Courts Continue to Grapple with Border Searches of Electronic Devices: Fourth Circuit Rules Forensic Searches Require Individualized Suspicion

On May 9, 2018, the Fourth Circuit Court of Appeals issued an opinion in United States v. Kolsuz, holding that the Fourth Amendment requires individualized suspicion for forensic searches of cell phones seized at the border.

In so holding, the Fourth Circuit provides important clarification about how the Fourth Amendment applies to border searches of electronic devices. But, both in the Fourth Circuit and in jurisdictions across the country, critical questions remain unanswered about the scope of the Fourth Amendment in this context.


The Decision

In United States v. Kolsuz, federal customs agents found firearm parts in the checked luggage of an airport traveler and then detained him as he was attempting to board an international flight. Subsequently, and without a warrant, agents seized his cell phone and “subjected it to a month-long, off-site forensic analysis, yielding a nearly 900-page report cataloging the phone’s data.” Based in part on this information, the traveler was eventually convicted of, among other things, attempting to smuggle firearms out of the country.

On appeal of his conviction, the traveler challenged the denial of his motion to suppress the forensic analysis of his cell phone as a violation of his Fourth Amendment rights.

In addressing the issue, the Fourth Circuit acknowledged that government agents may perform “routine” searches at international borders, or their functional equivalents, without a warrant or individualized suspicion consistent with the Fourth Amendment. But, the Court recognized that even at the border certain “non-routine,” “highly intrusive” searches require individualized suspicion.

Ultimately, the court held that forensic searches of digital devices, like the one at issue in that case, qualify as such “non-routine” searches and are thus prohibited absent some level of individualized suspicion.

The Court’s holding was based, in part, upon its determination that forensic analysis of a digital device can “reveal an unparalleled breadth” of “private,” “sensitive” information. It was also based on the Supreme Court’s 2014 decision in Riley v. California, which recognized the strong privacy interests associated with electronic devices. There, the Supreme Court held that a warrant is required to search a cell phone seized incident to arrest because of the private, extensive information contained on such devices.

Notably, however, the Fourth Circuit did not decide whether the requisite level of suspicion for such forensic searches is reasonable suspicion, or something more (like a warrant supported by probable cause). It also had no occasion to decide the requisite level of suspicion for officers to conduct “manual” searches, where agents review the content of electronic devices without the help of forensic technology.

Other Case Law, Open Questions Continue Reading

Monitoring the Monitors: DOJ Ordered to Disclose Info on Monitor Selections

Last month, a D.C. federal judge ordered the Department of Justice to turn over the names of prospective monitors nominated to oversee the corporate compliance programs of fifteen companies found to be in violation of the Foreign Corrupt Practices Act (FCPA).  While recognizing that these individuals have “more than a de minimis privacy interest in their anonymity,” the court found that any such privacy interest was outweighed by the public’s interest in learning their identities.

In April 2015, journalist Dylan Tokar filed a FOIA request seeking records related to the review and selection of corporate compliance monitors in FCPA settlement agreements between DOJ and fifteen corporate defendants.  Tokar, a reporter for the trade publication Just Anti-Corruption, hoped these records would shed light on the monitor selection process, including whether DOJ had been abiding by the guidelines for monitor selection set forth in its 2008 Morford Memorandum.  The Memorandum, which establishes several principles to avoid potential and actual conflicts of interest and address concerns of cronyism, prescribes the consideration of “at least three qualified monitor candidates” whenever practicable.  Accordingly, Tokar requested the names of the three monitor candidates and their associated firms for fifteen cases.

More than eighteen months later, DOJ provided Tokar with a table purportedly responding to his request, but redacted the names of the monitor candidates who were nominated but not selected, as well as their affiliated firms in some cases.  DOJ asserted that these redactions were necessary and justified under FOIA Exemptions 6 and 7(C), which exempt from disclosure certain information that would constitute an “unwarranted invasion of personal privacy.”

After both parties cross-moved for summary judgment, the court concluded that the redactions were improper and ordered DOJ to release the candidates’ names.  It found that while DOJ had demonstrated sufficient privacy interests to warrant coverage under Exemptions 6 and 7(C)—as it was “plausible that these individuals would prefer to have their consideration and ultimate[] non-selection withheld from the public’s view”—these interests were outweighed by the public’s interest in disclosure.  The court agreed with Tokar that without disclosure of the candidates’ names, it would be “difficult (if not impossible) to know whether either the government or the corporate entity under investigation is taking advantage of the selection process in a manner that undermines the objectives of the DPA” and the principles delineated in the Morford Memorandum. Continue Reading

SCOTUS Speaks:  Guilty Pleas Don’t Waive All Appellate Claims

On February 21, 2018, in Class v. United States, the U.S. Supreme Court reaffirmed that a defendant who pleads guilty can still raise on appeal any constitutional claim that does not depend on challenging his or her “factual guilt.”  The Court’s holding preserves a federal criminal defendant’s ability to challenge the constitutionality of the statute underlying his or her conviction, even in the event of a guilty plea.  In other words, where the appellate claim implicates “the very power of the State” to prosecute the defendant, a guilty plea alone cannot bar it.  Continue Reading

Supreme Court Ruling Narrows Dodd-Frank Whistleblower Protections

Perhaps no part of the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) has garnered as much attention as its whistleblower provisions, which pay corporate whistleblowers bounties under some circumstances, and prevent employers from retaliating against whistleblowing employees. Often times, the bounties paid to whistleblowers under Dodd-Frank warrant the most attention-grabbing headlines.  But Dodd-Frank’s anti-retaliation provisions—which protect employees who blow the whistle from retaliation from their employer—are just as important.  After all, the chance of receiving a bounty serves as little comfort if employees fear for their jobs when reporting potential corporate wrongdoing.

But exactly which whistleblowers qualify for protection under Dodd-Frank’s anti-retaliation provisions has been a subject of much debate. By its terms, Dodd-Frank provides that an employer may not take any negative employment action against “a whistleblower.”  Dodd-Frank further defines “whistleblower” as an individual who provides information relating to a violation of the securities laws to the “Commission,” i.e., directly to the SEC.  By its language, then, Dodd-Frank’s anti-retaliation terms do not extend to employees who only report their concerns internally.

Nonetheless, the SEC had historically distinguished between whistleblowers eligible for a bounty and whistleblowers eligible for protection from retaliation: according to SEC’s interpretation, to be eligible for a bounty the employee must report to the SEC itself, while to be eligible for anti-retaliation protection the employee need only report internally. 17 CFR § 240.21F-2.

Whether the SEC’s interpretation comported with Dodd-Frank had split the circuit courts. The Fifth Circuit disagreed with the SEC rule, holding that to be eligible for anti-retaliation protection, the employee must report to the SEC.  The Second Circuit and Ninth Circuit reached the opposite result, concluding that the SEC had it right: to be protected from retaliation, the whistleblower need not report to the SEC directly.

In Digital Realty Trust Inc. v. Paul Somers, the Supreme Court has now resolved the split, holding that, in order for an employee to gain Dodd-Frank’s whistleblower protection, they must report wrongdoing to the SEC itself.  In a unanimous ruling, the Court said that it need look no further than the language of Dodd-Frank itself: the anti-retaliation term applied to “whistleblowers,” which the statute itself defined as individuals who report information to the SEC. The Court further observed that this result is consistent with the objective of Dodd-Frank’s whistleblower program: to encourage the reporting of securities law violations to the SEC itself.

At first blush, the limits put on Dodd-Frank’s anti-retaliation provisions by the Court would seem to benefit businesses, curbing the potential retaliation claims they face from employees. But the side-effects of the decision could be costly for corporations if employees are now incentivized to bring complaints directly to the SEC, rather than first reporting them internally.  Even corporations with robust compliance programs could lose the opportunity to first investigate claims of potential wrongdoing before the SEC launches its own inquiry—which is often followed by costly and time-consuming shareholder litigation

Whether by corporate policy, or statutory provisions such as those implemented by the Sarbanes-Oxley Act, there are numerous other means of anti-retaliation protections for whistleblowing employees. Thus, while the Digital Realty decision may not result in a sea change for the structure of corporate compliance programs, it may well lead to an increase in whistleblowers reporting directly to the SEC.  While companies wait to see whether Digital Realty has a significant impact on how employees report whistleblower concerns, they can redouble efforts to effectively implement and broadly publicize their own internal reporting programs.

Former Colorado Chief Justice and Colleagues Examine Broader Implications Of Sessions’ Marijuana Move

There will be little debate that this has been a bad day for the state-sanctioned (and regulated) marijuana industry.  The Obama-era directives that significantly fettered the discretion of U.S. attorneys to bring federal narcotics charges against marijuana growers, distributors and possessors in states that “legalized” marijuana for medicinal or recreational purposes are now a thing of the past. This change in federal enforcement approach is significant considering the fact that more than half of the states in the nation have, in one form or another, legalized marijuana, and that the marijuana industry is serviced by many banks, landlords, law firms and others. But, contrary to some initial reactions concerning the implications on states’ rights, the authors suggest that this move by Attorney General Jeff Sessions may actually signal a new era of increasingly decentralized federal law enforcement decision-making. To continue reading, click here.


DOJ’s FCPA Policy Puts Companies on Notice Regarding Electronic Communications

As cybersecurity concerns move more companies to batten down employee use of external email accounts and other websites through blocking software and other measures, the DOJ’s recently issued FCPA Corporate Enforcement Policy—now incorporated in the U.S. Attorneys’ Manual—unequivocally states that companies seeking full cooperation credit from DOJ in FCPA cases must ensure that employees are prohibited “from using software that generates but does not appropriately retain business records or communications,” among other business-record retention measures.  Even setting aside the difficulties in policing “old” technology such as personal email accounts and text messaging on employee-owned devices, the constant evolution and emergence of new electronic messaging platforms will undoubtedly create significant challenges for companies seeking to satisfy DOJ’s expectations. Continue Reading

Foreign Whistleblowers Continue to Collect Lucrative Bounties under Dodd-Frank

On December 5, 2017, the U.S. Securities and Exchange Commission (SEC) issued an order awarding more than $4.1 million to a whistleblower who voluntarily provided original information to the agency concerning a widespread, multi-year securities-law violation.  The  award was paid pursuant to the SEC’s Whistleblower Program under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).  While the identities of whistleblowers are kept confidential in accordance with the Program’s rules, information released by the SEC indicates that the latest payout marks the tenth award made to a whistleblower outside the U.S.  A total of 50 whistleblowers have received monetary awards since the first bounty was awarded in 2012. Continue Reading

DOJ Highlights Disclosure Incentives Under New FCPA Enforcement Policy

The DOJ recently took another step to encourage corporate self-disclosure for FCPA violations through the announcement of a new FCPA Enforcement Policy based on the eighteen month FCPA Pilot Program.  The DOJ’s Pilot Program proved to be successful—the FCPA Unit received over 30 voluntary disclosures in the 18-month period the Pilot was in place—compared to only 18 voluntary disclosures in the previous 18-month period, according to Deputy Attorney General Rosenstein.  The new Enforcement Policy contains many of the same incentives as the Pilot Program, with a few added benefits to sweeten the deal for corporations hoping to avoid hefty FCPA fines.

Presumption of Declination. Building on the cooperation credit offered under the Pilot Program—and barring aggravating circumstances—corporations will receive a presumption that the DOJ will resolve the case through a declination if they 1) voluntarily self-disclose; 2) fully cooperate; and 3) timely and appropriately remediate.  The Enforcement Policy delineates the DOJ’s expectations as to each of these requirements, many of which track the Pilot Program.  Evaluation of compliance programs, for example, will vary depending on the size and resources of a business and includes factors such as fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel have appropriate access to management and to the board. Continue Reading

Michael Coscia’s Spoofing Conviction Upheld by the Seventh Circuit

In a move that will have commodities traders on high alert, the Seventh Circuit Court of Appeals has upheld the conviction of Michael Coscia, who was sentenced to three years in prison after a federal jury found the former trader guilty of spoofing and commodities fraud. In its 42-page opinion, a three-judge panel denied Coscia’s argument that the anti-spoofing statute is void for vagueness, finding the provision “provides clear notice and does not allow for arbitrary enforcement.” As a result, Coscia’s first-of-its-kind conviction was affirmed.

Coscia’s trial in October 2015 was followed closely by market participants because Coscia was the first person criminally prosecuted under the anti-spoofing law at issue. After the jury found Coscia guilty, the prosecutor argued that traders such as Coscia, “contemplating sophisticated scams will think twice if they know that there are more significant consequences than a civil lawsuit or a regulatory action.” U.S. District Judge Leinenweber subsequently imposed a three-year sentence with two years’ probation, which put the shocked trading community on notice.

As the former owner of Panther Energy Trading in New Jersey, Coscia practiced in high-frequency trading, a form of automated trading with programmed algorithms that allowed him to place a high volume of orders in a matter of milliseconds. His conviction was based on this automated trading strategy, which the prosecutors successfully characterized as spoofing, in addition to his suspect order-to-fill ratio, and testimony from other traders. Spoofing—a form of disruptive trading where a trader places bids to buy or sell futures contracts with the intent to cancel before execution—was implemented by the Obama administration as part of the 2010 Dodd-Frank financial reform. In creating false demand, a spoofer can artificially move prices for financial gain.

In finding Coscia guilty, the jury concluded that Coscia used computer algorithms to place large orders he never intended to have filled in the markets. Coscia’s trading strategy, as explained in the Seventh Circuit opinion, involved placing small orders to sell higher than current market price, then placing much larger volume orders on the buy side of the market. These large orders created the “illusion of market movement, swelling the perceived value of any given futures contract.” This allowed Coscia to execute his small volume sell orders at a higher price he created with artificial market movement. Once he sold the small volume contracts, he would buy back at a lower price to make a profit. Coscia did this by first placing small buy orders below the price he had created, then placing several large volume orders on the sell side, causing the price to drop in that market. Coscia then bought the small orders at the much lower price, and immediately cancelled the large volume orders. Executing this strategy tens of thousands of times in less than three months resulted in a $1.4 million profit for Coscia, which the prosecution successfully argued was ill-gotten gains.

The Seventh Circuit rejected Coscia’s vagueness argument in part because it found the above-described conduct fell squarely within prohibited spoofing conduct. Coscia’s computer algorithms were designed to “act like a decoy,” automatically placing orders to pump or deflate the market with large orders, which were then cancelled by design if ever at risk of getting filled. His commissioned program would cancel the orders if either a certain amount of time passed, the small orders were filled, or if any one of the large orders was filled. “Read together, these parameters clearly indicate an intent to cancel, which was further supported by his actual trading record.”

Additionally, the Seventh Circuit rejected Coscia’s contention that the evidence of record did not support his spoofing conviction. In doing so, the court pointed to a list of circumstantial evidence: Coscia’s cancellations represented 96% of all Brent futures cancellations on the Intercontinental Exchange, Coscia filled only 0.08% of his large orders on the Chicago Mercantile Exchange, Coscia’s algorithm developer testified that the algorithms were designed to prevent large orders from being filled and that the orders were designed to “pump [the] market,” only 0.57% of Coscia’s large orders were on the market for more than one second, and Coscia’s order-to-trade ratio was 1,592% while the average trader’s ratio ranged from 91% to 264%. Viewing the circumstantial evidence in its totality, the Seventh Circuit found a rational trier of fact could have found Coscia intended to cancel before execution, in violation of the anti-spoofing statute.

In today’s markets, the point-and-click traders are often outpaced by advanced computer algorithms such as those created by Coscia and Panther Energy. However, the decision to uphold Coscia’s spoofing conviction should be a warning to those employing such advanced strategies. Going forward, traders can expect that prosecutors—emboldened by the Seventh Circuit’s ruling—will look for others acting with the intent to cancel bids in order to favorably push the market as potential targets in criminal investigations.

In Action Against Yahoo, the SEC Seeks Emails Without A Warrant

Since 2010, the SEC has abided by the Sixth Circuit’s decision in United States v. Warshak, and has not subpoenaed emails of an individual from third party service providers.   That changed, however, when the SEC decided to test the law by filing a recent action against Yahoo to force compliance with a subpoena for the emails of an individual.

In Warshak, the court held that the use of something less than a warrant, such as a subpoena or court order under the Electronic Communications Privacy Act (ECPA), violates the Fourth Amendment.  Not only had the SEC respected that decision but the DOJ had also changed its policies to comply with Warshak.  While the SEC stayed out of court, it did oppose efforts in Congress to codify the Warshak holding via ECPA reform.  However, when Yahoo refused to comply with an SEC subpoena based on Warshak, the SEC took Yahoo to court, leading to a hearing on the matter on June 30, 2017 in the federal court for the District of Maryland. SEC v. Yahoo, Inc., Case No. 8:15cv1339 (D. Md) (GJH).  While the Judge did not make a decision at the hearing, he did express views on the facts and law that will influence his decision. Continue Reading