Enforcement

Subscribe to Enforcement via RSS

On Tuesday, September 11, 2018, Judge Raymond J. Dearie of the Eastern District of New York issued a decision holding that Initial Coin Offerings (“ICO”) may qualify as securities offerings and therefore be subject to the criminal federal securities laws.  This ruling came as two U.S. regulators—the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”)—announced separate actions under securities laws against companies engaged in the cryptocurrency marketplace, including the sale of digital tokens.  As the popularity of cryptocurrencies grows and businesses and entrepreneurs increasingly turn to ICOs to raise capital, these developments may serve as guideposts for how cryptocurrencies and ICOs will be viewed by courts and federal regulators in cases to follow.
Continue Reading Federal Court, SEC, and FINRA Scrutinize Cryptocurrencies and ICOs

On June 22, 2018, the United States Supreme Court decided Carpenter v. United States, in which it held that the government must generally obtain a search warrant supported by probable cause before acquiring more than seven days of historical cell-site location information (“CSLI”) from a service provider. Noting “the deeply revealing nature of CSLI,

On April 24, 2018, Altaba, formerly known as Yahoo, entered into a settlement with the Securities and Exchange Commission (the “SEC”), pursuant to which Altaba agreed to pay $35 million to resolve allegations that Yahoo violated federal securities laws in connection with the disclosure of the 2014 data breach of its user database.  The case

Over recent months, numerous state regulators, including in Massachusetts, Texas, and New Jersey, have been exercising greater oversight of cryptocurrency businesses.[1]  On April 17, 2018, the office of the New York Attorney General Eric Schneiderman (“NYAG”) launched the Virtual Markets Integrity Initiative, which will seek information from various platforms that trade cryptocurrencies to better protect consumers.  The initiative responds to concerns that cryptocurrency trading platforms may not provide consumers with the same information available from traditional exchanges.  As part of the initiative, the NYAG’s Investor Protection Bureau sent thirteen major cryptocurrency trading platforms questionnaires relating to internal policies, controls, and best practices.  The Bureau intends to consolidate and disseminate to consumers the information it receives.
Continue Reading New York Attorney General Becomes Most Recent State Regulator To Foray Into Cryptocurrency Oversight

On March 27, 2018, Massachusetts Secretary of State William Galvin announced that the state had ordered five firms to halt initial coin offerings (“ICOs”) on the grounds that the ICOs constituted unregistered offerings of securities but made no allegations of fraud.  These orders follow a growing line of state enforcement actions aimed at ICOs.

This was not Massachusetts’s first foray into regulating ICOs.  On January 17, 2018 the state filed a complaint alleging violations of securities and broker-dealer registration requirements against the company Caviar and its founder for an ICO that sought to create a “pooled investment fund with hedged exposure to crypto-assets and real estate debt.”Continue Reading Massachusetts Orders Five Companies to Halt ICOs as States Step Up Enforcement Efforts

The 2018 Consolidated Appropriations Act, which was signed by President Donald Trump on March 23, 2018, included a little-debated provision that revised portions of the 1986 Stored Communications Act (“SCA”) to permit the government to access through the use of a warrant or subpoena stored communications held abroad by providers of electronic communications services that

In an indictment unsealed on March 23, 2018, the Department of Justice (DOJ) brought criminal charges against nine Iranian nationals affiliated with the Mabna Institute in Iran, alleging computer intrusion, fraud, and aggravated identity theft.[1]  Prosecutors charged the defendants with conspiring to steal a massive amount of intellectual property from universities, private companies, and government institutions worldwide, obtaining more than 31 terabytes of data.  The defendants allegedly acted on behalf of the Islamic Revolutionary Guard Corps (IRGC), which is an arm of the Iranian government whose responsibilities include foreign operations and intelligence gathering.  In addition to the announced charges, the nine defendants and the Mabna Institute were also designated for sanctions by the Treasury Department, Office of Foreign Asset Control, pursuant to Executive Order 13694 “Blocking the Property of certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”[2]
Continue Reading Department of Justice Indicts Iranian Hackers, Revealing Significant Data Breach and Targeting of Intellectual Property of Private Companies and Educational Institutions

A pair of recent enforcement actions by the CFTC and New York Attorney General’s Office (“NYAG”) show that both federal and state authorities are pursuing cases against companies believed to have insufficient data security practices, even in the absence of breaches resulting in harm to customers.

First, late last month, the CFTC entered into a settlement with a registered futures commission merchant that allegedly failed to diligently supervise an unnamed “IT Provider.”  The IT Provider inadvertently introduced a vulnerability to the merchant’s network, exposing private customer records and sensitive information, including personally identifiable information.  An unnamed “Third Party” detected the vulnerability and accessed nearly 100,000 files containing sensitive information.  The Third Party eventually contacted the merchant and federal authorities to disclose vulnerability, and deleted the data.  It appears that the data was not otherwise improperly accessed.
Continue Reading Recent Enforcement Actions by Regulators Show Continued Focus on Cybersecurity and Data Protection Issues

On January 30, 2018, the U.S. Securities and Exchange Commission (SEC) announced[1] that it had obtained an order from a U.S. District Court in Dallas, Texas, halting an allegedly fraudulent initial coin offering scheme.  The SEC’s complaint alleges that defendants AriseBank and AriseBank founders Jared Rice Sr. and Stanley Ford violated the anti-fraud and registration provisions of the U.S. federal securities laws, including by falsely claiming that AriseBank’s customers’ accounts and transactions were FDIC insured, falsely claiming that AriseBank’s customers could spend 700 different virtual currencies using AriseBank’s Visa card, and failing to disclose the criminal history of two of AriseBank’s officers.  Among other relief, the district court has granted the SEC’s request to freeze the defendants’ assets, and for the first time in a cryptocurrency enforcement case has appointed a receiver over those assets, including the cryptocurrencies purportedly held by AriseBank.
Continue Reading SEC Freezes Allegedly Fraudulent “Decentralized Bank” ICO

In February 2018, the Supreme Court will hear argument in United States v. Microsoft Corporation on the issue of whether a U.S. email provider must comply with a warrant issued pursuant to Section 2703 of the Stored Communications Act (“SCA”) by making disclosure in the United States of electronic communications stored exclusively on servers at datacenters abroad.[1]  Recently the parties submitted briefing on the merits to the Court, and a number of amici weighed in to support Microsoft Corp. (“Microsoft”). [2]   Through more than twenty amicus briefs, major tech giants like Google, Apple, and Amazon, along with members of Congress, European lawmakers, European legal groups, and foreign sovereigns, expressed concern about the Government’s interpretation of the SCA. [3] As this interest demonstrates, the Court’s decision is expected to have far reaching implications for the treatment of foreign data protection laws in U.S. courts.
Continue Reading Accessing Servers Abroad: The Global Comity and Data Privacy Implications of United States v. Microsoft