinguish that the practice of using a tax haven–moving money to places where they have very little in the way of regulations on income–is at least legally distinguishable from illegal tax evasion. To be frank, a certain amount of efforts to minimize what you pay in taxes is just common sense. However, these are the sort of tax havens which have caused companies, and wealthy individuals, to draw criticism for gaming U.S. tax laws.

panama papersTrump is not alone among leaders with financial interests found amongst the leaked papers. For example, Iceland Prime Minister Sigmender Gunnlaugsson resigned his office after the papers showed he had not disclosed some relevant financial interests when he took office. Trump also isn’t the only person in his administration who has shown up in the papers. Let’s look at exactly what these recent revelations really show–and what they don’t show.

Trump in the Panama Papers

The recent reports on Trump’s appearances on involve a sale by Trump of a New York condo in Trump Palace to a shell company known as Process Consultans (that is not a typo, it is unclear if the corporation was made in haste or if the lack of a “t” made the company harder to find). “Consultans” was owned entirely via bearer shares–a common means of transferring property anonymously. Bearer shares usually see quite a bit of regulation due to how commonly they are involved in money laundering.

Let’s make it clear, this is mostly important now because it is first chronological occurrence of Trump himself being identified in the Panama Papers out of the nearly 3,500 times his name appears. The Panama Papers contain crucially important information on financial goings on and potential crimes across the world. However, the information here is incredibly thin. There is little on how much Trump actually knew, the sale took place in 1994, there are essentially no remaining documents on the apartment rental prior to 2005 (none of which involve “Consultans”), and “Consultans” itself is about as easy to find information on as you’d expect a shell company named “Consultans” to be. The primary criticism here has been Trump’s failure to ask questions about who was purchasing his real estate, especially when it was in such suspicious circumstances. These suspicious circumstances have been exacerbated by revelations in the papers regarding others in his administration.

Trump Administration in Paradise Papers

The Paradise Papers last month revealed financial ties which have drawn more heat on the Trump Administration–specifically U.S. Secretary of Commerce Wilbur Ross. The papers revealed Ross has a financial stake (to the tune of $68M) in a Russian energy company partially owned by Kirill Shamalov. Shamalov is Vladimir Putin’s son-in-law, his father Nikolai Shamalov is currently under U.S. sanctions. These revelations are mostly an issue due to the larger political situation, the lack of full disclosure by Ross in his confirmation hearings, and–most importantly–that these holdings were some of the few investments Ross chose to keep even after assuming his position.

Several politicians have called for inquiries into this from the Government Accountability Office or GAO. There is the potential for legal wrongdoing here, but honestly the smell of impropriety is likely greater than the any real potential for criminal misbehavior here. If nothing else the situation has given rise to a great deal of debate in regards to the exact outlines of the disclosure requirements before taking a position such as Secretary of Commerce and reflection on whether those requirements are sufficient.

The Importance of the Papers

Trump has been criticized for his financial connections before, and many these accusations are well founded. In his campaign he professed to owning 515 separate companies, however only 378 of them can be found registered in Delaware. It’s far from a stretch to imagine Trump has offshore holdings which may appear in the Panama Papers. However, offshore holdings aren’t illegal in and of themselves (again, barring tax fraud) and the information so far is a bit too thin to draw any substantial conclusions from. What is clear is that the Panama and Paradise Papers leaks have revealed financial goings on at a level hitherto unthought-of, tax money hidden or sheltered away from the U.S. government, fraud, and more.

Many politicians on both sides of the aisle and internationally have seen their financial goings on popping up in the Panama or Paradise Papers (or both). Queen Elizabeth, church leaders, Queen Noor of Jordan, one-time Democratic Presidential hopeful Wesley Clark, and even Madonna. The level of involvement of each person is sometimes hard to put together from the facts in the papers and sometimes clear.

However, they have for the most part published explanations for their holdings or involvement. Trump–the “America First” president–has had essentially no comment individually for the thousands of times his and his company’s name appears in the papers regarding offshore holdings–the type often used for money laundering or seeking tax havens from the U.S. government. There certainly needs to be more information before drawing conclusions on an individual level. However, the Panama and Paradise papers have revealed, and will continue to reveal, financial workings that are important even beyond what they imply from individual to individual.

Uber Data Breach and Why We Need New Digital Security Regulation

Uber Technologies Inc., joins Yahoo, Target, Equifax, and other companies as a target for hackers. Hackers allegedly stole personal data of 57 million Uber users and drivers. The hackers stole names, email addresses, and phone numbers from Uber riders and drivers from around the world. 600,000 U.S. driver license numbers were also stolen. Uber claims that no social security, credit card information, or trip details were taken. The shocking part is that Uber attempted to coverup the hack for a year instead of disclosing it to the public.

Uber’s former chief security officer, Joe Sullivan, and a deputy paid the hackers $100,000 to keep quiet about the hack. The company tracked down the hackers and asked them to sign nondisclosure agreements. Uber executives passed off the payment and nondisclosure agreements as a planned event where the hackers were paid in advance to test vulnerabilities in Uber’s system.

uberA Market for Corruption

Uber’s coverup is absolutely the wrong way of handling a hack into a business’s systems. The U.S. Securities and Exchange Commission requires that hacks be disclosed to investors to protect them from financial abuse (ironically, the SEC waited until September this year to disclose they had been hacked in 2016). Several states, including California, where Uber is headquartered, also mandate that companies disclose if their computers have been breached.

The New York attorney general’s office has opened an investigation into the matter. Two class-action lawsuits have been filed against Uber in federal courts in California.

Uber’s failure to disclose has potentially harmed investors, users, and drivers. The class action lawsuits claim that the company’s failure to disclose the hacks prevented users and drivers from contacting their financial institutions or from taking any action to prevent identity theft. Investors who spent money on Uber were also harmed, as Uber’s plans for an initial public offering in 2019 may either be delayed, or the company’s stock worth may be dramatically lower than originally forecasted.

Additionally, the coverup may lead to more hacks in the future. The F.B.I has warned against paying ransoms to hackers, since such payments will encourage hackers to invade other companies or even the same company again to secure more money.

21st Century Cyber Security

It is pretty obvious now that America needs massive change in how it handles cyber security. Major companies in every sector are being targeted. The current Presidential administration is being investigated by a special because of allegations involving hacking. Even the government watchdog charged with overseeing whether companies are disclosing hacks, has been hacked!

Although we have laws requiring that companies publicly disclose any hacks into their systems, such laws do not seem to be enough. Companies and government agencies alike need to learn how to prevent cyber security breaches. I’m not going to pretend to be a cyber security expert, but there are dozens of pending laws before state lawmakers that address the issue. The shocking thing about that list how many laws didn’t make it. Not all of them need to be enacted, but laws that criminalize the installation of malware, require data encryption in certain industries,  or to create anti-hacking infrastructure should at least get a second glance in the wake of all these hackings.

TripAdvisor Under Fire for Blocking Reviews of Rape and Injuries

The popular trip planning website, TripAdvisor, is under fire for alleging deleting user reviews of criminal activity in hotels. The Milwaukee Journal Sentinel published a story revealing that TripAdvisor had deleted reports of rapes, injuries, and even deaths among tourists in Mexico.  U.S. Sen. Tammy Baldwin (D-Wis.), has urged the Federal Trade Commission (FTC) to investigate TripAdvisor to protect consumers from potential fraud.

Dozens of people have alleged that TripAdvisor silenced them by deleting their posted stories and then alerting the user via email. According to the emails, TripAdvisor removes many negative reviews because the website views the reviews as “hearsay,” “off-topic” or in violation “family friendly guidelines.”

It is unknown how many reviews TripAdvisor has deleted. TripAdvisor relies on users with special privileges to manage its website. However, the company refuses to disclose how its moderators are selected. TripAdvisor has responded quickly by rolling out a new warning system that marks resorts where safety concerns have been reported in the media. The company has promised to make other changes so that travelers can share their traumatic stories.

tripadvisorIs It a Crime to Stop Someone From Reporting a Crime?

Generally, non-emergency personal (police, firefighters, paramedics, etc.) have no duty to report a crime. If I see someone mugging another person outside my window and don’t report it to be police, generally I wouldn’t be liable for not saying anything to the police.

Of course, different states often have exceptions to that general rule.  For example, California imposes a duty to report if a school official, medical professional, or therapist knows about a child being molested and fails to disclose it to law enforcement. Other states may have similar laws expanding aiding and abetting a crime to include failure to report certain crimes.

TripAdvisor presents a slight different question. Instead of failing to report a crime, TripAdvisor is taking down reports of crimes. Is that illegal?

Although potentially immoral, TripAdvisor hasn’t committed a crime. Generally, the law contemplates reporting a crime to law enforcement, not to the public at large.  It would be illegal to intercept communications to a police officer in order to ensure that the police don’t find out about a crime. However, removing a review on a website is not the same as preventing the police from discovering a crime. If that were illegal, newspapers and media outlets would be committing a crime by choosing to report on some crimes and not others.

Fraud and Libel from Both Directions

TripAdvisor’s reviews open it to allegations of fraud from consumers and libel from the businesses being reviewed. If TripAdvisor takes down negative reviews that are real, TripAdvisor may be misleading travelers into believing that a hotel or business is safe when in fact it is not. On the other hand, if the reviews are false and the business is harmed by the negative reviews, TripAdvisor may be guilty of libel. This knot is complicated by the fact that the company is not the one writing the reviews, but the users online.

The good news for TripAdvisor is that most of the businesses suing for libel probably wouldn’t make it very far. States like California have anti-SLAPP laws; laws that prohibit strategic lawsuit against public participation. Lawsuits that are designed to intimidate defendants from publicly criticizing others can be stopped by the right SLAPP law. Moreover, the truth is always a defense against libel. As long as the allegations of rape or criminal activity in the review is true, businesses generally won’t have a real claim against review sites like TripAdvisor or the reviewers on the website.

A review website removing content is a relatively new claim. Yelp.com has been sued for refusing to remove negative reviews, but the refusal to post negative reviews might be groundbreaking. However, it is doubtful that the reviewers would be able to successfully bring a such a claim. In order to file a lawsuit, the petitioner needs to show that he or she would be harmed by the defendant’s actions. Review sites like TripAdvisor or Yelp might harm people who read only positive reviews, but the people who post the missing reviews wouldn’t be harmed.

Even if the readers were to be harmed, it’s not clear that the review website would be liable. Suppose I go to TripAdvisor, read about a great hotel, and then get robbed when I at the hotel I found on TripAdvisor.  I later find out that TripAdvisor removed four reviews about mugging at the hotel because the website thought the reviews were only “hearsay.” Obviously, the thief would be the one response for actually stealing my stuff. Absent a legal duty to warn me about crime in the area, TripAdvisor would not be liable for its failure to warn.

However, TripAdvisor could be liable for misleading me about the safety of the area. TripAdvisor holds itself out to the public as a business that screens the services and safety of other businesses. If TripAdvisor modifies their reviews so that the reviews are less reliable, I could say they are misleading me about how their services work.

Attorney General Sessions Wants to Look at Your Phone

A backdoor from tech companies like Google and Apple allowing access to encrypted information stored on suspects devices has been something on the federal law enforcement wish list for some time. Similarly, there has been a push and pull between law and enforcement and tech companies over how much access these tech companies allow the government when it comes to the stored information of customers.

For instance, just a few years ago an email service known as Lavabit closed its entire business after refusing to comply with a court order allowing the U.S. government broad access to user emails. The exact breadth of the order was and is confidential. but it was enough that the company chose to close its doors rather than comply. The government has also turned to outside sources such as grey hat hackers to access password protected information on an iPhone. This led to an odd reversal of the usual dynamic where Apple was asking the FBI to reveal the security vulnerability in their own technology.

There is obviously a push and pull between the government’s interests in security and the public’s expectation to privacy in communications sent online and information stored through online services and on private phones, computers, or other devices. However, AG Jeff Sessions doesn’t think there’s much debate. Sessions has recently condemned tech companies for blocking access to encrypted data on mobile phones. He complains that tech companies have blocked FBI access to around 7,500 devices in the last year. He also says this is an act supporting terrorism.

Privacy vs. Security Under the Constitution

Regardless of how you feel about the balancing act between security and privacy, Sessions’ position is an immense oversimplification of an incredibly complex legal situation. Privacy rights come from many sources. These include state laws, statutes applying to specific situations and a more nebulous privacy right to privacy which the Supreme Court has ruled can be imputed from the combination First, Third, Fourth, Fifth, and Ninth Amendments–this is referred to in law as the penumbral rights of privacy and includes quite a few rights. Perhaps most relevant here is the Fourth Amendment right against unreasonable search and seizure.

The strength of this right generally hinges on a person’s reasonable expectation of privacy. It’s agreed that this is quite strong when you’re in your home, but the strength of your expectation of privacy varies drastically depending on the situation. How the right applies to data is a complicated situation–it’s generally agreed to apply to a locked phone as you’ve taken steps to ensure the privacy of the information on that phone–the same could generally be extended to a password protected computer or other device.

attorney general sessionsThis kind of shoots in the foot AG Session’s assertions that not allowing the government to bypass these protections is a legally reprehensible action akin to supporting terrorism. At the very least, a broad assertion that every situation where tech companies decline to provide access to a phone is a bit rich when that information is often constitutionally protected from search without a warrant.

But when it comes to seeking information from a third-party such as a tech company the protections on this information become even more complex. The Fourth Amendment generally considers you to have relinquished your expectation of privacy when you knowingly reveal that information to a third party. The key words here being “knowingly reveal.”

It’s undisputed that you entrust the security of an enormous amount of information to third parties–storing information on the cloud, using an email service provided by another, sending a message through a third-party’s service, basically any situation which involves storing information on a third-party server–an incredibly common situation in today’s digital age. Where this happens, no warrant is required to access your information–instead the government only requires a subpoena and prior notice.

As you can imagine, this has the potential to undermine your rights in an enormous amount of information. It is common for the government to seek information from the third parties you have “disclosed” the information to–often email providers, telecommunications companies and ISPs. However, given how little many people know about the exact details of how their data is handled or disclosed it’s often a bit of a stretch to describe using an email server of something similar as “knowingly disclosing.” What’s more, this exact issue is something the Congress has already addressed to some extent through legislature such as the Electronic Communications Privacy Act, the Federal Wiretap Act and especially the Stored Communication’s Act (SCA).

To discuss these in full is the work of a textbook. However, the SCA is likely the most relevant to AG Sessions’ assertions and the protections on at least some of the data you “share” by using common online tools such as email or messaging services. A locked phone is almost certainly off the table in most situations–breaking a customer’s encryption is not only undermining a business’s entire brand but doing so at the behest of the government without a warrant is arguably unconstitutional. The SCA makes it similarly illegal for companies storing your online communications to disclose your data to the government in many situations, the data you store on your phone may often not even be disclosed from a source beyond the phone itself. Failure to comply with the SCA can lead to serious legal repercussions for the tech company violating the SCA’s rules.

What is the Stored Communications Act?

So obviously if a company doesn’t keep your communications private and it happens often enough the company will lose any credibility with the public and lose business. It makes sense that tech companies are careful with choosing whether to share user information and when to not just roll over.  The SCA adds another consideration for these companies–providing a statutory source of protection like the protections of the Fourth Amendment for internet communications sought by the government and–in some cases–non-government entities. The SCA commonly applies to information such as emails and, after a 2010 court case–social media messages (but not open messages on a wall or comments unless the user is restrictive of access to these communications).

The SCA specifically protects the contents of digital communications stored on the internet as well as some appealingly non-content information which can be used to identify the contents of a communication such as subject headers. “Contents” is quite a broad legal concept and includes any information regarding the substance, import, or meaning of a communication. In general, however, non-content information can be disclosed without consent. Protected data cannot be shared with the government unless the person who made the communication consents to it.

If the information is less than 6 months (or more accurately 180 days) old the SCA applies the standards of a warrant before the government can access the information. After these 6 months are over, the standard of protection drops substantially and requires only a showing that the information could be relevant to an ongoing criminal proceeding. Routine business information such as location data–obviously not a communication–only requires a court order based on articulable facts for the government to demand it from a tech company.

The SCA makes it a crime to access without authorization or exceed authorization granted in accessing electronically stored communications. Where an ISP or company that stores your communications shares those communications in violation of the SCA they’re going to face serious repercussions. It can also create a civil action against both the company and the government for the person who made the improperly shared communication. It does not allow access to data stored outside the U.S. unless the user associated with the communications is a U.S. citizen.

Just over a month ago, Sessions’ own department strengthened the SCA. As written the SCA provides the ability for the government to impose gag orders on ISPs and tech companies–preventing them from even telling their user that they have disclosed their information. This is available with a government showing that such a notification would put a person or investigation at risk. The departments new approach limits the duration of these gag orders to one year and only if necessary. It also requires them to provide a more thorough explanation of why the gag order is necessary. The change is considered a response to a case related to the SCA brought by Microsoft last year. However, it certainly is odd to have the head of a department condemn protecting online privacy after his own department strengthened it barely a month ago.

Your Privacy is More Complicated Than AG Sessions Believes

Admittedly the SCA is not a perfect law, it doesn’t age with technology as well as it could and often relies on court rulings to update how it treats more modern technology–it isn’t even really settled how the timing of SCA protections apply if you don’t open an email.  It doesn’t cover nearly as much as it could, and potentially as much as it should. Congress has not updated the law since it was originally passed over 30 years ago. However, it is an example of how the law values tech companies protecting your private data. To condemn tech companies for following the law is an unfortunate position for the government’s top lawyer.

The SCA and the Fourth Amendment are far from the only things limiting companies from disclosing user information or allowing access to an encrypted phone. Beyond the condemnation of the public if a company doesn’t keep your data safe and private, a company must follow its own privacy policies. Most privacy policies include carve outs for complying with court orders and it is far from uncommon to include provisions which state that a company will fully cooperate with any or some types of government investigation. However, this is far from a blanket truth. Where these carve outs don’t exist the release of information protected under a privacy policy would lead a company to face serious issues from the FTC.

While security and the investigations of the FBI are incredibly important, it’s far from unreasonable to expect the information you store online to have some privacy protections. In today’s world the sheer amount of information stored in this manner is mind-boggling. It is outright dangerous to the public to demand tech companies to relax their security protocols and Sessions demanding blanket access to the government is very nearly an irresponsible suggestion. Tech companies should be lauded, not condemned, for rigorously protecting the privacy rights of their customers.

Understanding the Sexual Assault Allegations that Rock Capitol Hill

The latter half of 2017 has been a tsunami of sexual assault allegations against prominent politicians and Hollywood men. In most states, sexual assault is unconsented intention sexual contact for sexual gratification. These allegations have dire political consequences and potential legal consequences. Al Franken may soon be under Congressional ethics investigation, Roy Moore is taking a beating in the polls of his Senate race, and Trump is still President.

However, not all sexual assault allegations are created equal. But to prove a crime, prosecutors must show that the defendant committed the act with a criminal intent. For example, if the defendant hits another person with his car because that person owed him money, then the defendant is guilty of vehicular assault.  If the defendant hit the victim by accident, then there would be no intent and thus no crime. If the defendant didn’t hit the victim, then there would no act and thus no crime (with exceptions for attempted crimes).

Regardless of the political costs, the legal fallout will be different for each man based on the evidence and the potential criminal charges each man might face.

Roy Moore

Roy Moore faces the most significant potential criminal charges: sexual abuse with a minor. Under Alabama state law, 1st degree sexual abuse is a Class C felony. A conviction can result in up to ten years in prison, a $15,000 fine, and registration as a sex offender. Although the statute of limitations for crimes is usually five years in Alabama, child sexual abuse is one of the crimes that is exempt from the statute of limitations.

capitol hillFortunately for Moore, the evidence against him is the weakest of the three cases. Other than the accusers’ testimony, the only evidence that exists is circumstantial evidence. The yearbook proves that Moore was lying about not knowing the alleged victim and the ban from the mall collaborates Moore’s admittance that he liked to date girls who were barely legal. However, neither proves that Moore had sexual contact with a 14-year-old girl or attempted to rape a 16-year-old. The yearbook suggests that Moore thought of the 16-year-old in a sexual manner, but it’s unknown whether Moore tried anything beyond being a creepy and egomaniac Assistant District Attorney.

Al Franken

Senator Franken could be indicted with fifth degree criminal sexual conduct, whereby he engaged in nonconsensual sexual contact, which is a gross misdemeanor. It would not be a higher degree because there are no allegations of penetration and there was no reasonable fear of imminent physical harm, since there were other people around and the accuser was asleep. A conviction would lead to one year in prison and a $3,000 fine for first time offenders.

Franken’s case involves strong evidence outside the accuser’s testimony: a photograph where Franken is grabbing or attempting to grab the accuser’s breasts. Going back to the elements of a crime, the photograph is evidence of a sexual act, though no intent is established. The fact that the accuser was wearing a bullet proof vest is of no significance. The photographer, Franken’s brother, testifies that the photograph was taken in jest and that the accuser was actually awake and in on the joke.

Franken’s best defense, if the accuser’s testimony is discounted, is that he did not touch her for sexual gratification. Most states define sexual assault as unconsented intention sexual contact for sexual gratification. It is legally possible to intentionally touch someone’s sexual parts without consent if the purpose was not for sexual gratification.

When might that happen? If a woman fainted and a man was trying to resuscitate her by performing CPR, he would have to touch her mouth and chest. CPR would require intentional non-consented touching of otherwise private body parts, but most states would not prosecute for sexual assault because the CPR was done for non-sexual purposes.

The example is extreme, but if the sexual contact was not for sex, there cannot be sexual assault. If Franken grabbed the accuser’s breasts while she was asleep as a joke, there would no sexual purpose and he would not have committed sexual assault (though assault and battery would still be an issue).

Obviously, we cannot excuse every allegation of sexual assault as a joke. In Franken’s case though, there are facts that do support the argument. He had a long career as a comedian prior to becoming a senator and these allegations occurred during a Saturday Night Live skit. I am not excusing his conduct; his behavior was appalling and he should resign his Senate seat. However, there may not be enough evidence to convict Franken of a criminal offense.

Donald Trump

The allegations against the 45th President are well documented now. Trump is the opposite of Franken in many respects. The now infamous “pussy grabber” Hollywood Access video shows that Trump has criminal intentions, even if there is no evidence of sexual acts other than the testimony of the women against him (in contrast with the photograph of Franken’s act, but without an intent to prove it was sexual).

The White House is insistent that Franken should be investigated, but Trump is absolved because Franken has apologized while Trump (and Moore) have denied all allegations. There’s two things wrong with this logic. First, denial does not mean one is innocent. There are thousands of prisoners who have pleaded not guilty and have never confessed to a crime. Second, we should have higher standards for our elected representatives.

We might assume that men are innocent until proven guilty in a court of law, but that is not the standard for employment. If a hiring manager at a McDonalds or Walmart had any doubts about whether an employee had sexually abused or harassed women in the workplace, that employee would be terminated. Why do we have lower standards for Senators and the President of the United States than cashiers at retail stores or fast food restaurants?  Men like Trump, Moore, and Franken have no business representing us and they should all resign.