ETHICS AND TECHNOLOGY: WHAT YOU NEED TO KNOW

NSTITUTE ABOUT E-DISCOVERY, I

THE PANAMA PAPERS

ATTORNEY LIABILITY…

CLE Prepared in connection with a Continuing Legal Education course presented

at New York County Lawyers’ Association, 14 Vesey Street, New York, NY scheduled for May 13, 2016

Faculty: Joseph Bambara, UCNY, Co-Chair, NYCLA's Law and Technology Committee;

James B. Kobak, Jr., General Counsel, Hughes Hubbard & Reed LLP; Pery Krinsky, Krinsky, PLLC; Peter Micek, Access Now; Jonathan Stribling- Uss, Constitutional Communications NYCLA

This course has been approved in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 3 Transitional and Non-Transitional credit hours:3 Ethics. This program has been approved by the Board of Continuing Legal Education of the Supreme Court of New Jersey for 3 hours of total CLE credits. Of these, 3 qualify as hours of credit for ethics/professionalism, and 0 qualify as hours of credit toward certification in civil trial law, criminal law, workers compensation law and/or matrimonial law. ACCREDITED PROVIDER STATUS: NYCLA’s CLE Institute is currently certified as an Accredited Provider of continuing legal education in the States of New York and New Jersey.

Information Regarding CLE Credits and Certification Ethics and Technology: What You Need to Know about e-Discovery, the Panama Papers, Attorney Liability for Hacks and other Recent Developments…. May 17, 2016; 6:00 PM to 9:00 PM

The New York State CLE Board Regulations require all accredited CLE providers to provide documentation that CLE course attendees are, in fact, present during the course. Please review the following NYCLA rules for MCLE credit allocation and certificate distribution.

i. You must sign-in and note the time of arrival to receive your course materials and receive MCLE credit. The time will be verified by the Program Assistant.

ii. You will receive your MCLE certificate as you exit the room at the end of the course. The certificates will bear your name and will be arranged in alphabetical order on the tables directly outside the auditorium.

iii. If you arrive after the course has begun, you must sign-in and note the time of your arrival. The time will be verified by the Program Assistant. If it has been determined that you will still receive educational value by attending a portion of the program, you will receive a pro-rated CLE certificate.

iv. Please note: We can only certify MCLE credit for the actual time you are in attendance. If you leave before the end of the course, you must sign-out and enter the time you are leaving. The time will be verified by the Program Assistant. Again, if it has been determined that you received educational value from attending a portion of the program, your CLE credits will be pro-rated and the certificate will be mailed to you within one week.

v. If you leave early and do not sign out, we will assume that you left at the midpoint of the course. If it has been determined that you received educational value from the portion of the program you attended, we will pro-rate the credits accordingly, unless you can provide verification of course completion. Your certificate will be mailed to you within one week.

Thank you for choosing NYCLA as your CLE provider!

New York County Lawyers’ Association

Continuing Legal Education Institute 14 Vesey Street, New York, N.Y. 10007 • (212) 267-6646

Ethics and Technology: What You Need to Know about e-Discovery, the Panama Papers, Attorney Liability for Hacks and Other Recent Developments in Technology

Tuesday, May 17, 2016 6:00 PM to 9:00 PM

Faculty: Joseph Bambara, UCNY, Co-Chair, NYCLA's Law and Technology Committee; James B. Kobak, Jr., General Counsel, Hughes Hubbard & Reed LLP; Pery Krinsky, Krinsky, PLLC; Peter Micek, Access Now; Jonathan Stribling-Uss, Constitutional Communications

AGENDA

5:30 PM – 6:00PM Registration

6:00 PM – 6:10 PM Introductions and Announcements

6:10 PM – 9:00 PM Presentation and Discussion

TNDEX NO. 153262/2016 RECETVED NYSCEF: 04./18/2016

Index No.:

Date Filed: April 18, 2016

PATRICIA L. DORAN

YOU ARE HEREBY SUMMONED to allswcl thc colnplBlnt ln this Bctlon Bnd to sclvc B copy of your answer, or if the complaint is not sela ed with this sunllnons, to serve a notice of appearance, on the plaintiff's Attorney within 20 days after the sen ice of this summons, exclusive of the day of selvice (or within 30 days after the sew ice is complete if this summons is not personally delivered to you wlthln thc state of Ncw York) Bnd ln case of your failul c 'to appear or answer a judgment will be taken against you by default for the relief demanded in the coltlp1 aint..

Jolm T. Handler, Esq. Handler Law Firm PLLC 48 Wall Street, Suite 1100 New York, NY, 10005 3ohn@b and lcl group. colTI (646) 296-0266

Defendant's Address

Patviria I..Doran 740 Glen Cove Ave Glen Head, NY I 1545 Plaintiffs,

Plalntlffs Robert M111Md and Bcthanv M11IMd, by and thloUgh thcll attolncy John T.

Bandler, as and for their complaint against defendant Patricia L. Doran, allege as follows:

1. Plaintiffs Robelt and Bethany Millard (the "Millards "}are a married couple, who reside in Manhattan.

Defendant Patricia L. Doran ( 'Doran"} is a real estate attolTley, whose office is located at 740 Glen Cove Ave, Glen Head, New York 11545.

NATU~ OI THE CASE

3. This is a lawsuit for legal malpractice and breach of fiduciary duty. The Plaintiffs

alc a IllaITied coUplc who retained thc defendallt, Patllcla L. Dolan, Esq., to assist thclTI In pUl chasing a coopcl atlvc apartnTent ln Manhattan (the "ApM%1Tlent"}. Dolan, who I'cpl eseBted

hcl'self as a colnpctcnt and dlllgent attorney who pl acttced cxclUslvely In real cstatc law,

proITIised to assist thc Miliards ln all aspects of the pUlchaslng ploccss, spcclflcally IITclUding

oversight of the Millards'aylnent of a deposit, and oversight of the closing.

4. As an attorney, Doran had a fiduciary duty to protect her clients'unds, and to insure, as fal as reasonably possible, that their put chase would be accomplished without incident.

She had a fuller duty to protect the integrity of the files she kept on her clients, and the confidentiality of hcl" conM1unications with hcl cllcnts.

5. Doran breached all these duties. Through her negligence, she permitted cybelcriminals to hack into her email system and read alld intercept all of her. communications, including those she sent to the Millards. These email communications alerted the cybercriminals that thc Mlllalds wclc about to tlansfcl'algc sulns of ITloney to thc scllcr as patt of thc pUIchasc process fol the Apaltment. The cybercriminals then drafted f1 audulent emails in the name of

Doran, which they sent to the Millards; these emails, which appeared to be written by Doran, and were sent via Doran's email account, instructed the Millards to send funds by wire transfer to a bank account that purportedly belonged to the seller„but actuaHy was under the control of the cybercriminals.

6. Acting under the misimpression that these emailed instructions came from their

attorney, the Millards wire transferled the money to the account indicated, that is, to the account

controlled by the cybercriminals. After receiving the MiHards'oney, the cybercriminals sent

Doran an email, puITIorting to be from the seller's attorneys, which stated that the

Millards'unds

had been properly received. Doran made no attempt to confirm the authenticity of this

email, which she simply forwarded to her clients.

7. By forwal ding thc phony confllTnatlon to the Mlllards, Doran llnpllcltly voUcbcd

for. its authenticity, This gave the Millards an unwarranted sense of security, and delayed any

attempt on their paIC to con oborate the confirmation, that is, to make an independent check that

the wired funds had been received by the seller. The delay had grave consequences, giving the cybcl'cl'llnlrlals tllTlc to resend thc M111Blds Inollcv oUt of thc countly.

8. Doran's negligence in failing to protect the integrity of both her email system and hei colTTputcr systclTl, Bnd hei fallUlc to tBkc thc 1Tlost bBslc steps to confulrl thBt the funds wired by her clients actually v«ere received by the seller's attorneys. enabled the cybercriminals to successfully accomplish their scheme: to hack her email system and to steal and launder

$ 1,938,000 of the Millards money. Although the greater part of this sum was eventually recovered (without Doran's help), the Millards have been left with an uncompensated loss of

$ 196,200, plus punitive damages, attorney's fees, accrued interest, costs. and the expenses of this cnforccnlcnt Bctlon.

9. The Millards, through their attorney, repeatedly have requested that Doran reimburse them for the stolen funds. The failure of these efforts has forced them to bring this

1Bw sUlt.

10. In the fall of 2015, the Millards orally agreed to purchase a cooperative apaltment

in Manhattan (the "Apaltment"). On November 23. 2015 the parties adopted a "Deal Sheet", which set a sales price for the Apaltment of $ 19,380,000, and required payment of a 10% deposit

(that is, $ 1,938,000).

11. The Millards retained defendant Do~an, who held herself out as a competent and

diligent attorney practicing exclusively in real estate, to advise, assist and represent them in their

pUIchasc. In spltc of thc slzc Bnd colTlplcxlty of thc anticipated tIBrlsactlon, Bnd the lcqullcITlcnts

of New York law, Doran did not prepare an engagement letter or indeed any other document that

described the duties she would perforln. However, in their discussions with Doran, the Millards made clear that they required and expected her to perform all the legal services necessary to successfully complete the purchase of the Apartment. These services, which are the services custoITlallly per forlned by Ical cstBtc BttoITIeys ln conr'lcctlon with thc pUI chase 01 sale of property, included: (a) a thorough review of the Deal Sheet, (b) per folTnance of due diligence on the Apartment and the building in which the Apartment was housed, (c) preparation and review of B contract of sale, (d) ovclslght of thc Mlllal ds paynrellts to thc seller ( Scllcl ) of B deposrt,

(e) performance of all tasks between execution of the contract of sale and closing, (f) coordrnatrorr arid pal trcrpatrorl In tile ciosrng, Brrd (g) Bll tasks ncccssBfy to sUcccssfUllv conclude the representation.

The Doran AOL Account

12. In conducting her law practice, Doran used an email account provided by

AITlcl lcB Onllnc (AOL) (tl'lc Dol'Bn AOL AccoUnt ). Dol Bn Used this BccoUnt. for Bll hcl

professional email, including correspondence with the Millards and other clients, and

colTcsponrlcncc with non-cllcnt thrrd paltlcs.

13. AOL email accounts are notoriously vulnerable to '"hacking" by "cybercriminals".

This VUlnelBblllty delrvcs florn B nUITlbcl of substandard fcBttucs, Includrn&~ pool. detectron of

suspicious log in attempts, poor security, and poor spam filtering protection, which together

render email accounts easy to unauthorized penetration.

14. While its basic email system is vulnerable, AOL does offer some protective

devices by which subscribers can improve their cyber-security. Perhaps the most important of

these is "two factor authentication", which requires the account holder to not only know the

password (which is possible for hackers and cybercriminals to obtain), but also possess a device such as a cellular phone with which to receive a text messaged code which must be input. This two factor. authentication process makes it more difficult for an unauthorized user to "hack" into the system. Doran did not employ two factor identification or, indeed, any other supplementary device to stl engthen the sccUllty of hcl BccoUnt.

15. Thc poloUsncss of D01Bn s coITlpUtcr systenl wBs not confined to hcl Usc of Bn

AOL email account. Investigation has shown that Doran's office computer was poorly conflgU1 cd Bnd contained hltl ustve softwB1'e ( ITlalwal c ) that potcntlallv enabled thlld pBltlcs to

access her computer, passwords, and client files. Together these factors —that is, a poorly configured computer containing malwale, and an email systeln that hackers found easy to breach

—meant that Doran offered very little if any protection to the assets and information she held on behalf of hcl cllcnts. In sholt, hcl systcl'n was cBsy fol clllnlnBls to hack.

16. Doran's failure to install basic cybersecurity protection had the predictable result:

thc Dolan AOL AccoUnt. wBs hacked by Unauthorized thlld pal tlcs, some of wholtl alnlost

certainly were professional cybercriminals. The lack of basic cybersecurity measures or

Bwarcllcss Blso ITlcant tllat this hack was not detected by Dolan. Thcsc cybercrilHlnais thcl'1

leal.ned when and how the Millards intended to pay for the Apaltment, Imowiedge that perlnitted

them to pose as the seller's attorneys and thereby steal the Milialds'oney.

The Wire Transfel

17. The deal sheet regarding the proposed sale for the Apaltment required the

Millards to make a deposit in the amount of $ 1,938,000 at the time the contract was signed, and

the remaining balance at the time of closing. Both payments were to be made by the Millards,

from their own bank account, by wire transfer to the account specified by the Seller. Instructions on how to effect these wire transfers was to be provided to the Millards by Doran.

I S. To provide the Millards with the necessary payment information, Doran asked the seller's attorneys to specify the account into which payment was to be made. The seller' attolncys colnpiied, sending Dol'an thc I clcvant accoUnt and 10UtlBg BUlllbcrs, bUI Dolal'I

Bllspiaced this IIlfolITlatlon. On DccclTlbcl 8, 2015, Dol'an sent Ml clTlall flolTI thc Dolan AOL

Account to the seller s attorneys, asking them to resend the necessary instructions.

19. On infolmation and belief, Doran's December 8, 2015 email request was reviewed by the cvbclcllnllnals who harl gained access to thc Dol Ml AOL AccoUnt. The lntl udels thUs learned that the Millards were about to transfer a lal ge sum of money to Ml account whose identifying inforlllation plaintiffs had yet to receive.

20. DolaB evidently did not I ccognlzc how vUlncl able hcl AOL AccoUnt was to clTlall hacking and othcl follns of cybcrclll'nlnal lntlUslon. Nol did shc lccognlzc thc thlcat posed by cn1all hacking and social cnglnccl lug, which lncl caslngly ls plcvalcnt and recognized by professionals who regularly deal with the transfer of funds by wire. ('ocial engineering" is a teITB of art describing the process of manipulating people through deceitful techniques, including the impersonation of others.) Thus, she failed to take even the most rudimentary steps to protect the Millards from cyberfraud. More specifically, although the purchase of the Apaltment

required the Millards to make two wire transfers of large sums of money (one for the deposit at

signing of the contract, and one at closing), Doran never advised the Millards to orally confiITB

any wire instructions they might receive from the Doran AOL Account.

21. On December 10, 2015 (Thursday) at 3:00p.m., the Millards received an email

ostcnslbly sent. by Dol Ml f1olTI tl'Ic Dolan AOL AccoUBt. This cITlall infolITled thcITI that they soon would receive instructions on where to wire transfer the funds necessary for closing on the

Apaltment. hl fact, this email was not sent by Doran, but by cybercriminals who had hacked into the D01BBAOL AccoUnt, Bnd wITO lcalTlccl tbBt tile MIIINcls wcl c BboUt to 111ake B wlrc tlansfcl"

Of B Ial gC SUITI Of BTOBCy.

22. Later the same day (December 10, 2015), at about 4:24 p.m., the Millards

I ccclvccl B scconcl enlaII, BgBIB ostcnslbly sent by Dol an. This clHBII BTstructecI thc Mlllal cls to wllc tl'lc fUncls to B bank BccoUnt ln thc BBI'Ile of BR Top Plcnncl Rates Inc., (I'Iereaffer, BR

Top Fraud Account" ) at T'D Banlc. The email, which provided additional wiring infolmation, was not in fact sent by DorNI, but by the cybercriminals who had hacked into the Doran AOI

Account.

23. The two clTIBlls the MIIINcls 1ccclvccl orl DccclTlbcl 10th fl'OITI thc D01BBAOL

Account had been sent in fultherance of a scheme to steal the Millards'oney. In fact, the account to which the Millards were directed to transfer their funds —BR Top Fraud Account-- had no connection at BII with the seller of the ApaI1ment ol the seller's attorneys.

24. In sUIB, Upon infolanation Bnd bcllcf, BlthoUgh thc f1aUcIUlcnt wlllBg lnstIUctlons

came from Doran's email account„Doran herself did not send them. They were sent by the

cybercriminals who had hacked her email account.

25. Later investigation established that, sholtly before the December 10, 2015 email

was scBt: (B) pcl son or pclsons Incol polBtcd Bn cBtlty Bandied BR Top Plcmlcr RBtcs, IBc.,Bncl

(b) BR Top Premier Rates, Inc. opened the Br Top Fraud Account at TD Bank.

26. OB lnfollTlatlon Bncl bcllcf, the pcl'son (01 pclsorls) wITO opcBccl BR Top FI BUcl

Account was a "money mule" —an individual who wittingly or unwittingly the cyber-theft of funds, which hc ol shc then laundels bv passing thloUgh Bccoullts Bt iegitilnate fn'IBnclal institutions.

27. The Millards, who were unaware of the vuhlerability of Doran's email system,

Bnd 1Iad ncvcl bccn advised to olBlly conf lrlTI lhc BUtl'lcntlclty of Bny wll.lng Instluctions, followed the Instructions contained m the fiaudulent December 10th 4:24 p.m. email. Thus, on

December 10, 2015, they forwarded the Doran email to their bank, and mstructed their bank to wire $1,938,000 from their bank account to Br Top Fraud Account at TD Bank, in New York.

28. On lnfolTUBtlon Mld bcllcf, the Mlllalds'rloncy was I eceived Bt Bl Top Fraud

AccoUnt on Dccclnbcl 10, 2015. Thc next day, thc ITloncy ITIule(s) who had opened &lat BccoUnt tlansferred a portion of the funds to China. Specifically, $ 187,800 was transferred to account

"A" at the Bank of China in China, and $ 196,200 was sent to account "B"Bt the Bank of lluzou

in China. The funds sent to account A later were recovered; the funds sent to account B have

never been recovered.

The Fraudulent Confirmation

29. On Dccclnbcl 11, 2015 (Friday) Bt 7:41 a.ln.„Dorall received Ml cnlall pUlpoltlng

to be from the email account of the seller's attorneys. This email stated that the funds wired the

plcvloUs day by thc Mlllards had llccn pl'opcl'ly I ecelved bv the scllcl, BddnTg tlTat the scllcl s

attorneys would not be available by telephone.

30. The December 11""7:41 a.m. email was not in fact sent by the Seller's attorneys,

but rather. by the cybercriminals who had stolen the Mil lards'oney. The email contained

several red flags that should have suggested, to a real estate attoITIey, that it might not be

BUthcntlc. lt nlisspel led thc names of thc Seller s BttoITIeys wl'thin thell displayed email addresses (a red flag, since the Seller's attorneys supposedly were sending the CITTails), and contained the suspicious statement that the sending attorney could not be reached by telephone.

In spite of these obvious red flags, Doran made no attempt to contact the Seller's attorneys to determine if the Millards'eposit actually had been received, Instead, at about 8:02 a.m. Doran forwarded the 7:41 a.m. email to the Millards.

31. By forwarding the December 11th 7:41 a.m. email to the Millards, Doran

IITlpllcltly endorsed thc cvbcl'clllTUUBls lcpl cscntBtlon that thc scllcl had received thc pUlclrasc price for the Apaltment. Doran's endorsement gave the Millards a false sense of security that the deal now was complete; this in turn delayed their. discovery that the deal was not complete, and that their money had been stolen.

32. As a result of this delay, the cybercriminals gained time, which is a vital factor in the success of cybercrime. Cybercrime money laundering requires the rapid movement and

"layering" of funds through various accounts until eventually, somewhere in the vvorld, the lrloncy ls withdlawn. In this cBsc, lt was not ulltll tllc Bftclnoon of DeceITIbeI 1 1, 2015 thBt

sUsplcloUs Bctivlty wBs Identlfled -- Bnd lt wBs TD BBITk that Identlfled tllc sUsplcloUs Bctlvlty

alld noticed the Millards'ank —which then notified the Millards. By the time the Millards

wclc infollTTed of this sUsplclon, thc cybelclllrllnB1$ had tralTsferled thc stolclT ITloncy 0Ut of t11c

United States to China ($ 187,800 to account "A", and $ 196,200 to account "B",at separate

banks in China).

33. As indicted above, at 8:02 a.m. on December 11"',Doran fonvarded to the

Millards the fiaudulent email that Doran had received fiom the cybercriminals, posing as the

Seller's attorneys, purposing to confirm that the Millards'own payment had been received by the Seller's bank. The Millards emailed Doran back, asking if that meant that the contract of sale had been "executed", that is, if there now was a binding agreement for the purchaseisale of the

Apaltlncnt. D01Bn I esponded thBt they wel c Blnlost thcl c 'Ut fol sornc nllnol I'cnlalnlng IssUcs. which she listed; none of the listed issues was related to the bank wire. Thus, despite a specific request from her clients to confinu that the preconditions to a binding contract with the Seller had now been satisfied, Doran failecl to investigate whether the most important such precondition had been performed: transfer of the deposit to the Seller's attorney.

34. On December 11 at about 1:08p.m., Doran leceived a fax from the seller' attorney InclUcllng the signed conti Bet, bUt noting that thc conti act wBs onlv cffcctlvc upon receipt of the down paylTIent. Thus. the seller's attorney was indicating to Doran that the down payment had not been received yet. StiH, Doran took no steps to confIITn the status of the funds.

35. Later in the afternoon of December 11, 2015, Doran was notified of the fraud by

thc Millards, Bncl thBt hcl cITIB11 BccoUn't had bccn hacked. D01Bn failed to take any lcasonablc

steps to Iuitigate ol contain thc colnplon'Hsc, lccoUp thc lost funds, ol" plotcct hcl cllcnts.

Moreover, Doran failed to properly preserve evidence of the crime, and evidence relevant to this

clvll case, including bUt not lilllited to electlonicaHy stored inforlnation (ES1). Nol did D01Bn

take any steps to properly conclude the representation of the Millalds as to the purchase of the

Apaltment. The Millards were also obligated to retain another attorney to handle the Apaltment

36. The MlllBIds wclc obligated to pBy the deposit to the IcB1 cstBtc scllcl, cvcn

though the entire deposit had just been stolen.

37. Ultimately, and with no assistance fiom Doran, a potion of the stolen funds was returned to the Plaintiff. To date, $ 196,200 remains stolen.

38. Because Doran took no steps to remediate, investigate, or make the Millards whole, the Millards were obligated to retain an attorney to investigate and seek redress.

39. The efforts of the Millards'ttorney to get Dorall to make the Millards whole, have not been successful. Effolcs to get Doran to confirm that electronic evidence was properly preserved have been ignored, Thus this law suit was filed.

40. Plaintiff repeats and realleges each allegation made in paragraphs 1-39 above.

41. The Defendant, Patricia Doran, presented herself as a specialist in real estate Iaw who had supervised Bnd conducted ITIBny tlBnsactlons fol thc sBlc of Ical plopclty Bnd

coopcl'Btlvc BpartlTlents. On thc basis of thcsc BssUI'Bnccs, thc Miliards retained Dolan to ovcl sec

their purchase of the Apartment from the Seller.

42. As thc MIIIBI ds Bttolncv, Dol'Bn had thc duty to protect those Bsscts, confidential

information and legal interests (the 'Millards'nterests ') that were implicated in the transactions

required to purchase the Apartment. Since Doran's intention was to conduct these transactions

clcctlonlcaHy (that ls, by CIHBIls) wllc tIBnsfcls Bnd fBxcs)„ IBthcl thBn thloUgh face-to-face

meetings with the Seller's attornevs, she had the further duty to secure her enlail account and

computer system against intrusion by cybercriminals. As a legal plofessional who regularly

performed and/or supelw ised large financial transactions that were conducted electronically,

Doran should have been aware of the danger of cybercrime and imposture.

43. To represent the Millards competently and protect the Millards (and other clients) from cybercrime and other crime, Doran had a duty to take reasonable and necessary security precautions, such as the installation of appropriate protective software and the use of two-factor authentication. Doran had a duty to take Ineasules including but not limited to the foHowing:

a. Reasonable measures to secure Doran's client files, and communications with clients, b. Reasonable measures to secure Doran's email account and computer, including the data contained within them, from unauthorized third parties. C. Rcasonablc IncasUI'cs to plcvcnt Dolan s CITIBI1 BccoUnt, fronl bclng used by unauthorized third parties. d. A strict policy of orally confirming instructions for the electronic transfer of funds belonging to clients, This policy should include advance notification to clients that funds should not be tlansferred unless Doran oraHy confirmed any emailed instructions. e. Oral confirmation, following the electronic transfer of funds, to establish that the funds were actually received by the intended party. The immediate investigation of any incident involving crime or cybercrime, to deterlnine its cause, its peITIetrator, and the possibility of remedying or mitigating any loss. g. The preset ation of aH Electronically Stored Information (ESI).

44. Fulther, Doran had a duty to provide a celtain standard of representation to the

MiHards, which she failed to do, including but not limited to:

a. Providing clients with an engagement letter. b. Providing competent representation. c. Acting with reasonable diligence and promptness, and not neglecting matters. d. MBlntBlnlng col'lfldentiality of Information Bnd conlmunicatiorls. c. Plcsclvatlon of cllcnt funds Bnd plopclty.

45. DoIBn failed to take Bnv of thcsc plecautionaly ITlcBsUrcs. Tlus failUlc had

disastrous results: cvbclci'IlTlinals wclc able to hBck DoIBn s cmall svstcln, and gBln access to BH

her communications with the MiHards. With the infolmation these criminals gained, they were

able to impersonate the Seller" s attorneys, and mislead the MiHards into wiring their deposit

13 funds to an account controlled by the cybercriminals. Finally, when the cybercriminals emailed

Dolan a false confuIUBtlon that thc deposit had bccn pl'oper ly 1ccclvcd, D01M1 1gnolcd ObvloUs fed flags thBi ihc confIIIUBiloll WBs inauthentic and sInlply forwarded It io thc Miilards, thus lulling the MillMds into the erroneous belief that the wire transfer had been successfully completed. The realization that a crime had been committed therefore was delayed, and precious tin1C Iosi bcfol c Ml 1nvcstlgBtlon colTUuenced Bnd Bn attempt macle to I ccovcl thc Milllal ds fUnds.

46. Had Doran taken reasonable and necessary steps to secure her email system and conlputcl fllcs f101'n UUBUthollzccl IniIUslon, cybcICIIIT11nals would not have bccn able to stcBI thc

Millards'oney. I-Iad Doran recognized the red flags in the cybercriminal's falsified confirmation email, and/or attempted to orally confirm the proper. receipt of the Millards'eposit funds, the stolen funds would have been recovered. Doran, however, was oblivious to the threat of cybclc11nlc, Bnd did noil'11ng to plotcci. the MiIIMds lntcI csts fiona this fol'nl of fraud.

47. To summarize, Doran's disregard of her duty io protect the Millards'nterests was the direct and proximate cause of the Millards'oss of $ 196,200 to cybercriminals. Doran is

liable to the Millards in the Mnount of this loss, plus punitive damages, attorneys'ees, accrued

interest, costs, and the expenses of this enforcement action.

Second Cause of Action for Brcach of Fiduciar Outv

48. Plaintiff repeats and realleges each allegation made in paragraphs 1-39, and 40-47

49. Defendant Ilad B fiduclB1y duty to plotcct thc MIIIBIds InicIcsts. This duty

required hcl to Bdopt IcBsonBblc Bnd ncccssBIy I'ncBsUIcs to safeguard hcl'nlBII Bccount Bnd computer system against intrusion by cybercriminals.

50. DolBn lgnol.c«I tilts «IU?y, Bn«1 fBllc«1 to B«lopt cvcn thc naost IU«lllTIcntalv safcgUBI«ls against UITBLI?hol Ized IITtl Llsloll.. T111$ perlnltted cvbclcllITllnBls to ITack hcl clTIBII BccoUnt Bn«I

gain access to Bl I Dolan s conlmUnlcBtIons wl?h thc MIIIBI «ls. As B I csUlt of this access, thc cybcrcl ln11nBls were Bblc to inlpersonate D01Bn, Bn«l tl lck thc MIIIBI «ls Into wll lng Bppl oxlnTatcly

$2,000,000 Into B baITk BccoUnt contlollc«1 by thc cybclcIIITUUBIs. Then, tllc cybclcllllalnBls wclc able to impersonate the Seller's Attorneys and trick Doran into believing the funds were properly received, and Doran forwarded this impersonating email to the Millards.

51. Further, Doran had a duty to provide competent representation, act with

I cBsonBblc «11llgcncc Bn«1 ploITlptllcss, rnanltaln confl«lcntiBlltv Bn«l pl cscrvc hcl cllcnts fUn«ls.

D01Bn fMlc«l to provl«lc this standaI «I of CM c.

52, Dolan's bleach of hcl fl«luclBI v «IUty to pl otcct thc MIIIBI«ls'n?clcsts was the direct alld ploxllTIBtc CBUsc of the MIIIM«ls'oss of $ 196,200. D01Brl ls Ilablc to tl'lc MIIIM«ls ln

?he Bmo«UTt of this loss, plUs pUnltlvc «IBUIBgcs, attol ncvs fccs, BcclUc«1 Intel cs?., costs, Bn«l thc

expenses of this enforcement action.

WHEREFORE, plaintiffs Robelt and Bethany Millard demand:

A. On tllcll Fust Cause of Action BgBlnst Pa?i lcIB D0IBTI B nlonetaly JudglTICITt fol Bn

BIT10Un?. to bc cs?Bbllshe«1 Bt tllBI bUt ln Bny cvcnt no less than $ 196,200, plUs pUnl'tlvc dM11ages,

attorney's fees, accrued interest, costs, and the expenses of this enforcement action.

B. On thcll Sccon«l Cause of Action BgBlnst Patllcla Dorall B ITlonctBly JudgnTent fol

an amount to be established at trial but in any event no less than $ 196,200, plus punitive danlagcs, Bttol net s fccs, accrued 1ntcl'cst, costs. Bnd thc expertses of this enforcement action.

C. Such additional and further relief as this Court may deem just and proper.

John T. Handler, Esq. Handler LBw FirlT1 PLLC 48 Wall Street, Suite 1100 New York, NV', 10005 John(bandlergroup.corn (646) 296-0266 What are the Panama Papers? A guide to history's biggest data leak | News... http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-...

1 of 3 5/12/2016 4:44 PM What are the Panama Papers? A guide to history's biggest data leak | News... http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-...

2 of 3 5/12/2016 4:44 PM Panama Launches Criminal Probe After Data Leak http://news.sky.com/story/1672699/panama-launches-criminal-probe-afte...

1 of 20 5/12/2016 4:42 PM Panama Launches Criminal Probe After Data Leak http://news.sky.com/story/1672699/panama-launches-criminal-probe-afte...

2 of 20 5/12/2016 4:42 PM Panama Launches Criminal Probe After Data Leak http://news.sky.com/story/1672699/panama-launches-criminal-probe-afte...

3 of 20 5/12/2016 4:42 PM Panama Launches Criminal Probe After Data Leak http://news.sky.com/story/1672699/panama-launches-criminal-probe-afte...

4 of 20 5/12/2016 4:42 PM Panama Launches Criminal Probe After Data Leak http://news.sky.com/story/1672699/panama-launches-criminal-probe-afte...

5 of 20 5/12/2016 4:42 PM Panama Launches Criminal Probe After Data Leak http://news.sky.com/story/1672699/panama-launches-criminal-probe-afte...

6 of 20 5/12/2016 4:42 PM THE PROFESSIONAL ETHICS COMMITTEE FOR THE STATE BAR OF TEXAS Opinion No. 648

April 2015

QUESTION PRESENTED

Under the Texas Disciplinary Rules of Professional Conduct, may a lawyer communicate confidential information by email?

STATEMENT OF FACTS

Lawyers in a Texas law firm represent clients in family law, employment law, personal injury, and criminal law matters. When they started practicing law, the lawyers typically delivered written communication by facsimile or the U.S. Postal Service. Now, most of their written communication is delivered by web- based email, such as unencrypted Gmail.

Having read reports about email accounts being hacked and the National Security Agency obtaining email communications without a search warrant, the lawyers are concerned about whether it is proper for them to continue using email to communicate confidential information.

DISCUSSION

The Texas Disciplinary Rules of Professional Conduct do not specifically address the use of email in the practice of law, but they do provide for the protection of confidential information, defined broadly by Rule 1.05(a) to include both privileged and unprivileged client information, which might be transmitted by email.

Rule 1.05(b) provides that, except as permitted by paragraphs (c) and (d) of the Rule:

“a lawyer shall not knowingly: (1) Reveal confidential information of a client or former client to: (i) a person that the client has instructed is not to receive the information; or

(ii) anyone else, other than the client, the client’s representatives, or the members, associates, or employees of the lawyer’s law firm.”

A lawyer violates Rule 1.05 if the lawyer knowingly reveals confidential information to any person other than those persons who are permitted or required to receive the information under paragraphs (b), (c), (d), (e), or (f) of the Rule.

The Terminology section of the Rules states that “ʻ[k]nowinglyʼ . . . denotes actual knowledge of the fact in question” and that a “person’s knowledge may be inferred from circumstances.” A determination of whether a lawyer violates the Disciplinary Rules, as opposed to fiduciary obligations, the law, or best practices, by sending an email containing confidential information, requires a case-by-case evaluation of whether that lawyer knowingly revealed confidential information to a person who was not permitted to receive that information under Rule 1.05.

The concern about sending confidential information by email is the risk that an unauthorized person will gain access to the confidential information. While this Committee has not addressed the propriety of communicating confidential information by email, many other ethics committees have, concluding that, in general, and except in special circumstances, the use of email, including unencrypted email, is a proper method of communicating confidential information. See, e.g., ABA Comm. on Ethics and Prof’l Responsibility, Formal Op. 99-413 (1999); ABA Comm. on Ethics and Prof’l Responsibility, Formal Op. 11-459 (2011); State Bar of Cal. Standing Comm. on Prof’l Responsibility and Conduct, Formal Op. 2010-179 (2010); Prof’l Ethics Comm. of the Maine Bd. of Overseers of the Bar, Op. No. 195 (2008); N.Y. State Bar Ass’n Comm. on Prof’l Ethics, Op. 820 (2008); Alaska Bar Ass’n Ethics Comm., Op. 98-2 (1998); D.C. Bar Legal Ethics Comm., Op. 281 (1998); Ill. State Bar Ass’n Advisory Opinion on Prof’l Conduct, Op. 96-10 (1997); State Bar Ass’n of N.D. Ethics Comm., Op. No. 97-09 (1997); S.C. Bar Ethics Advisory Comm., Ethics Advisory Op. 97-08 (1997); Vt. Bar Ass’n, Advisory Ethics Op. No 97-05 (1997).

Those ethics opinions often make two points in support of the conclusion that email communication is proper. First, the risk an unauthorized person will gain access to confidential information is inherent in the delivery of any written communication including delivery by the U.S. Postal Service, a private mail service, a courier, or facsimile. Second, persons who use email have a reasonable expectation of privacy based, in part, upon statutes that make it a crime to intercept emails. See, e.g., Alaska Bar Ass’n Ethics Comm. Op. 98-2 (1998); D.C. Bar Legal Ethics Comm., Op. 281 (1998). The statute cited in those opinions is the Electronic Communication Privacy Act (ECPA), which makes it a crime to

2

intercept electronic communication, to use the contents of the intercepted email, or to disclose the contents of intercepted email. 18 U.S.C. § 2510 et seq. Importantly, the statute provides that “[n]o otherwise privileged . . . electronic communication intercepted in accordance with, or in violation of, the provisions of this chapter shall lose its privileged character.” 18 U.S.C. § 2517(4).

The ethics opinions from other jurisdictions are instructive, as is Texas Professional Ethics Committee Opinion 572 (June 2006). The issue in Opinion 572 was whether a lawyer may, without the client’s express consent, deliver the client’s privileged information to a copy service hired by the lawyer to perform services in connection with the client’s representation. Opinion 572 concluded that a lawyer may disclose privileged information to an independent contractor if the lawyer reasonably expects that the independent contractor will not disclose or use such items or their contents except as directed by the lawyer and will otherwise respect the confidential character of the information.

In general, considering the present state of technology and email usage, a lawyer may communicate confidential information by email. In some circumstances, however, a lawyer should consider whether the confidentiality of the information will be protected if communicated by email and whether it is prudent to use encrypted email or another form of communication. Examples of such circumstances are:

1. communicating highly sensitive or confidential information via email or unencrypted email connections; 2. sending an email to or from an account that the email sender or recipient shares with others; 3. sending an email to a client when it is possible that a third person (such as a spouse in a divorce case) knows the password to the email account, or to an individual client at that client’s work email account, especially if the email relates to a client’s employment dispute with his employer (see ABA Comm. on Ethics and Prof’l Responsibility, Formal Op. 11-459 (2011)); 4. sending an email from a public computer or a borrowed computer or where the lawyer knows that the emails the lawyer sends are being read on a public or borrowed computer or on an unsecure network; 5. sending an email if the lawyer knows that the email recipient is accessing the email on devices that are potentially accessible to third persons or are not protected by a password; or 6. sending an email if the lawyer is concerned that the NSA or other law enforcement agency may read the lawyer’s email communication, with or without a warrant.

3

In the event circumstances such as those identified above are present, to prevent the unauthorized or inadvertent disclosure of confidential information, it may be appropriate for a lawyer to advise and caution a client as to the dangers inherent in sending or accessing emails from computers accessible to persons other than the client. A lawyer should also consider whether circumstances are present that would make it advisable to obtain the client’s informed consent to the use of email communication, including the use of unencrypted email. See Texas Rule 1.03(b) and ABA Comm. on Ethics and Prof’l Responsibility, Formal Op. 11-459 (2011). Additionally, a lawyer’s evaluation of the lawyer’s email technology and practices should be ongoing as there may be changes in the risk of interception of email communication over time that would indicate that certain or perhaps all communications should be sent by other means.

Under Rule 1.05, the issue in each case is whether a lawyer who sent an email containing confidential information knowingly revealed confidential information to a person who was not authorized to receive the information. The answer to that question depends on the facts of each case. Since a “knowing” disclosure can be based on actual knowledge or can be inferred, each lawyer must decide whether he or she has a reasonable expectation that the confidential character of the information will be maintained if the lawyer transmits the information by email.

This opinion discusses a lawyer’s obligations under the Texas Disciplinary Rules of Professional Conduct, but it does not address other issues such as a lawyer’s fiduciary obligations or best practices with respect to email communications. Furthermore, it does not address a lawyer’s obligations under various statutes, such as the Health Insurance Portability and Accountability Act (HIPAA), which may impose other duties.

CONCLUSION

Under the Texas Disciplinary Rules of Professional Conduct, and considering the present state of technology and email usage, a lawyer may generally communicate confidential information by email. Some circumstances, may, however, cause a lawyer to have a duty to advise a client regarding risks incident to the sending or receiving of emails arising from those circumstances and to consider whether it is prudent to use encrypted email or another form of communication.

4 The Panama Papers: Here’s What We Know

By THE NEW YORK TIMESAPRIL 4, 2016

The Panama Papers have exposed how some of the world’s most powerful people may have used offshore bank accounts and shell companies to conceal their wealth or avoid taxes.

The papers — millions of leaked confidential documents from the Mossack Fonseca law firm in Panama — identify international politicians, business leaders and celebrities involved in webs of suspicious financial transactions. The revelations have raised questions about secrecy and corruption in the global financial system.

Who was named in the leaked documents?

Among others, the documents named close associates of President Vladimir V. Putin of Russia, the father of Prime Minister David Cameron of Britain and relatives of President Xi Jinping of China and members of the Chinese Communist Party Politburo Standing Committee. Articles published by news organizations in cooperation with the International Consortium of Investigative Journalists also named King Salman of Saudi Arabia; Sigmundur David Gunnlaugsson, who resigned as prime minister of Iceland after the revelations; President Mauricio Macri of Argentina; and the soccer star Lionel Messi, one of the world’s wealthiest athletes.

Other soccer players; officials from FIFA, the sport’s world governing body; and UEFA, the governing body of European soccer, were also tied to firms incorporated offshore through the Panamanian firm.

What do the documents suggest that they have done?

Those prominent names were among the hundreds of people that the papers tie to thousands of offshore shell companies. Such companies can be used to shield vast wealth from tax collectors, regulators and creditors.

Many of the people named in the papers have denied in the strongest terms that they have broken any laws.

Mr. Putin said allegations that his friends shuffled $2 billion among several shell companies were an American plot to undermine Russian unity.

Mr. Cameron, whose father was a client of the Panamanian law firm, initially said he had not benefited from any “offshore funds,” only to confirm later that he and his wife had profited when they sold shares in an offshore trust for 30,000 pounds ($42,160) in 2010, the year he became prime minister. (The dividends they earned were declared and taxed, Mr. Cameron said.)

Were any Americans implicated?

It is not clear how many United States citizens may have been involved. So far, the documents cited in news reports have not connected any prominent American politicians or other influential Americans to Mossack Fonseca.

One reason may be that it is fairly easy to form opaque shell companies in the United States. Americans “really don’t need to go to Panama,” James Henry, an economist and senior adviser to the Tax Justice Network, told Fusion. “Basically, we have an onshore haven industry in the U.S. that is as secretive as anywhere.”

Is any of this illegal?

It is not clear whether the papers document any lawbreaking. The holding of money in an offshore company is generally not illegal by itself, but it may be done to hide criminality from prying eyes, for example, by facilitating tax evasion or money laundering.

Are there legitimate uses for foreign shell companies?

There are many valid reasons for multinational corporations, joint ventures or wealthy individuals to set up and use such companies.

For example, many countries allow land to be owned only by citizens or locally registered companies. So a foreigner seeking a retirement or vacation home would set up a local shell company to purchase the property.

A corporation establishing a joint venture in a country with a weak or corrupt legal system may want to do so through an offshore company based in a place like the British Virgin Islands or the Cayman Islands, so the venture can gain access to stronger courts and operate under more sophisticated financial laws.

They may be set up for other aboveboard financial planning purposes as well, with no intent to deceive the authorities. But experts say the secrecy provided by shell companies makes it all too easy and tempting to stray into tax evasion.

Liam Stack, Steven Erlanger, Bryant Rousseau, Michael Forsythe, Neil MacFarquhar and Stephen Castle contributed reporting.

Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 4/3/15

Why Professionals Must Encrypt: Attorneys, Journalists and Professionals Must Learn Secure Communications WORKING DRAFT

“Anyone who has an obligation to protect the privacy interests of their clients is facing a new and challenging world, and we need new professional training and new professional standards to make sure that we have mechanisms to ensure that the average member of our society can have a reasonable measure of faith in the skills of all the members of these professions.” – Edward Snowden1

1. The dark glass rubik’s cube at the center of the Internet

Just twenty miles southwest of Baltimore, off the “NSA employees only” exit of Maryland’s route 295 South, there is a “dark glass rubik’s cube” of office buildings in which sits what, until 2013, was the world’s most unknown agency.2 Until last year, The National Security Agency (NSA), was jokingly referred to as “No Such Agency.” But a year's worth of shocking news stories have earned the world’s largest secret agency - which has a classified budget of more then 20 billion dollars and over 30,000 employees - a new acronym, “Not Secret Anymore.”3

This article aims to show that professionals of all types must change their behavior and expectations when using electronics in light of the secrets that have been revealed about the NSA. The NSA’s current practices of mass electronic surveillance destroy the professional integrity, independence and self-regulating structures of professional associations in the United States and around the world. This includes but is not limited to organizations like the American Bar Association (ABA) and the Society of Professional Journalists. Professionals who have a duty to protect the information of their clients and sources must take immediate steps, including regular use of encryption for client communication. Only this will maintain the independence of our professions, and ensure we do not lose client trust to NSA overreach. As the UN’s Special Rapporteur, the highest official for counter-terrorism and human rights, concluded in his recent report on the Snowden revelations, “The hard truth is that the use of mass surveillance technology effectively does away

1 “Edward Snowden urges professionals to encrypt client communications” by Alan Rusbridger et al. www.theguardian.com/world/2014/jul/17/edward-snowden-professionals-encrypt-client-communications-nsa-spy 2 “Body of Secrets: Anatomy of the Ultra-Secret National Security Agency” By James Bamford, 2001 3 “What the NSA costs taxpayers” by Jeanne Sahadi http://money.cnn.com/2013/06/07/news/economy/nsa- surveillance-cost/index.html

1 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 with the right to privacy of communications on the Internet altogether.”4 Even if we leave the NSA’s Surveillance aside, we have reached a critical tipping point on the issue of secure communications, internet privacy and information control. After countless major data breaches at big banks and retail chains, like Chase, Target and Home Depot, it is clear that personal data is not adequately protected.5 Even for people unconcerned with the NSAAs Snowden has repeatedly stated, “unencrypted communications on the internet are no longer safe” and that “all professionals must encrypt” their communication by default.6 The overreach of the NSA, the increasing accessibility of encryption technology, and the popular awareness of the insecurity of current information systems, make it clear that the time has come for professionals, from attorneys to reporters, to develop competency in secure communications and encryption.

2. Collect it all

The Snowden documents reveal that the NSA works with the intelligence agencies of the United Kingdom, Canada, New Zealand, and Australia. These five nations - self-titled as the “five Eyes” - have a shared agreement through which they act as a secret coalition of intelligence agencies to conduct global mass electronic surveillance.7 In 2011, they held an annual conference at which they agreed upon a “new collection posture.” A key element of that posture is to “collect it all.” “Collect it all” means that the security services of the five governments with the most advanced electronic capabilities have decided that it is their role to collect and hold all electronic information globally.8

This “collect it all” posture is not a wild dream or an empty threat. In secret, the Five Eyes have constructed the largest data holding facility ever created in Bluffsdale, Utah. In 2013 the facility official opened with the capacity to hold a “yottabyte” of data.9 A yottabyte (named after Yoda from Starwars) is one thousand times the amount of data that will be stored on the entire Internet in 2015. They are filling this facility with information by tapping the undersea cables that transmit the information of the Internet. They are taking pictures of all internet activity while it passes though the fiber optic lines. The NSA then holds all

4 “UN Report on Human Rights and Terrorism”, Sept. 23. 2014. https://firstlook.org/theintercept/document/2014/10/15/un- report-human-rights-terrorism/ 5 “Encryption Makes Us All Safer” by Nuala O’Connor https://cdt.org/blog/encryption-makes-us-all-safer/

6 “Edward Snowden urges professionals to encrypt client communications” by Alan Rusbridger et al. www.theguardian.com/world/2014/jul/17/edward-snowden-professionals-encrypt-client-communications-nsa-sp

7 “No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” Glenn Greenwald http://glenngreenwald.net/#BookDocuments 8 “No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” Glenn Greenwald http://glenngreenwald.net/#BookDocuments , See also, http://leaksource.info/2014/07/31/glenn-greenwalds-no- place-to-hide-nsa-documents-excerpts / 9 “The NSA is building the Country’s Biggest Spy Center (Watch What You Say)” By James Bamford, Wired, 2012

2 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 of this information for at least five years.10 This holding time allows the NSA to sift through the data for useful patterns and insights.

The NSA’s formal mandate is to collect foreign information. They are not supposed to collect the data or communications of U.S. citizens who are on U.S. soil. But internet traffic does not respect national boundaries. The Internet is structured so information is transferred in the most efficient and cheapest way. This means that, instead of traveling the most geographically direct route, messages from one person in the US to another person in the US may travel outside of the country to reach their destination. The NSA exploits the supranational structure of the Internet to allow it to collect data from and communication between US citizens who are communicating within the territorial United States.11 The NSA also has information sharing agreements with the Five Eyes governments. These other governments collect information on U.S. citizens, which they then share with the NSA or the other partners. So even if the NSA does not directly collect the communications of U.S. citizens, they can access that data through the United Kingdom or other members of the Five Eyes.

This dragnet collection is the basis of the term “mass electronic surveillance.” The UN defines “mass surveillance” as a situation in which “states with high levels of Internet penetration can…gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” The UN report states that in a system of “mass surveillance, all of this is possible without any prior suspicion related to a specific individual or organization.”

3. The year 2014 less 30: the destruction of client and source trust means end of professional integrity

The United States Privacy and Civil Liberties Oversight Board concluded that, “Permitting the government to routinely collect the calling records of the entire nation fundamentally shifts the balance of power between the state and its citizens.”12 The UN Rapporteur mirrored that conclusion, finding that without drastic change we allow “a risk that systematic interference with the security of digital communications will continue to proliferate without any serious consideration being given to the implications of the wholesale abandonment of the right to online privacy.”13

10“No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” Glenn Greenwald http://glenngreenwald.net/#BookDocuments 11 “Loopholes for Circumventing the Constitution: Warrantless Bulk Surveillance on Americans by Collecting Network Traffic Abroad”, Harvard University, Berkman Center for Internet & Society, June 27, 2014, Sharon Goldberg et al. 12The Privacy and Civil Liberties Oversight Board’s Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, www.pclob.gov/All%20Documents/Report%20on%20the %20Section%20702%20Program/PCLOB-Section-702-Report.pdf 13“UN Report on Human Rights and Terrorism”, Sept. 23. 2014. https://firstlook.org/theintercept/document/2014/10/15/un- report-human-rights-terrorism/

3 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32

All professionals are impacted, but attorneys have clear ethical responsibility to protect client data. Rule 1.6 of the Model Rules of Professional Responsibility states that, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”14 Each state bar has its own interpretation of how to define reasonable effort, and - even before the Snowden revelations -some state bars encouraged attorneys to use encryption to protect their clients.

If professionals do not begin to publicly offer encrypted methods for communication, they will cut themselves off from clients and sources who need to protect their information. Edward Snowden’s story provides a good example of this challenge. Snowden tried to establish contact with Glenn Greenwald, the reporter and attorney who later helped to break Snowden’s story. Greenwald was unable to get Snowden’s messages for more then six months, because he was not competent in the use of encryption. If lawyers do not use encryption, many clients who are threatened by the government will not trust attorneys enough to approach them. Clients who want to engage in trade negotiations will not approach a firm, unless they are sure they can trust the attorneys to protect their data by keeping sensitive information off of electronic medium.15 Journalists will only be able to report stories that valorize the government, because sources won’t trust them with information that could anger the government agencies. These losses will be invisible, because we will never hear from the people who did not trust our communications technologies enough to establish contact.

4. “What’s the threat?”

Last December a federal judge concluded that the US government could not “cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack.”16 President Obama’s own Review Group on Intelligence and Communications Technologies concluded that mass surveillance “was not essential to preventing attacks” and that information to detect terrorist plots could “readily have been obtained in a timely manner using conventional [court] orders.”17

14 The Model Rules of Professional Conduct: www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1 _6_confidentiality_of_information.html 15 Letter from ABA to NSA www.americanbar.org/content/dam/aba/uncategorized/GAO/2014feb20_privilegedinformation_l.authcheckdam.pdf 16 The Report of the President’s Review Group on Intelligence and Communications Technologies (PRGICT) www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf 17 Officials’ defenses of NSA phone program may be unraveling www.washingtonpost.com/world/national- security/officials-defenses-of-nsa-phone-program-may-be-unraveling/2013/12/19/6927d8a2-68d3-11e3-ae56- 22de072140a2_story.html

4 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32

If invasive mass electronic surveillance technologies are not particularly effective against terrorism, then why have the intelligence agencies decided to put so much energy and time into building mass surveillance? “The Role of National Interest, Money and Egos” - a presentation which was developed for a handful of NSA officials concerning NSA planning for the Internet as a whole and which was leaked by Edward Snowden - can help us to assess the NSA’s real intentions. It states, “What country doesn’t want to make the world a better place…for itself?” Next it addresses US domination over the Internet stating, “What’s the threat? Lets be blunt. The western world (especially the US) gained influence and made a lot of money via the drafting of earlier standards.”18

The reasons for the “collect it all” posture are primarily global control, not security. One of the key NSA strategic planning documents leaked by Snowden is the 2009 “Quadrennial Intelligence Community Review Final Report.” The Quadrennial report is the 25 year strategic planning for the NSA and the US intelligence community. The report lays out the top six strategic priorities for the coming decades. One of the six key priorities, that top NSA officials identify as their strategic “hedge” is “technology acquisition by all means.” They go on to specify that the NSA should ensure US technical domination of emerging technologies “by all means.” The planning document uses an “illustrative example” of how this process works with a hypothetical about infiltrating an Indian and Russian technological agreement on a possible new form of superconductors. In the hypothetical they state that the NSA would make “separate clandestine approaches to India and Russia to break up the partnership. [The NSA] conducts cyber operations against research facilities in the two countries, as well as the intellectual “supply chain” supporting these facilities. Finally, it assesses whether and how its findings would be useful to U.S. industry.” It is clear that they have already begun to implement aspects of this strategy. The Snowden documents show that the NSA is spying on financial targets such as the Brazilian oil giant Petrobras; economic summits; international credit card and banking systems; the EU antitrust commissioner investigating Google, Microsoft, and Intel; and the International Monetary Fund and World Bank in order to commit economic and technical espionage.19 This is an expansion of an NSA strategy for control of intellectual property that goes back to at least 1994. In one instance, this has played out publicly in a series of patient lawsuits between US and German wind turbine manufactures resulting in increased control of intellectual property for US based corporations.20

18 “No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” Glenn Greenwald http://glenngreenwald.net/#BookDocuments 19 “Letter about NSA spying on economic summits” by Glenn Greenwald, http://epoca.globo.com/tempo/noticia/2013/08/carta-em-que-o-atual- bembaixadorb-americano-no-brasil-bagradece-o-apoio-da-nsab.html ; “Follow the Money': NSA Spies on International Payments” by Der Spiegel www.spiegel.de/international/europe/nsa-spying-european-parliamentarians-call-for-swift-suspension-a-922920.html ;“NSA spied on EU antitrust official who sparred with US tech giants” http://www.cnet.com/news/nsa-spied-on-eu-antitrust-official-who-sparred-with-us-tech-giants/ ; “Obama halted NSA spying on IMF and World Bank headquarters” By Mark Hosenball www.reuters.com/article/2013/10/31/us-usa-security-imf- idUSBRE99U1EQ20131031 ; “NSA accused of spying on Brazilian oil company Petrobras” by Jonathan Watts, www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-petrobras 20 European Parliament: Temporary Committee on the ECHELON Interception System. “Report on the existence of a global system for the

5 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 This is the guiding strategy of the current NSA posture.21 It has remarkable similarities to other historical variants like imperialism or colonialism, but they have been updated to what Prabir Purkayastha has called the “digital colonialism” of the current era.22

5. Icreach, Metadata and “Parallel construction”

Attorney’s relationships with clients are being collected and logged by the NSA in many ways. One of the most significant methods of collection is the federal multi- agency collaboration surrounding the “Icreach” database.23 Icreach is a database of “five eyes” metadata intercepts used by a dozen federal agencies for domestic criminal prosecutions. The NSA legally justifies the domestic use of the Icreach database by using Executive Order 12333, a broad interpretation of a 1982 Reagan era executive signing statement,24 although Executive Order 12333 was adopted by President Reagan as a signing statement and was never subject to any judicial or legislative input or oversight.25 The DEA runs this multi-agency collaboration under the unit title “Special Operations Division”(SOD). The SOD is a $125 million unit with hundreds of employees from a dozen federal agencies including the FBI, CIA, NSA, IRS and DHS.

The Icreach database intercepts “metadata,” a kind of data that shows the relationships between people. Metadata is the “who” and “when” about communication on the phone and online. It is the “outside of the envelope” for normal phone calls. It tells the time someone placed a call, to whom the call was made and how long the call was. Similar data exists for all types of communication: instant messages, emails, text, and the geo-location of computers and cell phones. For cell phones, metadata can include all the physical locations of the cell phone over time. Metadata is the “digital fingerprint,” and it provides information to map social networks through the connections established through electronic communication. This metadata is turned into contact chains and linked in the Icreach database to allow for easy warrantless “google type” searches of the communication and location tracking of US citizens and others. While the actual application of Icreach data in criminal cases is still mostly kept

interception of private and commercial communications”, 7/11/2001. www.europarl.europa.eu/sides/getDoc.do?type=REPORT&reference=A5-2001- 0264&format=XML&language=EN 21 The U.S. Government’s Secret Plans to Spy for American Corporations https://firstlook.org/theintercept/2014/09/05/us-governments- plans-use-economic-espionage-benefit-american-corporations/ 22 “U.S. Control of the Internet: Problems Facing the Movement to International Governance” Prabir Purkayastha and Rishab Bailey, Monthly Review, 2014, Volume 66, Issue 03 (July-August) 23 “The Surveillance Engine: How the NSA Built Its Own Secret Google” by Ryan Gallagher, https://firstlook.org/theintercept/2014/08/25/icreach-nsa- cia-secret-google-crisscross-proton/ 24 “Use of Executive Order 12333”, www.washingtonpost.com/opinions/meet-executive-order-12333-the-reagan-rule-that-lets-the-nsa-spy-on- americans/2014/07/18/93d2ac22-0b93-11e4-b8e5-d0de80767fc2_story.html 25 “The Surveillance Engine: How the NSA Built Its Own Secret Google” by Ryan Gallagher, https://firstlook.org/theintercept/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/

6 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 secret, hypothetically this mapping can be used to cast suspicion on anyone who has had electronic communication with someone who the government suspects of criminal activity. While we don’t know their extent, we do know that prosecutions have been initiated based on Icreach relationship-mapping.

Icreach based prosecutions use a procedure called “parallel construction” to hide the NSA intercept information from court filings. In practice, this often means that law enforcement agents, including local police, systemically lie to prosecutors about the existence of the Icreach database and its use as the original source for a tip that begins an investigation. For example, a current federal prosecutor in Florida confirmed to Reuters that, “in a drug case he was handling, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept”.26

The warrentless use of such a database and the fact that the individual agents use “parallel construction” to hide the use of the data base from the judiciary destroys the sixth amendment right for a defendant to see the evidence against them in an open court. The current vice chairman of the criminal justice section of the American Bar Association, James Felman, calls this domestic use of NSA intercepts "outrageous" and "indefensible." Nancy Gertner, a Harvard Law School professor and former federal judge, said that, “It is one thing to create special rules for national security, ordinary crime is entirely different. It sounds like they are phonying up investigations.”27 It is unclear how many thousands of cases may be based on this type of illegal evidence, but, as of October 2014, the use of “parallel construction” is being investigated by the Justice Department.

7. What is NSA Targeting and how targeting happens

“Targeting” is a term the NSA uses to describe more extensive infiltration of particular electronic and computer systems. This is an internally defined process with little judicial oversight or outside review mechanisms. It is difficult to tell what criterion the NSA is using to determine who it will target more intensively. Individual agents are given a huge degree of leeway and discretion, and there are few consequences for targeting the wrong person accidentally. As Snowden has stated, “At my desk, I could be wiretapping anyone in America, from a federal judge to the President of the United States.”28 This statement is verified by the

26“U.S. directs agents to cover up program used to investigate Americans”, by John Shiffman and Kristina Cooke, www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805

27 “U.S. directs agents to cover up program used to investigate Americans”, by John Shiffman and Kristina Cooke, www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805 28 “Edward Snowden Interview” Glenn Greenwald, http://mic.com/articles/47355/edward-snowden-interview-transcript-

7 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 fact that, even as early as 2009, the New York Times reported that an NSA agent had targeted and read President Clinton’s personal email.29 Snowden documents show that, according to the NSA’s own policy from their Office of General Counsel, discovering that an American has accidentally been selected for intensive surveillance is “nothing to worry about.” It must only be logged in an internal quarterly report.30

From the NSA’s internal records, it has become clear that the NSA has developed strategic priorities for targeting certain groups. These groups are Muslims leaders of all types,31 “radicalizers” generally,32 Palestinian leaders, the “human network” associated with Wikileaks, anyone searching for privacy tools on the internet, computer network system operators, drug dealers, terrorists, presidents, the UN, people who make cryptography, and others33.

NSA documents show that people that the NSA views as “radicalizers” have been targeted for “reputational” attacks for their behavior on the internet, like watching porn, online promiscuity, or even simply “not checking facts in their articles.” Internal memos from NSA executives make it clear that the NSA views these targeted people, some of whom are US citizens, as “radicalizers” specifically because of their political speech; for visibly and influentially making arguments like “the US brought the 9/11 attacks on itself”.34

There are many attorneys that have been or currently are subject to intensive NSA surveillance. We know that Muslim-American attorneys have been subject to intensive Foreign Intelligence Surveillance Act (FISA) court surveillance, and we also know that attorneys who have worked for Wikileaks and attorneys employed in global firms working on trade negotiations have also been targeted.35 When the Washington Post analyzed the final information used in twenty two thousand leaked NSA surveillance reports, 89% of the information was from those who are associates of the targeted individuals, while only 11% was from the individuals

full-text-read-the-guardian-s-entire-interview-with-the-man-who-leaked-prism 29 “NSA Secret Database Ensnared President Clinton’s Private E-mail” by Kim Zetter www.wired.com/2009/06/pinwale 30 “No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” pg. 189, Greenwald, Glenn, http://glenngreenwald.net/#BookDocuments, See also “NSA broke privacy rules thousands of times per year, audit finds”, By Barton Gellman, www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules- thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-49ddc7417125_story.html 31 “Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On”, by Glenn Greenwald, https://firstlook.org/theintercept/article/2014/07/09/under-surveillance/ 32 “Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radicalizers'” www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html 33 “No Place to Hide: Edward Snowden, the NSA and the Surveillance State” by Glenn Greenwald, http://glenngreenwald.net/#BookDocuments 34 “Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radicalizers'” www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html 35 “Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On,” https://firstlook.org/theintercept/article/2014/07/09/under-surveillance/ , See also, “No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” by Glenn Greenwald, http://glenngreenwald.net/#BookDocuments

8 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 who are designated NSA targets.36 These facts make it virtually certain that privileged conversations are caught in the surveillance web. Because of this mass collection structure, legally privileged information will likely be compromised in the normal course of non-secure attorney client communication. The NSA has no filtering procedure for privileged attorney-client information.

8. Targeting the technology professionals rely on

The NSA put “back doors” (a term for a flaw in the software construction that allows surveillance programs to access supposedly secured information) in some proprietary encryption.37 The NSA did this by paying $10 million to an encryption manufacturer, named RSA to weaken the math that secured its encryption. They also created a section of the National Standardization Board for Encryption within the US National Institute of Standards and Technology (NIST) that would take encryption programs and insert a backdoor (random number generator) into the product, which would allow the NSA to guess the outcome of otherwise random code construction.38 In Germany and China, the NSA also directly inserted human agents into the encryption industry to undermine encryption technologies that these nations are developing.39

Over 80 software and hardware companies have close “partnership” relationships with the NSA, but their level of cooperation is not fully known.40 Microsoft partners with the NSA by giving them knowledge of software bugs before releasing them to the public or the anti-virus companies.41 This means that, at regular intervals, the NSA is able to get access to all computers running Microsoft for a period of time before the holes in the code are patched. This sort of access has allowed the NSA to put Computer Network Extracting (CNE) keyloggers on between 50,000- 100,000 computers. A computer infected with a keylogger or screen logger allows the NSA to read a record of every key typed or every screen viewed, often in real time.

9. Why open source is a solution

36 “In NSA-intercepted data, those not targeted far outnumber the foreigners who are” by Barton Gellman, www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the- foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html 37 “Revealed: how US and UK spy agencies defeat internet privacy and security” by Glenn Greenwald et al. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security 38 “Exclusive: Secret contract tied NSA and security industry pioneer” by Joseph Menn http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 39 “Core Secrets: NSA Saboteurs in China and Germany” by Peter Maass and Laura Poitras, https://firstlook.org/theintercept/2014/10/10/core-secrets/ 40 “No Place to Hide: Edward Snowden, the NSA and the Surveillance State.” By Glenn Greenwald http://glenngreenwald.net/#BookDocuments, See Also http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a- 940994.html 41 “U.S. Agencies Said to Swap Data With Thousands of Firms” By Michael Riley www.bloomberg.com/news/2013-06-14/u- s-agencies-said-to-swap-data-with-thousands-of-firms.html

9 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 Open source software allows for software engineers and users to fully control all aspects of a computer system. Proprietary standards, like Microsoft and Apple Operating Systems, all provide legal and technical prohibitions on users and engineers that keep them from viewing the actual functioning of the codes that make the computer programs run.42 Open source software, like Linux or Debian, allows for software engineers and users to fully control all aspects of a computer system. This doesn’t mean that open source programs are flawless or bug free. The idea is that the public and code developers should know about their bugs at the same time the NSA does. This allows engineers and users to quickly know if their computer may have been compromised.43 Open source standards allow for a more scientific process of transparent and verifiable software improvements that are not dependent on a closed group that could be directly cooperating with the NSA. Many countries, including the governments of Uruguay, Ecuador, and Brasil, are now running most of their information technology on open source platforms.44

10. Why encryption is a solution

Encryption is - simply - writing in code.45 Current encryption programs apply very rigorous math, logic and technology to the basic process that all people engage in when creating dialects or languages. In a strange twist of technological progress, the current application of this science allows for anyone with a home computer to create encryption advanced enough that it, when properly implemented, cannot be broken by all the computer power in the world.46 As Snowden has stated "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."47 This means that an everyday computer user with medium competency can currently download a free open source encryption program from the Internet that, when properly implemented and verified, allows them to encode information in a way that is impossible for even the NSA to break48.

11. The great encrypting starts with you

42“Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance” by Micah Lee https://pressfreedomfoundation.org/encryption-works 43 “Help Support the Little-Known Privacy Tool That Has Been Critical to Journalists Reporting on the NSA” by Trevor Timm https://freedom.press/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical- journalists-reporting-nsa 44 “Software Libre en América Latina” www.telesurtv.net/news/Software-Libre-en-America-Latina-20140919-0071.html 45“Handbook of Applied Cryptography” http://cacr.uwaterloo.ca/hac/ 46“Attacking Tor: how the NSA targets users' online anonymity” by Bruce Schneier www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity 47 “Revealed: how US and UK spy agencies defeat internet privacy and security” By Glenn Greenwald et al. http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 See also “Prying Eyes: Inside the NSA's War on Internet Security” http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet- security-a-1010361.html 48Tactical Tech Collective, https://tacticaltech.org/survival-digital-age , See also, Surveillance Self-Defense https://ssd.eff.org/

10 Jonathan Stribling-Uss, Esq. Concomms.org [email protected] Constitutional Communicatio ns PGP: 4106 D0F4 A182 DDC2 B372 4966 7B63 16FB DEBB 1E32 Professionals and everyday people are already transitioning to encryption en masse. A global survey of nearly five thousand businesses found encryption use has increased six percent in the past year to the point where 35% of organizations now have an encryption strategy applied consistently across the entire enterprise.49 In the United States, encrypted traffic has jumped from 2.29 percent of all peak hour traffic before Snowden to 3.8 percent after Snowden, and in Latin America it has gone from 1.8 percent to 10.37 percent.50 More then ten major global newspapers - including The New York Times, The New Yorker, The Washington Post, The Guardian and The Intercept - have embraced encrypted “dropboxes” for first contact with new sources.51 Hundreds of journalists are using encrypted emails for source protection.

However, without a massive increase in the level of encryption in society and politics, we consign ourselves to professional associations that will be unable to retain integrity and public trust52. This can be avoided if we each seek to encrypt our information and push our professional organizations to do the same. Once the use of encryption increases to around fifteen percent of all Internet traffic in the United States it will significantly impede governments’ use of mass electronic surveillance technology against the Internet as a whole. At that point, we would be able to secure communication generally and thus restore privacy, ensuring professional integrity and First, Fourth and Sixth Amendment rights in the information age.53

49 “Encryption use continues to grow”, www.net-security.org/secworld.php?id=16340 see also http://www.reuters.com/article/2014/02/11/fl-thales-idUSnBw115819a+100+BSW20140211 50 “Encrypted Web Traffic More Than Doubles After NSA Revelations” www.wired.com/2014/05/sandvine-report/ 51 SecureDrop, https://freedom.press/securedrop 52 “Communities @ Risk: Targeted Digital Threats Against Civil Society” Citizen Lab, Munk School of Global Affairs, University of Toronto www.targetedthreats.net 53“NSA Surveillance: The implications for civil liberties” By Shayana Kadidal, Esq

11

Faculty Biographies

Joseph J. Bambara is currently In House Counsel at UCNY, Inc. (email address: [email protected]). He is co-Chair of the NYCLA Cyber Space Law Committee. For the last 20 years, he has been acting as Counsel for small to mid-size media and technology firms throughout the United States. He is expert on addressing legislation compliant technology solutions covering ECPA, HIPAA, CANSPAM, TCPA as well as eDiscovery(TAR) and the Federal Rules (ESI). His legal and tech expertise includes: cloud computing, outsourcing contracts, intellectual property as it pertains to mobile and enterprise software, SMS mobile marketing issues as well as trade/service marks. He has done over 20 CLE’s on law and technology for New York County Lawyers Assoc., City Bar Association, National Constitution Center and Lawline.com. He was named The New York Enterprise Report Technology Attorney of 2010. Prior entrepreneurial career included developing applications systems for enterprise clients including Goldman Sachs, Merrill Lynch, Federal Reserve, and NYPD. Mr. Bambara has a Bachelor's and a Master's degree in Computer Science. He holds a Juris Doctorate in Law and is admitted to the New York State Bar. He has taught various computer courses for CCNY's School of Engineering. He has authored the following books: Sun Certified Enterprise Architect for J2EE Study Guide (Exam 310-051) (McGraw-Hill, 2007/2015), Java/J2EE Unleashed (SAMS 2001), Informix: Universal Data Option (McGraw-Hill, 1998), SQL Server Developer's Guide (IDG, 2000) all translated into four different languages for global distribution.

James B. Kobak, Jr. Page 1 of 2

Francais

James B. Kobak Jr. Print This Page General Counsel Print Full Bio New York P: +1 (212) 837-6757 [email protected] F: +1 (212) 422-4726 Add to Outlook

Overview Selected Matters News & Print Publications

Jim Kobak serves as the Firm’s General Counsel, is a member and former Chair of Practice Groups and Other Information its Antitrust Practice Group and member of its Corporate Reorganization, ADR and Antitrust & Competition Litigation Departments. A Hughes Hubbard partner for 35 years, Mr. Kobak has had a Appellate long and varied career. He currently serves as lead counsel to the trustee for the Arbitration & Alternative Dispute Resolution SIPA liquidations of Lehman Brothers Inc. and MF Global, Inc. and has served in Corporate Reorganization and Bankruptcy similar roles for other liquidations almost from the inception of the SIPA statute. Mr. Intellectual Property Kobak litigates in many forums at every level, including state and federal courts, from Bankruptcy Court to the Supreme Court of the United States as well as arbitral Education Information Harvard University, A.B., 1966, Magna Cum bodies. He has lectured and written widely, particularly on antitrust and intellectual Laude property matters, has taught substantive antitrust and intellectual property courses at University of Virginia School of Law, LL.B., 1969, leading law schools for nearly two decades and is a former President of the New York Order of the Coif, The Associate Editor, Virginia County Lawyers’ Association. Law Review Bar Admissions Areas of Concentration New York, 1972 New Jersey, 1996 • SIPC Liquidations • ADR and Mediation (IP, Entertainment, General Commercial) • Antitrust and IP Litigation and Counseling • Antitrust and HSR merger review investigations • General Counsel and Chair of Firm's Practice Standards and Ethics Committee

Professional Activities

• Lecturer, University of Virginia Law School (Antitrust and Intellectual Property) (1988–2001). • Adjunct Associate Professor, Fordham Law School (Patents and Antitrust) (1988–2008). • Chair, Intellectual Property Committee, ABA Antitrust Section (1995–1997). • President, New York County Lawyers’ Association 2010-2011 (Director, 1988– 1993; 1995–1997; 2001–present; Executive Committee, 1996–1997, 2002– 2013; Co-Chair, Justice Center, 2014-present; Chair, Task Force on Professionalism, 2006–2010; Chair, Committee on Trade Regulation, 1987– 1988; Chair, Committee on Changing Trends in the Profession, 1990–1994; Chair, Committee on Law Reform, 1994–1997; Chair, Library Committee, 1997 –2010; Member, Ethics Institute and Ethics Committee, 1998–present). • President, New York County Lawyers’ Association Foundation (2005–2010). • Founder, Secretary by appointment, NYCLA American Inn of Court (1993– 2007). • Member by Appointment, ABA Presidential Task Force on the Future of Legal Education (2013-2014). • Member by Appointment, Chief Judge’s Advisory Committee on the Justice Gap (2013-2015). • Delegate to the Houses of the American and New York State Bar Associations. • Life Fellow, American Bar Association Foundation. • Life Fellow, New York State Bar Association Foundation. • Member, National Council on State Courts. • American Bar Association Alternate Dispute Resolution Section. • Member, Federal Bar Council for the Second Circuit (Bankruptcy Committee). • Life Member, American Law Institute (Consultative groups on unfair competition, complex litigation and Article 2 of the UCC). • Member, ABA Center on Professional Responsibility, ABA Corporate Counsel Connection and Association of Professional Responsibility Lawyers. • New York City Bar Association (Member at various times of Committees on Trade Regulation, Federal Courts, Federal Legislation, Nuclear Technology and Law, Young Lawyers Committee and Arbitration Committee; currently member, Professional Responsibility Committee). • American Bankruptcy Institute (Member, Ethics and Professional Compensation Committee). • Intellectual Property Committee, U.S. Council on International Business.

Other Activities

http://www.hugheshubbard.com/James-B-Kobak-Jr/Attorney.aspx 5/13/2016 James B. Kobak, Jr. Page 2 of 2

• Commentator on the draft antitrust or competition laws of Romania, Croatia and Kazakhstan on behalf of the ABA’s Central European Economic Law Initiative. • Assistant Professor, University of Alabama Law School (1969–1970). • Trustee, Shakespeare Theatre of New Jersey (2013–present). • Trustee, Jersey City Museum (2002–present); Vice Chair (2008– present); Secretary (2006–2008). • Trustee, New Jersey Chamber Music Society (1985–2002) (President, Board of Trustees, 1988–1990). • Trustee, Morristown-Beard School (1995–2001). • Trustee, Keene Valley Country Club (1990–1996). • Published essays and articles in various national and regional magazines and newspapers. • American Arbitration Association and ICDR Panel of Commercial Arbitrators.

Recognition

• Listed in Euromoney’s Guide to the World's Leading Competition and Antitrust Lawyers and Super Lawyers since 2008. • New York County Lawyers’ Association Boris Kostelanetz President’s Medal (2006). • New York County Lawyers’ Association (with firm), for outstanding support of NYCLA and contributions to the honor of the legal profession (January 2000). • ABA Antitrust Section, for Services and Commitment to Antitrust Section (1999 -2000). • 18th Rossman Memorial Award (Journal of Patent and Trademark Office Society) (1991).

© 2016 Hughes Hubbard & Reed LLP Legal Notices and Award Methodologies Lehman Contact Attorney Advertising Contact Us Site Map Rio de Janeiro*

http://www.hugheshubbard.com/James-B-Kobak-Jr/Attorney.aspx 5/13/2016

PERY D. KRINSKY, ESQ.

KRINSKY PLLC 160 BROADWAY • SUITE 603 NEW YORK, NEW YORK 10038 212.543.1400 [email protected] www.krinskypllc.com

PERY D. KRINSKY is the principal of KRINSKY, PLLC, where he focuses his practice on ethics-based defense litigation. Before forming his own law firm, Mr. Krinsky was associated with the law firm of LaRossa & Ross, and then the Law Offices Of Michael S. Ross.

MR. KRINSKY’S ethics-based defense litigation practice focuses on:

 Federal & State Attorney/Judicial Ethics Matters, including: representing attorneys and law firms under investigation by disciplinary authorities and other government agencies; providing guidance to lawyers concerning the day-to-day practice of law; representing disbarred and suspended attorneys seeking reinstatement; advising and representing members of the New York State Judiciary in matters before the New York State Commission on Judicial Conduct; and assisting law school graduates in the admissions process.

 Federal & State Criminal Defense Matters, including: defending clients against law-enforcement actions such as claims of securities fraud, antitrust, investment advisory fraud, health care fraud, tax issues, money laundering, RICO, and narcotics trafficking, among others; helping conduct internal investigations; addressing compliance issues; and responding to regulatory inquiries.

 Art Law Ethics & Litigation Matters, including: allegations of business fraud; art- related disputes; fraudulent transactions; provenance and authenticity; fraudulent inducement to sell; and sales tax evasion.

MR. KRINSKY is a frequent lecturer on topics involving ethics in litigation, personal and professional responsibility and academic integrity, including at: the N.Y. State Judicial Institute; the Appellate Divisions, First and Second Judicial Departments; the N.Y. State Bar Association; the N.Y. City Bar; the N.Y. County Lawyers’ Association; the N.Y. State Academy of Trial Lawyers; the N.Y. State Trial Lawyers Association; the Practicing Law Institute; the Bay Ridge Lawyers Association; the Queens County Bar Association; Sotheby’s Institute of Art; and law schools such as Brooklyn Law School, Columbia Law School and Fordham Law School.

MR. KRINSKY serves as the Chair of the Ethics Committee of the Entertainment, Arts & Sports Law Section of the N.Y. State Bar Association; and the Chair of the Committee on Professional Discipline of the N.Y. County Lawyers’ Association. Mr. Krinsky serves on the Board of Advisors of the N.Y. County Lawyers’ Association Institute of Legal Ethics; and is also a Member of: the Brooklyn Bar Association; the N.Y. State Bar Association’s Committee on Attorney Professionalism; the N.Y. City Bar Association’s Professional Responsibility Committee; and the N.Y. County Lawyers’ Committee on Professional Ethics. Peter Micek, Author at Access Now Page 1 of 4

 https://www.accessnow.org:443/author/peter-micek/

Peter Micek (Email: [email protected], PGP Key: 0xA5BD70B0) leads the Access policy team's business and human rights work, advocating for a more rights- respecting telecom and tech sector. He also teaches a course at Columbia University on internet policy and governance. A lawyer by training, Peter completed a JD cum laude at the University of San Francisco School of Peter Micek Law, and in 2010 published "A Genealogy of Home Global Policy Visits," critiquing surveillance of at-risk communities. & Legal As a law student, Peter defended independent Counsel journalists and engaged in Freedom of Information litigation at First Amendment Project. For five years, in his native San Francisco, Peter led youth and ethnic @lawyerpants  media development at New America Media, and was Web Editor at KALW's daily radio program Your Call. Peter studied political science and journalism at Northwestern University in Evanston, IL. He is licensed by the state bars of California and New York, and has no cats.

ISSUE REGION LANGUAGE  TILES  LIST

FREEDOM OF EXPRESSION Uganda blocks social media (again), harms human rights For the second time this year

https://www.accessnow.org/author/peter-micek/ 5/13/2016 Jonathan Stribling-Uss, Esq. is the director of Constitutional Communications, a nonprofit organization that specializes in information security for professionals and civil society organizations. He has led trainings and accredited CLEs (Continuing Legal Education) for hundreds of attorneys and law students on cybersecurity, professional ethics, international law, and attorney-client communications with the NYCLA (New York County) Bar Association, Law For Black Lives, and the Continuing Legal Resource Network at CUNY (City University Of New York). He has also trained journalists, foundations, activists, and technologists from more then 40 countries at the Center for Constitutional Rights, Thoughtworks global corporation, the International Development Exchange, the Legal Clinics of the CUNY School of Law, and The Florestan Fernandes National School in Brazil. His work was recently featured in NY Magazine and Brazil de Fato news magazine.