You Can Be Prosecuted for Clearing Your Browser History

[Jeffrey Walton <noloader () gmail com>]

Disturbing: "Prosecutors are able to apply the law broadly because
they do not have to show that the person deleting evidence knew there
was an investigation underway..."

http://www.thenation.com/article/208593/you-can-be-prosecuted-clearing-your-browser-history

Khairullozhon Matanov is a 24-year-old former cab driver from Quincy,
Massachusetts. The night of the Boston Marathon bombings, he ate
dinner with Tamerlan and Dhzokhar Tsarnaev at a kebob restaurant in
Somerville. Four days later Matanov saw photographs of his friends
listed as suspects in the bombings on the CNN and FBI websites. Later
that day he went to the local police. He told them that he knew the
Tsarnaev brothers and that they’d had dinner together that week, but
he lied about whose idea it was to have dinner, lied about when
exactly he had looked at the Tsarnaevs’ photos on the Internet, lied
about whether Tamerlan lived with his wife and daughter, and lied
about when he and Tamerlan had last prayed together. Matanov likely
lied to distance himself from the brothers or to cover up his own
jihadist sympathies—or maybe he was just confused.

Then Matanov went home and cleared his Internet browser history.

Matanov continued to live in Quincy for over a year after the
bombings. During this time the FBI tracked him with a drone-like
surveillance plane that made loops around Quincy, disturbing
residents. The feds finally arrested and indicted him in May 2014.
They never alleged that Matanov was involved in the bombings or that
he knew about them beforehand, but they charged him with four counts
of obstruction of justice. There were three counts for making false
statements based on the aforementioned lies and—remarkably—one count
for destroying “any record, document or tangible object” with intent
to obstruct a federal investigation. This last charge was for deleting
videos on his computer that may have demonstrated his own terrorist
sympathies and for clearing his browser history.

Federal prosecutors charged Matanov for destroying records under the
Sarbanes-Oxley Act, a law enacted by Congress in the wake of the Enron
scandal. The law was, in part, intended to prohibit corporations under
federal investigation from shredding incriminating documents. But
since Sarbanes-Oxley was passed in 2002  federal prosecutors have
applied the law to a wider range of activities. A police officer in
Colorado who falsified a report to cover up a brutality case was
convicted under the act, as was a woman in Illinois who destroyed her
boyfriend’s child pornography.

Prosecutors are able to apply the law broadly because they do not have
to show that the person deleting evidence knew there was an
investigation underway. In other words, a person could theoretically
be charged under Sarbanes-Oxley for deleting her dealer’s number from
her phone even if she were unaware that the feds were getting a search
warrant to find her marijuana. The application of the law to digital
data has been particularly far-reaching because this type of
information is so easy to delete. Deleting digital data can
inadvertently occur in normal computer use, and often does.

In 2010 David Kernell, a University of Tennessee student, was
convicted under Sarbanes-Oxley after he deleted digital records that
showed he had obtained access to Sarah Palin’s Yahoo e-mail account.
Using publicly available information, Kernell answered security
questions that allowed him to reset Palin’s Yahoo password to
“popcorn.” He downloaded information from Palin’s account, including
photographs, and posted the new password online. He then deleted
digital information that may have made it easier for federal
investigators to find him. Like Matanov, he cleared the cache on his
Internet browser. He also uninstalled Firefox, ran a disk
defragmentation program to reorganize and clean up his hard drive, and
deleted a series of images that he had downloaded from the account.
For entering Palin’s e-mail, he was eventually convicted of
misdemeanor unlawfully obtaining information from a protected computer
and felony destruction of records under Sarbanes-Oxley. In January
2012, the US Court of Appeals for the Sixth Circuit found that
Kernell’s awareness of a potential investigation into his conduct was
enough to uphold the felony charge.

At the time Kernell took steps to clean his computer, he does not
appear to have known that there was any investigation into his
conduct. Regardless, the government felt that they were entitled to
that data, and the court agreed that Kernell was legally required to
have preserved it.

Hanni Fakhoury, a senior staff attorney at the Electronic Frontier
Foundation, says the feds’ broad interpretation of Sarbanes-Oxley in
the digital age is part of a wider trend: federal agents’ feeling
“entitled” to digital data.

Fakhoury compares the broad application of Sarbanes-Oxley in the
digital realm to the federal government’s resistance to cellphone
companies that want to sell encrypted phones that would prevent law
enforcement from being able to access users’ data. When the new
encrypted iPhone came out, FBI Director James Comey told reporters
that he didn’t understand why companies would “market something
expressly to allow people to place themselves beyond the law.”

“At its core,” Fakhoury says, “what the government is saying is, ‘We
have to create a mechanism that allows everybody’s [cellphone] data to
be open for inspection on the off-chance that one day in the future,
for whatever random circumstance, we need to see that data.’”

Similarly, Fakhoury says the government’s underlying theory in cases
like Kernell’s is, “Don’t even think about deleting anything that may
be harmful to you, because we may come after you at some point in the
future for some unforeseen reason and we want to be able to have
access to that data. And if we don’t have access to that data, we’re
going to slap an obstruction charge that has as 20-year maximum on
you.”

As more and more data are stored online, the government wants and
believes it deserves access to that data for policing purposes. But
Fakhoury disagrees.

“The idea that you have to create a record of where you’ve gone or
open all your cupboards all the time and leave your front door
unlocked and available for law enforcement inspection at any time is
not the country we have established for ourselves more than 200 years
ago.”

This past February the Supreme Court somewhat narrowed the scope of
Sarbanes-Oxley in the case of Yates v. United States. The feds had
charged a commercial fishing captain under the same record-destruction
law for throwing a batch of undersized fish overboard after a federal
agent had instructed him not to. The Court ruled that applying
Sarbanes-Oxley to the dumping of fish was too far afield from the
law’s original corporate-crime purpose. Another Tsarnaev associate,
Azamat Tazhayakov, who helped throw Tsarnaev’s backpack full of
fireworks into a dumpster, may see his conviction overturned because
of the Yates decision.

But it appears that, at least for now, cases like Matanov’s and
Kernell’s are still fair game. The Supreme Court did not answer the
pressing question of how broadly federal prosecutors are allowed to
use Sarbanes-Oxley in the digital age. Can you be prosecuted for
deleting a potentially incriminating tweet? For uninstalling Firefox?
For clearing your browser history? How much of their digital data
should citizens have to preserve in case law enforcement wants to take
a look?

In March, Matanov pleaded guilty to all four counts of obstruction of
justice. When he entered his plea, he told Judge William G. Young that
he maintains his innocence but fears a decades-long sentence were he
to go to trial. His plea agreement with prosecutors calls for a
30-month sentence—still a harsh punishment for little more than
deleting videos and clearing his browser history. Matanov’s sentencing
hearing is scheduled for June.

“The whole case is mystery,” Matanov has said. The “FBI is trying to
destroy my life.”

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.