Internet Lawyer Blog

Earlier, a post on this blog noted the jurors in the corruption trial of former Governor Rod Blagojevich had informed the judge they had only reached a decision on two of the 24 charges in the case. Now, the news comes that the jurors have reached a final verdict: on one count only. Jurors have found Rod Blagojevich guilty on one count of lying to federal agents. The judge has decided to declare a mistrial on the remaining 23 counts.

Prosecutors have wasted no time in announcing that they intend to retry Blagojevich and his brother Robert on the other charges. As the Associated Press reported, one of the main charges as yet undecided is whether or not Blagojevich attempted to sell the senate seat vacated by President Obama. The presiding judge in the trial, James Zagel, has set a hearing for Aug. 26 to decide issues regarding the retrial.

The AP reported that the jurors looked wearier than they had during the trial. The single count verdict came after 14 days of deliberations. At one point, the jurors had informed Judge Zagel that they were deadlocked on as many as 11 of the charges. They had also informed the judge that they had reached agreement on two charges, but seemed to have lost their consensus along the way to the jury verdict.

The lone count on which Blagojevich was found guilty was for lying to federal agents when he told them he did not track his campaign contributions and kept a "'firewall' between campaigns and government work." The conviction carries a maximum sentence of up to five years in prison and a fine of $250,000.

During the corruption trial, Robert Blagojevich testified that his brother was "trying to politically work something to his benefit" regarding the handling of the Senate seat, but was thinking in terms of political horse-trading, not corruption, according to a report by CNN.

The Internet has made life easier in so many ways, including the ability to shop and conduct financial transactions online. Of course, just like in the world of bricks and mortar, criminals also lurk in Cyberspace, seeking to steal identities, data and money. While Cyber criminals, of course, are responsible as a matter of criminal and civil law for their own wrongdoing, the question arises as to whether others also can be deemed responsible for the harm suffered as a result of this illegal conduct.

The recent case of Patco Construction Company, Inc. v. People's United Bank d/b/a Ocean Bank, filed in state court in Maine, tees up this very question for resolution.

Patco alleges that it has been a customer of Ocean Bank. Patco asserts that Ocean Bank failed to fulfill "ones of its most basic obligations, namely, to protect its customers' funds against theft."

According to Patco's complaint, over the course of one week in May of this year, cyber criminals accessed Patco's accounts at Ocean Bank and transferred hundreds of thousands of dollars to numerous banks accounts by way of the Automated Clearing House network, a system used by banks to transfer funds electronically between accounts.

Patco states that Ocean Bank purportedly informs its customers that its online banking system utilizes sophisticated "behind-the-scenes" security measures that are suppose to monitor the type, frequency and origination point of electronic transactions. However, Patco complains that the security measures on Patco's account were structured in a manner that leave the account vulnerable to the very attacks that occurred.

Moreover, Patco alleges that Ocean Bank did not detect the improper transfers that should have been seen as suspicious because they were larger than usual Patco transactions, they were directed to numerous accounts as to which Patco had never transferred funds, and the transfers original from Internet protocol addresses that Patco had not used before to conduct its online banking.

In addition to the foregoing, Patco complains that Ocean Bank allowed the perpetrators to draw on a line of credit Patco had with the bank in excess of more than $200,000 in additional stolen funds. Patco states that it is particularly insulted that Ocean Bank expects the repayment of this money plus interest by Patco.

Patco has asserted causes of action for negligence, breach of contract, breach of fiduciary duty, among others.

Patco's complaint is just one side of the story, of course. Ocean Bank will have its day in court and will be able to present its defenses. How this case unfolds and resolves largely will turn on the facts.

Factual questions to be answered will include: the extent to which Ocean Bank represented and agreed that it would implement security measures to protect the funds of customers; whether Ocean Bank fulfilled its representations and promises in that regard; whether Ocean Bank acting responsibly in light of its position of trust and in light of reasonable industry standards; and whether Ocean Bank should have been on notice of improper criminal conduct based on the facts.

Other facts to be considered include the banking history of Patco with Ocean Bank, whether Patco possibly did anything to contribute to the compromised scenario as it unfolded, and whether the Cyber attacks were beyond what a reasonable financial institution could detect and prevent under these circumstances.

The object lesson of this lawsuit is not necessarily what the ultimate outcome will be based on its unique facts. The real point is that causes of action do exist in the law that can make a third-party, like a bank, potentially responsible for harm suffered by others at the hands of Cyber criminals.

Thus, not only should online companies protect themselves from online criminal conduct, they should consider and develop measures to protect their customers from such conduct, when it is foreseeable and when industry knowledge and standards demand such protection.

See www.findlaw.com for more information.

Our nation can be threatened not only by physical attacks on terra firma, but also in Cyberspace. Indeed, Cyber attacks could threaten all sorts of mission critical systems.

For this reason, aides to Senator Jay Rockefeller reportedly have been working recently on a revised draft Senate bill that would give the President broad powers in the event of a Cybersecurity emergency, and that apparently would go so far as allowing the President to temporarily seize control over computer networks in the private sector.

This power is akin to the power President Bush exerted when he grounded commercial aircraft in the wake of the September 11, 2001 World Trade Center and Pentagon attacks, according to a reported Senate source.

The revised draft Senate bill calls on the President, within 180 days of enactment, to develop and implement a comprehensive national Cybersecurity strategy. This strategy is to provide a "long-term vision of the Nation's Cybersecurity future" and a plan that "encompasses all aspects of national security," which would include private sector involvement.

Importantly, the revised draft Senate bill sets forth that "in the event of an immediate threat to strategic national interests involving a compromised Federal Government or United States critical infrastructure information system or network," the President may declare "a Cybersecuirty emergency" and may, if deemed necessary by the President for "the national defense and security," direct "the national response to the Cyber threat" and the "timely restoration of the affected critical infrastructure information system or network."

This is a mouthful, of course. But what it boils down to is that, if this becomes law, the President will be able to declare a Cybersecurity emergency and then direct the response to that threat. This would give the President very broad power.

Some might argue that this open-ended power and flexibility are exactly what the President would need to cope with the unusual circumstances that could be encountered by various types of Cyber attacks.

Others might argue that the revised draft Senate bill is too vague in terms of the scope of authority ceded to the President, and that there should be greater specificity to ensure that unbridled power is not abused potentially in the future.

Plainly, the United States needs a chain of authority and plans and measures designed to prevent and then cope with possible Cyber attacks. However, whether the revised draft Senate bills gets off the ground and becomes law as is remains to be seen.

For more information go to www.findlaw.com

Associated Press: India may ask Google and Skype for greater access to encrypted information once it resolves security concerns with BlackBerrys, which are now under threat of a ban, according to a government document and two people familiar with the discussions.

The 2008 terror attacks in Mumbai, which were coordinated with satellite and cell phones, helped prompt a sweeping security review of telecommunications ahead of the Commonwealth Games, to be held in New Delhi in October.

On July 12, officials from India's Department of Telecommunications met with representatives of three telecom service provider groups to discuss interception and monitoring of encrypted communications by security agencies.

"There was consensus that there are more than one type of service for which solutions are to be explored," according to a copy of the minutes of the meeting obtained by The Associated Press. "Some of them are BlackBerry, Skype, Google etc. It was decided first to undertake the issue of BlackBerry and then the other services."

"They have clearly instructed us that after BlackBerry, they are going to take to task Google, Skype and similar services that bypass the monitoring department of India," said Rajesh Chharia, president of the Internet Service Providers Association of India, who attended the meeting. "According to the law, they have to allow monitoring."

The officials' immediate concern was the BlackBerry, but they also plan to look at Google and other companies that use encryption for e-mail and messaging services, said Rajan Mathews, director general of the Cellular Operators Association of India, who was briefed on the meeting.

Google and Skype said Friday they haven't received any notices from the government.

The Home Ministry said present talks involve only BlackBerry maker, Canada-based Research In Motion.

"We are talking only to BlackBerry," ministry spokesman D.R.S. Chaudhary said Friday. "Not to Google or others."

On Thursday, India threatened to ban BlackBerry services unless the device's manufacturer makes them accessible to its security agencies by Aug. 31.

On Friday, Research In Motion Vice President Robert E. Crowe met with Home Ministry officials in New Delhi to try to avoid the ban. No details of the outcome of the meeting were immediately available.

For more information go to www.associatedpress.com