January 2020 Legal Report
Judicial Decisions
Surveillance
The U.S. intelligence community revealed in October 2019 that the Foreign Intelligence Surveillance Court (FISC) determined in 2018 that some FBI surveillance tactics were unconstitutional, violating citizens’ rights against unreasonable searches.
The court determined that the Bureau’s actions may have violated targets’ constitutional rights. Those actions included searching through databases linked to a warrantless communications surveillance program. The court’s decision was issued in October 2018, and the ruling was publicized, although partly redacted, roughly a year later by the U.S. Office of the Director of National Intelligence.
According to court documents, between March 2017 and February 2018 the FBI “conducted tens of thousands” of queries without providing written justification for the searches. Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows the Bureau to collect information on U.S. citizens without a warrant.
In addition to concerns about whether the searches were reasonable, the court found that the Bureau’s actions in eliminating unnecessary results—such as filtering searches that corresponded to Americans—did not align with mandatory requirements for intrusions into citizens’ privacy. “The reported querying practices present a serious risk of unwarranted intrusion into the private communications of a large number of U.S. persons,” the documents said.
Along with infringing on Fourth Amendment protections, the court also found that “the government has reported a large number of FBI queries that were not reasonably likely to return foreign-intelligence information or evidence of crime.”
The FBI is legally permitted to use the intelligence databases only when looking for foreign intelligence data or criminal evidence. Court documents identified that, in various instances, improper decisions or assessments led to searches on several U.S. persons, sometimes to examine Bureau personnel. In one case, an FBI contractor used a linked database to run a query on himself, family members, and personnel.
In addition to abuse of the databases and keeping the data past legislated times, the court found additional noncompliance issues. These included a failure to conduct or belated foreignness checks, belatedly de-tasking accounts, and an ongoing difficulty in establishing required review teams.
Although the court’s decision was appealed to the FISA Court of Review, the higher court ruled in support of the FISC. As a result of the rulings, the FBI changed its search protocols so that written justification must be provided for queries of U.S. persons. (Document regarding the Section 702 2018 Certification (Redacted), United States Foreign Intelligence Surveillance Court, Washington, D.C., 18 October 2018)
Active shooter
MGM Resorts International will pay up to $800 million in a settlement with victims of the 1 October 2017 Las Vegas shooting.
MGM owns Mandalay Bay Resort and Casino, where the shooter was when he fired at the Route 91 Harvest festival, an outdoor country music event. The massacre left 58 people dead and more than 800 others wounded by either gunshot or shrapnel.
The settlement’s final amount, estimated at $735 million to $800 million, will be determined by the number of persons that opt in to the agreement. Roughly 22,000 people were attending the music festival when the attack occurred. Along with those physically wounded, others have cited psychological trauma caused by the event. Claimants have until February 2020 to decide whether to participate in the settlement.
According to MGM, the company is insured for up to $751 million.
The deal, which will not include an admission of liability from MGM, was the product of a mediation that began in February 2019. The agreement is expected to be finalized by late 2020.
Litigation filed after the shooting alleged that the resort’s insufficient security allowed the shooter to perch within his suite on the 32nd floor and fire at festival attendees along the Las Vegas Strip for more than 10 minutes, after which he killed himself. (MGM Resorts International et al. v. David Aase et al.,U.S. District Court for the Central District of California, No. 2:18-cv-06113, 2019)
Overdose prevention
A U.S. federal district judge ruled that a supervised injection site is not illegal, a decision that could alter opioid treatment. The Philadelphia site in question is run by Safehouse, a nonprofit organization that provides overdose prevention services.
According to the ruling, the 1986 Controlled Substances Act targeted crack houses and does not apply to Safehouse’s services, which include allowing people to inject drugs under medical supervision. City officials support the nonprofit.
The U.S. Department of Justice, which previously promised to shut down any supervised injection facilities, sued in February 2019 to prevent the Safehouse site from opening.
According to The Washington Post, the Justice Department is considering additional judicial review of the issue.
Advocates and researchers of supervised injection facilities claim that the services, which are widely offered in Europe and Canada, have saved thousands of lives. The facilities not only carry hygienic provisions to reduce direct harm from drug abuse—as well as the spread of certain diseases—but also offer medical care, antidotes to fentanyl and heroin overdoses, and oxygen to revive overdose victims. They have helped some people transition into treatment for drug abuse. (United States of America v. Safehouse, Jeanette Bowles, U.S. District Court for the Eastern District of Pennsylvania, No. 2:19-cv-00519-GAM, 2019)
Legislation
Gun control
California amended its “red flag” law on gun restraining orders, expanding the ability to pursue such requests to employers, coworkers, and educators.
The law allows these individuals to request a temporary restraining order that would remove firearms from a threatening person’s possession if a judge finds that the individual poses a threat to themselves or others. In California, the state law previously only permitted law enforcement officials and an individual’s close family members to file a restraining order.
Effective 1 January 2020, California will be the first U.S. state to allow employers to directly seek gun restraining orders; roughly 17 other U.S. states have “red flag” laws.
To be eligible to request a “gun violence restraining order” against an individual, employers—or a coworker with employer approval—must have regularly interacted with the person in question for at least one year. In schools, an employee or teacher—with administrator approval—may request a gun restraining order against a person who has attended the institution for at least the past six months.
Regulation
Privacy
A U.S. Senate panel found that a federal consumer agency failed to protect the personal information of thousands of people.
The Consumer Product Safety Commission (CPSC) is responsible for protecting U.S. buyers from harmful consumer products. The Senate’s Commerce Committee reported that the CPSC accidentally disclosed thousands of consumers’ data during a data transfer. The personal information—including street addresses, ages, and genders—for approximately 30,000 consumers and 10,900 manufacturers was improperly accessed by 29 persons or groups between December 2017 and March 2019.
Although the information was correctly transmitted to Consumer Reports and a university researcher, personal data was not properly redacted in accordance with the U.S. Consumer Product Safety Act.
The committee determined that the breach was the result of “incompetence and mismanagement.”
The committee recommended that the commission formally train all new employees on handling sensitive consumer data, review the technology used in data requests, and create policies where CPSC management reviews all requests that involve personal information.
Elsewhere in the Courts
Privacy
Google won a “right to be forgotten” case in the European Union’s top court, so the company will not be forced to delete links to personal information outside of the EU. The ruling limits this aspect of the General Data Protection Regulation to the EU’s 28 member states. Within those nations, Google must still delete links to sensitive, embarrassing, or outdated information upon request. The “right to be forgotten” grants EU citizens the ability to manage Internet search results linked to their names. A French privacy advocacy organization hoped to secure an agreement that Google would not limit link deletion to EU-specific sites, such as Google.fr. However, the court added that Google and similar search engine companies must prevent users from accessing sensitive data from sites or platforms outside of the EU. (Grand Chamber, European Union, Case C-507/17, 2019)
Child Pornography
Worldwide, more than 300 persons were charged for their alleged involvement in the largest darknet child pornography website. The multinational effort to take down the website and its users helped rescue victims of active abuse. A U.S. district court shared information on indictments filed against the operator and several members of the website, Welcome to Video, which offered users downloadable exploitation videos. Site operator Jong Woo Son faces nine criminal charges plus a civil action filed by the U.S. federal government, which would reclaim the site’s profits for its victims. (United States of America v. Jong Woo Son, U.S. District Court for the District of Columbia, No. 1:18-cr-00243, 2019)
Corporate Espionage
An Italian national and his co-conspirator were arrested for allegedly stealing trade secrets from an American aviation company. A U.S. federal grand jury indicted Maurizio P. Bianchi and Aleksandr Korshunov with conspiracy to commit theft of trade secrets and attempted theft. Korshunov, who according to court documents was employed by a Russian state-owned company and previously worked for Russia’s Ministry of Foreign Affairs, and Bianchi, former director at Italian aerospace company Avio S.p.A until 2012 (GE Aviation purchased the company in 2013), were arrested in Italy. Between 2013 and 2018, current and former Avio employees were allegedly recruited by the pair for consulting work that resulted in revealing GE Aviation trade secrets. (United States of America v. Aleksandr Korshunov, et al., U.S. District Court, Southern District of Ohio, No. 1:19-cr-113, 2019).