May 23, 2018

Bills Signed Enacting “Living Organ Donor Support Act,” Increasing School District Access to Technology, and More

On Wednesday, May 16, 2018, Governor Hickenlooper signed three bills into law. To date, he has signed 229 bills and sent two to the Secretary of State without a signature. The bills signed Wednesday are summarized here.

  • SB 18-158 – “Concerning Measures to Increase School District Access to Interoperable Communication Technology to Improve School Safety, and, in Connection Therewith, Making an Appropriation,” by Sens. Don Coram & Leroy Garcia and Reps. Crisanta Duran & Marc Catlin. The bill creates the school access for emergency response grant program in the division of homeland security and emergency management in the Department of Public Safety . The purpose of the grant program is to provide funding for interoperable communication hardware, software, equipment maintenance, and training to allow for seamless communications between existing school communications systems and first responder communications systems. Grant recipients may use the money received through the grant program to deliver training programs to teach effective communications with first responders in an emergency, to implement an interoperable technology solution to provide or upgrade a system for effective communication with first responders in an emergency, to maintain, improve, or provide interoperable communications hardware or software, and for any necessary radio system capacity expansions where school loading has been determined to have a significant impact on public safety system loading.
  • SB 18-262 – “Concerning Targeted Funding for Public Institutions of Higher Education to Help Achieve the Colorado Commission on Higher Education Master Plan Goals, and, in Connection Therewith, Making an Appropriation,” by Sen. Bob Gardner and Reps. Crisanta Duran & Jeff Bridges. The bill makes appropriations to the Department of Higher Education for need-based grants, student stipends, fee-for-service contracts with institutions of higher education, local district college grants, and area technical colleges.
  • HB 18-1202 – “Concerning an Income Tax Credit for an Employer Related to an Employee’s Paid Leave of Absence for the Purpose of Making an Organ Donation, and, in Connection Therewith, Enacting the ‘Living Organ Donor Support Act,'” by Rep. Alec Garnett and Sen. Bob Gardner. Beginning January 1, 2020, an employer is allowed an income tax credit that is an amount equal to 35% of the employer’s expenses incurred in paying an employee during his or her leave of absence period, which is paid leave given to an employee for the purpose of making an organ donation, but which does not exceeding 10 working days or the hourly equivalent thereof; and for the cost of temporary replacement help, if any, during an employee’s leave of absence period. An employer shall not claim a tax credit related to a leave of absence period for an employee who the employer pays wages of $80,000 or more during the income tax year.

For a complete list of Governor Hickenlooper’s 2018 legislative decisions, click here.

Tenth Circuit: Defendant Did Not Establish Significant Nexus Between Potential Alternative Perpetrators and Crimes

The Tenth Circuit Court of Appeals issued its opinion in United States v. Meisel on Tuesday, November 14, 2017.

In 2014, Detective Wright saw a user on the Ares file-sharing network offering child pornography. After identifying the IP address, Wright obtained a search warrant for a home Meisel shared with Thomas. Meisel’s personal computer was found to have child pornography on the external hard drive, with some pictures added just three days prior to the execution of the warrant. Meisel attributed the child porn to his son, W.R., who lived in the home previously. During the investigation, however, there was evidence of the child porn being viewed frequently after W.R. moved out of the home. Meisel continued to assert there was a sufficient nexus between three individuals, J.H., S.H., and W.R., and the child pornography. On appeal, Meisel asserted the district court (1) violated his right to present a complete defense by preventing him from presenting alternative perpetrator evidence; and (2) erred in denying his request to instruct the jury on “identity.”

As for the argument of J.H., Meisel asserted that J.H., Thomas’s caregiver, had unfettered access to the computer and external hard drive at times Meisel was absent from the home. Meisel asserts that the computer was logged into and child pornography was downloaded at times that Meisel was not at the home. Further, Meisel contends that J.H. has a high level of technical knowledge.

S.H. is J.H.’s brother, and Meisel contends that S.H. would often visit the home when the computer was accessible and that S.H. previously lived at the home and knew the wifi password.

W.R., Meisel’s son, lived at the home previously, and Meisel argue that he found W.R. accessing child pornography sites on his computer.

The district court determined that Meisel had not proffered sufficient evidence to establish the necessary nexus between any of the proposed perpetrators and the crimes with which Meisel was charged.

Meisel argued that the district court did not allow him to utilize the term “alternate perpetrator” in presenting his case to the jury. The question was whether the evidence was sufficient to allow Meisel to argue that a particular person was the one who placed the child pornography on his hard drive. The Tenth Circuit found that the district court did an appropriate balancing of evidence in finding that Meisel did not satisfy requirements for arguing that anyone else was responsible for downloading the child pornography.

The Supreme Court has noted that special considerations arise when a court is faced with a defense theory of an alternative perpetrator: “Evidence tending to show the commission by another person of the crime charged may be introduced by accused when it is inconsistent with, and raises a reasonable doubt of, his own guilt; but frequently matters offered in evidence for this purpose are so remote and lack such connection with the crime that they are excluded.”

The Tenth Circuit reexamined the three potential perpetrators Meisel provided. The information on S.H. was not admitted into evidence, as mere proximity and potential access are not sufficient to argue an alternative perpetrator to a crime. Further, the evidence implicating W.R. as the actual perpetrator set out a speculative and remote outcome. And at most, the evidence at trial demonstrated that W.R. used Meisel’s computer; however, there was no evidence indicating that W.R. was anywhere near Meisel’s computer for at least one year before the events at issue. J.H., however, seemed to be a viable alternative perpetrator for these crimes, as J.H. was present in the home four days a week and was present while Thomas slept during the day. Further, child pornography was downloaded on a day Meisel was possibly absent from the home, but J.H. was there. However, the theory that J.H. was responsible for the child pornography was presented to, and rejected by, the jury.

The Tenth Circuit found that the evidence of Meisel’s guilt was, contrary to protest, overwhelming. Unrebutted and unexplained forensic evidence demonstrated that Meisel’s assertion that he was unaware of the child pornography was implausible. Instead, the evidence overwhelmingly proved that after Thomas found child pornography on Meisel’s computer, Meisel took extraordinary efforts to limit access to his computer. For that very reason, Meisel stated during his interview that if child pornography was found on the computer, he was the responsible party. Although Meisel attempted to explain away that statement at trial with the theory he was only accepting ultimate responsibility for the computer, the Tenth Circuit found the evidence to the contrary to be overwhelming.

Lastly, Meisel asserted the district court refused to give his proffered identity instruction to the jury. The Tenth Circuit found that the district court did not abuse its discretion in determining that the existing jury instructions made it clear to the jury that Meisel was legally responsible for the charges if he personally and knowingly possessed and distributed the child pornography found on his computer. The Tenth Circuit found that the district court’s jury instructions were not erroneous or inadequate as given.

The Tenth Circuit Court of Appeals AFFIRMED the district court’s conviction.

Rule 41 of Colorado Rules of Criminal Procedure Amended in First Rule Change of 2018

The Colorado Supreme Court issued Rule Change 2018(01), amended and adopted by the court effective Thursday, January 11, 2018. The rule change affects Rule 41 of the Colorado Rules of Criminal Procedure, which deals with search, seizure, and confession. The amendments to the rule affect subsections (d)(5)(VI) and (VII). Subsection (d)(5)(VI) was amended to add information about the seizure of electronic media or electronically stored information:

(VI) A search warrant shall be executed within 14 days after its date. The officer taking property under the warrant shall give to the person from whom or from whose premises the property was taken a copy of the warrant and a receipt for the property or shall leave the copy and receipt at the place from which the property was taken. The return shall be made promptly and shall be accompanied by a written inventory of any property taken. The inventory shall be made in the presence of the applicant for the warrant and the person from whose possession or premises the property was taken, if they are present, or in the presence of at least one credible person other than the applicant for the warrant or the person from whose possession or premises the property was taken, and shall be verified by the officer. In a case involving the seizure of electronic storage media or the seizure or copying of electronically stored information, the inventory may be limited to describing the physical storage media that were seized or copied. The officer may retain a copy of the electronically stored information that was seized or copied. The judge upon request shall deliver a copy of the inventory to the person from whom or from whose premises the property was taken and to the applicant for the warrant.

Subsection (d)(5)(VII) is new and also addresses electronic media or electronically stored information:

(VII) A warrant under Rule 41(b) may authorize the seizure of electronic storage media or the seizure or copying of electronically stored information. Unless otherwise specified, the warrant authorizes a later review of the media or information consistent with the warrant. The time for executing the warrant in Rule 41(d)(5)(VI) refers to the seizure or on-site copying of the media or information, and not to any later off-site copying or review.

The rest of the rule is unchanged. For a redline and clean copy of the rule change, click here. For all of the Colorado Supreme Court’s adopted and proposed rule changes, click here.

Colorado Court of Appeals: Ordinary Person Would Not Be Aware of Specifics of IP Address and ISP Locating

The Colorado Court of Appeals issued its opinion in People v. Garrison on Thursday, August 10, 2017.

Email—Internet Protocol Address—Internet Service Provider—Expert Testimony—Lay Testimony—Police Officers—Continuance—CRE 702.

Garrison had an affair with the victim’s wife. After the affair ended, Garrison and his wife set up through Google a Gmail account in the victim’s name. Using that account, they sent themselves derogatory and threatening emails. Based on these emails, Garrison and his wife made police reports against the victim and provided related documents to the police. They sought a protection order against the victim and testified about the emails at the hearing. The police filed charges against the victim. When it was later determined that Garrison and his wife had set up the Gmail account, charges against the victim were dismissed, and the Garrisons were charged. At trial police officers gave testimony about Internet Protocol (IP). Garrison was convicted of first degree perjury, attempt to influence a public servant (three counts), conspiracy to attempt to influence a public servant, possessing a defaced firearm, and felony menacing.

On appeal, Garrison first contended that the trial court erred in refusing to grant his request for a continuance of the trial. The trial court did not abuse its discretion in denying him a continuance, and Garrison was not prejudiced because, as discussed below, he is entitled to a new trial on his convictions related to the IP address testimony.

Garrison also argued that the trial court abused its discretion in allowing the prosecution to present expert testimony regarding tracing IP addresses through the lay testimony of police officers. Where an officer’s testimony is based not only on his perceptions and observations of the crime scene but also on specialized knowledge or experience, the officer must be properly qualified as an expert. The concept of an email transmission including an IP address, which can be linked to an Internet service provider (ISP), and in turn traced to the physical location of a particular ISP customer, is not within the knowledge or experience of ordinary people. Thus, because some of the police testimony on direct examination was based on particular experience and specialized knowledge within the scope of Rule 702, the trial court abused its discretion in admitting this portion of the testimony as lay testimony. The error was not harmless because this information was central to the prosecution’s case on the charges of first degree perjury, attempt to influence a public servant (three counts), and conspiracy to attempt to influence a public servant. The charges of possessing a defaced firearm and felony menacing were unrelated to IP addresses.

The judgment was affirmed in part and reversed in part, and the case was remanded for further proceedings.

Summary provided courtesy of Colorado Lawyer.

Ethics in the Electronic Age: Social Media Guidance for Attorneys

Do you have a LinkedIn account? How about a Facebook page? Twitter handle? Instagram? Blog? All of the above?

Have you ever considered the Rules of Professional Conduct when commenting on someone else’s Facebook post, or sharing a clever tweet, or even writing on your personal blog? If not, then you should.

Most lawyers are probably aware that there could be ethical implications to their professional use of social media, but personal use can also implicate the Rules. Learn more from Katrin Miller Rothgery of Brownstein Hyatt Farber Schreck in the video, below.

Ms. Rothgery’s presentation on Ethics in the Electronic Age was just one part of the 2017 Real Estate Spring Update. Purchase the full homestudy here, or call (303) 860-0608. CLE Pass Holders can access the MP3 and Video OnDemand homestudies for free. Find out more about the CLE Pass here.

ABA Formal Ethics Opinion Issued Regarding Secured Communications of Client Information

On Thursday, May 11, 2017, the ABA Standing Committee on Ethics and Professional Responsibility released Formal Opinion 477, “Securing Communication of Protected Client Information.” The opinion discusses internet transmission of protected client information, concluding that:

A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.

Formal Opinion 477 is an update to the basic confidentiality requirements addressed in Formal Opinion 99-413. The opinion was issued in response to the 2012 amendments to the ABA Model Rules in which technological competency was enunciated. This opinion discusses cybersecurity and measures that lawyers should take to safeguard client information, electing to reject requirements for specific security measures in favor of a fact-specific approach to business security obligations.

The opinion offers guidance on what reasonable steps an attorney may undertake in response to a cybersecurity threat, including:

  1. Understand the nature of the threat;
  2. Understand how confidential client information is transmitted and where it is stored;
  3. Understand and use reasonable security measures;
  4. Determine how electronic communications about client matters should be protected;
  5. Label confidential client information;
  6. Train lawyers and nonlawyer assistants in technology and information security; and
  7. Conduct due diligence on vendors providing communication technology.

To read the entire opinion, click here.

Colorado Court of Appeals: High School Student’s Tweets Did Not Constitute True Threats or Fighting Words

The Colorado Court of Appeals issued its opinion in People in Interest of R.D. on Thursday, December 30, 2016.

Social Media—Juvenile Delinquent—Harassment—First Amendment—Right to Free Speech—True Threats—Fighting Words.

R.D., a high school student, argued with a student from a different high school through tweets on the social networking website Twitter. The People filed a petition in delinquency against R.D., and the district court adjudicated R.D. a juvenile delinquent based on conduct that would constitute harassment if committed by an adult.

On appeal, R.D. argued that C.R.S. § 18-9-111(1)(e) as applied to his conduct violated his First Amendment right to free speech. The People responded that R.D.’s statements were not protected by the First Amendment because they were true threats and fighting words. While the language of R.D.’s tweets was violent and explicit, R.D.’s tweets did not constitute true threats because they were not “a serious expression of an intent to commit an act of unlawful violence to a particular individual or group of individuals.” Fighting words can occur only when the speaker is in close physical proximity to the recipient. R.D. was not in close physical proximity to A.C. at the time of the incident. Because R.D.’s statements were neither true threats nor fighting words, the statute as applied violated his First Amendment rights.

The judgment was reversed and the case was remanded with directions to vacate the adjudication of juvenile delinquency and dismiss the proceeding.

Summary provided courtesy of The Colorado Lawyer.

Event Data Recorders, Drones, and Evidence: What You Need to Know

DroneThe Denver District Attorney’s monthly newsletter for September 2016 warned consumers about connecting their cell phones to the computers in rental cars. The newsletter warned, “Once your phone is connected to the car, it can access all your phone’s information such as GPS searches, home address, phone calls, contacts, etc. The information is stored indefinitely, waiting for the next person to connect to the car, and to your private information. The risk is obvious.”

The risk to rental car drivers concerns the car’s Event Data Recorder, or EDR. However, EDRs in cars can be useful for more than accessing another driver’s playlist. EDRs can record when and how often drivers use certain features in cars, such as the hand brake or the turn signal. The raw data from a vehicle’s EDR can be enormously useful in litigation. C.R.S. § 12-6-402 governs the use of EDR evidence in litigation, providing

EDR data is the personal information of the vehicle’s owner and the data shall not be retrieved by a person who is not the owner unless:

  1. The owner or the owner’s agent has consented to the retrieval in the last 30 days;
  2. The data is retrieved by a technician performing service or repair;
  3. The data is subject to discovery pursuant to the rules of civil procedure in an auto accident case;
  4. A court or administrative agency with jurisdiction orders the data be retrieved;
  5. The EDR is installed after the manufacturer or dealer sells the vehicle; or
  6. A peace officer retrieves the data pursuant to a court order as part of an investigation.

Another relatively new source of litigation evidence comes from drones. Drones, or unmanned aerial systems, collect video evidence from their on-board cameras. The use of drones is fraught with controversy, as cases collect regarding people shooting drones in the airspace above their property, people expressing surveillance concerns regarding drones, and more. The Federal Aviation Administration has promulgated rules regarding the use of drones, but more will be developed as these unmanned aircraft gain popularity.

Savvy lawyers need to know about the complexities of digital evidence preservation and the ethical considerations of working with technology and the experts who gather the data. Join Fay Engineering and Chad Lieberman, Esq. for an exciting presentation about the cutting edge technology of drones, dash cams and black boxes. Digital information is being gathered by our vehicles, our phones, and in nearly every aspect of our lives. The technology of aerial photography continues to rapidly change. The presentation covers the latest advances in evidence collection by drones and commercial services. Register online here, or by clicking the links below.

 

CLELogo

CLE Program: New Technology for Evidence Preservation: Drones, Dashcams, Black Boxes and More

This CLE presentation will occur on September 26, 2016, at the CBA-CLE offices (1900 Grant Street, Third Floor), from 12 p.m. to 1:30 p.m. Register for the live program here or register for the webcast here. You may also call (303) 860-0608 to register.

Can’t make the live program? Order the homestudy here: MP3Video OnDemand.

The Ethical Danger of the Microsoft/LinkedIn Merger

Editor’s Note: This post originally appeared on Stuart Teicher’s blog, “Keeping Lawyers Out of Trouble,” on June 16, 2016. Reprinted with permission.

Headshot-Stuart-TeicherBy Stuart Teicher

This week it was announced that Microsoft is buying LinkedIn. There are some hidden attorney ethics implications about which we all need to be aware.

A review of the recent news articles announcing the acquisition reveals that a key motivating factor in Microsoft’s purchase of LinkedIn was access to LinkedIn’s data.  Of course, sharing data is nothing new. But when companies improve their ability to share our data across various platforms, my ears perk up. Not just because it’s creepy or because of obvious privacy implications. The type of data sharing they’re contemplating in the Microsoft/LinkedIn combination makes me worry about confidentiality (and other) issues.

Why they are merging:

According to the Wall Street Journal, Microsoft sees a critical synergy with LinkedIn:

“LinkedIn’s users are, arguably, Microsoft’s core demographic. They also offer Microsoft something it has long sought but never had—a network with which users identify. Microsoft needs to persuade LinkedIn users to adopt that identity, and use it across as many Microsoft products as possible.

Access to those users, as well as the enormous amounts of data they throw off, could yield insights and products within Microsoft that allow it to monetize its investment in LinkedIn in ways that the professional networking site might not be able to. [Microsoft CEO] Mr. Nadella already has mentioned a few of these, including going into a sales meeting armed with the bios of participants, and getting a feed of potential experts from LinkedIn whenever Office notices you’re working on a relevant task.“

In other words, Microsoft wants to have your Outlook and other Microsoft software products speak to your LinkedIn profile. The intersection of that data is valuable—various sellers of products and services would be willing to pay for it.

It appears that Microsoft wants to be able to read through the work we do on their products like Word, review our upcoming appointments in our Outlook calendar, search for keywords in our emails, and then find connections with people with our LinkedIn connections. That’s what they are searching for—connections they could monetize.

For instance, let’s say accountant X has an Outlook Calendar appointment which sets a meeting with “Charles McKenna of Account-Soft Corp.” Microsoft could then search LinkedIn and it would learn that McKenna works for a company that sells workflow management software. Well, now Microsoft knows the accountant is in the market for workflow management software… and they could sell that knowledge to other software companies who would then direct solicitations in the accountant’s direction. That’s an annoyance for an accountant, but a potential ethics disaster if he/she were a lawyer.

Basic issue, Confidentiality:

If Microsoft scours our Word documents and emails, then there could be Rule 1.6 confidentiality issues.  That’s so obvious that we don’t need to spend time talking about it now. I think the more unusual issues come from the Calendar function…

If they leverage the data in our Calendar, it could reveal our client relationships:

The substance of what we learn from the client is confidential, but so is the very existence of the lawyer-client relationship. Will the integration of these platforms make it easier for people to figure out who we represent?

Think about how much information Microsoft could piece together from our Calendar. They might see a potential client introduction (which lists Pete Smith as present), a court appearance (which lists Pete Smith as present), and a meeting for settlement purposes (which lists Pete Smith as present). It’s not going to be too tough for the Microsoft bots to figure out that Pete Smith is your client.

If they leverage data in our Calendar, it could reveal key substantive information that could harm the client:

If Microsoft looks at our Calendar they can see that we’re heading to a particular locale. They might then cross reference our LinkedIn connections and send a message to one of them that says something like, “Your connection Bruce Kramer is going to Chicago next week. Why don’t you look him up?”

That heads-up might give someone the incentive to look into our movements a bit more… and who knows what they could find. What if that info was given to a real estate agent that we know in Chicago… and maybe we are representing a successful land owner… and we’re clandestinely scouting a real estate purchase because we don’t want people to figure out that we’re there on behalf of our deep-pocketed client… because if they know, the purchaser will run up the price. That LinkedIn message tipped off the real estate agent and it could cost the client a lot of money.

If they leverage data in our Calendar, it could end up revealing a misrepresentation:

Imagine that Client A asks you to accompany them to a meeting in Los Angeles. You tell her that you can’t go because you’ll be on vacation on the East Coast. That’s not true, however. The truth is that you’ve already scheduled a meeting with a potentially new client in Los Angeles. You didn’t want Client A to know that you’d be in town because you didn’t want to have to shuffle between clients—it would just be too much work. You could have told Client A that you’d be in town but you didn’t have time to meet her, but you thought she’d be insulted. It was just easier to say you’re far away and be done with it.

Later, Client A gets a LinkedIn message that says, “Your Connection Mary Smith is going to be in Los Angeles next weekend… send her a message and try to link up!” Do you know what you are now? Busted. And not only do you have egg on your face, but you may also have committed an ethical violation.

Is the white lie that you told your client going to be considered a misrepresentation or deception per Rule 8.4(c)? That rule states: “It is professional misconduct for a lawyer to (c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation…”

I know what you’re thinking… it was a half-truth. No harm no foul. Well, I searched the ethics code, and I didn’t find the term “white lie” or “half-truth” anywhere in the code. You should also note that Rule 8.4(c) does not require that the misrepresentation be “material.” It doesn’t allow you to lie about inconsequential things and there’s no modifying language- it just says that you can’t lie or deceive.

These are just a few issues. Some of these are clear ethics concerns, others are more akin to PR nightmares. Are they so terrible that we all need to get off LinkedIn right away? That might be a bit premature. After all, they only just announced the merging of the platforms- they haven’t actually done anything yet. I don’t know what dangers will actually be realized, or whether any dangers will be realized at all. What I do know is that part of being a responsible attorney in this technological age is to be diligent in thinking about these issues. As lawyers practicing in an ever-changing technological environment, we need to be aware of the potential problems. Keep your eye on the news and stay abreast about the details regarding the integration of these two platforms. Then, if you determine that you need to act, do so.  That way we are “keep[ing] abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Comment [8], Rule 1.1.

Save the Date!

Stuart Teicher will be at the CLE offices on Thursday, September 8, 2016, to present two ethics programs. Registration is not yet open, but mark your calendars and don’t miss these important programs.

 

Stuart I. Teicher, Esq. is a professional legal educator who focuses on ethics law and writing instruction. A practicing attorney for over two decades, Stuart’s career is now dedicated to helping fellow attorneys survive the practice of law and thrive in the profession. Stuart teaches seminars and provides in-house training to law firms/legal departments.

Stuart helps attorneys get better at what they do (and enjoy the process) through his entertaining and educational CLE Performances. His expertise is in “Technethics,” a term Stuart coined that refers to the ethical issues in social networking and other technology. He also speaks about “Practical Ethics”– those lessons hidden in the ethics rules that enhance a lawyer’s practice. Stuart writes the blog “Keeping Lawyers Out of Trouble.”

Mr. Teicher is a Supreme Court appointee to the New Jersey District Ethics Committee where he investigates and prosecutes grievances filed against attorneys, an adjunct Professor of Law at Rutgers Law School in Camden, New Jersey where he teaches Professional Responsibility and an adjunct Professor at Rutgers University in New Brunswick where he teaches undergraduate writing courses. He is a member of the bar in New York, New Jersey and Pennsylvania. In 2014, he authored the book Navigating the Legal Ethics of Social Media and Technology (Thomson Reuters).

Fiduciary Access to Digital Assets, Tampering with Deceased Human Bodies, and More Bills Signed

On Thursday, April 7, 2016, Governor Hickenlooper signed five bills into law. To date, he has signed 78 bills into law this legislative session. The bills signed Thursday include a bill creating a new crime of tampering with deceased human bodies, a bill promoting the Revised Uniform Fiduciary Access to Digital Assets Act, a bill regarding the Department of Corrections’ authority to distribute medication, and more. The bills signed Thursday are summarized here.

  • SB 16-010 – Concerning the Purchase of an Off-Highway Vehicle by a Dealer, by Sen. Randy Baumgardner and Rep. Jon Becker. The bill allows a powersports dealer to purchase a used off-highway vehicle without a title if it was purchased in a jurisdiction that does not issue titles for such vehicles or if it was purchased in Colorado prior to January 1, 2014.
  • SB 16-034 – Concerning Tampering with a Deceased Human Body, by Sen. Jerry Sonnenberg and Reps. Rhonda Fields & Polly Lawrence. The bill creates a new crime of tampering with a deceased human body in order to impair its appearance or availability for an official proceeding.
  • SB 16-088 – Concerning the “Revised Uniform Fiduciary Access to Digital Assets Act,” by Sen. Pat Steadman and Rep. Yeulin Willett. The bill sets forth conditions under which certain fiduciaries may access a decedent’s electronic communications, a catalog of communications sent or received by a principal or decedent, or any other digital asset in which a decedent had a right.
  • HB 16-1152 – Concerning the Authority of the Department of Corrections to Distribute Medication, by Rep. Mike Foote and Sen. John Cooke. The bill authorizes the Department of Corrections to distribute compounded and prepackaged medications to its pharmacies.
  • HB 16-1353 – Concerning Payment of Expenses of the Legislative Department, by Reps. Crisanta Duran & Brian DelGrosso and Sens. Mark Scheffel & Lucia Guzman. The bill provides FY 2016-17 appropriations to the legislative department.

For a complete list of Governor Hickenlooper’s 2016 legislative decisions, click here.

Two Law Firm Hacks Should Be Scaring Your Firm Into Action

Editor’s Note: This post originally appeared on Stuart Teicher’s blog, “Keeping Lawyers Out of Trouble,” on April 4, 2016. Reprinted with permission.

Headshot-Stuart-TeicherBy Stuart Teicher

For years people have been warning that law firms of all sizes are major targets for cyber-criminals. If your firm didn’t take that seriously before, then there are two major hackings last week that should get your attention.

The Wall Street Journal reported that cyber criminals breached Cravath, Weil Gotshal, and several other unnamed firms (read the article here: http://on.wsj.com/1MzYlN2). The paper states that it’s not clear what (or whether) information was taken, but the focus is on the possibility of confidential information being stolen for purposes of insider trading.

The other major breach is so big that it has its own hashtag— search Twitter for #PanamaPapers or #PanamaLeaks.  According to Reuters, the target was a law firm in Panama who specializes in setting up offshore companies. Hackers stole data from the firm and provided that data to journalists who promptly revealed it to the public (read the article here: http://reut.rs/25GEy4X). The information allegedly reveals a network of offshore loans. According to the BBC, the stolen data reveals how the law firm, “has helped clients launder money, dodge sanctions and avoid tax” (read the BBC’s article here: http://www.bbc.com/news/world-35918844). Political figures and friends of popular politicians are allegedly implicated, according to the report.

My concern is not about the obvious political ramifications. My concern is about the ethical ramifications to lawyers. The danger of hacking is real.

No report has implicated any type of ethical wrongdoing on the part of any firm. That needs to be restated and made abundantly clear: there has been no report of any evidence of ethical impropriety by any of the law firms mentioned in the news. I am bringing this to your collective attention because it should serve as a warning. Confidential client information was stolen from that law firm in Panama… which reminds us that we are targets.

All lawyers are targets. Small firms, large firms, in-house counsel, government lawyers, you name it. The bad guys know that lawyers are the custodians of valuable information and they are coming after us in a big way. The message for all of us is clear: you could be subject to an ethics grievance if you don’t take proper steps to secure your clients’ information.

The responsibility to protect our client information is nothing new. However, these recent events require us apply an increased sense of urgency to evaluating our compliance with that duty. Have you, or your firm, taken the necessary steps to adequately protect your clients’ information? Have you considered the fact that bad guys could be targeting you? What steps have you taken to counteract the potential piracy that could be aimed at your clients’ information?

You could be darn sure that someone is going to be asking those questions to the firms that were targeted in the hacks. Maybe you need to put yourself in their position and ask, “how would we fare if that review was directed toward us?”

Our duty of competence requires that we take appropriate steps to protect our clients’ confidential information. And remember that you, as the lawyer, have the primary ethical duty, not your IT people. Furthermore, various ethics opinions have held that, in some circumstances, the lawyer needs to understand the underlying technology itself.

If these issues weren’t on the front burner in your office before, these two hacks should be causing you to shift your priorities.

Quickly.

 

Save the Date!

Stuart Teicher will be at the CLE offices on Thursday, September 8, 2016, to present two ethics programs. Registration is not yet open, but mark your calendars and don’t miss these important programs.

 

Stuart I. Teicher, Esq. is a professional legal educator who focuses on ethics law and writing instruction. A practicing attorney for over two decades, Stuart’s career is now dedicated to helping fellow attorneys survive the practice of law and thrive in the profession. Stuart teaches seminars and provides in-house training to law firms/legal departments.

Stuart helps attorneys get better at what they do (and enjoy the process) through his entertaining and educational CLE Performances. His expertise is in “Technethics,” a term Stuart coined that refers to the ethical issues in social networking and other technology. He also speaks about “Practical Ethics”– those lessons hidden in the ethics rules that enhance a lawyer’s practice. Stuart writes the blog “Keeping Lawyers Out of Trouble.”

Mr. Teicher is a Supreme Court appointee to the New Jersey District Ethics Committee where he investigates and prosecutes grievances filed against attorneys, an adjunct Professor of Law at Rutgers Law School in Camden, New Jersey where he teaches Professional Responsibility and an adjunct Professor at Rutgers University in New Brunswick where he teaches undergraduate writing courses. He is a member of the bar in New York, New Jersey and Pennsylvania. In 2014, he authored the book Navigating the Legal Ethics of Social Media and Technology (Thomson Reuters).

Colorado Court of Appeals: Computer Crime Statute not Overbroad Facially or As Applied

The Colorado Court of Appeals issued its opinion in People v. Stotz on Thursday, February 11, 2016.

Matthew Stotz and Gustav Eicher (defendants) were managers for the Denver office of Electric Power Systems (EPS), a nationwide company that performs electrical testing for utilities. In July 2012, defendants and three other employees resigned from EPS and began working for a competitor, EPC. When defendants returned their company laptops to EPS, there were several files missing, including bids for clients, operation manuals, and emails. EPS paid a forensic computer company to recover the deleted files, but the recovery data was incomplete and difficult to use. EPS initiated a civil suit against Stotz, Eicher, and the other three employees, and in October 2012 the district court issued a preliminary injunction, enjoining defendants from using information pertaining to bids they had obtained while at EPS and ordering them to return the missing files that they had saved onto external hard drives. Stotz and Eicher had already returned the data in September 2012.

In November 2012, EPS submitted a formal complaint to the Economic Crime Unit of the Denver District Attorney’s Office, and the DA’s office filed criminal charges against Stotz and Eicher in January 2013. EPS sought and obtained, over objection of defendants, dismissal without prejudice of the civil suit. Defendants were charged with computer crime causing loss of more than $1,000 but less than $20,000, conspiracy to commit computer crime, conspiracy to commit theft, theft of trade secrets, and conspiracy to commit theft of trade secrets. A jury convicted them only of the felony computer crime charge, and they were sentenced to a suspended two-year prison sentence with two years of probation and ordered to pay $104,920.26 in restitution.

Defendants appealed, arguing the computer crime statute was unconstitutionally vague both as applied and on its face because it provides inadequate guidance as to what conduct is prohibited, it criminalizes lawful conduct, and it impermissibly left the determination of criminality to EPS. The court of appeals rejected all of defendants’ arguments. The court noted that the deletion of thousands of documents from an employer’s computer clearly falls within the statutory definition of “damage,” and that definition is specific enough to provide notice to a person of ordinary intelligence that the deletion of thousands of documents may cause damage to the computer’s data. The defendants’ facial challenge based on the definition of “damage” therefore failed. Next, analyzing defendants’ as-applied challenge, the court of appeals rejected defendants’ theory that they could do whatever they wanted with their employer-owned laptops. The court noted that the truth of defendants’ assertion was a fact question for the jury, and not a question of whether the statute provided fair notice.

The court similarly rejected defendants’ overbreadth challenge, based on a theory that the statute punishes conduct that can legitimately occur within the course of business. Because defendants’ knowingly destroyed the data on the computers without company permission, their conduct fell within the State’s purview of regulation. The court declined to examine other circumstances in which the statutory language could be applied in an overbroad fashion.

Finally, defendants argued the restitution award was unreasonable because they had returned the information to EPS. Because EPS employees spent considerable time and money trying to recover the information deleted by defendants before they returned it, the district court found no error in the amount of the restitution award. The court of appeals affirmed, finding no abuse of discretion.

The court of appeals affirmed the district court.