EnlargeGetty Images News
reader comments 6
Share this story
We covered a ton of legal cases in 2016.
The entire Apple encryption saga probably grabbed the gold medal in terms of importance. However, our coverage of a California fisherman who took a government science buoy hostage was definitely our favorite.
The case was dropped in May 2016 after the fisherman gave the buoy back.
Among others, we had plenty of laser strike cases to cover.
There were guilty verdicts and sentencing in the red-light camera scandal that consumed Chicago.
The Federal Trade Commission settled its lawsuit with Butterfly Labs, a failed startup that mined Bitcoins.
A man in Sacramento, California, pleaded guilty to one count of unlawful manufacture of a firearm and one count of dealing firearms—he was using a CNC mill to help people make anonymous, untraceable AR-15s.
While we do our best to cover a wide variety of civil and criminal cases, there are five that stand out to us in 2017.
These cases range from privacy and encryption, to government-sanctioned hacking, to the future of drone law in America.
Drone’s up, don’t shoot
Case: Boggs v. MeridethStatus: Pending in US District Court for the Western District of Kentucky
In 2016, we reported on another drone shooting incident (seriously folks, don’t do it!) in Virginia.
A 65-year-old named Jennifer Youngman used her 20-gauge shotgun to take out what many locals believe was a drone flying over her neighbor, Robert Duvall’s, adjacent property. Yes, that Robert Duvall.
“The man is a national treasure and they should leave him the fuck alone,” she told Ars.
Youngman touched on a concept that many Americans likely feel in their gut but has not been borne out in the legal system: property owners should be able to use force to keep unwanted drones out of their airspace.
But here’s the thing: for now, American law does not recognize the concept of aerial trespass.
At this rate, that recognition will likely take years. Meanwhile, drones get more and more sophisticated and less expensive, and they have even spawned an entire anti-drone industry.
Legal scholars have increasingly wondered about the drone situation.
After all, banning all aircraft would be impractical.
So what is the appropriate limit? The best case law on the issue dates back to 1946, long before inexpensive consumer drones were feasible.
That year, the Supreme Court ruled in a case known as United States v.
Causby that Americans could assert property rights up to 83 feet in the air.
In that case, US military aircraft were flying above a North Carolina farm, which disturbed the farmer’s sleep and upset his chickens.
As such, the court found that Farmer Causby was owed compensation. However, the same decision also specifically mentioned a “minimum safe altitude of flight” at 500 feet—leaving the zone between 83 and 500 feet as a legal gray area.
“The landowner owns at least as much of the space above the ground as he can occupy or use in connection with the land,” the court concluded.
In 2015, a Kentucky man shot down a drone that he believed was flying above his property.
The shooter in that case, William Merideth, was cleared of local charges, including wanton endangerment.
By January 2016, the Kentucky drone’s pilot, David Boggs, filed a lawsuit asking a federal court in Louisville to make a legal determination as to whether his drone’s flight constituted trespassing.
Boggs asked the court to rule that there was no trespass and that he is therefore entitled to damages of $1,500 for his destroyed drone.
Although the two sides have traded court filings for months, the docket has not been updated since June 2016, when Boggs’ attorneys pointed to a recent case out of Connecticut that found in favor of the Federal Aviation Administration’s regulation of drones.
As Boggs’ legal team wrote:
The Haughwout pleadings are directly relevant to the subject matter jurisdiction issue currently before the court.
The current dispute turns on whether a controversy has arisen that cannot be resolved without the Court addressing a critical federal question—the balance between the protection of private property rights versus the safe navigation of federal airspace.
The Haughwout dispute places this critical question in the context of an administrative investigation.
It highlights, as argued by Mr.
Boggs—and now the FAA—that questions involving the regulation of the flight of unmanned aircraft should be resolved by Federal courts.
US District Judge David J. Hale has yet to schedule any hearings on the matter.
Flood of torrents
Case: United States v.
VaulinStatus: Pending in the US District Court for the Northern District of Illinois
In July 2016, federal authorities arrested the alleged founder of KickassTorrents (KAT).
The arrest was part of what is probably the largest federal criminal complaint in an intellectual property case since Megaupload, which was shuttered in early 2012. (That site’s founder, Kim Dotcom, has successfully beat back efforts to extradite him from New Zealand to the United States. He was ordered extradited a year ago, but that court decision is now on appeal.)
In the case of KAT, Ukranian Artem Vaulin, 30, was formally charged with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement.
Vaulin was arrested in Poland, where he remains in custody pending a possible extradition to the United States.
Like The Pirate Bay, KAT does not host individual infringing files but rather provides torrent and magnet links so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users.
According to the 50-page affidavit, Vaulin and KAT’s claims that they respected the Digital Millennium Copyright Act were hogwash.
The affidavit was authored by Jared Der-Yeghiayan, who is a special agent with Homeland Securities Investigations and was also a key witness in the trial of Silk Road founder Ross Ulbricht.
Vaulin has since retained Dotcom’s lawyer, Ira Rothken, who has made similar arguments in court filings on behalf of his more famous client. Namely, that there is no such thing as secondary criminal copyright infringement, and while some files uploaded to KAT may have violated copyright, that does not make Vaulin a criminal.
Rothken has not yet been able to directly correspond with or even meet his Ukrainian client (and has to do so only through Polish counsel). Nevertheless, he filed a motion to dismiss in October 2016.
The government responded weeks later, and Rothken filed another response on November 18.
Prosecutors, for their part, said that the Rothken-Vaulin theory was ludicrous: “For the defendant to claim immunity from prosecution because he earned money by directing users to download infringing content from other users is much like a drug broker claiming immunity because he never touched the drugs.”
The two sides met before US District Judge John Z. Lee for a status conference on December 20, 2016. Judge Lee has not yet ruled on the motion to dismiss.
Hoarder vs. Hacker
Case: United States v. MartinStatus: Pending in the US District Court for the District of Maryland
While everyone knows about Edward Snowden and the shockwaves he sent through the intelligence community in 2013, fewer people know the name Harold “Hal” Martin.
Martin, like Snowden, was a contractor for the National Security Agency at Booz Allen Hamilton and held a top-secret clearance.
In August, he was arrested and criminally charged with “unauthorized removal and retention of classified materials by a government employee or contractor.” Prosecutors alleged that Martin had a substantial amount of materials that should never have left government custody.
Unlike Snowden, it’s unclear whether Martin is simply a “hoarder” (as his own lawyer argued) or whether he was someone who meant to sell, divulge, or disclose classified NSA material.
(Recent years have seen several unsolved leaks of classified material, including a source that provided intelligence materials that were published by the German magazine Der Spiegel.
In August 2016, there was the “Shadow Brokers” dump of NSA exploits. Neither leak has been definitively attributed.)
Two months later, when news of his arrest became public, Martin was immediately fired and stripped of his clearance.
An October 20 filing states that Martin also took home “six full bankers’ boxes” worth of paper documents, many of which were marked “Secret” or “Top Secret.” The documents are dated from 1996 to 2016.
“The weight of the evidence against the Defendant is overwhelming,” the government plainly stated in its filing, which continued:
For example, the search of the Defendant’s car revealed a printed email chain marked as “Top Secret” and containing highly sensitive information.
The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA’s classified computer infrastructure and detailed descriptions of classified technical operations.
The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations.
The docket in Martin’s case has not advanced since October 31.
For now, he remains in custody. No further hearings have been scheduled.
You say NIT, I say malware
Case: United States v.
CroghanStatus: Appeal pending in 8th US Circuit Court of Appeals
On December 1, a change to a section of the Federal Rule of Criminal Procedure went into effect. Under the revised Rule 41, any magistrate judge is now allowed to issue warrants authorizing government-sanctioned hacking anywhere in the country. Prior to that, magistrates could only sign off on warrants within their own federal district.
As Ars has reported previously, for more than two years now, the Department of Justice has pushed to change Rule 41 in the name of thwarting online criminal behavior enabled by tools like Tor.
The rule change might have gone unnoticed if not for over 100 child porn cases.
The cases are currently being prosecuted nationwide against suspects accused of accessing a Tor-hidden website called Playpen. Many of those cases have progressed “normally,” or at least as “normally” as child porn cases can progress.
But some suspects have challenged the use of what the government calls a “network investigative technique” (NIT), which security experts have dubbed as malware.
As Ars reported before, investigators in early 2015 used the NIT to force Playpen users to cough up their actual IP address, which made tracking them trivial.
In another related case prosecuted out of New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen’s 150,000 members and the malware’s capabilities.
As a way to ensnare users, the FBI took control of Playpen. Playpen users came to the site with their Tor-enabled digital shields down, revealing their true IP addresses.
The FBI was able to identify and arrest nearly 200 child porn suspects.
After 13 days, the FBI shut Playpen down. However, nearly 1,000 IP addresses were revealed as a result of the NIT’s deployment, which suggests that even more charges could be filed.
Beau Croghan, a man in Iowa, was one of those hit by this NIT. He’s accused of downloading child porn via Playpen. However, this past year, his case was just one of three in which a judge ruled to suppress the evidence due to a defective warrant.
In 2016, federal judges in Massachusetts and Oklahoma made similar rulings and similarly tossed the relevant evidence.
Thirteen other judges, meanwhile, have found that, while the warrants to search the defendants’ computers via the hacking tool were invalid, they did not take the extra step of ordering suppression of the evidence.
The corresponding judges in the remainder of the cases have yet to rule on the warrant question.
In Croghan’s case, however, US District Judge Robert Pratt seemed to have a clear understanding as to how the NIT worked. He rebuked the government’s arguments.
Judge Pratt wrote:
Here, by contrast, law enforcement caused an NIT to be deployed directly onto Defendants’ home computers, which then caused those computers to relay specific information stored on those computers to the Government without Defendants’ consent or knowledge.
There is a significant difference between obtaining an IP address from a third party and obtaining it directly from a defendant’s computer.
In November, the government appealed the ruling up to the 8th Circuit, arguing that the district court had gotten it wrong: ordering suppression of the evidence was going too far.
As prosecutors argued in their November 22 filing:
The facts of this case fall comfortably within this body of law and mandate the same result.
Assuming that the NIT Warrant was void because the magistrate judge lacked territorial authority to issue it, and further assuming that the FBI’s use of the NIT thereby amounted to an unconstitutional warrantless search or was somehow prejudicial, suppression is not warranted because the agents acted in objectively reasonable reliance on the subsequently invalidated warrant and were not culpable for the magistrate judge’s purported error.
Croghan’s attorneys have been ordered to file their response by January 12, 2017.
Case: United States of America v.
In the matter of a Warrant to Microsoft, Inc.Status: Appeal pending en banc in 2nd US Circuit Court of Appeals
It’s a case that’s being watched closely by many in the privacy community and the tech industry: Apple, the American Civil Liberties Union, BSA The Software Alliance, AT&T, Rackspace, Amazon, and others have joined in as amici.
The question before the court was simple: does the Stored Communications Act, an American law that allows domestically held data to be handed over to the government, apply abroad? In other words: can the government order an American company (Microsoft) to give up data held overseas (in this case, in Ireland)?
In July 2016, the 2nd Circuit said no.
The case dates back to December 2013, when authorities obtained an SCA warrant, which was signed by a judge, as part of a drug investigation.
The authorities served it upon Microsoft, but when the company refused to comply, a lower court held the company in contempt. Microsoft challenged that, too.
The 2nd Circuit has vacated the contempt of court order, writing:
The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s e‐mail account stored exclusively in Ireland.
Because Microsoft has otherwise complied with the Warrant, it has no remaining lawful obligation to produce materials to the government.
What the government hopes would be revealed by acquiring the e-mail is not publicly known.
The authorities have also not revealed whether the e-mail account owner is American or if that person has been charged with a crime related to the drug investigation.
On October 13, the government filed its en banc appeal before a full panel of judges at the 2nd Circuit, which has not formally decided to hear the case.
As prosecutors wrote in that filing:
There is no infringement of the customer’s privacy interest in his email content based on where Microsoft, at any given moment, chooses to store that content. Rather, the privacy intrusion occurs only when Microsoft turns over the content to the Government, which occurs in the United States.
The majority’s conclusion that the intrusion instead occurs where Microsoft “accessed” or “seized” the email content, Op. 39, is plainly wrong, because Microsoft could “access” or “seize” the email content on its own volition at any time and move it into the United States, or to China or Russia, or anywhere it chose, and the content would remain under Microsoft’s custody and control and the subscriber could not be heard to complain, unless and until the content were disclosed to the Government or another party.
This point is amply demonstrated by the concession of both Microsoft and the majority that Microsoft would have to comply with the Warrant if it had chosen (without consulting the subscriber) to move the target email account into the United States, even mere moments before the Warrant was served.
Microsoft has not yet filed its response.