Explore Freedom

Explore Freedom » America: Extorting Data Access

FFF Articles

America: Extorting Data Access

by

U.S. law enforcement wants companies to covertly install so-called computer back doors in the software they produce. This would allow the government to access information on any computer using the software without being detected and without going through an authentication process that protects privacy. As well, the untraceable e-wiretaps would effectively bypass the sticky question of obtaining warrants.

A recent criminal case against programmer Robert Stuart spotlights how far the government will go to force programmers to install back doors. The state sought cooperation through threats of imprisonment, not only of Mr. Stuart, but also of his family members on innovative charges.

Background to back doors

The legislative route to back-door access has been rocky. Last fall, for example, cyberspace buzzed about a drive by U.S. law enforcement to acquire unprecedented back-door privileges. In a September 22 CNet article, privacy expert Declan McCullagh warned,

the FBI is asking Internet companies not to oppose a proposed law that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in back doors for government surveillance. The bureau’s draft proposal would require that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

The proposal met stiff opposition from civil rights and privacy organizations such as the Electronic Frontier Foundation (EFF), which launched a legal challenge. In an announcement of the Internet privacy battles it expects in 2013, EFF reported on rumors “that the Obama Administration will propose a far-reaching new Internet surveillance law” by forcing “social networks and other web-based communications services” to install wiretap-friendly back doors. It, too, will meet stiff opposition.

The criminal case against Robert Stuart illustrates an entirely different strategy being used by law enforcement: coercive backroom deals.

The strange case of Robert Stuart

The Arizona-based programmer Robert Stuart wrote and markets software called Action Sportsbook International (ASI). The program acts as an infrastructure to allow the processing of bets by online gambling sites. ASI does not place bets. Given the illegal status of gambling in areas of America, Stuart sells exclusively to non-U.S. entities where gambling is legal; he claims to be unaware of ASI being used domestically.

The persecution of Stuart began in February 2011. The tech site Wired reports,  “About 30 local Arizona law enforcement agents wearing SWAT gear and camouflage dress — some of them with bushes attached to their shoulders to blend into the woods around his house — descended on his home and threatened to send him and his wife to prison for 35 years if he didn’t cooperate.” The couple was threatened with a wide range of criminal charges, from money laundering to operating an illegal business.

On October 26, 2012, the New York County District Attorney’s Office issued a press release. Stuart — along with his wife and brother-in-law — had been charged with violating New York Penal Law § 225.10, “Promoting Gambling in the First Degree.” (All three are active in the company.) They were accused of knowingly promoting a gambling operation in New York. The violation is an “E” felony that is punishable by up to four years in state prison.

The press release suggests Stuart could also face legal problems in “California, Connecticut, Florida, Illinois, Kansas, Massachusetts, Nevada, New Jersey, New York State, Oklahoma, Pennsylvania, Tennessee, and Texas,” where ASI was alleged to have been similarly used. “The investigation into this case continues,” the district attorney declares. Three assistant district attorneys were handling the prosecution, with a hefty list of high-ranking law officials included in the investigation. On January 8, 2013, the Supreme Court of New York began hearing the case.

Why is the state of New York now so strenuously prosecuting a case that it left dormant for almost two years?

Part of the answer is that there is an all-out assault on unsanctioned gambling in various states, including New York. For one thing, “illegal” gambling competes with state-sponsored casinos, which rake in much-needed money.

But part of Stuart’s rough treatment undoubtedly springs from a plea agreement he accepted from the New York County District Attorney’s Office before charges had been laid (PDF). The plea agreement — part of which has been made public by Stuart — says that he

shall actively participate in ongoing investigations by the District Attorney.… Active participation may include, but is not limited to … aiding in the design of software used to obtain records, usernames, passwords, and other information residing on websites using ASI.

In short, Stuart could be forced to install a back door into ASI software for the district attorney’s use. He was also required to plead guilty to two charges of money laundering.

According to Wired, “Daniel R. Alonso, chief assistant in the Manhattan District Attorney’s Office, was reluctant to discuss the terms of the confidential plea agreement or how his office planned to implement them.” Nevertheless, “he insisted there was nothing unlawful about what was proposed.” Alonso also defended the 2011 use of a SWAT team to intimidate Stuart into hacking into his customer’s data.

Before the plea deal could receive the necessary approval of a judge, however, Stuart changed his mind. Thus, the deal was made public. (It is impossible to know how many similar “deals” have been negotiated with programmers and software companies across the United States, because plea agreements are almost always confidential.)

And so Stuart and his family members were charged with the one offense that had a chance of being successfully prosecuted: violating New York Penal Law § 225.10, “Promoting Gambling in the First Degree.” Stuart calls the charge “retaliatory.”

New York’s case

The case against Stuart is a legal stretch. New York is attempting to convict a software programmer who sold licensed software for lawful purposes on the grounds that some buyers have used it in an illegal manner.

The wording of the law in question is that, “a person is guilty of promoting gambling in the first degree when he

knowingly advances or profits from unlawful gambling activity by … [e]ngaging in bookmaking to the extent that he receives or accepts in any one day more than five bets totaling more than five thousand dollars.”

New York prosecutors will need to prove at least three elements. First, that Stuart advanced or profited from unlawful gambling. Second, that he knew ASI was being used by illegal gambling sites. Third, that he accepted the minimum in bets that is necessary to trigger prosecution.

Regarding the first claim, the district attorney’s press release claims, “The overwhelming majority of the approximately $1.1 million cash and $1.2 million in money orders deposited into [Stuart’s company’s] bank accounts are alleged to be direct proceeds of illegal, U.S.-based bookmaking operations.” Stuart insists he sold ASI only in countries where gambling was lawful. The prosecutors will maintain that the direct licensees made their licenses available to third parties in America (sublicensing did not require Stuart’s consent). Thus, the quarterly licensing fees were profit from illegal gambling. At this point, however, no America sublicensee has been named, even to Stuart himself.

The second claim refers to Stuart’s knowledge of illegal use. New York Penal Law § 15.05, “Culpability; definitions of culpable mental states,” offers a broad definition of knowing. It includes actions taken when someone “is aware that his conduct is of such nature” or under such circumstances that the conduct is likely to violate the law.”

In other words, if he should have known, then he did know. Many jurisdictions also include willful ignorance as a form of “knowing,” and this point could be argued as well. The prosecution will rely on circumstance. They will point an accusing finger at the methods of payment used by Stuart’s company: wire transfers, money orders, and cash directly deposited into bank accounts. The unusual payment methods, they will contend, mean that Stuart knew or should have known the money came from an illegal source. Moreover, since his license agreement allowed it, he should have foreseen that ASI would be sublicensed freely.

The law firm Perkins Coie offered insight into how the third point — that Stuart received or accepted in “any one day more than five bets totaling more than five thousand dollars” — is likely to be addressed. Prosecutors have not accused Stuart of accepting bets directly. Instead, they have alleged “that others used ASI to make or receive illegal bets.… [T]he district attorney’s reasoning is that by distributing software that facilitates betting or wagering infrastructure and by taking licensing fees, Mr. Stuart (indirectly at least) accepted illegal bets and profited from illegal gambling.” By “accepting payment, the source of which may have derived from illegal bets, Mr. Stuart accepted illegal bets.” Perkins Coie concluded, “The end result is that Mr. Stuart is being held accountable for others’ illegal activities using a product that he developed and licensed for lawful purposes.”

Conclusion

A successful prosecution of Stuart, his wife, and his brother-in-law could trigger major changes in the software business in America, because it would imply that the creators of software have secondary liability — that they are legally responsible for how others use their programs. TechDirt comments,

If you think secondary liability issues are important …  this case should be a major concern. The guy here just developed some useful software and sold it where it was legal to do so. That should not lead to a SWAT team descending on your house, or facing criminal charges and possible jail time. Blame the users of the software if they broke the law, but nothing that these guys did involved “promoting gambling” in areas where it was illegal. It was about providing legal infrastructure (not promotional) software.

And yet, a SWAT team invasion and threats of money-laundering charges with a possible four years in a state prison are precisely the government’s response. This case should be understood in the context of law enforcement’s need for Stuart’s cooperation to install back doors. What cannot be accomplished through legislation can often be obtained through legal threats and the targeting of relatives. Stuart’s prosecution should be viewed, at least partially, as punishment for refusing to install back doors.

If secondary liability accrues to lawful software, then software development will either flee America or cooperate actively with law enforcement by installing such back doors. If developers cooperate, then customers will eschew American software as spyware. The Stuart case should be closely watched.

  • Categories
  • This post was written by:

    Wendy McElroy is an author for The Future of Freedom Foundation, a fellow of the Independent Institute, and the author of The Reasonable Woman: A Guide to Intellectual Survival (Prometheus Books, 1998).