algorithimOn September 8, 2021, the U.S. Court of Appeals for the Seventh Circuit released an opinion that rejected a defendant’s Fourth Amendment challenge to the government’s use of pen registers to obtain data for a single internet protocol (“IP”) address that was then used to prove that the defendant had launched a cyberattack against his former employer.  The Circuit ultimately held that the use of a pen register to track IP addresses is not a “search” under the Fourth Amendment and does not require the government to obtain a search warrant.   United States v. Soybel, No 19-1936 (7th Cir. Sept. 8, 2021).

In 2016, industrial supply company W.W. Grainger suffered a series of cyberattacks in which millions of records were deleted from a segment of its business.  Grainger determined that each of the attacks originated from a single IP address outside of Grainger’s network.   After discovering this issue, Grainger referred the cyberattack to the FBI, which found that the implicated IP address came from an apartment building in Chicago where a former disgruntled employee, Edward Soybel, resided.

To confirm the source of the attacks, the FBI had to monitor internet traffic in and out of Soybel’s apartment.  Since the IP addresses were being routed through a master router in the apartment building, the FBI was unable to determine where the source of the cyberattack against Grainger was coming from without the use of a device known as a pen register.  In 1986, Congress passed the Pen Register Act, 18 U.S.C. §§ 3121 et seq., authorizing law enforcement to use pen registers and “trap-and-trace” surveillance devices to obtain information as part of a criminal investigation.  Historically, such devices were used to trace telephone numbers dialed on landline telephones and now, with common use of the internet, they are used to track IP addresses.

In this case, the FBI obtained approval to use the pen register device from a district judge upon a minimal statutory showing of relevance to the investigation.  The pen register was then used to record specific IP addresses coming through the master router for Soybel’s apartment building and the external IP addresses to which they were connecting.  In this way, the IP addresses of the websites visited from Soybel’s apartment demonstrated that Grainger’s systems had been unlawfully accessed. FBI’s surveillance confirmed that Soybel accessed Grainger’s network 790 times between September and November 2016.

Before trial in the Northern District of Illinois on twelve counts of violating the Computer Fraud and Abuse Act, Soybel sought to suppress evidence collected using the IP pen registers as a warrantless search in violation of the Fourth Amendment.  He contended that the government should have been required to make a showing of probable cause to use the pen register – which it had not.  Soybel further claimed that the unlawfulness of the government’s actions was supported by a Supreme Court case from 2018 that held the collection of historical cell-site location information from a cell phone (“CSLI”) required a search warrant.  See Carpenter v. United States, 138 S. Ct. 2206 (2018).  The district court rejected this challenge.  It found that even if a search warrant should have been sought, law enforcement officers were operating prior to the Carpenter decision and were entitled to rely on the “good faith exception” to the exclusionary rule. That is, the officers were acting in good faith when they relied on pre-Carpenter law to evaluate their obligations under the Fourth Amendment.

Soybel was ultimately convicted and filed an appeal with the Seventh Circuit.  On appeal, the defendant argued that he had a reasonable expectation of privacy in the data collected from the pen register and, because no search warrant was obtained before using the pen register, the evidence should have been suppressed.  The Seventh Circuit disagreed.  It held that the pen register only collected external data – the IP addresses and the times of connection – and did not collect the content or substance of the connections.  It further found the case to be analogous to the use of telephone pen registers and in line with decades-old precedent holding that there is no expectation of privacy in the telephone numbers dialed on a landline.  Like the IP pen register, the telephone pen register only collected the telephone numbers and the time and duration of the call.  The contents of the telephone calls were not collected.  Citing the third-party doctrine, the Court noted that there was no expectation of privacy in an IP pen register because the IP addresses were routed through a third-party internet service provider.  By using a third-party ISP, the defendant knowingly exposed his data to the public and therefore had no expectation of privacy.  The Court likened the defendant’s use of a third-party ISP to the historical use of a telephone switchboard and held that prior precedent in telephone pen register cases supported a finding that defendant’s privacy rights were not violated.

The Court also determined that the Carpenter decision did not change the result in this case because the unique features of CSLI are not present in IP-address data. It reasoned that IP-address data was stationary, impersonal, and forward-looking, while CSLI tracked an individual’s movements in great detail through monitoring the location of an individual’s cell phone, a device which the Court noted was indispensable to daily life today.  The collection of CSLI, the Court found, allows the compilation of a “detailed chronicle of a person’s presence” in various locations over a period of years and can even be applied retrospectively because cell carriers keep historical records for years.  CSLI demanded a higher level of Fourth Amendment protection while IP-address data did not.

This decision is important for a number of reasons.  Companies seeking to protect themselves from cyberattack can be confident that the government has one more arrow in its sheath to combat cyber criminals.  The decision also serves as a warning to those disgruntled employees who mistakenly believe that their internet activity is protected from disclosure.  Pen registers have long been an important law enforcement tool allowing investigators to identify the criminal connections suspects are making through their communication devices.  This decision shows that advances in technology will not deter law enforcement scrutiny and courts will not create an artificially high bar to collect IP data — as long as it is not a substantial intrusion into an individual’s privacy.

columnsOn May 17, 2021, we discussed the reality that lawyers – namely, Rudy Giuliani – are not immune from searches by federal agents. In that post, we touched on the Department of Justice’s use of “taint teams,” lawyers and federal agents tasked with screening items seized by search warrants to protect privileges. Despite their routine use, taint teams often create issues related to protecting privileged documents. On August 30, 2021, the United States Court of Appeals for the Eleventh Circuit opined for the first time on using taint teams in In re Sealed Search Warrant and Application for Warrant by Telephone or Other Reliable Electronic Means, Case No. 21-14223. The Court held that taint teams are an acceptable means to filter privileged materials from seized materials at least where the subject of the search warrant has an initial opportunity to review potentially privileged materials. As a result, the Eleventh Circuit deepened the divide among the federal circuits’ views concerning proper taint team procedures.

Privilege Review [T]ain’t That Simple

In any litigation, reviewing materials for privilege is an important step in the discovery process. The privilege review protects materials subject to various documentary privileges including the attorney-client privilege and the work product doctrine. In criminal investigations and government enforcement matters, it is essential that privilege reviews capture and protect all documents subject to these privileges. Producing privileged documents could lead to litigation over whether the producing party intended to waive privilege and, ultimately, subject the producing party to consequences, such as the production of additional documents, depending on the nature of the disclosure.

Privilege reviews usually occur before production of materials by the producing party’s attorneys.  When the government enters a person’s home or business with a search warrant, however, the government usually will not wait for the searched person or business to conduct a privilege review. Instead, the agents will seize materials within the scope of the search warrant regardless of whether they are privileged. The seized materials include not only documents, but often also includes computers and electronic storage devices like external hard drives which could contain communications with counsel concerning legal advice, memoranda prepared in anticipation of litigation, and other clearly privileged documents that would never be produced in a run-of-the-mill civil document production.

The government commonly uses taint teams to filter out privileged documents from search warrant returns. A taint team consists of federal agents and attorneys not involved in the underlying investigation or resulting potential prosecution usually conducts that review. The taint team, which is instructed to not disclose the contents of any privileged documents to the prosecution team, filters out privileged documents, and then provides the non-privileged documents to the prosecution team. The rub is that the taint team still consists of federal agents and attorneys employed by the government, giving rise to potential conflicts, and who may not recognize privileged materials before turning them over to their colleagues.  For this reason, several federal circuits have developed guardrails to protect privilege reviews of search warrant returns; these tests, however, are far from uniform, giving rise to uncertainty and disparate treatment depending on where in the country a search occurs.

The Eleventh Circuit Endorses Taint Teams

On August 30, 2021, the Eleventh Circuit released its taint team opinion in In re Sealed Search Warrant and Application for Warrant by Telephone or Other Reliable Electronic Means, an issue of first impression in the circuit. In this case, the government acquired a search warrant for the corporate offices of a group of purported family businesses, all doing business under the name “Optima.” The search team seized documents from the entire office, including files owned by the business’s in-house attorney.  Under the original taint team procedure that the government chose, the prosecution team was to provide the taint team with any seized communications that were to or from an attorney. The taint team would then review the communications and move for a court order to provide the communications back to the prosecution team.

Optima and its employees intervened, seeking a preliminary injunction to halt the taint team’s activities. A magistrate judge in the Southern District of Florida determined that the proposed protocol was underinclusive of privileged documents because it required the prosecution team to segregate only the communications to or from attorneys. The magistrate judge also imposed a new protocol that required the intervenors to first identify privileged documents; then, a different United States Attorney’s office would conduct a taint team review of those documents claimed to be privileged. The intervenors objected to the magistrate’s report and recommendation and argued that the district court should conduct the privilege review, but the district court disagreed. So, the intervenors appealed to the Eleventh Circuit.

The Eleventh Circuit affirmed the district court’s modified taint team protocol. This is the first time the Eleventh Circuit had been asked to rule directly on the propriety of a taint team procedure. Thus, it compared the modified taint team protocol to protocols that various other circuit courts have affirmed or reversed. The Eleventh Circuit reasoned that, because the proposed taint team protocol did not “suffer[] from [any] of the defects [other] courts found disqualifying,” the proposed procedure provided sufficient protections for the privileges at issue. Therefore, a taint team which first permits a searched party to identify potentially privileged documents passes muster in the Eleventh Circuit.

Judicial Restrictions on Taint Teams

In arriving at its decision, the Eleventh Circuit relied on other circuits’ descriptions of what a proper taint team looks like. Notably, it distinguished authority from the Fourth (covering West Virginia, Virginia, Maryland, North Carolina, and South Carolina) and Sixth Circuits (covering Michigan, Ohio, Kentucky, and Tennessee) disapproving of taint teams in certain situations. Additional relevant authority not addressed by the Eleventh Circuit originates from the Southern District of New York.

While the Eleventh Circuit’s decision did not address decisions from the Southern District of New York, which is widely regarded as an influential district court, it has approved of taint teams at least twice. First, in U.S. v. Sattar, No. 02 Cr. 395, 2003 U.S. Dist. LEXIS 16164, 2003 WL 22137012 (S.D.N.Y. Sept. 15, 2003), the government sought a court order to produce privileged materials belonging to Sattar’s co-defendants to Sattar pursuant to Brady. The co-defendants opposed, citing privilege concerns. The dispute centered around notebooks which contained allegedly privileged statements that the taint team was translating from Arabic to English and phone calls between Sattar’s co-defendants and their counsel being transcribed and redacted where privileged for the prosecution team’s use. The translations and transcripts were also provided to the co-defendants. The district court held in camera review was appropriate because the court could not determine whether the material was actually privileged without reviewing it. Second, in In re Search Warrants Executed on April 28, 2021, No. 21-MC-425, 2021 U.S. Dist. LEXIS 101348 (S.D.N.Y. May 28, 2021), the Southern District of New York again addressed taint teams when Rudy Giuliani sought the return of allegedly privileged materials seized pursuant to a search warrant. Giuliani objected to a taint team protocol, but the district court disagreed and stated that “[t]he use of a [taint] team is common procedure in this District and has been deemed adequate in numerous cases to protect attorney-client communications.” Nonetheless, the court appointed a special master to ensure the “perception of fairness” in the process. Therefore, the Southern District of New York has broadly approved using taint teams, but will not credit their privilege designations without judicial review.

In In re: Search Warrant Issued June 13, 2019, 942 F.3d 159 (4th Cir. 2019), an unidentified law firm resisted a taint team procedure imposed by the government when collecting documents seized pursuant to a search warrant of its offices. The search warrant sought evidence of alleged illegality related to one attorney’s representation of one client out of a 20-attorney law firm. The magistrate judge ex parte authorized the use of a taint team. The procedure required the taint team to send responsive yet potentially privileged materials to the subject’s attorneys for further review, but non-privileged materials, based solely upon the judgment of the taint team, would be forwarded to the prosecution team. The taint team seized the subject’s documents which included tens of thousands of emails unrelated to the client relationship under investigation. The subject’s law firm partners objected to protect their clients’ information on the subject’s computer, but the district court overruled the objections. The Fourth Circuit reversed. It held a potential privilege waiver of this magnitude presented potential irreparable harm, and the proposed taint team protocol vested the Executive Branch with judicial powers to make privilege determinations. It also relied on a recent case from the District of Maryland, U.S. v. Elbaz, No. 8:18-cr-00157, in which a taint team improperly disclosed thousands of privileged documents to the prosecution team. Accordingly, the Fourth Circuit reversed the taint team protocol and ordered the district court to impose injunctive relief to cease the taint team’s operation pending further review by the district court. The district court’s activity on remand is not reported under the case number associated with the appeal, so it is unclear how the district court resolved the taint team protocol. Notably, the Southern District of New York distinguished this case in the Giuliani case by stating the Fourth Circuit “did not hold the Government’s use of a filter team is categorically inappropriate.”

In In re Grand Jury Subpoenas 04-124-03 and 04-124-05, 454 F.3d 511 (6th Cir. 2006), the Sixth Circuit held that a subject of a grand jury investigation has a limited right to review documents before producing them to the grand jury. A grand jury issued a subpoena for documents related to Larry Winget in Winget’s company’s control. The subpoena required immediate production to a taint team who would send documents it determined to be non-privileged to the grand jury without any review by any party. Asserting that the protocol was improper, Winget intervened, but the district court disagreed. The Sixth Circuit reversed, reasoning that this case was not appropriate for taint team procedures because the documents were not in the government’s possession yet and “taint teams present inevitable, and reasonably foreseeable, risks to privilege” from leaks between the taint team and prosecution team. However, the Sixth Circuit also held that a subpoenaed party should not be able to delay the grand jury’s review of relevant documents. Accordingly, the Sixth Circuit held that a Special Master should be appointed to conduct an initial privilege review, returning privileged documents to the subpoenaed company and sending non-privileged documents to the grand jury.

These cases highlight important differences among judicial approaches to using taint teams. First, as is clear from the Sixth Circuit, taint teams are inappropriate in situations where the materials are not yet in the government’s possession. Second, the Fourth Circuit has decisively held that overinclusive search warrant returns cannot simply be turned over to a taint team to make privilege determinations as if it were part of the judiciary. Third, while the Southern District of New York has held that a taint team sufficiently protects a subject’s privileged materials, a taint team cannot unilaterally determine whether privileged materials are indeed privileged and a court still must review the documents in camera before producing them to another party even pursuant to the government’s Brady obligation. These principles reconcile in the Eleventh Circuit’s holding that a taint team may make privilege determinations only after the potentially privileged materials are first identified by the subject of the investigation. Notably, the Eleventh Circuit departed from the Sixth Circuit’s analysis of who possesses the documents – in the Eleventh Circuit, the government possessed the documents, but the subject was still entitled to a first-look privilege review.

Conclusion

The circuits which have opined on the propriety of a taint team procedure do not take a uniform approach. Instead, whether a taint team is appropriate and how it will operate depends on the facts of the case including who possesses the documents, the size of the seizure relative to the scope of the warrant, the number of privileged documents in the seized materials, the timing of the production, and most important, where the search was executed. At some point, the Supreme Court may be asked to resolve the circuit splits and provide a definitive approach to the procedure concerning seizure of privileged material subject to search warrants.

waitingAt the onset of the COVID-19 pandemic—and thus nearly a year and a half ago—the federal government implemented a massive stimulus program to prop up the economy.  A key component of that stimulus was the Paycheck Protection Program (PPP).  The PPP allowed businesses to obtain forgivable loans to be used for payroll and related expenses; the loans were approved, disbursed and administered by banks and fintech companies, but were issued and backed by the Small Business Administration.  (For additional background on the PPP, see here, here, and here.)

The rapid rollout of the PPP coupled with shifting federal guidelines and reduced underwriting requirements made PPP loans ripe for fraud.  One expected avenue that the government and private whistleblowers will use to combat that fraud is the False Claims Act (FCA) (see here).  But to date, there have been few publicly announced FCA cases brought for PPP fraud.  It was not until January 2021 when the government announced its first settlement in a FCA case for PPP fraud.  There, the defendant failed to disclose that it was in bankruptcy proceedings at the time of the loan application.  There were no criminal charges.  While that settlement was notable for being the first, the alleged fraud involved only $350,000 of PPP funds—PPP loans, however, were made in sums as large as $10 million.

Since the January 2021 settlement, there have only been a handful more in 2021, all of which also involve relatively small loan amounts.

  • On April 21, the US Attorney’s Office for the Eastern District of California announced a settlement to resolve FCA claims against a professional medical corporation and its owner related to a $430,000 PPP loan. According to the government, the corporation and its owner falsely certified in an application for a PPP loan that they had not previously received any PPP funds.  (Notably, the government alleged this false statement violated the FCA even though the corporation did not seek forgiveness of the second loan.)  The settlement required the corporation to repay the entire $430,000 loan and to pay, along with its owner, a combined $70,000 in damages and penalties.  There were no criminal charges.
  • On June 2, the US Attorney’s Office for the Eastern District of Virginia announced a settlement with a company and its owner to resolve FCA claims based on the company improperly obtaining multiple PPP loans by using a company that was not currently doing business to obtain a second loan only to have those loan proceeds deposited in the other, operating company’s account. The total settlement, inclusive of penalties, was $230,414.65.  There were no criminal charges.
  • On August 27, the US Attorney’s Office for the Southern District of Florida announced a settlement with the owner of a jet charter company to resolve FCA claims based on the owner misappropriating for his own personal expenses PPP funds obtained by the company. The government alleged that the company received $1,173,382 in PPP money and the owner, within a day, transferred $98,929 to pay for personal expenses unrelated to the company’s operations.  The owner agreed to settle for $287,055.  Unlike the others, this FCA case was commenced by a whistleblower relator, who will receive $57,411 of the settlement.  There were no criminal charges.

These settlements provide two insights into trends of stand alone FCA cases involving PPP fraud.  First, there was no one common fraud scheme: The FCA claim in each is premised on different types of underlying deception.  In the January settlement, the false statement was the borrower’s certification that it was not in bankruptcy when it applied for the PPP loan.  In the April and June settlements, the false statement was the certification the borrower had not previously obtained a PPP loan.  In the August settlement, the false statement was the owner’s certification that the loan funds would be used for permissible purposes under the PPP, i.e., for company payroll and operating expenses.  Each of these FCA violations involve clear cut fraud.  Which leads to the second insight: So far, stand-alone FCA claims based on PPP fraud involve only obvious fraud and involve only relatively small loan amounts (all have been settlements of $500,000 or less).

The question raised by the settlements is whether they are indicative of a less aggressive reliance on stand-alone FCA law suits to recover PPP funds because DOJ intends to prosecute criminally the more egregious PPP frauds, or whether we are just seeing the beginnings of stand-alone FCA cases and these settlements are nothing more than low-hanging fruit.  To be sure, the government has been investigating and prosecuting PPP fraud based on other theories of liability, as my colleague has written about here.  That does not answer whether there will be an uptick in stand-alone FCA cases premised on PPP fraud—an important question for participants in the PPP, because FCA cases are civil, and thus easier to prove than a criminal case, and because the government is aided by private whistleblowers and other relators in investigating and developing FCA cases.

There are several reasons to believe that the wave of FCA PPP cases has not crested and, in fact, is still far offshore.  First, as a practical matter, financial fraud cases can be complex and document heavy, requiring lengthy investigation.  That is true as a general matter but likely even more so for PPP fraud, given the speed of the program’s rollout and the approval and distribution of the loans.  Second, as a legal matter, FCA investigations and claims, by their very nature, are shielded from public view for many months or even years.  When a private relator, i.e., whistleblower, files a FCA case against a defendant, by statute the case is sealed for 60 days to permit the government time to investigate—and that time is frequently extended if the government needs additional time to investigate.  And of course, the government’s own investigations are rarely made public before charges or claims are brought.  So there could be hundreds or thousands of FCA PPP investigations ongoing right now that simply are not public.

Indeed, recent reporting suggests that the focus of investigations into FCA violations for the PPP is expanding beyond the recipients of PPP loans to the financial institutions, i.e., banks and fintech companies, that processed the borrowers’ PPP applications and disbursed the loans.  Whether there can be a viable FCA claim made out against these financial institutions is unclear—there are several strong defenses to FCA liability based on materiality and intent these entities likely could assert.  But this reporting indicates that FCA cases based on PPP fraud are likely to increase substantially in the coming months and years.

So, it is not a question of if the other shoe will drop for PPP FCA cases, but when.

 

GoalTwo former television executives ensnared in the latest salvo of the long-running FIFA corruption scandal have petitioned the Eastern District of New York for an opportunity to review cellphone evidence from a government cooperating witness that might have been languishing on the shelf for the past six years.

Carlos Martinez and Hernan Lopez (the “Defendants”) are just the latest sports marketing operatives to be caught up in the wide-ranging probe that centers on bribes paid in exchange for broadcasting rights for lucrative soccer tournaments. The first FIFA corruption trial took place in 2017. During the course of that trial it became clear that Alejandro Burzaco, a former executive of the sports communication firm Torneos y Competencias, was the government’s primary cooperating witness. Martinez and Lopez have been charged with, among other things, conspiring with Mr. Burzaco to commit wire fraud and launder money. Now, Defendants have sought to subpoena Mr. Burzaco’s cellphone evidence which the government apparently claims it never reviewed.

In their recent filing seeking the subpoena (the “Motion”), the Defendants note that in 2017 Mr. Burzaco testified that he used an iPhone and a BlackBerry during the timeframe of the alleged conspiracy, that he turned those phones over to his attorneys in 2015, and that – to his knowledge – those phones had not been wiped of their data.[1] According to the Motion, when asked for that cellphone data the government indicated that it “does not have, and has never had, possession of any electronic devices – including cell phones or computers – of Alejando Burzaco’s and thus has no images to produce[,]” and that is likewise does not have any ESI from the phones.[2] This despite the fact that Mr. Burzaco testified to taking part in approximately 50 proffers with the DOJ and FBI, and the fact that Defendants have indicated that they received evidence of encrypted messages between Burzaco and others which were apparently taken from the phones of third parties.[3]

The Defendants have taken the position that the phones are likely to have admissible evidence tending to bear on Burzaco’s credibility and whether they were actual participants in the alleged conspiracy.

Defendants’ efforts to subpoena Burzaco’s phones is a smart tactical move for several reasons.

First, the Motion is an opportunity for the Defendants to play some offense, while potentially strengthening their defense. The Motion raises several questions about the government’s case, which Defendants likely hope to use to highlight reasonable doubt. Why would the government have declined to take possession of and review Burzaco’s cellphones? Especially if it has since done so with other cooperating witnesses? How did the government corroborate intelligence gleaned from Burzaco?

Second, locating and producing the cellphone data is unlikely to be burdensome given Burzaco’s testimony. During the 2017 trial, Burzaco indicated that his counsel operated according to best practices by obtaining and sequestering Burzaco’s cellphone records – here, they apparently went so far as to take the literal phones. Maintaining control over such records is not only a smart tactical decision by any defense team, it is also an ethical obligation as part of an attorneys’ duty of competence regarding the handling of Electronically Stored Information.[4] If Burzaco’s attorneys maintain access to the cellphones, providing the necessary data is only a matter of securing a copy, or “image,” of those phones’ data.[5]

Finally, securing access to Burzaco’s cellphone records could change the substantive dynamics of this case. The typical smartphone contains, at a minimum, logs of the user’s calls, texts and emails, voicemails, contact information, calendars, web browsing and search engine history, photos and videos, and GPS information.[6] While some of this information might be retrievable via a company’s servers or cloud software, much of it “may be irretrievable from anywhere but the device itself.”[7] Defendants’ access to even a limited subset of such information would provide an invaluable opportunity to test Burzaco’s credibility and potentially poke holes in the government’s case.

Any opportunity for a criminal defendant to go on the offensive is one which should be carefully considered. Especially where, as here, valuable cellphone records may be at stake. Here, defense counsel’s creative offensive play has created an opportunity to change the narrative and, perhaps, the fundamentals of this case.

 

[1] Defendants Hernan Lopez and Carlos Martinez’s Application for Pretrial Subpoena Pursuant to Fed. R. Crim. P. 17 and Letter Rogatory, United States v. Carlos Martinez, Hernan Lopez, et al., No. 15-cr-252 (PKC) at 9-11.

[2] Id. at 11-13.

[3] Id. at 13, 15.

[4] Forensic Examination of Digital Devices in Civil Litigation: The Legal, Ethical and Technical Traps, 24 The Professional Lawyer, American Bar Association (March 1, 2016), https://www.americanbar.org/groups/professional_responsibility/publications/professional_lawyer/2016/volume-24-number-1/forensic_examination_digital_devices_civil_litigation_legal_ethical_and_technical_traps/#ref38.

[5] The Motion also seeks a Letter Rogatory for certain data from Burzaco’s BlackBerry phone, which the Defendants claim is accessible via Torneos y Competencias’ “BlackBerry Enterprise Server.” The practicability and procedure for accessing such data via a Letter Rogatory is outside the scope of this post. Typically, the ability to secure cellphone data, and the scope of such available data, depends on a company’s data management policies.

[6] See Mobile Devices, Data Collection and the Next E-discovery Front, FTI Technology, https://www.ftitechnology.com/resources/white-papers/mobile-devices-data-collection-and-the-next-e-discovery-front.

[7] Id.

National DefenseOn January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021. Included among its provisions is the Corporate Transparency Act (CTA), which, in short, requires qualifying businesses to disclose so-called “beneficial owners.” The purpose undoubtedly is to root out shell companies that avoid detection, regulation or enforcement through complex, opaque ownership arrangements. While we cannot be certain how enforcement will take shape, companies should be aware of the CTA’s requirements to prepare for its enforcement.

The Problem: Shell Companies Hide Illegal Activity

Law enforcement officials believe that their ability to root out corporate crime of all kinds is hindered because individuals and companies can set up complex ownership structures of assets that hide the true beneficial owners. While forming or having a “shell company” – a business that exists only on paper, with no employees, no physical location and sometimes no disclosure of the owner’s real name – is not in and of itself illegal, it can be used to launder money and evade U.S. law enforcement. Sophisticated shell companies may be owned by a separate company or companies, using a Russian-doll ownership structure that eventually traces back to the ultimate owner, who may or may not be a criminal. The problem for law enforcement is that it is difficult to track back what may be many layers of ownership that have enabled the true owner to remain anonymous. The shell company may either have little legitimate business or no business at all; instead, it merely funnels back to the owners funds that may have been laundered by fraudulent invoices, fudged bookkeeping numbers, made-up accounts receivable or similar illegal yet easy-to-overlook activities that would not raise red flags with the government.

To be sure, while many U.S. companies use shells for legitimate purposes, they are also a favored means of laundering funds that are obtained through illegal activity.

Under the United States Code, “laundering of monetary instruments” is transacting in property while knowing that the property represents the proceeds of an unlawful activity and with the intent to promote or carry on unlawful activity or knowing that the transaction is designed to conceal or disguise the unlawful activity. Most people call it “money laundering” because the process “cleans” the property – usually money – of its illegal history and can be used with less worry that the government will investigate its use. Of course, money laundering does not actually clean the money; it remains tied to its original ill-gotten past, and money laundering is a crime in and of itself.

The Solution: The Corporate Transparency Act

Congress passed the CTA, which then-President Trump vetoed on December 23, 2020. The House of Representatives overrode the veto on December 28, and the Senate followed suit on January 1, 2021. The CTA became law the same day, although its provisions will not become effective until the U.S. Treasury Department promulgates implementing regulations, which is supposed to occur no later than January 1, 2022.

The CTA generally requires shell entities to report their ultimate ownership to the Financial Crimes Enforcement Network (FinCEN), an arm of the federal government, for cataloguing. More specifically, each “reporting company” must provide each “beneficial owner’s” full legal name, date of birth, current residential or business address, and either a unique identifying number from a passport or state-issued ID or a FinCEN identifier number. Because the CTA only affects “beneficial owners” and “reporting companies,” a critical question for businesses is whether they will be deemed to fall into those categories.

A beneficial owner is “an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, exercises substantial control over the entity; or owns or controls not less than 25 percent of the ownership interest of the entity.” A beneficial owner does not include

  • a minor child if the parent or guardian submits reporting information;
  • an individual acting “as a nominee, intermediary, custodian, or agent on behalf of another individual”;
  • “an individual acting solely as an employee” of a business entity who derives an economic benefit solely by virtue of their employment status;
  • an individual whose only interest in the entity was through inheritance; or
  • a creditor of the corporation, unless the creditor meets the requirements of the definition of a beneficial owner.

Because of the definition’s broad language, a shell company will need to trace its ownership outward from the Russian dolls it sits in to arrive back at each individual who either exercises substantial control over the company or possesses at least 25% of its ownership interest.

A reporting company is “a corporation, limited liability company, or other similar entity that is created by the filing of a document with the secretary of state or similar office under the law of a State or Indian Tribe; or formed under the law of a foreign country and registered to do business in the United States by filing a document with a secretary of state or similar office under the laws of a State or Indian Tribe….” A reporting company does not include

  • an issuer, broker, or dealer of securities or entity required to file information under section 15(d) of the Securities Exchange Act of 1934;
  • an entity exercising governmental authority on behalf of the United States or any State, Indian Tribe, or political subdivision;
  • a bank, credit union, bank holding company, or a money transmitting business as defined in various federal laws;
  • an exchange or clearing agency;
  • an investment company or adviser registered with the SEC or under the Investment Advisers Act;
  • an insurance company;
  • a registered entity under the Commodity Exchange Act;
  • a public accounting firm;
  • a public utility company;
  • a financial market utility;
  • a 501(c) nonprofit company, unless the organization loses tax exemption status and fails to cure that defect within 180 days;
  • a charitable or split-interest trust; or
  • other entities not listed here.

Because the new law targets shell companies, a reporting company also does not include an entity that employs more than 20 employees full-time, filed tax returns showing more than $5 million in gross receipts or sales (including receipts and sales of other entities through which that entity operates or owns), and has an operating presence at a physical office in the United States. There is also a grandfather clause that provides preexisting entities two years from the effective date of the act to file the required information.

A person who willfully provides false or fraudulent beneficial ownership information or willfully fails to complete the beneficial ownership information will be liable for a $500 civil penalty each day the violation continues and will suffer a fine of up to $10,000, imprisonment for not more than two years, or both. The CTA provides a liability exception for those who remedy the inaccurate information within 90 days, unless the inaccurate information was provided for purpose of delay and the person had actual knowledge of the inaccuracy. Additionally, a person who knowingly discloses or uses beneficial ownership information they obtain through a report or disclosure made to FinCEN shall be liable for a civil penalty of $500 per day of the violation, and suffer a fine of up to $250,000, imprisonment for not more than five years, or both. If the unauthorized use or disclosure of beneficial information is a part of a pattern of illegal activity involving more than $100,000 in a 12-month period, the fine increases to up to $500,000, and the term of imprisonment increases to not more than 10 years.

The CTA’s clear intended effect is to require those who control or own small companies to file certain identifying information with FinCEN, which can then examine the records to ensure accuracy and alert authorities to anomalous filings. The hope is that this process will permit easier tracking and investigation of these types of companies.

This overview of the CTA is not meant to be comprehensive. The CTA contains many more provisions and subtleties than are provided here, including guidance to regulating authorities. Strict compliance with the CTA is expected, so each business should review the specific requirements that apply to its circumstances.

Conclusion: The CTA is a Good Start on a Long Road

The CTA is a small step on a much longer journey. While its scope is appropriate to begin reining in the use of shell companies, the CTA’s success cannot be measured until long after its effective date. While law enforcement officials view it as an important tool in their efforts to combat money laundering and criminals will likely continue to find new ways of evading detection of ill-gotten gains, businesses that form shell companies for legitimate purposes should pay attention to the CTA’s requirements to avoid unwarranted scrutiny and suspicion.

 

nursing homeOn June 22, 2021, the Office of the Inspector General for the U.S. Department of Health and Human Services (OIG-HHS) released a comprehensive report on the impact of COVID-19 on Medicare beneficiaries residing in nursing homes for 2020.  While the results may not be surprising, they are still disturbing.  Overall, the report paints a tragic picture of COVID-19 ravaging the nursing home population.

For example, the report finds that roughly forty-two percent of Medicare beneficiaries in nursing homes had or likely had COVID-19 – compared to only six percent of the population as a whole.  The report also determined that the overall mortality rate in nursing homes in 2020 was nearly one-third higher than it was in 2019.  Strikingly, almost 1,000 more Medicare beneficiaries died per day in April 2020 than they did in April 2019.  And while all age and ethnic groups were hit hard by the disease, the report found that nearly half of Black, Hispanic, and Asian Medicare beneficiaries had or likely had COVID-19, as compared to only slightly more than forty percent of White beneficiaries.

While the OIG-HHS report concludes that the data will be used prospectively to avert similar tragedies occurring in the future, the clear, if unwritten, implication of the report is that it will serve as a further basis for regulators and prosecutors to scrutinize and investigate nursing home operators.  As previously discussed on this blog (here and here), the Department of Justice (DOJ) and the Department of Health and Human Services (HHS) announced the creation of the National Nursing Home Initiative (NNHI) in March 2020, coincident with the rise of COVID-19.  The stated purpose of the NNHI was to pursue criminal and civil enforcement actions against nursing homes that provide “grossly substandard care.”  However, by November 2020, the NNHI appeared to have floundered, with nursing homes passing government inspections with ease despite the pandemic, and overall being fined less than the prior year.

That soon could very well change, with the OIG-HHS report being the harbinger of more robust enforcement proceedings and investigations.  The report, and it’s devastating findings, comes just a few months after the new HHS secretary, former California Attorney General Xavier Becerra, was confirmed on March 18, 2021.  Prior to this, Becerra had established himself as an aggressive prosecutor of nursing home fraud and misconduct in California.  In fact, just days before he was confirmed, Becerra, alongside other government prosecutors, filed a newsworthy lawsuit against an operator of one of the nation’s largest nursing home chains.  The lawsuit alleges that the nursing home operator ignored laws designed to protect patient safety and provided false information to the Centers for Medicare & Medicaid.

Another sign that nursing homes may face increased scrutiny are DOJ’s focus on pursing False Claims Act (FCA) actions against nursing home operators.  For example, just last month, nursing home operator SavaSeniorCare LLC (Sava) agreed to settle allegations it violated the FCA by billing Medicare and Medicaid for grossly substandard skilled nursing services or for services that were not necessary by paying $11.2 million.  As is common with FCA cases, the Sava settlement resolves allegations of fraud arising from a complaint filed in 2015 and based on conduct that occurred a decade ago.

What this means is that it is likely that DOJ, OIG-HHS, and other regulators and prosecutors, may be spurred by the OIG-HHS report to investigate nursing homes for fraud out of their handling of the pandemic.  But given the enormity of COVID-19, affecting virtually every nursing home in the nation, and the complexity of FCA investigations generally, it may be months or years before we see the visible impact of those investigations.  This does not mean, of course, that nursing homes will get a free pass.  To the contrary, in remarks given publicly in December 2020, Deputy Assistant Attorney General Michael Granston reiterated that one of DOJ’s priorities included using the FCA as a basis to investigate and hold accountable nursing home operators – specifically emphasizing the NNHI and the “continuing evidence of deficient care being provided to our nation’s seniors.”

The OIG-HHS report released this week all but conclusively proves that COVID-19 took an immense toll on nursing homes and their residents.  The data in that report alone certainly is not a basis to prove that these nursing homes violated laws or regulations, including the FCA.  But it provides a strong basis for regulators and prosecutors to lay the foundations for investigating nursing home misconduct during the pandemic.  Even though the pandemic may be winding down, nursing home operators should expect to continue to be scrutinized and investigated for their actions during it for a long time.

Price GougingIn early March 2020, at the outset of the COVID-19 pandemic, former Attorney General William Barr instructed federal prosecutors to prioritize the “detection, investigation and prosecution of all criminal conduct related to the current pandemic.”  His memos from the early days of the pandemic made it clear that COVID-19 related wrongdoing would be a top priority for the U.S. Department of Justice (“DOJ”) while the pandemic persisted.  Over a year later, after one of the worst national health emergencies in this nation’s history and a change in presidential administrations, not much has changed—COVID-19 related wrongdoing remains a top priority for DOJ.

Unlawful Price Gouging and Hoarding was DOJ’s Initial Focus

Early on, ahistorical buying patterns, lockdown orders, and panic buying wreaked havoc on the nation’s supply chains, causing shortages in everything from computer chips to medical supplies to toilet paper.  The increased demand and shorter supply caused prices to increase, and DOJ responded by focusing its efforts on addressing “COVID-19 related market manipulation, hoarding and price gouging.” Attorney General Barr launched the COVID-19 Hoarding and Price Gouging Task Force.  As the name suggests, the task force’s responsibility was to work with various federal agencies and local law enforcement to identify individuals and businesses who sought to make profits higher than DOJ deemed appropriate on essential items.

President Trump’s invocation of the Defense Production Act (“DPA”) by executive order buoyed the task force’s efforts.  Under the DPA, the government can bring criminal charges for unlawful price gouging and hoarding scarce and threatened scarce items, which the Eastern District of New York did for the first time ever on April 24, 2020.  A Long Island store owner was accused of hoarding personal protective equipment, including masks, hand sanitizer and medical gowns.  More prosecutions soon followed.

Passage of the CARES ACT Transformed COVID-19 Related Fraud

Fraud was also one of the early concerns of DOJ.  In his March 24, 2020 memo, former Deputy Attorney General Dana Boente instructed federal prosecutors to be on the lookout for scams related to the sale of fake testing kits and cures, ineffective or deficient personal protective equipment, and websites that infected users with malware and ransomware.  The government’s focus on petty scams would be short-lived, however.  The Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), which was signed into law on March 27, 2020, quickly changed the form of fraud on which DOJ focused its attention.

The CARES Act created the Paycheck Protection Program (“PPP”).  The PPP made billions available to businesses in need of help in the form of forgivable loans, and it did not take long before the program was exploited. DOJ began investigating PPP fraud almost immediately after the first applications were submitted.

DOJ brought its first criminal charges for PPP fraud in May 2020, and by September 10, 2020, DOJ had brought criminal charges against more than 57 people.  Less than a year later, by March 26, 2021, DOJ had filed charges against over 120 defendants related to PPP fraud in at least 19 federal jurisdictions.  According to a Justice Department press release, the alleged misconduct ranges “from individual business owners who have inflated their payroll expenses to obtain larger loans than they otherwise would have qualified for, to serial fraudsters who revived dormant corporations and purchased shell companies with no actual operations to apply for multiple loans falsely stating they had significant payroll, to organized criminal networks submitting identical loan applications and supporting documents under the names of different companies.”

The PPP Wasn’t the Only CARES Act Program Exploited

In addition to the PPP, the CARES Act also authorized the existing Economic Injury Disaster Loan (“EIDL”) program and appropriated more than $860 billion worth of federal funds for unemployment insurance.  In June 2020, less than three months after the CARES Act was signed, the inspector general of the Small Business Administration had already received nearly 700 complaints about potential EIDL fraud.  Later, in October 2020, the inspector general released a report indicating that the SBA had granted approximately $1.1 billion in COVID-19 EIDL loans to ineligible businesses.  As of the date of the blogpost, over 140 defendants have been charged with federal offenses related to unemployment insurance fraud.

DOJ is Ramping Up Its COVID-19 Fraud Enforcement

Now that the worst of the national health crisis is behind us and price gouging and hoarding is less of a threat, DOJ is focusing its attention on COVID-19 related fraud schemes.  By May 2021, DOJ had publicly charged over 600 defendants for some form of COVID-19 related fraud, but this is only the tip of the iceberg.

On May 17, 2020, current Attorney General Merrick Garland launched the COVID-19 Fraud Enforcement Task Force.  The task force is led by the deputy attorney general and is made up of representatives from several divisions of DOJ, the Federal Bureau of Investigation, the Organized Crime Drug Enforcement Task Force, and various other federal agencies.  The composition of the task force suggests that there will be better interagency communication channels and more resource sharing that could allow the government to investigate increasingly complex schemes across a broad array of conduct, prosecute more sophisticated offenders, and even audit the internal compliance systems of good faith actors, such as by reviewing the books and records of PPP loan recipients to ensure their eligibility for the program.

Since the launch of the task force, DOJ has already announced sweeping enforcement actions against 14 defendants across seven jurisdictions for their roles in various healthcare fraud schemes, including performing medically unnecessary services for Medicare beneficiaries seeking COVID-19 testing, and the first ever criminal charges against medical providers for submitting fraudulent Medicare claims for sham telehealth consultations.

Commentators have suggested that DOJ may even begin turning its attention to lending institutions by bringing civil actions under the False Claims Act and/or Financial Institutions Reform, Recovery and Enforcement Act for conduct such as approving applicants who were clearly not eligible for loans and failing to adhere to anti-money laundering requirements.

One thing is certain.  With Attorney General Garland’s commitment to “use every available federal tool – including criminal, civil, and administrative actions – to combat and prevent COVID-19 related fraud,” we are all but guaranteed to see COVID-19 fraud enforcement actions for years to come.

 

RansomeOver the past few weeks, revelations of ransomware cyber-attacks on U.S. businesses have rocked the country’s infrastructure and have held hostage companies’ computer systems that are necessary to provide essential services to the nation.  In a typical ransomware attack, hackers exploit a security vulnerability to gain access to a company’s computer system.  After gaining access, the hacker will encrypt all or part of the system, rendering it inoperable or significantly crippled.  The hackers then demand a ransom payment in exchange for a decryption key that will unlock the computer system.  Recent ransomware attacks have focused on providers of essential products or public infrastructure, such as hospitals and medical providers, food distributors, energy companies, and public transit companies.

Prior to 2019, ransomware attackers mainly targeted data-rich companies, such as retailers or financial companies, relying on the potential loss or threatened exposure of customers’ personal data to incentivize companies to pay a ransom for the decryption key.  Over the last few years, ransomware attacks have become increasingly frequent for other types of businesses lacking in such personal data, including manufacturers or industrial companies.  In these attacks, the goal is to shut down a company’s operations, thereby forcing it to ransom the encryption key to get the business back up and running.

According to FBI Director Christopher Wray, reports of ransomware attacks have tripled over the past year.  The increased frequency and broader scope of ransomware attacks presents not only a business risk for a company, but legal and compliance risks as well.  In October 2020, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) released an advisory statement that explained that many criminals responsible for ransomware appear on OFAC’s Specially Designated Nationals and Blocked Persons List (“SDN list”).  Under U.S. law, American companies and individuals are strictly prohibited from engaging in transactions with a sanctioned person or entity.    This means that if a company ransoms its data from a person who appears on OFAC’s SDN list, it may be held civilly liable under U.S. law, even if it was unaware that the ransomware hacker was identified on the SDN list.  Furthermore, criminal penalties of up to 20 years’ imprisonment are available where there is a reckless or willful violation of the sanctions laws.

Choosing whether or not to make a ransom payment can be a difficult one, but in order to minimize the risk of OFAC fines or penalties in connection with a payment, it is vital that a company have a risk-based compliance program in place that will operate to mitigate the risk that the company may take by making a ransom payment to a potentially sanctioned individual or entity.  An effective sanctions compliance program will include, among other things, a commitment from management, periodic risk assessment, effective internal controls, ongoing monitoring and testing, and training for employees.  Specifically, in circumstances involving ransomware, a compliance program must also assess and account for the risk that the payment may involve an embargoed nation or a person or entity appearing on the SDN list.

Although a company may not wish to publicize that it has been a victim of a ransomware attack, there is a strong incentive to promptly disclose a cyber-attack to law enforcement and to cooperate in any investigation:  OFAC views disclosure and cooperation as significant mitigating factors in the event that any ransom payment is later determined to have a sanctions nexus.  Further, companies that facilitate ransomware payments, including financial intermediaries, have their own anti-money laundering obligations under FinCEN regulations, including detecting, preventing, and filing suspicious activity reports for transactions that are indicative of illegal activity.

In addition to the OFAC and FinCEN rules that may apply to cyber-attacks, President Biden signed an executive order earlier this month designed to strengthen cybersecurity and prevent future ransomware attacks by, among other things, changing the manner in which federal agencies approach cybersecurity.  Although the executive order applies only to certain companies that do business with the federal government, cybersecurity experts have indicated that wide-scale adoption of the standards identified in the executive order would improve security performance and security standards across all industries.  Among other things, the executive order requires the adoption of multi-factor authentication, enhances encryption standards, and requires zero-trust architecture, which means that no device is considered “trusted,” even if it has been previously verified or connected to a managed corporate network.  Additionally, the executive order seeks to ease the current limitations on the sharing of information between federal agencies and directs federal agencies to create a response plan to any future cyber-attacks.

Ransomware attacks are designed to strike at the very core of a company’s operations, and a ransomware victim may be without the benefit of the company’s network while it tries to manage the attack.  As ransomware attacks become more widespread, it is critical that companies adopt and train on an action plan in the event of a cyberattack and have a fully developed sanctions compliance program in place to ensure that a ransomware attack does not balloon from a business and reputational risk to a civil or criminal mishap.

FraudA federal district court has rejected a novel attempt to impose False Claims Act (FCA) liability for Medicare billings based on a theory that the underlying purchase of the home healthcare agency submitting those billings was allegedly tainted by fraud.  The court’s decision delimits the scope of fraud that will support an FCA claim and reaffirms the important principle that the FCA “is not an all-purpose antifraud statute.”

In United States ex rel. Freedman v. Bayada Home Healthcare, et al., Chief District Judge Freda L. Wolfson of District of New Jersey, dismissed a private relator’s qui tam complaint that alleged the defendants fraudulently induced a state government health department to sell a home healthcare agency, concluding that the alleged fraud did not “touch or concern” the United States.

In his complaint, Relator alleged that defendants retained a lawyer on a contingency fee basis to lobby the health department to accept its bid for the healthcare agency.  This contingency fee arrangement not disclosed in the bidding process; rather, the defendants falsely certified to the contrary.  The defendants’ bid was accepted, despite not being the lowest bid, and they enrolled the healthcare agency in Medicare, submitting approximately $36 million in billing over a four-year period.

Relator’s qui tam action alleged violations of the FCA, its state counterpart, and various state law claims.  Relator claimed that defendants knowingly failed to disclose the illegal lobbying, which caused defendants’ Medicare submissions to be tainted with fraud.  Specifically, Relator advanced the theory that defendants defrauded the healthcare department when they purchased the healthcare agency, and that “but-for” this fraud, defendants would never had been able to bill Medicare and receive government payments.  Thus, according to Relator, FCA liability attached to every single payment defendants received.  Relator claimed to know of this fraud both as a former employee of defendants and as a participant in the undisclosed lobbying process.  The government declined to intervene, and the complaint was unsealed.

The court rejected Relator’s FCA claims and granted defendants’ motion to dismiss.  The court, accepting Relator’s allegations as true for the purposes of the motion, agreed that the facts were “concerning.”  But it rejected the idea that he could advance a fraudulent inducement theory under the FCA where the alleged fraud occurred in an antecedent transaction that did not involve Medicare or the federal government.  The court reaffirmed the proposition that fraudulent inducement in the contract bidding process must “touch or concern” the federal government – i.e., here, the federal government must have been fraudulently induced to enroll defendants in Medicare.  Because Relator’s allegations did not identify how the federal government was defrauded, the court dismissed this theory.

The court also rejected Relator’s theory of implied false certification in the billing process based on the same alleged underlying fraud in the acquisition of the healthcare agency. Relator’s theory, although poorly pled, appeared to be predicated on requirement that defendants had to certify the truthfulness and accuracy in their application to enroll in Medicare.  The court, however, distinguished the accuracy of the information submitted to Medicare from the accuracy of information submitted to the local health department in the bidding process, noting that the former encompasses the entire sequence of events leading up to the defendants’ enrollment in Medicare.”

Two footnotes in the court’s decision stand out:  First, the court noted that not only was Relator aware of the defendants’ fraud at the time it occurred – as is common for whistleblower relators – but it appeared Relator “facilitated” the fraud as well.  Although the court did not rely on this fact in its analysis, it explicitly noted that his role “calls into question his motives for bringing this suit.”  In other words, Relator’s own conduct may have led the court to view his FCA claims skeptically.

Second, in dismissing Relator’s FCA claims and declining to exercise supplemental jurisdiction over his remaining state law claims, the court nevertheless explained that “accepting the facts he has pled as true,” the defendants “seemingly violated both the RFP and state law by failing to disclose its contingency fee arrangement.”  The court then noted that others “who were potentially harmed by these undisclosed actions, may have viable causes of action in state court.”  Thus, the court made it clear that, even with Relator’s own potential involvement in the fraud, it did not view Relator’s allegations as meritless, but, instead, they did not support a claim for liability under the FCA.

Notwithstanding the clear holding in the Bayada case, and its reaffirmance of longstanding limits to the FCA, we should expect to continue to see relators – and their counsel – attempting to bring FCA cases with novel theories of liability in the hopes of setting new precedent and achieving favorable settlements.

 

Search WarrantOn April 28, 2021, federal agents executed search warrants at the home and office of Rudy Giuliani and seized cell phones and computers.  Mr. Giuliani is former President Trump’s personal lawyer, a former United States Attorney, and a former New York City mayor.  This high-profile search and seizure reportedly sought communications related to an ongoing criminal investigation into whether Mr. Giuliani’s activities on behalf of Ukrainian officials ran afoul of federal lobbying laws.

Mr. Giuliani’s prominent place in the political zeitgeist has resulted in lots of commentary and conjecture since news of the search broke, but relatively little of that commentary has focused on legal process.  The legal niceties of the investigation and execution of the search warrants may not be ratings fodder for cable news, but those niceties are critical safeguards of constitutional rights and the attorney-client relationship.  Executing search warrants on a lawyer’s home or office presents special problems because of the likelihood that some of the materials seized may be protected by the attorney-client privilege or the attorney work product doctrine.  Indeed, soon after the Giuliani search warrants were executed, his lawyer raised the privilege issue and said the seized devices were “replete with material covered by the attorney-client privilege and other constitutional privileges.”

DOJ Procedure for Obtaining and Executing Attorney Search Warrants

Mr. Giuliani is hardly the first lawyer to have his office or home searched.  Because of the special issues attending attorney searches, the Justice Manual, a compilation of publicly available Department of Justice (DOJ) policies and procedures, contains guidelines that federal prosecutors and investigators must follow when seeking, obtaining, and executing a search warrant of any attorney who is the subject or target of an investigation.[1]  The purpose of the guidelines is to ensure that experienced senior DOJ officials exercise “close control” over the search of an attorney’s potentially privileged materials. Justice Manual, at § 9-13.420.  That “close control” begins before a warrant application is even made to a court, and it includes policies and procedures governing the decision of whether to seek a search warrant, the search warrant application process, execution of the search warrant (including collection of documents and other materials), and review of seized materials.

Step 1 – Obtaining Internal DOJ Approval

Before applying for an attorney search warrant, a federal prosecutor must consider the employment of alternative investigative methods to obtain the sought-after materials (e.g., issuance of subpoenas to the attorney or third parties) unless those alternative methods would compromise the investigation, could result in the destruction or obstruction of evidence, or would be otherwise ineffective.  Even if those alternatives are not feasible, a federal prosecutor must obtain “the express approval of the United States Attorney or pertinent Assistant Attorney General” before applying to a court for a search warrant.  In addition, a federal prosecutor must consult with the Policy and Statutory Enforcement Unit (PSEU) of DOJ’s Criminal Division in Washington (Main Justice) and provide for internal review a copy of the proposed search warrant and supporting affidavit, as well as instructions to be provided to the agents conducting the search “to ensure that that the prosecution team is not ‘tainted’ by any privileged material inadvertently seized during the search.”  PSEU must in turn consult with the Deputy Attorney General, who is required to assign an attorney with “the requisite knowledge and experience to provide meaningful input to PSEU” and to keep the Deputy Attorney General apprised.  This additional input is required by a December 2020 memorandum from the then Acting Attorney General.  It is aimed at ensuring uniformity because “[i]n many cases – particularly those involving significant investigations and high-profile matters – proposed searches are separately reported in urgent reports to the Attorney General and the Deputy Attorney General.”

Step 2 – Obtaining the Warrant from a Federal Judge

If a federal prosecutor obtains approval from the U.S. Attorney and Main Justice, a search warrant application must be made to a federal judge, usually a magistrate. See Fed. R. Crim. P. 41.  To obtain a warrant, the government must establish probable cause that a crime has been committed and that evidence of that crime can be found where the search is to be conducted.  Although the probable cause standard usually is not difficult to meet as a matter of law, federal courts are sensitive to the protections afforded attorneys’ privileged and confidential materials, and the government can expect close judicial scrutiny of an attorney search warrant application before the warrant is issued.  In addition, federal courts sometimes include in the warrant itself limits and restrictions on the scope of the search in order to minimize the government’s intrusion into the attorney-client relationship.

Step 3 – Execution of the Warrant and the Role of Defense Counsel

Once a warrant is issued, investigators must follow certain procedures in its execution.  Investigators must comply with any limitations in the warrant itself, they must avoid searching or seizing privileged and confidential materials outside the scope of the search warrant, and they should consult with a prosecutor where they have questions as to what materials should or should not be viewed or seized while on site.  According to the Justice Manual, that prosecutor should be someone not involved in the investigation so that the investigative team is not exposed to otherwise privileged materials.

Counsel for the targeted attorney can play an important role in this process.  If counsel can get on site fast enough and communicate with the searching investigators and supervising prosecutor in real time, counsel may be able to protect from search and seizure the confidentiality of materials protected by the attorney-client privilege and attorney work product doctrine, which are clearly outside the scope of the warrant.  In addition, while the search is ongoing, counsel can ask the issuing magistrate to impose further limits or restrictions on what the investigators can look at and seize.

Step 4 – Reviewing Seized Materials for Privilege

Government “Taint” Teams

Following completion of the search, the Justice Manual cautions that federal prosecutors “must employ adequate precautions to ensure that the materials are reviewed for privilege claims and that any privileged documents are returned to the attorney from whom they were seized.”  The most common way to do this is for the prosecutor’s office to create a “taint” team consisting of agents and lawyers not involved in the underlying investigation.  Sometimes prosecutors propose the creation of a taint team as part of the search warrant application in order to obtain a judicial endorsement of the procedure.  That team is instructed with respect to procedures for ensuring privileged material is not disclosed to the investigative team.  The taint team may contact counsel for the target attorney, provide copies of potentially privileged seized materials if the investigation would not be impeded by doing so, and ask counsel to provide the team with assistance or specifics as to which documents and communications are claimed to be privileged.  Where the taint team agrees with a privilege claim, the subject materials are returned to the attorney and the investigative team is denied access to them.  If there is a dispute concerning any privilege claims, counsel for the targeted attorney can seek immediate judicial relief under Rule 41(g) of the Federal Rules of Criminal Procedure; there is no requirement that the targeted attorney await indictment months or years later and then make a motion to suppress.

Special Masters’ Review

Prosecutors’ preference for the creation of taint teams has not gone unchallenged.  In April 2018, investigators executed a search warrant at the office of Michael Cohen, another of President Trump’s attorneys.  The Government sought to employ a taint team in connection with the review of the seized materials, but Mr. Cohen instead asked the court to appoint a special master to conduct the review. In opposition to Mr. Cohen’s application, prosecutors asserted that review by their “taint” team would be fair and efficient.  Although the court did not question the prosecutors’ integrity, it nonetheless granted Mr. Cohen’s application and appointed a special master to promote the “perception of fairness, not fairness itself.” In re the Matter of Search Warrants Executed on April 9, 2018, No. 18 MJ 3161 (S.D.N.Y. Apr. 16, 2018).

The next year, the Fourth Circuit criticized a taint team review of materials seized from a law firm, holding that it was “improper for several reasons, including that, inter alia, the [taint team’s] creation inappropriately assigned judicial functions to the executive branch, the [taint team] was approved in ex parte proceedings prior to the search and seizures, and the use of the [taint team] contravenes foundational principles that protect attorney-client relationships.”  In re Search Warrant Issued June 13, 2019, 942 F.3d 159, 164 (4th Cir. 2019).

So it comes as no surprise that, with respect to Mr. Giuliani’s search and seizure, the same office which prosecuted Mr. Cohen and defended the use of taint teams has now asked the court to appoint a special master to conduct the privilege review and to rule on the merits of any privilege claims Mr. Giuliani may make.  The prosecutors said that the use of their own “filter team” would safeguard applicable privileges, but nonetheless called appointment of a special master appropriate because of the “unusually sensitive privilege issues” involved and the need to promote the perception of fairness.  It may be that, in the future, government requests for special masters’ appointments may replace its previously expressed preference for use of taint teams.

Suppression Is the Remedy for Privilege Violations

Predictably, Mr. Giuliani has cried foul about the searches and seizures: “What they’re doing to me as a lawyer is unconscionable.”  Nonetheless, it is unlikely that any privilege violations that occurred during the searches would invalidate the seizure of non-privileged materials or prevent their use as evidence against him should he be indicted.  This is so because, except in an extraordinary case, the remedy for violation of the attorney-client privilege is suppression of the seized privileged information.  See Nat’l City Trading Corp. v. United States, 635 F.2d 1020, 1026 (2d Cir. 1980) (“To the extent that the files obtained . . . were privileged, the remedy is suppression and return of the documents in question, not invalidation of the search.”), cited in United States v. Schulte, No. S-2 17 Cr. 548, 2019 U.S. Dist. LEXIS 180889, at *5-6 (S.D.N.Y. Oct. 18, 2019) (denying motion to suppress allegedly privileged documents).  In addition, apparently uniform authority—albeit no Supreme Court precedent—holds that suppression generally is not required for evidence obtained from leads derived from improperly viewed privileged materials because evidentiary privileges are not constitutional rights.  See, e.g., United States v. Warshak, 631 F.3d 266, 294-95 (6th Cir. 2010) (finding no authority for proposition that “derivative evidence obtained as a result of improper access to materials covered by” the attorney-client privilege “is subject to suppression” and holding that “evidence derived from a violation of the attorney-client privilege is not fruit of the poisonous tree”).

Conclusion

It is simply wrong to assume that a lawyer’s files, hard copy or electronic, are somehow immune from seizure in a federal criminal investigation.  Federal prosecutors who scrupulously comply with the safeguards and procedures described in the Justice Manual can, and often do, obtain significant probative evidence as the result of the execution of search warrants on attorneys’ offices and homes while simultaneously avoiding violations of the attorney-client privilege and attorney work product doctrine. Although there is no remedy – other than internal DOJ discipline – for violation of the Justice Manual instructions and guidance, federal courts can and will act to ensure that valid attorney-client privilege and attorney work product claims are sustained and that prosecutors are denied the use of such confidential materials in a criminal prosecution. There is no reason to think that the materials seized from Mr. Giuliani’s office and home will be treated any differently.

[1] There are also special procedures in the Justice Manual about search warrants for documents held by an attorney who is not a target but rather a “disinterested third party.” See Justice Manual, at § 9-19.221.