Trump’s cruel and arbitrary refugee order

20151030 Syrians and Iraq refugees arrive at Skala Sykamias Lesvos Greece 2

​This executive order is heartbreaking.

When I lived in Atlanta about 7 years ago, I mentored two refugee brothers from Iran through the International Rescue Committee. They were members of a persecuted minority. They taught me far more than I taught them. They were so generous, kind, and hardworking. They invited me in their home. Fed me. Shared their lives and culture. The elder brother worked long hours at Target, stacking shelves. He looked out for his younger brother, who was still in high school. Each weekend, he cooked a big batch of a meat and rice dish (mostly rice), and he always offered me some. Their parents hadn’t come with them. But it was worth it for them to escape a society where they faced little future.

This is a cruel and arbitrary decision.

The order has refugees detained at airports, including “an Iranian scientist headed to a lab in Boston, an Iraqi who had worked as an interpreter for the United States Army, and a Syrian refugee family headed to a new life in Ohio.”

Worse yet, there’s no evidence this ban is needed, as reported in Christianity Today:

There is a 1 in 3.64 billion per year chance that you will be killed by a refugee in a given year. If those odds concern you, please do not get in a bathtub, car, or even go outside. And, for contrast, there were 762 tragic murders in Chicago alone last year comparted to 0 people who were killed last year (or ever since the mid-70s) by a refugee-perpetrated terrorist attack.

And it not only hurts these refugees, it sends an awful message:

If America bans refugees, it makes a statement to the world that we don’t want to make. It is the picture of someone who sits, arms crossed and turned away, with a raised eyebrow and a ready attack on the helpless, the homeless, the broken.

I hope immigration advocates find a way for the courts to step in to stop this vile policy.

Technology and the Guilty Mind: When Do Technology Providers Become Criminal Accomplices?

This is new story art for my article examining when the proprietors of technology with criminal uses aid and abet their users’ crimes. The aim is to help courts, prosecutors, and technologists draw the line between joining a criminal enterprise and merely providing technology with criminal uses. The article explains the legal doctrines underlying this type of liability and provides examples of at-risk technologies, including spam software, file-sharing services, and anonymity networks like Tor.

FBI’s Network Investigative Technique

The term “network investigative technique,” or NIT, has been around for awhile as a catch-all term for the FBI’s digital investigation of non-public information from suspect’s computers.  An FBI affiliate worryingly admitted to Forbes that the government uses a “human wall” to screen collected data to try to protect privacy rights.

This technique is making a big splash recently through “Operation Pacifier.”  Through that operation, the FBI took control of a child porn site operating on Tor and allowed it to run for 13 days. The FBI modified the website’s code so that malware would download to users’ computers and sent their IP addresses, MAC addresses, and active username to the FBI.

A single magistrate judge in Virginia authorized the warrant, yet the operation was global in scope and uncovered approximately 1300 IP addresses. See Joseph Cox, The FBI’s ‘Unprecedented’ Hacking Campaign Targeted Over a Thousand Computers, Motherboard, Jan. 5, 2016.

Most of the warrant has been made public. See United States v. Lorente, No. 15-274, ECF Doc. No. 48-1 (W.D. Wash. Mar. 7, 2016). Defendants have filed motions to dismiss and to suppress, but so far, courts in Wisconsin and Washington have rejected those motions.

New Article on Technology Providers and Criminal Accomplice Liability

My article on criminal accomplice liability for technology providers was published this month in the Journal of Criminal Law and Criminology. Please check it out by downloading it on the journal’s website.

The abstract is as follows:

The creators of today’s most successful technologies share an important willingness to push the envelope—a drive that propels digital industry forward. This same drive, however, can lead some technology purveyors to push the limits of legality or even become scofflaws in their pursuit of innovation or (more often) profit. The United States must figure out how to harness the important creative force at the heart of the hacker ethic while still deterring destructive criminal wrongdoers. Because it is often courts that must answer this question, it is essential to examine the legal doctrines prosecutors use to sweep up technology providers.

This Article focuses on one type of criminal liability—accomplice liability—that can act as a dragnet on providers of technology that lends itself to criminal use. In particular, a violation of the federal statute for aiding and abetting, 18 U.S.C. § 2, can be implied in every charge for a federal substantive offense, and there is a potentially troubling strain of cases holding that knowing assistance can be enough to deem someone an aider and abettor, even without stronger evidence of a shared criminal purpose.

This Article examines when the proprietors of technology with criminal uses aid and abet their users’ crimes. The aim is to help courts, prosecutors, and technologists draw the line between joining a criminal enterprise and merely providing technology with criminal uses. This Article explains the legal doctrines underlying this type of liability and provides examples of at-risk technologies, including spam software, file-sharing services, and anonymity networks like Tor. Ultimately, this Article concludes that the web of superficially conflicting rulings on the required mental state for aiding and abetting are best harmonized—and future rulings on liability for new technologies are best predicted—by looking to the existence of “substantial unoffending uses” for the product or service provided by the accused technologist.

Senators Booker and Menendez Call for Federal Action on Zombie Foreclosures

New Jersey Senators Bob Menendez and Cory Booker wrote a letter last week to leading federal agencies on housing and finance calling for them to take action to address the problem of “zombie” or “walk-away” foreclosures, citing a 29 % increase in such foreclosures in their states in the past year. The senators explained the problem as follows:

A zombie foreclosure is characterized by homes where banks have initiated the foreclosure process, and homeowners have made the painstakingly difficult decision to leave their home, and yet the bank then chooses to walk away from the foreclosure because the value of the property is not worth the cost of maintaining the home and completing the foreclosure process.  Often with no notice to the homeowner and based on a profit-driven determination, the bank decides to turn its back on the homeowner, on the property, and on the community at large.

They added what sounds like a call for more vacant property registration (VPR) requirements:

When a bank or mortgage servicer takes stock of their options and determines that the cost of maintenance and the duration of the foreclosure process for a particular home outweighs any potential return on the property, the servicer should be required to take steps to notify the homeowner, contact local authorities, and make arrangements for alternative disposition of the property.

I’ve argued before that the federal government should step in on vacant property registration issues. Maintaining an effective database of these properties is typically too costly for local governments, and the private companies that offer assistance often have troubling ties to the mortgage industry, which is generally opposed to registration requirements.

I proposed the following initiative in a 2010 paper on this issue:

While the MERS Initiative proved the benefit of a national electronic platform for VPR, a federally generated system would provide the same benefit while minimizing the dangers associated with the industry-run MERS. The federal government should develop a standard internet-based platform for registering and tracking vacant properties and then maintain a webspace where local governments can use the platform to create individualized webpages for their VPR officials to use while registering and tracking properties within their jurisdiction. The federal government would not keep a nationally available list of vacant properties, but merely establish a standard platform local governments can use to register properties within their jurisdiction. This type of standardized system would eliminate the mortgage industry’s objection to compliance with varied local procedures. This type of system would also allow local governments to retain control of the contents and enforcement mechanisms of VPR ordinances, since local governments have a better understanding of local markets and conditions. Additionally, a federal system would make it easier for the federal government to establish special programs utilizing the database. For example, Joseph Schilling suggests that the federal government “establish special phone lines between local government officials and lending institutions and perhaps set some standards about call-backs within twenty-four to forty-eight hours.” Of course, such a system would require political will since the public would view it as a federal endorsement of VPR. It would also require initial funding to establish the system and continuing funding to monitor that the system is working properly.

It looks like the first steps of the “political will” part is coming around. Moreover, the technical side of things, the ability to track and present this type of data, have greatly advanced since I wrote that article, as seen in the success of open data initiatives nationwide. In short, perhaps the time is ripe for this type of reform.

Lessig on the charges against Dotcom and Megaupload

kim dotcomThis morning, Kim Dotcom, accused by the Department of Justice of criminal copyright infringement, is in a New Zealand court to see if he will be extradited to the United States.

One of the things in Dotcom’s corner is testimony from Lawrence Lessig, a preeminent U.S. copyright scholar, and current presidential candidate. He argued to the court that the DOJ doesn’t have a legitimate case against Dotcom. Of course Lessig isn’t exactly a neutral party. As he acknowledged to the court, on top of being retained by Dotcom’s defense, he’s also advocated for copyright reform, co-founding Creative Commons.

But how’s his argument stack up? His first argument strikes at the heart of the DOJ’s theory, contending that the DOJ is improperly seeking to import the concept of secondary liability, recognized in MGM Studios Inc. v. Grokster, Ltd., to criminal law. This is “improper,” he contends, “because, in the United States, crimes must be clearly defined by the legislature and prosecutions are confined within express criminal statutes.” There is a fair argument to be made that this importing of principles from civil law violates the rule of lenity.

Lessig then takes aim at one specific allegation against Megaupload: that it failed to comply with DMCA take-down requests. Lessig explains that, if multiple users uploaded the same file, Megaupload would retain only one copy of the file, but would generate multiple URLs for each user who uploaded it. When Megaupload received take-down requests for one URL, Lessig argues, it should not have needed to take down all URLs linked to the same file, and even if it did, it should not face criminal liability for that action.

Lessig also takes on an even more controversial issue: whether U.S. copyright law extends to parties acting in other countries. Megaupload in fact had leased servers in the United States. But Lessig asserts that the Superseding Indictment doesn’t discuss this fact. Nor, he claims, does it allege that a directly infringing act occurred in this country.

Lessig then turns to what I believe is the core of Megaupload’s defense if it ultimately goes to trial in the United States: whether any of the defendants willfully violated copyright law. He notes that the willfulness standard “requires a stronger showing in a criminal copyright claim than in a civil claim.” (That is why claims of compliance with DMCA rules is a red herring in the Megaupload prosecution.) Lessig suggests that U.S. prosecutors are merely “[a]ttacking an ISP for generally bad or negligent policies or alleging how the ISP could be better, faster, or more precise in its takedown or repeat infringer policies is not enough.” And that, he contends, is not proper fodder for a criminal case.

Not all U.S. copyright scholar agree. James Grimmelman has observed that “If proven at trial, there’s easily enough in the indictment to prove criminal copyright infringement many times over.”

In a 2013 article, a co-author and I also suggested that, “if the facts alleged in the indictment are proved, the willfulness requirement will likely be met,” for the following reasons:

According to the indictment, the operators of Megaupload were just as intentional in their copyright infringement as The Pirate Bay, collecting advertising revenues generated by infringing content and exchanging incriminating emails showing that they knew about the infringement on their service. One operator joked to another that they “have a funny business . . . modern days pirates :),” to which his co-conspirator responded, “we’re not pirates, we’re just providing shipping services to pirates :).” Megaupload similarly sold premium access to unlimited streaming of uploaded content and financially rewarded users—even those previously caught uploading infringing material—for uploading popular content and for posting links to that same content on other websites. This practice not only increased traffic but also allowed Megaupload to avoid listing infringing videos directly on the site, concealing the scope of the infringing content on its servers. To rebut claims of infringement, Megaupload had instituted an “Abuse Tool,” allowing copyright holders to report, and purportedly remove, infringing content. But the indictment alleges that the company received millions of requests to remove infringing content and, “at best, only deleted the particular URL of which the copyright holder complained, and purposefully left the actual infringing copy of the copyrighted work on the Mega Conspiracy-controlled server and allowed access to the infringing work to continue.”

Lessig does a good job of showing the other side of these facts. But whether it is enough to defeat extradition is yet to be seen.

Also lurking in the background is the idea floated in the 2013 piece: just because prosecutors can, doesn’t mean they should.

Megaupload has not been convicted, and may never be, yet its business has been shut down, its assets frozen, its customers left unable to retrieve even lawfully stored data. Some of this smacks of the treatment of the King’s Messenger: punishment first, with trial after. … [W]hen the alleged conduct is egregious, and civil lawsuits are ineffective, then a criminal prosecution, with all its attendant hardships for the accused, may be warranted. But [those guidelines] are intended as limitations, not as a call to pursue more prosecutions. Because the powers of federal prosecutors are great, a reluctance to use those powers is a virtue that preserves liberty.

If the case survives today, then the court might consider employing the “substantial unoffending uses” test suggested here for evaluating the secondary criminal liability of providers of technology that has both criminal and non-criminal uses.