E-Commerce Law Week, Issue 447

FBI Under the Gun for NSL "Abuse"; Are Telecoms Next?

On March 9, the Department of Justice Inspector General released a report finding significant problems with the FBI's use of "National Security Letters."  NSLs are essentially administrative subpoenas that the FBI can use, without having to go to a court or a grand jury, to obtain a wide variety of customer records from telecoms, Internet service providers, financial institutions, and credit agencies.  While the headlines are screaming FBI "abuse," the IG actually found no evidence of deliberate violations of the law.  Rather, the report paints a picture of bureaucratic bungling, shoddy recordkeeping, confusion about the law, and lack of adequate internal oversight.  Moreover, the problems found by the IG in some ways were inevitable after Congress dramatically lowered, in the USA PATRIOT Act, the threshold for obtaining an NSL.  After all, when the FBI need only certify that records are "relevant" to an investigation in order to obtain them, and there is no meaningful judicial or congressional oversight of this sweeping power, misuse can fairly be expected.  And given how little opposition there was in Congress to the Patriot Act in general or to the expansion of NSL authority in 2001 (the vote in the Senate was 98-1), the sudden uproar in Congress seems a bit belated, if not disingenuous.  Still, with Congress holding hearings and the media suddenly interested in this once-obscure investigative tool, there are two key issues for affected companies.  First, will companies' cooperation with the FBI be the subject of congressional inquiry and perhaps lawsuits?  (Short answer: Yes.)  Second, will the congressional uproar lead to a significant cutback in substantive NSL authority, or will it cause only procedural changes to ensure more meaningful oversight by DoJ and Congress?  (The latter.)

What Ever Happened With the Patriot Act's "Library Provision"?  Not Much.

Meanwhile, lost in the ongoing kerfuffle over the IG's report on NSLs is a second IG report, concerning the use of Section 215 of the USA PATRIOT Act.  Not too long ago, Section 215 -- the so-called "library provision" -- was one of the main targets of Patriot Act critics, who feared that the FBI would willy-nilly obtain records on ordinary citizens' reading habits.  As we reported previously, though, that fear was always overblown, and it distracted people from much more worrisome problems with the Patriot Act, such as its drastic expansion of the FBI's NSL authority.  The recent pair of IG reports bears this out:  while the IG found numerous violations of law and internal rules when it came to NSLs, resulting in the FBI's obtaining information it was not legally entitled to, the IG found very few violations when it came to Section 215 orders.  More tellingly, while the FBI issued over 143,000 NSLs from 2002 to 2005, it obtained only 162 Section 215 orders in the same period.  And most of those orders were for telephone and email subscriber records, which the FBI can now obtain with a pen register/trap-and-trace order -- meaning the FBI probably uses Section 215 orders even less frequently today.  In fact, the chief problem with Section 215, the IG found, was that the FBI used it so infrequently and ineffectively, due to internal disagreements about the law, the lack of internal guidance, and long delays in processing requests for orders.  The IG report thus confirms two things, which are really flip sides of the same coin:  (1) that many critics of the Patriot Act have been barking up the wrong tree for more than five years, since NSLs were always a bigger threat to civil liberties than Section 215 orders; and (2) DoJ and the FBI oversold the importance of Section 215 to counterterrorism investigations.

Hack.  Pump.  Dump.  Repeat.

What do you get when you cross computer hacking with manipulative stock trading?  A new form of the old pump-and-dump schemes.  Pump-and-dumpers turned to Internet technology a while ago, sending huge volumes of email spam urging gullible investors to buy a certain penny stock, thus artificially "pumping up" the price of that stock, which the fraudsters then sell -- or "dump" -- to make a quick profit.  Next, to maximize the amount of spam they could send, fraudsters started using "botnets" of innocent parties' hijacked computers.  Now, pump-and-dumpers have upped the technological ante again, hacking directly into investors' online brokerage accounts and using those accounts to buy large quantities of the target penny stock and drive up that stock's price.  Enter the Securities and Exchange Commission, which filed a civil complaint against a suspected Eastern European hack-pump-and-dump ring and on March 6 obtained a court order freezing $3 million of the group's assets.  This is the second major move by the SEC in a computer hacking case in recent weeks, thus clearly signaling the arrival of another cop on the cyber enforcement beat.

Is Jerry Brown Going Soft Again?

As governor of California, Jerry Brown had a reputation as a liberal iconoclast.  But he reinvented himself as a law-and-order man when he later served as mayor of Oakland and then ran for state attorney general.  But now that he has assumed office as AG, Brown may be reverting to his "Governor Moonbeam" persona, as he apparently agreed to a state court's March 14 dismissal of pretexting-related charges against former Hewlett-Packard chair Patricia Dunn and three other defendants.  The precise reasons for the dismissal are still unclear, though, since neither Brown nor the state court judge has offered an explanation.  But Dunn and the others are not out of the woods yet, since a federal investigation continues.  And H-P itself remains the subject of an investigation by the Securities and Exchange Commission.

European Gamblers May Find More Comfort in Leisure Suit

No, we're not talking about fashion disasters from the 1970s, but about the recent decision by the European Court of Justice (ECJ) in the Placanica case, which involved British gambling company Stanley Leisure PLC and three Italian affiliates.  The ECJ found that if an EU member state's laws and practices have made it impossible for another member state's sports-betting services to obtain licenses, that state may not prosecute such services for operating without proper authorization. Depending on how EU member states interpret the court's ruling, it could permit sports betting operations -- including Internet betting -- to move into new markets, giving gamblers more choices in where to lay down their wagers and upending some states' gambling monopolies.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.