The Ninth Circuit recently heard an appeal that challenges a common tool of law enforcement: “f” letters.

Under section 2703(f) of the Stored Communications Act, law enforcement may compel providers of “electronic communications services” (think Google) to preserve “records and other evidence” (think email) for a period of time. These preservation demands do not require any degree of suspicion, let alone probable cause, and are sent without judicial approval. Here’s a sample, provided by the Department of Justice:

 

Because the statute allows law enforcement to bypass judicial review, “f” letters are an increasingly popular avenue for obtaining digitally stored, incriminating evidence.

Google, for instance, has annually received tens of thousands of “f” letters since July 2014. In the first half of 2018, Google received nearly 10,000 such preservation demands affecting over 24,000 users/accounts. (By comparison, during that time, Google received 8,687 search warrants and 11,099 subpoenas). In the second half of 2018, Facebook received 57,000 preservation demands affecting 96,000 users/accounts.

The use of “f” letter is becoming increasingly common. In its latest Transparency Report, Google published a graph depicting this increase. (The brown indicates preservation letters, the red are subpoenas and the gold, search warrants.)

Similar graphics provided in Facebook’s transparency report tell the same story.

Back to Basey. In Basey, law enforcement sent an “f” letter to Yahoo!, requiring that Yahoo! copy and preserve data from Basey’s account. Yahoo! complied (as it must under the statute). About 9 months after the “f” letter, the FBI returned with a search warrant and uncovered incriminating evidence. After being convicted at trial, Basey appealed, arguing that the government’s section 2703(f) preservation request violated his Fourth Amendment right to be free from unreasonable searches and seizures. The ACLU filed an amicus brief supporting Basey, and, at oral argument, the ACLU argued first.

The ACLU’s argument went something like this: When Yahoo!, acting as law enforcement’s agent, copied and preserved Basey’s electronic communications, they “seized” his property. Per the ACLU’s amicus brief:

Yahoo!’s compliance meant that Basey could no longer exclude the government from accessing, searching, using, or sharing his private messages and associated data. It meant that he could no longer delete his messages. Because of the receipt of the 2703(f) letter, whatever the user did to his information, a copy would nevertheless remain for government use. That copying and preservation meaningfully interfered with his possessory interests—and thus constituted a Fourth Amendment seizure

This argument apparently comes from Professor Orin Kerr. In a 2016 article, Kerr lays out the argument and its weaknesses, and concludes that “it’s a significant argument that defense lawyers should be making.” (Though, he cautions: “Perhaps I’m more of a fan of the argument because I came up with it; originating credit can blur vision.”)

Based on Monday’s oral argument, however, it appears that the practice of sending “f” letters will continue to go unreviewed. Basey moved to suppress the data obtained from Yahoo! after the court-imposed deadline. As a result, the district court declined to hear the motion. And the district court’s decision is reviewed for abuse of discretion.

Most questions from the three-judge panel went to procedural obstacles—and not the merits of the constitutional argument. In addition to Basey’s untimely filing, because the district court did not hear the motion, the record is lacking as to whether Yahoo! actually did copy Basey’s emails in response to the FBI’s demand, or whether Yahoo! preserves such data as a matter of course. So, the practice of “f” letters may continue to go unreviewed by federal appellate courts.

In the ongoing legal battle over the alleged theft of American trade secrets by Chinese telecom giant Huawei, one curious aspect is the lack of charges filed against any individual Huawei employees. On February 28, Huawei pled not guilty to charges of trade secret theft in federal court in Washington. This has been one of the most publicized trade secret cases since the DOJ announced the China Initiative in November 2018, prioritizing the quick and effective identification and prosecution of trade secret cases related to alleged Chinese theft of American intellectual property. In January, Huawei was indicted for theft of trade secrets conspiracy, attempted theft of trade secrets, seven counts of wire fraud, and one count of obstruction of justice. The government alleges that Huawei engineers stole information from T-Mobile related to its cell phone testing robot, “Tappy.” The indictment alleges that despite signing non-disclosure agreements with T-Mobile, Huawei engineers took measurements of the robot and even stole a part of the robot for the benefit of Huawei. It also alleges that Huawei offered bonuses to employees who succeeded in stealing confidential information from other companies. Continue Reading Individual Accountability in the Huawei Trade Secrets Prosecution

Two United States congressmen introduced legislation in late December that would exclude certain digital currencies from being defined as securities – a bill that, if enacted, may finally provide the cryptocurrency industry with regulatory clarity regarding when the offer and sale of digital tokens must comply with federal securities laws.

The Token Taxonomy Act of 2018 – introduced on December 20, 2018 by Reps. Warren Davidson (R-Ohio) and Darren Soto (D-Florida) – would, among other things, amend the Securities Act of 1933 and the Securities Exchange Act of 1934 to exclude “digital tokens from the definition of a security,” as well as exempt digital tokens from the registration and reporting requirements of Section 5 of the 1933 Act. The bill effectively defines “digital tokens” as tokens created through the operation of the blockchain process and that are not “a representation of a financial interest in a company, including an ownership or debt interest or revenue share.” The definition explicitly includes such tokens issued through an initial coin offering (ICO, or the process of raising capital in exchange for tokens).

The bill leaves room for the SEC to deem certain “digital units” as securities – an umbrella term meant to represent any “economic, proprietary, or access rights that [are] stored in a computer-readable format” – if such units fall outside the definition of “digital tokens” and are actually meant to serve as equity. And when a party has a “reasonable and good-faith belief” that it is selling a token (versus a security) and the SEC disagrees, the bill grants that party a 90-day safe harbor period wherein it can avoid penalty by halting the sale of all tokens and returning all proceeds. Continue Reading Token Taxonomy Act Seeks to Provide Regulatory Clarity to Crypto Industry

The attorney-client privilege, which prohibits the compelled disclosure of confidential communications between an attorney and their client, is enshrined in common law and statutory codes across the country. See, e.g., Cal. Evid. Code § 950 et seq.; Upjohn Co. v. United States, 449 U.S. 383, 389 (1981) (the fundamental purpose of the attorney-client privilege “is to encourage full and frank communication between attorneys and their clients and thereby promote broader public interests in the observance of law and administration of justice”).

The long-standing recognition of this privilege reflects the policy decision that the encouragement of candor between lawyers and clients outweighs probative and evidentiary value of those frank communications to the administration of justice.

But what happens when a different policy choice is made? Continue Reading What’s Privilege Got to Do With It? Practical Tips for Managing Bank Regulators Access to Attorney-Client Privileged Information

New cryptocurrencies and tokens have been popping up all over the place, leading the SEC to set up an initial coin offering (ICO) section on its website and to promote recent enforcement actions in the digital currency space. The proliferation of new tokens offers a growing opportunity for cross-over and cooperation between different federal agencies. The SEC representative at a recent Bar Association of San Francisco panel last week noted that the SEC’s cyber unit is currently looking at dozens of new cryptocurrency or crypto market enforcement actions, including quite a few with the local U.S. Attorney’s office where fraud is implicated. Continue Reading Branding Concerns Rise Amid Cryptocurrency Proliferation

It always comes when you least expect it – a government inquiry to investigate your business. While it may instill a sense of panic, there are steps you can take to make sure you’re in the best position possible when the investigation begins.

This blog series developed by Chrysty Esperanza, Litigation Counsel at Square, Inc., will address this main question: When you receive a subpoena, CID, or informal request from the government, how should you respond?


Cooperation and Voluntary Disclosure Issues – Benefits + Risks of Self Reporting

The Foreign Corrupt Policies Act (FCPA) unit at the DOJ recently enacted its Corporate Enforcement Policy. According to the policy, if a company self-reports an FCPA violation and cooperates fully and timely, there is a presumption of declination of prosecution.  However, there is an exception – the presumption will not apply if there are aggravating circumstances that warrant a criminal investigation, Continue Reading Battling Government Investigations Series – Cooperation and Voluntary Disclosure

It always comes when you least expect it – a government inquiry to investigate your business. While it may instill a sense of panic, there are steps you can take to make sure you’re in the best position possible when the investigation begins.

This blog series by Chrysty Esperanza, Litigation Counsel at Square, Inc., will address this main question: When you receive a subpoena, CID, or informal request from the government, how should you respond?


When Civil and Criminal Investigations Collide

Civil and criminal investigations are not as separate as you may think, and it is quite possible they may blend together.  While an internal investigation may be launched in response to a civil request from a government agency, the degree of cooperation between civil and criminal government agencies means an open civil investigation can easily trigger a criminal inquiry. When parallel civil and criminal investigations occur jointly, the government agencies may share the work and information from their respective investigations.  For example, a subpoena from the Securities and Exchange Commission (SEC) will always note that information discovered during the investigation can be shared with multiple agencies, like the Department of Justice (DOJ).  Continue Reading Battling Government Investigations Series – Civil and Criminal Investigations

It always comes when you least expect it – a government inquiry to investigate your business. While it may instill a sense of panic, there are steps you can take to make sure you’re in the best position possible when the investigation begins.

This blog series developed by Chrysty Esperanza, Litigation Counsel at Square, Inc., will address this main question: When you receive a subpoena, CID, or informal request from the government, how should you respond?


How do you find the right lawyer to conduct an internal investigation?

When an issue arises that requires an internal investigation, determining who handles the investigation may have a significant impact on the investigation itself. There are basically two options:  use in-house resources or hire outside counsel.  Usually, it is preferable to hire outside counsel, especially where the issues being investigated are serious or involve concerns as to management integrity.  Doing so conveys to the government that you are taking the investigation seriously.  Engaging outside counsel also provides more credibility where senior management are being asked to provide information, and demonstrates your appreciation and understanding of the complexity of the investigation.  It also conveys to senior management internally the seriousness of the matter.  In addition, outside counsel can provide a fresh and objective perspective on your internal practices and may even provide an opportunity to benchmark your business with industry standards and best practices of other companies. Continue Reading Battling Government Investigation Series – Find the Right Lawyer

At a recent panel organized by San Francisco’s Federal Bar Association, the San Francisco Regional Director of the Securities and Exchange Commission (SEC), Jina Choi, confirmed that the agency continues to focus on investor fraud in the pre-IPO private market space. Highlighting enforcement actions against the non-public Zenefits, Credit Karma, and Theranos[1], Ms. Choi reiterated the SEC’s commitment to aggressive oversight over “unicorns,” or privately-held companies valued over $1 billion. The SEC first announced its intent to step up enforcement in this space in a March 2016 speech by previous SEC Chairwoman Mary Jo White, and Ms. Choi reported that the current SEC leadership, led by current Chairman Jay Clayton, is equally committed to policing this “beat.”

The Compliance Gap has been closely tracking SEC compliance enforcement at privately-held companies, which began in earnest last fall when the SEC announced that the non-public human resources company Zenefits and its founder, Parker Conrad had agreed to pay a combined $980,000 to settle claims that the company intentionally misled the company’s Series B and C investors. The SEC alleged Conrad and the company had misled investors about the degree to which Zenefits complied with state licensing laws, resulting in a lowered valuation when the compliance failures were revealed.

In March of this year the SEC reported a first-of-its-kind settlement with Credit Karma, in which the company agreed to pay $160,000 to settle claims that it failed to provide its employees with the disclosures required by Rule 701(e) of the Securities Act.  Rule 701 requires that a company compensating its employees with stock options provide detailed financial and risk disclosures before the date of sale. The SEC alleged that Credit Karma sold approximately $13.8 million in stock options to its employees without providing the information required by Rule 701.

Just two days after announcing the Credit Karma settlement, the SEC also filed a complaint against health care company Theranos, company founder Elizabeth Holmes, and former President and Chief Operating Officer Ramesh “Sunny” Balwani. In the complaints the SEC alleged that the company, Ms. Holmes, and Mr. Balwani made false claims about the capabilities of the company’s proprietary blood-test analyzers, regulatory approval of the proprietary blood-test analyzers, and the company’s business relationships with the U.S. Department of Defense.  Theranos and Ms. Holmes agreed to settle the claims made by the SEC, but Mr. Balwani has chosen to litigate what will surely be a closely watched case.

Ms. Choi also highlighted the SEC’s new approach to devising inventive ways to punish investor fraud in the private space. For example, Ms. Choi noted that the agency required both company and individual settlement payments in the Zenefits and Theranos resolutions (Ms. Holmes agreed to pay $500,000 and Mr. Conrad agreed to pay nearly that amount).  Ms. Holmes was also required to forfeit her ownership interest in Theranos, and was permanently banned from serving as an officer or director of any publicly-traded company.  Ms. Choi indicated that these remedies were arrived at through significant consultations with allegedly defrauded investors.  This approach indicates a shift towards creative remediation schemes that reflect the wishes of alleged victims, and the perceived need for individual punishments in the privately-held company space where founders can be interchangeable with the companies they build.

[1] Farella, Braun + Martel, LLP represents an individual in connection with the Theranos investigation. This report contains only publicly available information.

Department of Justice signNext week marks the 40th anniversary of the Foreign Corrupt Practices Act – it became effective December 19, 1977. Deputy Attorney General Rod Rosenstein marked the occasion this month by providing an update on the FCPA Pilot Program announced in spring 2016 and detailed in this Compliance Gap blogpost. Bottom line: the FCPA policy now provides for a presumed declination of prosecution for companies that complete a fulsome self-disclosure disgorgement, and remediation program. Continue Reading FCPA in the Trump DOJ: Continuing Down the Same Path, with a Little More Heft