Digital Currency
OCC Says National Banks May Provide Custody Services for Cryptocurrency
By Stephen T. Middlebrook, Womble Bond Dickinson
On July 22, 2020, the Office of the Comptroller of the Currency (OCC) issued a letter stating that national banks and federal savings associations may provide cryptocurrency custody services for their customers. National banks have long served customers by safeguarding valuables in safe-deposit boxes and vaults, and this letter clarifies that such services may extend to digital assets. The OCC notes that cryptocurrency custody services may include holding the cryptographic keys associated with cryptocurrency as well as other services. A national bank that chooses to engage in these new activities should do so in a manner consistent with sound risk management practices and aligned with the bank’s overall business plans and strategies.
Cybersecurity
Capital One Ordered to Produce Report on Data Breach
By Nathaniel Trager, Temple University Schools of Law and Business
On June 25, 2020, a federal judge from Virginia’s Eastern District affirmed a May 2020 magistrate judge’s order compelling Capital One to disclose a forensic analysis of its 2019 data breach. Memorandum Op. and Order, In re Capital One Consumer Data Sec. Breach Litig., MDL No. 1:19md2915 (AJT-JFA) (E.D. Va. June 25, 2020). The breach allegedly exposed sensitive data of over 100 million people. By affirming the order, Judge Anthony Trenga rejected Capital One’s argument that the analysis, performed by a cybersecurity consultant, is protected as work product because it was prepared to help Capital One’s attorneys deal with related lawsuits.
WikiLeaks Task Force Reveals “Woefully Lax” Security Led to the Largest Security Breach in CIA History
By Michael Carbonara, American University Washington College of Law
On June 16, 2020, Senator Ron Wyden released a letter to the Director of National Intelligence about the WikiLeaks Task Force’s 2017 report on the “largest data loss in CIA history.” The full extent of the breach remains unknown, but the report estimates between 180 gigabytes to 34 terabytes of information, equivalent to “11.6 million to 2.2 billion pages,” was leaked. The report found “woefully lax” security practices and a focus on “building cyber weapons” while simultaneously “neglect[ing] to also prepare mitigation packages if those tools were exposed” was responsible.
Allegedly, the breach was committed by a CIA employee, Joshua Schulte, who was found guilty of making false statements to the FBI and contempt of court. However, a jury failed to reach a verdict on the other eight charges. The task force’s report contributed to his defense, as his attorneys argued that the agency’s poor security meant any number of employees or contractors could have been the one to release the information. The government is expected to retry Schulte on the eight acquitted charges.
Data Privacy
First Circuit Holds Camera Surveillance of a Suspect’s Home Does Not Require a Warrant
By Taylor E. Hallowell, University of Maryland Francis King Carey School of Law
In United States v. Moore-Bush, the First Circuit Court of Appeals considered whether the government’s use of footage from a pole-mounted camera in a public space infringed the defendants’ reasonable expectation of privacy. United States v. Moore-Bush, Nos. 19-1582, 19-1625, Nos. 19-1583, 19-1626, 2020 U.S. App. LEXIS 18886 (1st Cir. June 16, 2020). The camera captured footage of a portion of the front of defendants’ house, as well as of the side door, garage, and driveway. The First Circuit reversed the Massachusetts District Court decision, asserting that the district court overlooked the limitations of Supreme Court precedent in Carpenter v. United States and misapplied First Circuit precedent in United States v. Bucci. The Court explained that while Carpenter did not call “security cameras” or other “conventional surveillance techniques” into question, Bucci explicitly upheld the “the government's use of a pole camera across the street from Bucci's home for eight months.” Therefore, the Court reasoned that the case required only a straightforward application of Bucci. As a result, government use of public cameras to conduct surveillance of suspects’ homes is not an unreasonable search under the Fourth Amendment.