Photo of Stephen M. Byers

Stephen M. Byers is a partner in the firm's White Collar & Regulatory Enforcement Group and serves on the group's steering committee. He is also a member of the firm's Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers's practice involves counseling and representation of corporate and individual clients in all phases of white collar criminal and related civil matters, including: internal corporate investigations; federal grand jury, inspector general and congressional investigations; and trials and appeals.

The U.S. Department of Justice released revisions to the Foreign Corrupt Practices Act corporate enforcement policy on March 8, 2019. While intended to clarify the DOJ’s position on a number of hot-button issues, including its controversial stance on certain instant-messaging software, a closer look reveals that these changes fall short of answering several key questions

Attorney General Jeff Sessions and EU Justice Commissioner Věra Jourová have met twice over the last two weeks, signaling momentum towards a new EU-U.S. solution for the sharing of electronic evidence. These meetings occurred in the wake of proposed regulations on the sharing of electronic evidence in the EU, and the passage of the Clarifying

The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data

In an obscure case that could have broad implications, a judge in the Eastern District of Virginia sentenced the Danish CEO of two overseas technology companies to time served and a fine of $500,000 for the advertisement and sale of a mobile application capable of surreptitiously monitoring communications and other information on a mobile device. A Department of Justice press release touted the result as “the first-ever criminal conviction concerning the advertisement and sale of a mobile device spyware app.” Nevertheless, the sentence of ten days of time served represents a significant downward departure from the recommended 4-10 month prison term contemplated by the defendant’s plea agreement.

According to a statement of facts filed with the plea agreement, the defendant, Hassam Akbar, advertised and sold “StealthGenie,” a now-defunct mobile app that could be used for real-time monitoring of a mobile device owner’s calls, texts, emails, photographs, calendar appointments, contacts, and other information. The app apparently could also remotely activate the phone’s microphone and record nearby sound. Once installed and activated, the app was undetectable to the average user because it ran in the background whenever the smartphone was powered on with no indication that the app was running. According to the DOJ, “[a]pps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life – all without the victim’s knowledge”; indeed, according to the DOJ “SteathGenie ha[d] little use beyond invading a victim’s privacy.” For this reason, as Wired reported, the Akbar indictment was hailed as a step in the right direction by at least one group working to fight domestic violence, which was hopeful the conviction signaled an intent to crack down not only on the users but also on the developers and distributors of tools used to perpetrate domestic violence and stalking.
Continue Reading

As part of Crowell’s “Data Law Trends & Developments:  E-Discovery, Privacy, Cyber-Security & Information Governance,” Steve Byers and I examined the hottest topics in E-Discovery in Government Investigations and Criminal Litigation.  Our report begins on page 15, and explores recent trends in this rapidly expanding field and forecasts potential developments with Federal Rule

In a remarkable decision addressing the reach of search warrants aimed at personal data stored by a third party in the cloud, a court ruled last week that an internet service provider (“ISP”) can be compelled to produce personal information located outside of the U.S. The decision by Magistrate Judge James Francis (S.D.N.Y.) denied Microsoft Corporation’s motion to quash a warrant requiring production of customer email content and related data stored on a server located in Dublin, Ireland. If adopted by other courts, the ruling could have far-reaching implications not only in the context of overseas cloud storage, but the privacy of personal data stored on third- party servers generally.

The specific issue addressed by the court concerns application of the infamously antiquated Stored Communications Act (“SCA”) of 1986, which allows the U.S. government to obtain information by subpoena, court order, or warrant from third parties such as ISPs. On December 4, 2013, the court approved the government’s request for a SCA search warrant to Microsoft seeking virtually all content and data associated with a particular email account. Microsoft produced all relevant information stored on its domestic servers, but moved to quash the warrant to the extent it sought information stored at its datacenter located in Dublin, arguing that U.S. courts are not authorized to issue extraterritorial search warrants. Notably, it is not clear from the decision whether the owner of the subject email account is a U.S. resident.
Continue Reading

Last week, in United States v. Agrawal, the Second Circuit upheld a jury’s 2010 conviction of a former Société Générale trader under the Economic Espionage Act (EEA) and the National Stolen Property Act (NSPA). The three-judge panel unanimously affirmed the NSPA conviction, but split on whether the EEA conviction could stand in light of the Second Circuit opinion in United States v. Aleynikov, 676 F.3d 71 (2d Cir. 2012), in which the court vacated an ex-Goldman Sachs trader’s convictions under the same statutes for very similar conduct.

During his employment with Société, Samarth Agrawal copied and printed thousands of pages of computer code that his current employer used for a high-frequency trading program. He intended to provide the code to his future employer, another investment firm, and was arrested on the day he was scheduled to begin his new job. Agrawal was indicted by a grand jury and convicted following a jury trial for violating the EEA and NSPA.
Continue Reading

In a prior post, I wrote about a criminal trade secrets theft case in which spoliation in related civil litigation was charged as obstruction of justice. I noted that “[t]he prospect of criminal charges for spoliation in civil litigation raises the stakes for civil litigants, particularly where a parallel criminal investigation is a possibility . . . .” Last week, this scenario arose again, as it was announced that Halliburton will plead guilty to a criminal offense based on ESI spoliation that appears to have first arisen in the massive civil litigation over the Deepwater Horizon disaster.

According to the Information and Plea Agreement, following the Deepwater Horizon oil spill, Halliburton employees used a proprietary 3D modeling program to examine aspects of the drilling equipment on two occasions. On both occasions, the employees were told to delete the resulting data and reluctantly did so. Halliburton was a contractor to BP, and these events seem to have been uncovered by BP in the ensuing civil litigation when it became apparent from Halliburton emails that the 3D modeling data once existed but had not been produced. Resolution of this spoliation issue in the civil litigation is still pending. In the meantime, however, the spoliation became the basis for a criminal charge against Halliburton in the parallel criminal investigation by the Department of Justice.
Continue Reading

For more than a year, the United States and the European Union have been engaged in negotiations over a data protection framework covering trans-Atlantic law enforcement cooperation. Last week, U.S. Attorney General Eric Holder and EU Vice-President Viviane Reding met in Washington to discuss that and other topics. Both expressed optimism in a joint press release issued after the meeting, but it remains to be seen whether the enormous gap between U.S. and EU notions of data privacy can be bridged through such an agreement.

In the EU, the privacy of one’s personal data is a fundamental civil right, whereas in the U.S. such privacy considerations are routinely subordinated in the context of law enforcement investigations and prosecutions. The EU’s stringent data protection rules have thus become a recurring sticking point in joint law enforcement efforts between the two governments because the U.S. has been unable to guarantee an “adequate” level of protection for data transfers as far as the EU is concerned.
Continue Reading

I have previously written about the spoliation litigation and sanctions in the DuPont v. Kolon trade secrets dispute, in which Crowell & Moring represents the plaintiff and which resulted in a $920 million jury verdict for our client DuPont. The deletion of ESI by the defendant in that case resulted in an adverse inference jury instruction at trial and even spawned criminal obstruction of justice charges. Now the district court in the civil litigation has awarded DuPont $4.5 million in attorney’s fees and expenses as an additional sanction, which was the full amount sought by DuPont.

The court’s opinion explains why the $4.5 million sanction – one of the largest fee-based spoliation sanctions to date – was fully justified. The level of effort expended by DuPont’s lawyers and vendors was driven in part by what the court described as the defendant’s “overall obfuscatory conduct” which resulted in “a long, and oftentimes tortuous, journey on the part of DuPont to get to the bottom of the alleged deletion of files and email items by key Kolon employees.” The lesson here of course is that one must be careful about waging a pitched battle over discovery into known spoliation given that the client will likely have to foot the bill. That is an entirely foreseeable outcome where the allegations have merit because an award of fees and expenses is a common spoliation sanction.
Continue Reading