Category Archives: Law

Court Rules Apple Must Pay Workers for Time Spent Waiting for Exit Searches



The California Supreme Court has ruled that Apple Inc. violated California law when it failed to pay employees in Apple Stores for the time they spend waiting for mandatory bag and iPhone searches at the end of their shifts.

The case is called Frlekin v. Apple Inc. It was filed as a class-action lawsuit against Apple by a group of Apple workers. The workers claimed that they were required to submit to searches before leaving the stores but were not compensated for the time those searches required.

The decision made by the California Supreme Court was written by Chief Justice Tani Cantil-Sakauye, who was appointed by Governor Arnold Schwarzenegger in 2010. A key part of the decision says:

…Applying these factors here, it is clear that plaintiffs are subject to Apple’s control while awaiting, and during, Apple’s exit searches. Apple’s exit searches are required as a practical matter, occur at the workplace, involve a significant degree of control, are imposed primarily for Apple’s benefit, and are enforced through threat of discipline. Thus, according to the “hours worked” control clause, plaintiffs “must be paid”…

…We reiterate that Apple may tailor its bag-search policy as narrowly or broadly as it desires and may minimize the time required for exit searches by hiring sufficient security personnel or employing adequate security technology. But it must compensate those employees to whom the policy applies for the time spent waiting for and undergoing these searches.

According to the Los Angeles Times, Apple has 52 retail stores in California, and that workers are required to submit to exit searches. Employees estimate that waiting for and undergoing searches can take five to 20 minutes, or, on busiest days, up to 45 minutes.


U.S. Department of Justice Arrested Man for Laundering Bitcoin



The Department of Justice has arrested a man who allegedly was running a bitcoin mixing service on the dark web that helped criminals launder bitcoin transactions. ZDNet reported that this was the first case the Department of Justice brought against a bitcoin mixer.

The Department of Justice stated that Larry Harmon, from Ohio, was arrested for his operation of Helix, which the Department of Justice describes as a “Dark-net based cryptocurrency laundering service.” He was charged with money-laundering conspiracy, operating an unlicensed money transmitting business and conducting money transmission without a D.C. License.

According to the indictment, Harmon operated Helix from 2014 to 2017. Helix functioned as a bitcoin “mixer” or “tumblr,” allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin. Helix was linked to and associated with “Grams,” a Darknet search engine also run by Harmon. Harmon advertised Helix to customers on the Darknet as a way to conceal transactions from law enforcement.

The indictment alleges that Helix moved over 350,000 bitcoin – valued at over $300 million at the time of the transactions – on behalf of customers, with the largest coming from Darknet markets. Helix partnered with the Darknet market AlphaBay to provide laundering services for AlphaBay customers. AlphaBay was one of the largest Darknet marketplaces in operation at the time it was seized by law enforcement in July of 2017.

When I hear the phrase “money-laundering”, it makes me think of physical money being sneakily transferred through various businesses and/or bank accounts. I had not considered that bitcoin could also be laundered, but it appears it is possible. I think that this precedent – that you can get arrested for laundering bitcoin – could make those who are currently doing it consider stopping.

Another interesting thing about this case is that it makes it clear that bitcoin isn’t really private. There are apparently ways for law enforcement to track where the bitcoins go, how many bitcoins go were transferred, and the people involved in transferring it.


U.S. Department of Justice and FBI Brought Charges Against Huawei



The U.S. Department of Justice announced that a superseding indictment was returned yesterday in federal court in Brooklyn, New York, charging Huawei Technologies Co. Ltd. (Huawei) the world’s largest telecommunications manufacturer, and two U.S. subsidiaries with conspiracy to violate the Racketeer Influenced and Corrupt Organizations Act (RICO).

Brian A. Benzskowski, Assistant Attorney General of the Justice Department’s Criminal Division; John C. Demers, Assistant Attorney General of the Justice Department’s National Security Division, Richard P. Donoghue, U.S. Attorney for the Eastern District of New York and Christopher A. Wray, Director, FBI, announced the charges.

…As revealed by the government’s independent investigation and review of court filings, the new charges in this case relate to the alleged decades-long efforts by Huawei, and several of its subsidiaries, both in the U.S. and in the People’s Republic of China, to misappropriate intellectual property, including from six U.S. technology companies, in an effort to grow and operate Huawei’s business. The misappropriated intellectual property included trade secret information and copyrighted works, such as source code and user manuals for internet routers, antenna technology and robot testing technology. Huawei, Huawei USA and Futurewei agreed to reinvest the proceeds of this alleged racketeering activity in Huawei’s worldwide business, including in the United States…

According to the Department of Justice, the superseding indictment also adds a charge of conspiracy to steal trade secrets stemming from the China-based company’s alleged long-running practice of using fraud and deception to misappropriate sophisticated technology from U.S. counterparts.

In addition to Huawei, four official and unofficial subsidiaries are also indicted defendants. They include Huawei Device Co. Ltd. (Huawei Device), Huawei Device USA Inc., (Huawei USA), Futurwei Technologies Inc (Futurewei) and Skycom Tech Co. Lt. (Skycom). Defendants also include Huawei’s Chief Financial Officer (CFO) Wanzhou Meng (Meng).


U.S. Charges 4 Chinese Military Members in Equifax Breach



The U.S. Department of Justice said that four members of the People’s Liberation Army, an arm of the Chinese military, have been charged with breaking into the networks of the Equifax credit reporting agency, and stealing personal information of tens of millions of Americans, according to the Associated Press.

This is specifically regarding the data breach that Equifax experienced on July 29, 2017 (which it failed to announce until September of 2017.) The Federal Trade Commission announced in July of 2019 that Equifax had agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the Consumer Financial Protection Bureau (CFPB) and 50 states and territories.

The U.S. Justice Department posted today remarks from Attorney General William Barr, in which he announced the indictment of the four “Chinese military hackers”. Here is a small portion of those remarks:

…Today’s announcement comes after two years of investigation. According to the nine-count indictment handed down by a grand jury in Atlanta, four members of the Chinese People’s Liberation Army, or PLA – Wang Qian, Wu Zhiyoing, Xu Ke, and Liu Lei – are alleged to have conspired to hack Equifax’s computer systems and commit economic espionage. In doing so, they are alleged to have damaged Equifax’s computer systems to have committed wire fraud….

TechCrunch reported that the four alleged hackers were said to be part of the APT10 group, a notorious Beijing-backed hacking group that was previously blamed for hacking into dozens of major U.S. companies and government systems, including HPE, IBM, and NASA’s Jet Propulsion Laboratory.


Department of Justice Charged Evil Corp Hackers with Bank Fraud



The U.S. Department of Justice (and the United Kingdom’s National Crime Agency) announced the unsealing of criminal charges against a 32-year-old hacker who goes by the name “aqua”, of Moscow, Russia. He has been charged with international computer hacking and bank fraud schemes that started in 2009 and spanned a decade. In addition, a second person from Yoshkar-Ola, Russia, was indited for his role related to the “Bugat” malware conspiracy.

Wired reported that these hackers were part of a group called Evil Corp, through which they siphoned off tens of millions of dollars from unwitting victims. Wired provided a good explanation of what the hackers were allegedly doing.

They’d convince victims to click on a malicious link in a phishing email to download Bugat. Once installed, the malware would use a variety of techniques to steal: a keylogger to grab passwords, or creating fake banking pages to trick someone into voluntarily entering their credentials. Armed with that information, the hackers would arrange for electronic funds transfers from victim bank accounts to a network of so-called money mules, who would then get the funds back to Evil Corp.

While I do not condone what these two individuals allegedly did, I cannot help but laugh at the name they chose. Evil Corp sounds like something the bad guy in a cartoon would name their organization.

The name is also used in Mr. Robot, where one of the characters refers to a multinational conglomerate called E Corp as “Evil Corp”. One of the plot lines in Mr. Robot involves hackers wiping out E Bank (the most prominent portion of E Corp) in an effort to free millions of people from debt. To me, it seems like the hackers picked the most obvious name imaginable!


Germany Shuts Down Illegal Data Center in Former NATO Bunker



The Associated Press reported that German investigators arrested seven people in connection with an illegal data processing center that was installed in a former NATO bunker. It was located in Traben-Trarbach, a town that is located near the Mosel River in western Germany.

According to the Associated Press, the German investigators believe the facility served a number of dark web sites. Among them were “Wall Street Market” (drugs, hacking tools, financial-theft wares), “Cannabis Road” (drugs), and “Orange Chemicals” (synthetic drugs). The authorities believe that a botnet attack on German telecommunications company Deutsche Telekom, that happened in 2016, came from this data center.

Krebs on Security posted a drawing of the bunker. According to Krebs on Security, German police reportedly seized $41 million worth of funds allegedly tied to the markets (mentioned above), and more than 200 servers that were operating throughout the underground temperature controlled, ventilated and closely guarded facility. Krebs on Security also reported that German authorities seized at least two Web domains in the raid.

Deutsche Welle reported that in Germany, service providers cannot be prosecuted for hosting illegal websites unless it can be proven that they are aware of and supporting the illegal activity.

From what I’ve been reading about this, it appears that some of the people who were arrested, and some who are being investigated, are allegedly connected to other crimes beyond the illegal data processing center. If so, it seems likely that many people involved will end up with some legal consequences.


California Bill AB5 Turns Contract Workers into Employees



California’s Assembly Bill 5 (AB5) will reclassify many contract workers in California into full employees with benefits. It doesn’t cover all types of contract workers, and is anticipated to affect companies like Uber and Lyft the most.

The New York Times reported that AB5 passed the California State Senate in a 29 to 11 vote. California’s Governor, Gavin Newsom, endorsed the bill this month and is expected to sign it. If signed, the measure will go into effect on January 1, 2020. State Senator Maria Elena Durazo (Democrat – Los Angeles) authored the bill.

The bill redefines “employee” using an existing law that includes an “ABC” test to establish whether a worker is an independent contractor or an employee. It says a worker is an employee if the worker’s tasks are performed under a company’s control; those tasks are central to that company’s business; and the worker does not have an independent enterprise in that trade.

Those who are considered employees under this bill will have access to basic protections such as a minimum wage, unemployment insurance, and perhaps access to health insurance coverage.

Personally, I am an independent contract worker – not an employee. None of the work I do for a living could be considered “central to that company’s business”. That said, people who are part of the gig economy and who drive for companies who produce ride-hailing apps, could be considered employees. They are doing the work that is central to the the business of Uber, Lyft, and DoorDash.

According to The New York Times, Uber and Lyft have “repeatedly warned that they will have to start scheduling drivers in advance if they are employees, reducing drivers’ ability to work when and where they want”. But, this is nonsense. There is absolutely nothing in AB5 that requires companies to “schedule drivers in advance”. It is possible that Uber and/or Lyft will retaliate by raising the prices for rides – but this will ultimately backfire because public transit is always going to be less expensive.

There are lists of professions who are exempt from AB5. Those professions include: doctors, dentists, psychologists, insurance agents, stockbrokers, lawyers, accountants, engineers, direct sellers, real estate agents, hairstylists, commercial fisherman, travel agents, and graphic designers.