August 03, 2020

MONTH-IN-BRIEF: Internet Law & Cyber-Security

Juliet Moringiello, Sara Beth A.R. Kohut

Digital Currency

OCC Says National Banks May Provide Custody Services for Cryptocurrency

By Stephen T. Middlebrook, Womble Bond Dickinson

On July 22, 2020, the Office of the Comptroller of the Currency (OCC) issued a letter stating that national banks and federal savings associations may provide cryptocurrency custody services for their customers.  National banks have long served customers by safeguarding valuables in safe-deposit boxes and vaults, and this letter clarifies that such services may extend to digital assets.  The OCC notes that cryptocurrency custody services may include holding the cryptographic keys associated with cryptocurrency as well as other services.  A national bank that chooses to engage in these new activities should do so in a manner consistent with sound risk management practices and aligned with the bank’s overall business plans and strategies. 

Cybersecurity

Capital One Ordered to Produce Report on Data Breach

By Nathaniel Trager, Temple University Schools of Law and Business

On June 25, 2020, a federal judge from Virginia’s Eastern District affirmed a May 2020 magistrate judge’s order compelling Capital One to disclose a forensic analysis of its 2019 data breach. Memorandum Op. and Order, In re Capital One Consumer Data Sec. Breach Litig., MDL No. 1:19md2915 (AJT-JFA) (E.D. Va. June 25, 2020). The breach allegedly exposed sensitive data of over 100 million people. By affirming the order, Judge Anthony Trenga rejected Capital One’s argument that the analysis, performed by a cybersecurity consultant, is protected as work product because it was prepared to help Capital One’s attorneys deal with related lawsuits.

WikiLeaks Task Force Reveals “Woefully Lax” Security Led to the Largest Security Breach in CIA History

By Michael Carbonara, American University Washington College of Law

On June 16, 2020, Senator Ron Wyden released a letter to the Director of National Intelligence about the WikiLeaks Task Force’s 2017 report on the “largest data loss in CIA history.” The full extent of the breach remains unknown, but the report estimates between 180 gigabytes to 34 terabytes of information, equivalent to “11.6 million to 2.2 billion pages,” was leaked. The report found “woefully lax” security practices and a focus on “building cyber weapons” while simultaneously “neglect[ing] to also prepare mitigation packages if those tools were exposed” was responsible.

Allegedly, the breach was committed by a CIA employee, Joshua Schulte, who was found guilty of making false statements to the FBI and contempt of court. However, a jury failed to reach a verdict on the other eight charges. The task force’s report contributed to his defense, as his attorneys argued that the agency’s poor security meant any number of employees or contractors could have been the one to release the information. The government is expected to retry Schulte on the eight acquitted charges.

Data Privacy

First Circuit Holds Camera Surveillance of a Suspect’s Home Does Not Require a Warrant 

By Taylor E. Hallowell, University of Maryland Francis King Carey School of Law

In United States v. Moore-Bush, the First Circuit Court of Appeals considered whether the government’s use of footage from a pole-mounted camera in a public space infringed the defendants’ reasonable expectation of privacy. United States v. Moore-Bush, Nos. 19-1582, 19-1625, Nos. 19-1583, 19-1626, 2020 U.S. App. LEXIS 18886 (1st Cir. June 16, 2020). The camera captured footage of a portion of the front of defendants’ house, as well as of the side door, garage, and driveway. The First Circuit reversed the Massachusetts District Court decision, asserting that the district court overlooked the limitations of Supreme Court precedent in Carpenter v. United States and misapplied First Circuit precedent in United States v. Bucci. The Court explained that while Carpenter did not call “security cameras” or other “conventional surveillance techniques” into question, Bucci explicitly upheld the “the government's use of a pole camera across the street from Bucci's home for eight months.” Therefore, the Court reasoned that the case required only a straightforward application of Bucci. As a result, government use of public cameras to conduct surveillance of suspects’ homes is not an unreasonable search under the Fourth Amendment.

Juliet Moringiello

Commonwealth Professor of Business Law, Widener University Commonwealth Law School

Juliet Moringiello is the Commonwealth Professor of Business Law at Widener University Commonwealth Law School in Harrisburg, PA, where she teaches Property, Bankruptcy, Secured Transactions, Sales, and a seminar on Cities in Crisis. She earned her B.S.F.S. at Georgetown University, her J.D. at Fordham University School of Law, and her LL.M in Legal Education at Temple University School of Law. Professor Moringiello is Chair of the Pennsylvania Bar Association Business Law Section, a Uniform Law Commissioner for Pennsylvania, and a member of the American Law Institute. She is also a Fellow of the American College of Commercial Finance Lawyers and has held several leadership positions in the American Bar Association Business Law Section.

Sara Beth A.R. Kohut

Co-Chair; Cybersecurity, Privacy, and Data Protection Group; Young Conaway

Sara Beth’s practice focuses on advising legal representatives for future claimants in connection with asbestos mass tort insolvency matters and settlement trusts. She has also represented national and local businesses in cases involving intellectual property, corporate and commercial issues in the federal and state courts in Delaware. Sara Beth has advised clients on strategies for protecting intellectual property rights and complying with obligations governing the privacy and security of sensitive data. She currently co-chairs Young Conaway’s Cybersecurity, Privacy, and Data Protection group.