Legal Report July/August 2021
Judicial Decisions
Conspiracy. Russian national Egor Igorevich Kriuchkov was sentenced to 10 months in prison and a $14,825 fine in restitution for attempting to recruit a Tesla employee to introduce malware into the company’s computer network.
Kriuchkov pled guilty to one charge of conspiracy to intentionally cause damage to a protected computer on 18 March 2021. He initially pled not guilty in September 2020.
Along with his co-conspirators, Kriuchkov planned to introduce malware to extract data from Tesla’s network. They would then extort the company by threatening to publish the information online unless Tesla paid a ransom.
Kriuchkov approached a Tesla employee based in Nevada, worked to establish a rapport, and eventually offered to pay the employee $500,000—later agreeing to increase the payment to $1 million in Bitcoin—in exchange for introducing the malware onto Tesla’s network. The employee reported Kriuchkov’s offer to the company, which notified the FBI.
According to court documents, the attack would have been two-pronged. The first would have appeared to be an external DDoS attack, distracting cybersecurity staff from the second attack that would exfiltrate data from the network. Kriuchkov and his co-conspirators also allegedly targeted other companies through similar methods, notably ransomware.
Since Kriuchkov had already spent nine months in custody, his sentencing in May was nearly tantamount to time served. He will be deported but will be placed under federal supervision for three years if he instead remains in or upon his return to the United States. (United States v. Egor Igorevich Kriuchkov, U.S. District Court District of Nevada, No. 3:20-mj-83-WGC, 2021)
Domestic terrorism. A U.S. federal judge sentenced Richard Holzer to 19-and-a-half years in prison for plotting an attack on a synagogue in Pueblo, Colorado.
Holzer pled guilty to a federal hate crime charge and actions that amounted to domestic terrorism, according to the U.S. Department of Justice (DOJ). He planned to use fire and explosives to destroy Temple Emanuel Synagogue on 2 November 2019 and “obstruct persons in the enjoyment of their free exercise of religious beliefs,” according to court documents.
Holzer, a self-identified Neo-Nazi and white supremacist, used social media to promote racist ideologies and violence. An undercover federal agent contacted Holzer through social media in 2019 and determined he was targeting the temple in preparation for a racial holy war. (United States v. Richard Holzer, U.S. District Court for the District of Colorado, No. 19-mj-00246-NYW, 2021)
Sexual harassment. A resort business with athletic and leisure facilities in California and Oregon will pay $500,000 and other relief to settle a sexual harassment and retaliation lawsuit filed by the U.S. Equal Employment Opportunity Commission.
According to the lawsuit, female employees of the Bay Club Company were sexually harassed by customers and managers. The suit also claimed that managers in at least one location retaliated against employees who complained about harassment. (EEOC v. Bay Club Fairbanks Ranch, LLC, et al., U.S. District Court for the Southern District of California, No. 3:18-cv-01853-W-AGS, 2021)
Legislation
United States
Sexual assault. The U.S. House of Representatives reauthorized the Violence Against Women Act (HR 1620), which would protect and provide resources for victims of domestic abuse and sexual violence. The bill awaits a vote from the U.S. Senate.
The law was expired in 2018 when Congress was unable to reach an agreement over certain issues, notably language regarding restrictions on firearms and protections for transgender people.
Excessive force. Maryland enacted new accountability measures for law enforcement officers, repealing the U.S. state’s Law Enforcement Officers’ Bill of Rights.
The Democratic-controlled legislature passed the Maryland Police Accountability Act (MD HB0670) a second time after Republican Governor Larry Hogan vetoed it.
“The original intent of these bills appears to have been overtaken by political agendas that do not serve the public safety interests of the citizens of Maryland,” Hogan said in a letter to the leaders of the state House and Senate. The bills “will result in great damage to police recruitment and retention, posing significant risks to public safety throughout our state.”
The law, one piece of a four-part reform package, introduces rules on authorized use of force, investigations into such incidents, and disciplinary procedures for officers found violating the new rules. Police convicted of using excessive force can face additional criminal penalties, including up to 10 years in prison.
Other aspects of the law include granting public access to complaints lodged against officers and internal affairs files. There will also be new thresholds for securing permission to raid homes after dark and for “no-knock” warrants, such as signatures from both a police supervisor and the state’s attorney.
Regulations
China
Antitrust. China’s market watchdog group, the State Administration for Market Regulation (SAMR), issued an 18.2-billion yuan ($2.8 billion) fine against e-vendor Alibaba for violating competition laws.
SAMR said in a statement that the fine comes after a four-month investigation into the online commerce company and its “abuse of market dominance.” The investigation determined that Alibaba made its vendors “pick sides”—pushing out its competitors by forcing those selling on its marketplace to choose either Alibaba or rivals’ services.
The fine, equivalent to 4 percent of Alibaba’s domestic sales revenue in 2019, sets a record for antitrust fines issued in China—three times as high as the previous one against Qualcomm in 2013, according to the Financial Review. (Administrative penalty decision, State Administration for Market Regulation, No. 28, 2021)
The Netherlands
Data breach. The Dutch Data Protection Authority (DPA) fined Booking.com €475,000 ($577,439) for belatedly reporting a data breach where hackers accessed the personal data of more than 4,000 customers. The hackers also mined credit card data of 283 victims and were able to collect credit card security codes in 97 instances.
The online travel agency did not report the incident until 22 days after it occurred on 13 January 2019, long past the 22-hour deadline.
The DPA noted that even in instances where credit card information was not compromised, users’ leaked personal information could still be used by hackers in phishing attempts. These potential attacks would appear more credible if a scammer had access to information on booking dates and exact locations of previous trips.
Site users were notified of the breach three days before the DPA, and the company attempted to mitigate the damage, including offering compensation.
Although Booking.com is headquartered in The Netherlands, it operates internationally and attracts customers from various countries; the Dutch DPA coordinated with other European privacy regulators in investigating the violations.
United States
Aircraft safety. The U.S. Federal Aviation Administration (FAA) levied a $5.4 million fine against Boeing Company for failing to adhere to the terms of a 2015 agreement intended to renovate the company’s culture and attitude towards safety.
In the agreement, Boeing promised to improve and prioritize its internal safety check processes in line with regulatory requirements. Boeing entered the agreement with the FAA, resolving multiple civil penalties against the company. The regulatory pressure focused on the manufacturer was due to compliance issues, although there were no accusations from the agency that Boeing was creating unsafe conditions.
Boeing missed improvement targets outlined in the agreement, and some managers failed to prioritize adherence to federal regulations.
Boeing also agreed to settle two FAA enforcement cases for $1.2 million. One of the cases alleged that the company failed to properly implement an FAA-approved Organization Designation Authorization (ODA) program while also interfering with members of that program. The second case claimed the company did not adhere to quality-control processes and interfered with safety inspections of aircraft. In both instances, the FAA determined that members of the ODA program still fulfilled their responsibilities.
Prior to the fine, and as a condition of the original 2015 agreement, Boeing paid $12 million in civil penalties. (Settlement Agreement, U.S. Department of Transportation, Federal Aviation Administration, Office of Regional Counsel, 2015)