Darren Chaker Privacy & Encryption

History search, Darren Chaker
Darren Chaker, encryption, privacy

Darren Chaker suggests encryption and privacy basics.

By Darren Chaker, I typically post on TOR and give talks about cyber security, but could not resist to comment on the recent efforts by San Diego District Attorney to weaken encryption. First – it’s a pointless effort. In short, when USA manufactured encryption products are weakened, simply buy Russian, or any of the “546 encryption products from outside the US” per encryption guru Bruce Schneier. Besides the hype, the fact is the bill will never pass, but good to keep your options in mind!

On this note, and in honor of those who want to attack our privacy,  I would suggest:

1. Use a PIN, at least 6 digits for our phone and turn on encryption; do NOT use finger print to get in your phone as you can be forced to swipe your finger (mixed cases say yes and no, currently before the Ninth Circuit);

2. Encrypt your computer’s hard drive – BitLocker is good for Windows (Windows 10 Pro comes with it – do NOT save back up pass-phrase to Outlook email as there’s an option to do so – and do not write it down), BestCrypt is another one of my favorites. Apple computers and tablets (as well as Android tablets) come with encryption, so turn it on. Once encrypted, the hard drive is a useless brick – just be sure your pass-phrase (aka password) is complex;

3. Use a history wiping utility – CCleaner is free and a good product for the typical person to wipe internet history, delete digital tracks, and wipe hard drive at least once a week; CyberScrub or East-Tec do the same, but with additional options, and are cheap ($20-60 range). This keeps deleted info truly deleted, and computer history use – history. It also speeds up your computer;

4. Encrypt (WPA2) your WiFi connection with a password (do not use the factory PW); if you want ultra security, get a secure router, I use Sophos;

5. When using free Wi-Fi, use a Virtual Private Network (VPN) – this secures your info when away from home, and prevents the coffee shop selling your browsing data to third parties – remember – if it’s free – YOU are the product. Public Wi-Fi hotspots are perfect places for predators and hackers to perpetrate their cybercrimes. If they happen to get a hold of your personal information, you could very well be the next victim of identity theft! Password-protected home Wi-Fi networks though somewhat safer are also highly vulnerable to sophisticated hackers. Wi-Fi security becomes even more critical if you are a frequent traveler or student who needs to use Wi-Fi connections at hotels, airports, coffee shops or university campuses to access the Internet; and

6. Go into your Google settings, and pause all search history, YouTube viewing history, location history, etc. While at it, delete the history too. If you like everything you do to be archived and available, that’s cool too. You decide your privacy fate.

Do not support efforts to weaken encryption since it undermines domestic ingenuity, competitiveness, and a person can simply purchase foreign made products.

The above is the tip of privacy iceberg. It’s not everything one needs to do, but it is a lot more than most do. Keep in mind, doing the above helps protect the common folks, to the corporate executive whose computer is taken by a foreign company who wants to salvage corporate secrets from it.

eDiscovery Document Destruction

Ediscovery Delted
Ediscovery Delted

Darren Chaker covers ediscovery

Darren Chaker found this article on California ediscovery concerning document-destruction You v. Japan, No. C 15-03257 WHA, 2015 WL 5542539 (N.D. Cal. Sept. 16, 2015).

In this case, the court entered an order requiring preservation, including “interdiction of any document-destruction programs and any ongoing erasures of e-mails, voice mails, and other electronically-recorded material.”  In the course of its business, one defendant, the publisher of a daily newspaper, employed a proprietary application “used for laying out each edition of the newspaper.”  The application retained a “back catalog” of 90 days.  In response to the court’s order, the defendant alleged that retention of the application’s contents for longer than 90 days could “slow down the system or cause it to crash” and that although it could install a new storage system, it would cost $18 million and could take up to eight months.  Accordingly Defendant sought permission to employ certain search terms to be run across the application twice monthly to identify articles to be preserved.  Defendant alleged that it had “already run several searches using [the proposed] terms and found they yielded duplicative results,” but indicated it would use the terms “out of an abundance of caution.”  Defendant further explained that because the proposal “would not cease ‘all ongoing erasures of electronically-stored material,’” it sought court approval for its proposed method.

Plaintiffs opposed the proposal and argued that it could lead to the destruction of “evidence of [Defendant’s] state of mind in selecting and editing its articles” which could be relevant to Plaintiffs’ claims of defamation and intentional infliction of emotional distress.  Plaintiffs also identified an additional search term that the defendant had not proposed.

With the addition of Plaintiffs’ proposed term, the court found Defendant’s proposal “sufficiently broad” to identify and preserve potentially relevant articles and granted permission for Defendant’s proposed preservation protocol.

Inadvertent Disclosure CPRA

CPRA, Darren Chaker

Inadvertent disclosure under the CPRA and restraining order, Darren Chaker posts about an article concerning Newark Unified Sch. Dist. v. Superior Court , 2015 WL 4594095 (Cal. Ct. App. July 31, 2015). In this inadvertent document release case, the plaintiff sought injunctive relief against the defendant, requiring the return or destruction of privileged, exempt or confidential records that had been improperly released. The plaintiff sought a temporary restraining order (TRO) shortly after filing a complaint, but the defendant argued that, under a legislative law, the “disclosure” of a public record constitutes a waiver of applicable exemptions from disclosure. Examining past holdings, the court ruled that the term “waiver” did not include accidental, inadvertent disclosures, which included the electronically stored materials produced during discovery. In addition, the court found that an attorney who receives inadvertently produced documents during discovery has an ethical duty to “refrain from unnecessary review of the documents, notify opposing counsel, and return the documents upon request”. The court vacated the lower court’s decision to deny the TRO and ordered the defendant to refrain from dissemination of inadvertently produced privileged documents. See article here.

CPRA, Darren Chaker

Darren Chaker, CPRA, allows access to all public records

Darren Chaker also notes, under specified circumstances, the CPRA affords agencies a variety of discretionary exemptions which they may utilize as a basis for withholding records from disclosure. These exemptions generally include personnel records, investigative records, drafts, and material made confidential by other state or federal statutes. In addition, a record may be withheld whenever the public interest in nondisclosure clearly outweighs the public interest in disclosure. When an agency withholds a record because it is exempt from disclosure, the agency must notify the requester of the reasons for withholding the record. However, the agency is not required to provide a list identifying each record withheld and the specific justification for withholding the record.

When a record contains exempt material, it does not necessarily mean that the entire record may be withheld from disclosure. Rather, the general rule is that the exempt material may be withheld but the remainder of the record must be disclosed. See publication.

Ediscovery Expert Fees

While reviewing ediscovery, Darren Chaker, found an article about Gen. Protecht Grp., Inc. v. Leviton Mfg. Co., 2015 WL 4988635 (D.N.M. Aug. 3, 2015) In this patent infringement case, the defendant alleged that the plaintiffs had infringed upon the defendant’s specialized patents, while the plaintiffs alleged that the defendant had committed infringement. In addition, the plaintiffs argued that the defendant’s claim was baseless because the defendant knew that its argument was flawed, as it did not have any “well-established law regarding implied licenses” to support the claim. The court found that the defendant’s claim was not baseless, as the standard for a baseless claim is when “no reasonable litigant could reasonably expect success on the merits.” The lower court ultimately found for the plaintiffs, but the cost of recoverable attorney’s fees should include paralegal and technical specialist fees involved in the case. On that issue, the judge agreed with the plaintiffs, stating that “while technology specialists’ duties are not strictly legal in the traditional sense, the court believes that these technicians provide meaningful value to law firms and, ultimately, clients during litigation; those contributions should not go overlooked.” The court therefore included technology specialist fees in its calculation of attorneys’ fees, subject to the same restrictions placed on other attorney’s fees—that the technology specialists’ work pertained to the lawsuit at hand, and the hours were reasonable. However, ultimately the judge did not agree to adjust the lodestar fee amount in favor of the plaintiffs as he felt the overall success of the plaintiffs’ success did not warrant a sufficient amount to see an increase in award fees. The entire article is here.

Litigation Hold Policy Avoids Sanctions

In a new article found, Darren Chaker reports about New Orleans Reg’l Physician Hosp. Org., Inc. v. United States, 2015 WL 5000512 (Fed. Cl. Aug. 21, 2015) In this breach of contract case, the plaintiff alleged that the defendant refused to provide promised reimbursements due to contract modifications and directives that were unilaterally taken without the plaintiff’s agreement. During discovery, the plaintiff sought a motion to compel, claiming the defendant’s document productions were deficient and the defendant should therefore be required to redo the searches with more rigorous search protocols. The defendant opposed, arguing that the plaintiff did not confer in good faith prior to filing the motion. The court found that the defendant did not put into place a systematic, reliable plan to find and produce all relevant documents, and the plaintiff’s request for the implementation of new search parameters was granted. As such, the motion to compel discovery was not granted until the defendant has the opportunity to produce documents in line with the new search parameters. In regards to the plaintiff’s request for attorney’s fees, the court felt that the final decision to award fees would depend upon the ruling on the motion to compel and therefore denied, with the possibility for the plaintiff to request fees in the future. To view the entire blog post, see here.

eDiscovery Sanctions in San Diego

Sunset with Darren-Chaker
Sunset with Darren-Chaker

Sunset, Darren Chaker, in Santa Monica

Darren Chaker provides this post concerning ediscovery in San Diego concerning  HM Electronics, Inc. v. R.F. Technologies, Inc., 2015 WL 4714908 (S.D. Cal. Aug. 7, 2015) In this trademark infringement case, the plaintiff claimed that the defendants interfered with the plaintiff’s prospective economic advantages by showing documents relating to the plaintiff’s allegedly failed electronics to the plaintiff’s competitors, customers and prospects.

The plaintiff claims that the defendants purposefully fabricated reports and engaged in the destruction of highly relevant ESI. The defendants did not dispute the claims, but they did dispute whether their behavior during the discovery period was sanctionable. In reviewing the plaintiff’s request for spoliation sanctions, the court found that the defendants did not engage in reasonable steps to preserve ESI, nor did the defendants engage in any basic attempts to implement a litigation hold once litigation was imminent. The defendants’ counsel did not supervise employees and inform attorneys about the need to follow data collection and preservation processes, and thus even though a vast amount of data was produced, a critical amount of highly relevant data was deleted. Further, citing to the new California state bar ediscovery ethics opinion, the court highlighted the importance of attorney competency relating to ediscovery. As such, the court granted the plaintiff compensatory sanctions in the form of all attorneys’ fees and costs incurred in seeking discovery, as well as granting the plaintiff’s request for an issue of adverse inference instructions against the defendants should the matter proceed to trial. See other articles here.  See entire article here.

 

 

Third Party Authority to Consent to Search

Consent to search a computer, Darren Chaker reviews, focuses on if the person had authority to consent to the search and seizure of the computer. Consent may be given by a third party possessing common authority over the property. United States v. Matlock, 415 U.S. 164, 169-71 (1974);United States v. Aghedo, 159 F.3d 308, 310-11 (7th Cir. 1998). “The consent of one who possesses common authority over [the] premises . . . is valid as against the absent, nonconsenting person with whom that authority is shared.” Matlock, 415 U.S. at 170. The Supreme Court explained in Matlock that common authority “rests . . . on the mutual use of the property by persons generally having joint access or control for most purposes.” Matlock, 415 U.S. at 171 n.7. Such mutual use makes it “reasonable to recognize that any of the co-[users] has the right to permit the inspection in his own right and that the others have assumed the risk that one of their number might permit the common effects to be searched.” Id. It does not matter if the person who gives consent does not own the item; the issue is whether the consenter had common authority over the item. United States v. Brown, 328 F.3d 352, 356 (7th Cir. 2003).

Computer Search Darren Chaker

Computer search, Darren Chaker

If is undisputed that a defendant left his computer with his wife and her family to use while he was in jail and that they in fact used it, then ability to provide consent to police is apparent. In this regard, the wife or family had more than just joint possession and use of the computer; they would have exclusive possession and use, because the defendant was incarcerated. Under these circumstances, the ex-wife or family had actual authority to consent to the search and seizure of the computer. See United States v. Smith, 27 F. Supp.2d 1111, 1115 (C.D. Ill. 1998) (consent search upheld where housemate allowed police to search computer in bedroom and computer was occasionally used in owner’s absence); State v. Guthrie, 627 N.W.2d 401, 422-24 (S.D. 2001) (applying third-party consent rule to a computer search); see also United States v. Robinson, 479 F.2d 300, 302 (7th Cir. 1973) (girlfriend may allow police to search defendant’s property left in girlfriend’s house).  Now, if the defendant had a separate profile on the computer he told wife and family to not use, then a violation of the Fourth Amendment may turn on the facts. Trulock v. Freeh, 275 F.3d 391, 403 (4th Cir. 2001) (co-user of computer who did not know password for owner’s password-protected files, lacked actual authority to consent to a warrantless search of those files). However, in general, basic use of a computer by a third party suffices to provide consent to search the computer.

Probation and Computer Restriction by Darren Chaker

Restrict internet
Restrict internet

Restrict internet as probation condition.

Criminal sentencing discussed by Darren Chaker points out courts in many jurisdictions have probation conditions to monitor computer and internet usage, and have deleted or modified such conditions based on both Constitutional (vagueness and overbreadth) and practical considerations. The Court of Appeals for the District of Columbia Circuit considered such restrictions in U.S. v. Burroughs, 613 F.3d 233 (D.C. Circuit 2010) and found them wanting. The Circuit Court vacated the conditions as plainly out of sync with the relevant factors as required by 18 USC 3583 and remanded the case for resentencing. The Court reviewed claims of substantive unreasonableness for abuse of discretion and held that it could not “be said that restricting the [defendant’s] computer access satisfies a need ‘to protect the public from further crimes of the defendant.”‘ 18 USC § 3553(a)(2)(C). This sentencing factor turns on ‘The likelihood that [the defendant] will…commit crimes in the future.” U.S. v. Mason, 966 F.2d 1488, 1496, 296 U.S. App. D.C. 207 (D.C. Cir. 1992); see, e.g., U.S. v. Gardellini, 545 F.3d 1089, 1095, 383 U.S. App. D.C. 278 (D.S. Cir. 2008) (noting that the district court’s finding that the defendant “posed no risk of recidivism” was “directly relevant” to the need to protect the public and other § 3553(a) factors. The District Court often will not find a defendant, especially a first-time offender, likely to recidivate let alone use a computer in doing so.

A reviewing Court went on to say that, “Having determined that the internet monitoring and log-keeping conditions are not reasonably related to the statutory factors, we ask whether the court’s error was plain.” Often the Government will argue that the absence of controlling precedent from the Supreme Court prevents a reviewing court from answering ‘yes’. The lack of case law squarely on point does “militate against” finding plain error, U.S. v. Blackwell, 694 F.2d 1325, 1342, 224 U.S. App. D.C. 350)D.C. Cir. 1982), but it is not dispositive, In re Sealed Case, 573 F.3d 844, 851-52, 387 U.S. App. D.C. 375 (D.C. Cir. 2009). It is sufficient that the challenged conditions of supervised release are “plainly out of sync” with the factors listed in § 3583(d)(1). Sullivan, 451 F.3d at 895; see also Olano, 507 U.S. at 734 (“‘Plain’ is synonymous with ‘clear’ or, equivalently ‘obvious.”‘).

The 3rd Circuit in U.S. v. Freeman, 316 F.3d 386 (3rd Cir. 2003) invalidated computer use restrictions because the District Court erred by failing to state the reasons for its special condition of supervised release and by imposing a condition that was overbroad, involving a greater deprivation of liberty than reasonably necessary to deter future criminal conduct and protect the public. See also U.S. v. Holm, 326 F.3d 872 (7th Cir. 2002) for similar criticism of internet use restrictions.
The case of U.S. v. Mark, is instructional. There the Court remanded the case to the District Court because the record was insufficient to uphold a special condition of supervised release as to internet access. A typical argument is that computer use and monitoring conditions overreach and unreasonably interferes with his 1st Amendment rights, especially where the sentencing Judge found on the record that a defendants chance of recidivism is low.

Appellate Courts have overturned conditions seen as overly restrictive especially in cases of simple possession of child pornography. See U.S. v. Sofsky, 287 F.3d 122, 124-126 (2nd Cir. 2002) where the Court invalidated conditions forbidding the use of computers and internet without permission from the probation officer because of the effect which limited access to important sources of information and communication. In accord, U.S. v. Freeman, supra Id. U.S. v. White, 244 F.3d 1199 (10th Cir. 2001).

The 8th Circuit in U.S. v. Crume, 422 F.3d 728 (8th Cir. 2005) vacated a sentence because the conditions regarding computer use and the internet should have been more narrowly tailored. The District Court for the Western District of Louisiana in Doe v. Jindal, 853 F.Supp. 2d 556 (M.D. LA. 2012) invalidated a state statute on the basis of due process violations and concerns of both vagueness and overbreadth touching upon 1st Amendment concerns and the right to receive information and exchange in free speech.

The Jindal Court found that the Court was required to consider whether a statute fails to provide people of ordinary intelligence from notice of what conduct is prohibited. So too with special conditions of supervised release. It should be noted, the advent of smart phone technology inculcated into everyday life is all pervasive – from the inclusion of computer and internet access into automobiles, global positioning devices, and even grocery store cash registers. Vague and overbroad conditions, a defendant could be found in violation for swiping a Visa card across an average cash register which operates on computer principles. The Jindal Court found that “the fact that offenders could get permission from their probation officer does not salvage the unconstitutionality of the law. “

Last, The National Criminal Law Reporter recently highlighted the decision in Doe v. Nebraska, Neb. No. 8:09CV456. There, the Court admonished Judges to “use a scalpel rather than a blunderbuss.” Given the above, it is important to realize internet usage is protected under the First Amendment and any restriction on such use must use common sense while applying the law since virtually all day to day life revolves around the internet and/or a computer.