Category Archives: Law

Court Rules Turning on Phone Qualifies as Search



A judge has ruled that the act of looking at a phone’s lock screen requires a warrant – in some circumstances. This ruling was made by the Honorable John C. Coughenour in the United States District Court Western District of Washington at Seattle. It seems to me that this ruling requires the FBI to have a warrant before they can look at the lock screen on someone’s phone.

The case is United States of America v. Joseph Sam. It is regarding a motion filed by Mr. Sam’s lawyer arguing that the evidence obtained from looking at the lock screen should not have been sought without a warrant and should be suppressed.

There were two things to consider in this case: the actions taken by the police when they arrested Mr. Sam, and the actions of the FBI taken later. The Court saw these actions as two separate things.

In regards to the actions of the FBI, Judge John C. Coughenour pointed out that the Fourth Amendment protects people from “unreasonable searches and seizures” of “their persons, houses, papers, and effects.” The FBI powered on Mr. Sam’s phone in order to take a picture of the lock screen. In short, the FBI needed a warrant in order to do that, and did not have a warrant. Based on this, the Judge determined that this search was unconstitutional. Mr. Sam’s motion to suppress the evidence the FBI gathered during this search was granted.

Things get a little cloudy in regards to the actions of the police at the time of Mr. Sam’s arrest. It was unclear to the Court why the police “felt it was necessary to power on or manipulate Mr. Sam’s cell phone to properly inventory the phone”.

It was also unclear if that police department procedures require officers to power on every cell phone that they inventory, or whether the police searched the phone. As such, the Judge could not resolve Mr. Sam’s motion to suppress the evidence found during the police’s examination of his phone.

To me, it sounds like the FBI needs to obtain a warrant to power on someone’s phone, and to take a photo of the lock screen, beforehand. Pushing the buttons on a phone in order to activate it counts as a search.


“Zoom-bombing” Could Result in Fines or Imprisonment



The world is adjusting to the “new normal” of working from home and attending online meetings. While this is happening, a nefarious group of people have decided to enter Zoom teleconferences so they can be abusive to the people who are attending it. The Department of Justice wants people to know that “Zoom-bombing” can result in fines or imprisonment.

The Department of Justice U.S. Attorney’s Office Eastern District of Michigan posted a release titled: “Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic”.

The release points out that the FBI reported this week that there has been a rise in “Zoom-bombing”, or video hacking, across the United States. Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language.

Michigan’s chief federal, state, and local law enforcement officials are joining together to warn anyone who hacks into a teleconference can be charged with state or federal crimes. Charges may include – to name just a few – disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications. All of these charges are punishable by fines and imprisonment.

The Verge reported that the press release on the Department of Justice’s website under the US Attorney’s office for the state’s Eastern District is posted with support form the state attorney general and the FBI.

The press release includes a quote from Matthew Schneider, United States Attorney General for Eastern Michigan, “You think Zoom bombing is funny? Let’s see how funny it is after you get arrested. If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door.”

I understand that some people are getting bored while under “shelter at home” orders. That doesn’t give them the right to go online and harass people. I wonder when we will hear news about the first arrest of a “Zoom-bomber”?


Court Rules Apple Must Pay Workers for Time Spent Waiting for Exit Searches



The California Supreme Court has ruled that Apple Inc. violated California law when it failed to pay employees in Apple Stores for the time they spend waiting for mandatory bag and iPhone searches at the end of their shifts.

The case is called Frlekin v. Apple Inc. It was filed as a class-action lawsuit against Apple by a group of Apple workers. The workers claimed that they were required to submit to searches before leaving the stores but were not compensated for the time those searches required.

The decision made by the California Supreme Court was written by Chief Justice Tani Cantil-Sakauye, who was appointed by Governor Arnold Schwarzenegger in 2010. A key part of the decision says:

…Applying these factors here, it is clear that plaintiffs are subject to Apple’s control while awaiting, and during, Apple’s exit searches. Apple’s exit searches are required as a practical matter, occur at the workplace, involve a significant degree of control, are imposed primarily for Apple’s benefit, and are enforced through threat of discipline. Thus, according to the “hours worked” control clause, plaintiffs “must be paid”…

…We reiterate that Apple may tailor its bag-search policy as narrowly or broadly as it desires and may minimize the time required for exit searches by hiring sufficient security personnel or employing adequate security technology. But it must compensate those employees to whom the policy applies for the time spent waiting for and undergoing these searches.

According to the Los Angeles Times, Apple has 52 retail stores in California, and that workers are required to submit to exit searches. Employees estimate that waiting for and undergoing searches can take five to 20 minutes, or, on busiest days, up to 45 minutes.


U.S. Department of Justice Arrested Man for Laundering Bitcoin



The Department of Justice has arrested a man who allegedly was running a bitcoin mixing service on the dark web that helped criminals launder bitcoin transactions. ZDNet reported that this was the first case the Department of Justice brought against a bitcoin mixer.

The Department of Justice stated that Larry Harmon, from Ohio, was arrested for his operation of Helix, which the Department of Justice describes as a “Dark-net based cryptocurrency laundering service.” He was charged with money-laundering conspiracy, operating an unlicensed money transmitting business and conducting money transmission without a D.C. License.

According to the indictment, Harmon operated Helix from 2014 to 2017. Helix functioned as a bitcoin “mixer” or “tumblr,” allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin. Helix was linked to and associated with “Grams,” a Darknet search engine also run by Harmon. Harmon advertised Helix to customers on the Darknet as a way to conceal transactions from law enforcement.

The indictment alleges that Helix moved over 350,000 bitcoin – valued at over $300 million at the time of the transactions – on behalf of customers, with the largest coming from Darknet markets. Helix partnered with the Darknet market AlphaBay to provide laundering services for AlphaBay customers. AlphaBay was one of the largest Darknet marketplaces in operation at the time it was seized by law enforcement in July of 2017.

When I hear the phrase “money-laundering”, it makes me think of physical money being sneakily transferred through various businesses and/or bank accounts. I had not considered that bitcoin could also be laundered, but it appears it is possible. I think that this precedent – that you can get arrested for laundering bitcoin – could make those who are currently doing it consider stopping.

Another interesting thing about this case is that it makes it clear that bitcoin isn’t really private. There are apparently ways for law enforcement to track where the bitcoins go, how many bitcoins go were transferred, and the people involved in transferring it.


U.S. Department of Justice and FBI Brought Charges Against Huawei



The U.S. Department of Justice announced that a superseding indictment was returned yesterday in federal court in Brooklyn, New York, charging Huawei Technologies Co. Ltd. (Huawei) the world’s largest telecommunications manufacturer, and two U.S. subsidiaries with conspiracy to violate the Racketeer Influenced and Corrupt Organizations Act (RICO).

Brian A. Benzskowski, Assistant Attorney General of the Justice Department’s Criminal Division; John C. Demers, Assistant Attorney General of the Justice Department’s National Security Division, Richard P. Donoghue, U.S. Attorney for the Eastern District of New York and Christopher A. Wray, Director, FBI, announced the charges.

…As revealed by the government’s independent investigation and review of court filings, the new charges in this case relate to the alleged decades-long efforts by Huawei, and several of its subsidiaries, both in the U.S. and in the People’s Republic of China, to misappropriate intellectual property, including from six U.S. technology companies, in an effort to grow and operate Huawei’s business. The misappropriated intellectual property included trade secret information and copyrighted works, such as source code and user manuals for internet routers, antenna technology and robot testing technology. Huawei, Huawei USA and Futurewei agreed to reinvest the proceeds of this alleged racketeering activity in Huawei’s worldwide business, including in the United States…

According to the Department of Justice, the superseding indictment also adds a charge of conspiracy to steal trade secrets stemming from the China-based company’s alleged long-running practice of using fraud and deception to misappropriate sophisticated technology from U.S. counterparts.

In addition to Huawei, four official and unofficial subsidiaries are also indicted defendants. They include Huawei Device Co. Ltd. (Huawei Device), Huawei Device USA Inc., (Huawei USA), Futurwei Technologies Inc (Futurewei) and Skycom Tech Co. Lt. (Skycom). Defendants also include Huawei’s Chief Financial Officer (CFO) Wanzhou Meng (Meng).


U.S. Charges 4 Chinese Military Members in Equifax Breach



The U.S. Department of Justice said that four members of the People’s Liberation Army, an arm of the Chinese military, have been charged with breaking into the networks of the Equifax credit reporting agency, and stealing personal information of tens of millions of Americans, according to the Associated Press.

This is specifically regarding the data breach that Equifax experienced on July 29, 2017 (which it failed to announce until September of 2017.) The Federal Trade Commission announced in July of 2019 that Equifax had agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the Consumer Financial Protection Bureau (CFPB) and 50 states and territories.

The U.S. Justice Department posted today remarks from Attorney General William Barr, in which he announced the indictment of the four “Chinese military hackers”. Here is a small portion of those remarks:

…Today’s announcement comes after two years of investigation. According to the nine-count indictment handed down by a grand jury in Atlanta, four members of the Chinese People’s Liberation Army, or PLA – Wang Qian, Wu Zhiyoing, Xu Ke, and Liu Lei – are alleged to have conspired to hack Equifax’s computer systems and commit economic espionage. In doing so, they are alleged to have damaged Equifax’s computer systems to have committed wire fraud….

TechCrunch reported that the four alleged hackers were said to be part of the APT10 group, a notorious Beijing-backed hacking group that was previously blamed for hacking into dozens of major U.S. companies and government systems, including HPE, IBM, and NASA’s Jet Propulsion Laboratory.


Department of Justice Charged Evil Corp Hackers with Bank Fraud



The U.S. Department of Justice (and the United Kingdom’s National Crime Agency) announced the unsealing of criminal charges against a 32-year-old hacker who goes by the name “aqua”, of Moscow, Russia. He has been charged with international computer hacking and bank fraud schemes that started in 2009 and spanned a decade. In addition, a second person from Yoshkar-Ola, Russia, was indited for his role related to the “Bugat” malware conspiracy.

Wired reported that these hackers were part of a group called Evil Corp, through which they siphoned off tens of millions of dollars from unwitting victims. Wired provided a good explanation of what the hackers were allegedly doing.

They’d convince victims to click on a malicious link in a phishing email to download Bugat. Once installed, the malware would use a variety of techniques to steal: a keylogger to grab passwords, or creating fake banking pages to trick someone into voluntarily entering their credentials. Armed with that information, the hackers would arrange for electronic funds transfers from victim bank accounts to a network of so-called money mules, who would then get the funds back to Evil Corp.

While I do not condone what these two individuals allegedly did, I cannot help but laugh at the name they chose. Evil Corp sounds like something the bad guy in a cartoon would name their organization.

The name is also used in Mr. Robot, where one of the characters refers to a multinational conglomerate called E Corp as “Evil Corp”. One of the plot lines in Mr. Robot involves hackers wiping out E Bank (the most prominent portion of E Corp) in an effort to free millions of people from debt. To me, it seems like the hackers picked the most obvious name imaginable!