D.C. Circuit Reins In District Court for Second-Guessing Government’s Deferred Prosecution Agreement

This guest post was authored by our colleague Jeremy A. Gunn, an associate in the firm’s Litigation Department.

In an unusual win for both the U.S. Department of Justice and corporate defendants, the D.C. Circuit last week reversed a district court’s refusal to pause the speedy-trial clock pursuant to a deferred prosecution agreement.  United States v. Fokker Servs. B.V., — F.3d —, No. 15-3016, slip op. at 1 (D.C. Cir. Apr. 5, 2016).  The district court’s action was the first time that any federal court had denied a motion to exclude time under the Speedy Trial Act based on a deferred prosecution agreement being too lenient on corporate defendants.  On appeal, the D.C. Circuit held that the Speedy Trial Act does not confer authority on a district court to withhold exclusion of time based upon a disagreement with the Department of Justice’s charging decisions.

In 2010, Fokker Services – a Dutch aerospace company that provides aircraft manufacturers with technical support and equipment – voluntarily notified the Government that it had potentially violated federal sanctions by engaging in illicit transactions with Iran, Sudan, and Burma.  United States v. Fokker Servs. B.V., 79 F. Supp. 3d 160, 161 (D.D.C. 2015), vacated and remanded, No. 15-3016 (D.C. Cir. Apr. 5, 2016).

Fokker fully cooperated with the Government’s investigation for more than four years. As a result of that investigation, the Government negotiated a global settlement with Fokker that provided an 18-month deferred prosecution agreement (“DPA”).  As part of the DPA, Fokker was required to pay $21 million in fines and accept responsibility for violating U.S. sanctions and export laws.  In return, the Government agreed to dismiss its charges upon Fokker’s compliance. Continue reading

U.S. Government Appeals Landmark Insider Trading Decision to the Supreme Court

This guest post was authored by our colleague Rimma Tsvasman, an associate in the firm’s Litigation Department in New York. Rimma concentrates her practice on corporate and securities transactions, investment management and commercial litigation. She can be reached at rtsvasman@mmwr.com or 212-867-9500. 

In a highly anticipated move following a denied request for a rehearing, the Government has petitioned the Supreme Court for a writ of certiorari requesting the high court to overturn the Second Circuit’s landmark insider trading decision in U.S. v. Newman.

Although the Newman decision has not reached far beyond New York’s borders, as noted by MMWR partner Lathrop Nelson in this recent Bloomberg article, there is no denying that the decision is a prominent one coming from what Supreme Court Justice Harry Blackmun has called the “Mother Court” for securities law.  Indeed, if the Supreme Court decides not to hear the case or if the decision is left to stand, it would represent a big change to the securities law landscape – both in New York and in other jurisdictions which historically have deferred to the Second Circuit on securities law matters – and a blow to U.S. Attorney Preet Bharara’s legacy in aggressively policing Wall Street in the area of insider trading.

The Government itself has conceded that the Newman decision will dramatically limit its ability to prosecute some of the most common forms of insider trading which involves downstream tipping to individuals two or three steps removed from the so-called insider.  As noted by MMWR partner Mark Sheppard in an earlier post reporting on the Newman decision, many of the Government’s highest profile cases have been built upon the cooperation of those “downstream” traders who would be more empowered to resist the government’s efforts to secure that cooperation.  And although Newman is a criminal case, the Second Circuit did not limit its holding to such cases.  Therefore, civil enforcement cases stand to be impacted as well.

Already, the change caused by Newman is palpable as industry professionals hold their breath to see what the Supreme Court will do.  In just several months following the decision, defendants – including S.A.C. Capital Advisors’s Mathew Martoma and Michael Steinberg – have begun to file appeals to overturn their convictions in reliance on Newman.    And some defendants have already had their guilty pleas vacatedJust over a month after the Newman case was decided, the District Court for the Southern District of New York applied the case to vacate four guilty pleas in an insider trading action involving tips about a 2009 acquisition by IBM.  In that case, United States v. Conradt, No. 12 CR 887 (ALC), 2015 WL 480419 (S.D.N.Y. Jan. 22, 2015), the court expanded Newman’s application to cases based on the misappropriation theory, which imposes liability on third parties – such as lawyers – who are entrusted with confidential information as part of their work and break that trust by divulging the confidential information to others.

Decided on December 10, 2014, the Newman court put the brakes on aggressive insider trading prosecutions by holding that the Government must prove that the defendant knew the insiders disclosed confidential information in exchange for a personal benefit, and that the benefit was consequential and represented at least a potential gain of a pecuniary nature.  In other words, under Newman, friendly tips are no longer actionable.

In its petition to the Supreme Court, the Government argues that the Newman decision is at odds with the Supreme Court’s decision in Dirks v. SEC, which sets forth the personal-benefit standard, as well as other appeals court rulings, and has troubling implications for the Government’s ability to police insider trading.

The Supreme Court begins its new term in October, and will likely decide this Fall whether to consider the Government’s appeal.  We will be sure to keep you posted.

SOTU: What Obama’s Mandate Means for Cybersecurity, Data Protection, and Enforcement

This guest post was co-authored by Stephen Grossman and Michael Hayes. Stephen and Michael are partners in Montgomery McCracken’s Litigation Department and co-chairs of the firm’s Electronic Discovery practice. Stephen can be reached at 856.488.7767 or at sgrossman@mmwr.com. Michael can be reached at 215.772.7211 or at mhayes@mmwr.com.

During his State of the Union address last evening, President Obama urged Congress to enact legislation to “better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information.” The President’s call to action comes on the heels of his remarks before the Federal Trade Commission in which he outlined his administration’s latest cybersecurity and data protection proposals. Prompt consideration of the President’s proposals appears to be a hopeful prospect, with the Subcommittee on Commerce, Manufacturing, and Trade set to hold its first related hearing next week (entitled “What are the Elements of Sound Data Breach Legislation?”). More effective data protections and uniform breach notification requirements stand to benefit individuals. But will the President’s proposals better protect and support American businesses? It may be too early to tell, but one outcome of any successful legislation is likely certain: broader regulatory and enforcement power for the FTC and DOJ.

What are the key proposals the President is advocating? First, the Administration wants to “promote better cybersecurity information sharing between [and amongst] the private sector and government” by encouraging the private sector to share cyber threat information with the Department of Homeland Security. The President has alluded to certain liability protections to incent businesses to report cyber threats to DHS, but we’ve yet to see any concrete details – so more to come. According to the White House, its proposal will enable DHS to more rapidly and effectively communicate emerging threats to the private sector through new industry collectives it coins “Information Sharing and Analysis Organizations.” We’ve yet to see a draft bill on this proposal, but we will keep you posted.

Next, the Administration wants passage of a unifying, federal data breach notification statute (the “Personal Data Notification and Protection Act”) to replace the patchwork of state laws that businesses have had to contend with to date. According to the White House, businesses will have a bright-line, 30 day notification period when they discover customers’ personal or financial information has been compromised. Notification methods authorized by the proposal include mailings, personal telephone calls, emails (if authorized by the individual), and even through media outlets. Notably, the White House proposal includes provisions for authorized delays and even exemptions for good cause such as national security and law enforcement purposes, to determine the scope of the breach, to complete risk assessments, and to prevent further intrusions. If passed, this proposal will vest significant new regulatory and enforcement authority in the FTC. While a federal notification standard is sorely needed for the benefit of business and consumers, we hope that any regulation provides a clear framework and incentives to businesses for compliance.

Another Administration proposal, the Student Digital Privacy Act, focuses on the protection of students’ personal information and data collected in the educational context. Modeled on a California statute, the bill “would prevent companies from selling student data to third parties for purposes unrelated to the educational mission” or from engaging in search-engine-style targeted advertising based on data collected in schools. This should be the least controversial and most easily passed of the Administration’s several cybersecurity proposals.

The Administration also wants to “modernize” the Computer Fraud and Abuse Act by at once increasing criminal and civil penalties (including forfeiture) for violations and “ensuring that insignificant conduct does not fall within the scope of the statute.” The former, according to the White House, will help deter cyber criminals, while the latter (we surmise) is intended to prevent abusive prosecutions such as the one that led to the suicide of Aaron Swartz. This proposal may not gain sufficient traction to ensure passage. Even if it does, we doubt the CFAA amendment will have an appreciable effect on the behavior of true bad actors, and the amendments could spawn further confusion regarding what types of behavior are or are not prohibited. Hopefully, “modernization” of the CFAA won’t just mean increasing enforcement powers and penalties, but also provide better clarity on prohibited conduct. For an in-depth discussion of the proposed amendments to the CFAA, check our Orin Kerr’s post on the subject here.

No matter what side of the political aisle suits your fancy, a commitment to combating the threat of cybercrime, improving cybersecurity, and better protecting the personal and financial information of Americans is vital in our digital world. Unfortunately, that likely will mean broader government enforcement powers and a focus on companies that fail to have what the government considers adequate policies in place to protect and safeguard personal information.

UPDATE: Second Circuit Reverses “Downstream Tippee” Convictions

This guest post was authored by our colleague Mark B. Sheppard, a partner in the firm’s Litigation Department. Mark focuses his practice on white collar criminal defense, SEC Enforcement and complex commercial civil litigation. He can be reached at msheppard@mmwr.com or 215.772.7235.

As we predicted back in April, the Second Circuit Court of Appeals has dealt a significant blow to the Government’s ongoing efforts to successfully prosecute insider trading cases involving “downstream traders” or “tippees.” (United States v. Newman, 2d Cir., No. 13-1837, 12/10/14). In the ruling, the Panel court not only overturned the guilty verdicts of two hedge fund managers who traded on inside information received from other Wall Street analysts, it also took a shot at U.S. Attorney Preet Bharara’s aggressive enforcement of remote tippees, criticizing the “doctrinal novelty of (the Government’s) recent insider trading prosecutions….” This does not bode well for future prosecutions of downstream traders and will also limit civil enforcement activity against those traders who are two or three levels removed from the original insider source and imperils several high profile convictions and numerous guilty pleas.

In this case the defendant hedge fund managers “were several steps removed from the corporate insiders.” The Court also noted that the Government had failed to adduce evidence that either was aware of the source of the inside information or the circumstances under which it was conveyed. Despite this, the Government charged that the managers were criminally liable for insider trading because, as sophisticated traders, they must have known that information was disclosed by insiders in breach of a fiduciary duty, and not for any legitimate corporate purpose.

The Second Circuit disagreed. “In order to sustain a conviction for insider trading, the Government must prove beyond a reasonable doubt that the tippee knew that an insider disclosed confidential information and that he did so in exchange for a personal benefit.” (Emphasis in the original). Relying upon the Supreme Court’s decision in Dirks v. S.E.C., 463 U.S. 646 (1983), the Court explained “[t]he tippee’s duty to disclose or abstain is derivative from that of the insider’s duty.” Because the tipper’s breach of fiduciary duty requires that he “personally will benefit, directly or indirectly, from his disclosure a tippee may not be held liable in the absence of such benefit.” The jury instruction was therefore faulty because it permitted the jury to convict solely on a showing that the defendants knew that there had been a breach of fiduciary duty.

Having determined that the instruction was erroneous, the Court then turned to the evidence of personal benefit which it also found wanting.  It described the Government’s proof of personal benefit as “career advice” or the “ephemeral benefit… that one would expect to be derived from be derived from favors or friendship.” To accept such proof as sufficient would render the personal benefit requirement a nullity. Instead to maintain a conviction, the evidence of benefit must be “of some consequence” resembling “a relationship between the insider and the recipient that suggests a quid pro quo” or an intention to confer a future benefit. Finally and perhaps more significantly, even if the evidence of benefit were sufficient, the Government’s failure to prove the defendants’ knowledge of such benefit was fatal to the prosecution.

There is already debate as to the impact of this decision on efforts to regulate Wall Street professionals, with prosecutors downplaying it significance as limited to a “subset” of cases. This may be so but many of the Government’s highest profile cases have been built upon the cooperation of lower level “downstream” traders who will now be more embolden to resist the government’s efforts to secure that cooperation.

Of Dropbox and Data Breaches: Highlighting the need for increased cyber-security at home and in the workplace

This guest post is authored by Michael B. Hayes. Hayes’ practice concentrates on commercial litigation, government and corporate investigations. Hayes is frequently called upon by clients and colleagues to provide legal expertise and consultation concerning electronic discovery issues. He can be reached at mhayes@mmwr.com or 215.772.7211. Gareth Suddes, manager of Montgomery McCracken’s Legal Technology Support and Application Development also contributed to this blog post.

Reports of massive data breaches at trusted American retail businesses, banks, credit card companies and even governmental agencies have unfortunately become routine. So much so, in fact, that many of us have become desensitized to the serious personal privacy, identity protection and financial risks involved. That is especially unfortunate, because the costs to individuals, businesses and the government are very real and dramatically increasing.

We are falling prey to exploitation of the same consumer and other electronic technologies upon which we rely for our daily communications, purchases, banking, social networking and information storage. The most nefarious culprits are individual hackers (who may share loose affiliations with one another) and cyber agents in the service of foreign powers. The former seek personal profit at our expense, to embarrass some, to titillate others, to stick a cyber-thumb in the eye of business or the government, or just to show off. The latter are often thieves as well, but their overarching goals are strategic in nature. Foreign cyber agents seek to misappropriate sensitive information, to disrupt our economy, to shake public confidence in our government and systems, and to explore our cyber-vulnerabilities for potential use in the event of future hostilities.

In light of these threats, increased vigilance should be the order of the day – especially wherever significant volumes of personal, business and/or government information tend to intersect electronically. One such area is occupied by well-known consumer cloud-based data storage and file sharing services such as Dropbox, Google Drive, OneDrive, Box, Copy, and Amazon Cloud Drive. Continue reading

“Am I on speaker?” PA Supreme Court OKs eavesdropping using phones

This post was co-authored by Michael Hayes. Michael is a partner in Montgomery McCracken’s Litigation Department and co-chair of the firm’s Electronic Discovery practice. He can be reached at 215.772.7211 or at mhayes@mmwr.com.

At least one good thing has already come from Donald Sterling’s very public shaming: a heightened public awareness that even our “private” communications are increasingly susceptible to interception, recording and rapid dissemination. Commissioner Silver, if you’re reading this, please note that we: (1) love this game; (2) admire your work; (3) routinely provide complimentary initial consultations; and (4) are open to discussing alternative fee arrangements (including premium tickets to sporting events).

In an instance of coincidental timing, last week the Pennsylvania Supreme Court unanimously found in Commonwealth v. Spence (J-90-2013) that the Pennsylvania Wiretapping and Electronic Surveillance Control Act, 18 Pa. C.S.A. §§5701 et seq., does not prohibit the surreptitious interception of private communications, so long as the interception is accomplished using a telephone.

Specifically, the Court concluded that telephones (whether smartphones, mobile phones or landline phones), are excluded from the Act’s definition of “electronic, mechanical or other device[s].” Because the Pennsylvania Wiretap Act only prohibits the “interception” of private communications using “electronic, mechanical or other device[s],” the Court reasoned that the Act does not prohibit or otherwise limit the interception of private communications using telephones.

In Spence, a state trooper used an arrestee’s mobile phone to call Spence (the arrestee’s drug supplier), then handed the phone to the arrestee and directed him to activate its speaker function so the trooper could eavesdrop on the conversation between Spence and the arrestee. During the conversation Spence incriminated himself; he was quickly arrested and charged with various drug offenses.

Following his arrest, Spence argued the evidence against him should be suppressed because the state trooper who secretly listened in on his cell phone conversation did so in violation of the Pennsylvania Wiretap Act. If law enforcement “intercepts” a communication in violation of the Act, the evidence obtained may be suppressed; if a citizen violates the Act (for example, by secretly recording a private communication), he or she is subject to potential criminal liability.

The trial court determined the trooper did indeed use an “electronic, mechanical, or other device” (namely the arrestee’s mobile phone) without prior approval to “intercept” Spence’s conversation with the arrestee, and therefore suppressed the evidence against him. On appeal the Pennsylvania Superior Court affirmed suppression of the evidence.

The Commonwealth then appealed to the Pennsylvania Supreme Court and there argued the arrestee’s mobile phone was not an “electronic, mechanical or other device” for purposes of the Act. As a result, the Commonwealth contended, the trooper could not have “intercepted” the informant’s conversation with Spence in violation of the Act, and the evidence against Spence should not have been suppressed. Continue reading

The Quagmire of “Unauthorized Access” Remains

This guest post was authored by our colleague Jeremy D. Mishkin, partner and chair of the firm’s Litigation practice. His practice emphasizes complex commercial matters, technology, the Internet and First Amendment/Media Law issues. He has handled litigation and served as national and regional counsel for corporate clients who have been sued in numerous product liability lawsuits in multiple jurisdictions. He has tried cases involving RICO, libel, computer hardware and software, complex mechanical products and industrial chemicals. Jeremy can be reached at jmishkin@mmwr.com or 215.772.7246.

In U.S. v. Auernheimer, the 3rd Circuit failed to clarify “unauthorized access” relying on venue. The Court had an opportunity to chime in and clarify the term “unauthorized access” under CFAA but never got there.

In U.S. v. Auernheimer (3rd Circuit No. 13-1816, 4/11/14) the defendant was charged with having “hacked into” the AT&T network for connecting first-generation iPads to the web. Prosecutors brought charges against Auernheimer in the District of New Jersey despite the fact that defendant was apparently located in Arkansas and the computers were in Texas and Georgia. Defendant initially moved to dismiss the case at the District Court based on venue, but was rebuffed on the theory that some of the data he obtained belonged to New Jersey residents, and thus at least part of the crime with which he was charged was committed there. After the jury convicted him, defendant was sentenced to 41 months in prison.

The Computer Fraud and Abuse Act (18 USC §1030) (“CFAA”) has drawn increasing attention from prosecutors as well as civil litigants in the recent past, since it outlaws “unauthorized” access to virtually every computer, smartphone and tablet now in existence. In the past year, high-profile prosecutions (e.g. US v. Aaron Swartz, where a noted internet activist was charged for having obtained access to scholarly papers by tapping into an MIT network) have raised serious questions about how the law should be interpreted. Continue reading