Reporting Cybersecurity Threats to the Legal Sector

The National Cyber Security Centre—and yes, it's British—released a report titled "The cyber threat to UK legal sector." As is clear from the title, the report deals with the unique cybersecurity threats facing the legal sector in the UK. To address upfront the question you might be asking yourself, yes, the report's analysis is insightful for law firms in the United States, too. The report details the risks of phishing, data breaches, ransomware and supply chain compromise. Specifically, it notes that "the cyber threat to the UK legal sector is significant and the number of reported incidents has grown substantially over the last few years." Further, there are "significant" financial and reputational impacts from those cyberattacks. The report explains what it is that makes law firms attractive targets for cyberattacks: Law firms "hold sensitive client information, handle significant funds and are a key enabler in commercial and business transactions." It emphasizes the added risks for firms that represent organizations "that engage in work of a controversial nature" either based on their industry, such as life sciences or energy, or on ideology, such as political or ideological. And the report warns that the "move to offer legal services digitally will not only provide new opportunities but also further avenues for malicious cyber exploitation."

Dangling Carrots: DOJ Continues Pushing FCPA Self-Disclosure

In a speech at the American Conference Institute 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, Deputy Assistant Attorney General Matthew S. Miner addressed the mission of the U.S. Department of Justice (DOJ) to "investigate and stamp out global corruption," focusing "on implications for mergers and acquisitions." Miner oversees the Fraud Section at DOJ, which houses that agency's Foreign Corrupt Practices Act (FCPA) unit. Miner couched corruption as "a virus that saps scarce resources and undermines public trust" and that "also harms law-abiding companies by tilting the playing field in favor of companies who are willing to break the rules to get ahead." After describing recent prosecutions and settlements, he detailed the DOJ's recent incorporation of the FCPA self-disclosure program in the U.S. Attorneys Manual as the FCPA Corporate Enforcement Policy. Emphasizing the importance of self-disclosure, Miner described a recent declination against a company that "satisfied the rigorous requirements of the Policy" and ended up receiving "credit for its disgorgement as part of a $9 million payment in a related SEC administrative proceeding." Miner also explained that the DOJ would "like to do better" with "mergers and acquisitions, particularly when such activity relates to high-risk industries and markets." DOJ will "give meaningful credit" to acquiring companies that learn of misconduct during due diligence and disclose it to the government. In short, "[n]ot only can the acquiring company help to uncover wrongdoing, but more importantly the acquiring company is in a position to right the ship by applying strong compliance practices to the acquired company."

Improper Fraud Instructions Upend Conviction

Defendant Jeffrey Spanier emerged victorious in his request for a new trial. In an unpublished opinion, the U.S. Court of Appeals for the Ninth Circuit in United States v. Spanier vacated his conviction and remanded for a new trial. Spanier had been convicted of wire fraud, mail fraud, securities fraud and conspiracy to commit those offenses. The Ninth Circuit held that the district court failed to properly "instruct the jury on the omissions theory of fraud and the duty to disclose." It reasoned that when the prosecution "bases a fraud charge on material non-disclosures, the trial court must instruct the jury that non-disclosure can only support a fraud charge when the defendant has a duty to disclose the omitted information." Of course, even a faulty jury charge doesn't require vacating a conviction if the error was harmless beyond a reasonable doubt. But here, the court found it was not. It recounted that in Spanier's original trial, at which the proper instruction was given, the jury acquitted him on six counts and hung on the rest. But the district court didn't give the same charge on the retrial of the hung counts, and he was convicted. Given the error and this persuasive evidence of the importance of the proper charge, the Ninth Circuit concluded that the verdict must be set aside. So, the case goes back for round three.

Tax Evader Loses Bid to Undo $10 Million Fine

In United States v. Zukerman, the Second Circuit affirmed the judgment entered against Morris Zukerman. He pleaded guilty to tax evasion and corruptly endeavoring to obstruct and impede the due administration of the Internal Revenue Code and was sentenced to a 70-month term of incarceration and a whopping $10 million fine, which was imposed on top of a $37 million restitution order. Zukerman argued that the fine was both substantively and procedurally unreasonable. The Second Circuit bluntly declared, "It was not." It noted that the district court properly calculated the fine range suggested by the U.S. Sentencing Guidelines and that Zukerman had "adequate opportunity to inform the district court of his financial condition and ability to pay a fine." The appeals court concluded that the district court's imposition of that fine was within its discretion, and it affirmed. In doing so, it pointed to the district court's expression of "deserved opprobrium for Zukerman's 'calculated scheme to defraud the government of tens of millions of dollars for the sole purpose of increasing his personal wealth,' executed through efforts that 'spanned fifteen years and involved submitting more than 50 falsified tax forms for at least ten different individuals.'"

Companies Push Congress to Pass Email Privacy Act

A who's-who of technology firms and others submitted a letter to Chairman John McCain (R-Ariz.) and ranking member Jack Reed (D-R.I.) of the Senate Committee on Armed Services and to Chairman Mac Thornberry (R-Texas) and ranking member Adam Smith (D-Wash.) of the House Armed Services Committee to express their support for a bill known as the Email Privacy Act. That bill "sets standards for government access to private internet communications, to reflect internet users' reasonable expectations of privacy with respect to emails, texts, notes, photos, and other sensitive information stored in 'the cloud'" by updating the Electronic Communications Privacy Act (ECPA), which was signed into law in 1986. The signatories to the letter lauded the bill's ending of the ECPA's "arbitrary '180-day rule,' which permits email communications to be obtained without a warrant after 180 days" and its repudiation of the DOJ's "interpretation of the ECPA that the act of opening an email removes it from warrant protection." They also noted that "the changes reflect current practices: DOJ and FBI policies already require law enforcement officials seeking content to obtain a search warrant, and many service providers will not relinquish their users' content without one."

Crunching the Numbers: the Sentencing Guidelines and Healthcare Fraud

In United States v. Mehmood, the Sixth Circuit affirmed the conviction of Zafar Mehmood and Badar Ahmadani but vacated their sentences and remanded for resentencing. The two were tried and convicted for participation in a massive healthcare fraud scheme that entailed paying kickbacks and obtaining payment from Medicare for fictitious patients. At sentencing, the district court determined that "the full amount of billings submitted by Mehmood's companies between 2006 and 2011—$47,219,535.47—constituted loss for sentencing purposes." In doing so, it "determined that none of Mehmood's claims were legitimate—and thus could not be offset against the aggregate billings—because Mehmood obtained access to the Medicare program by certifying that he would not engage in kickbacks," but he had no intention of abiding by that promise. On appeal, the Sixth Circuit rejected the district court's approach because the guidelines require "the aggregate dollar amount of fraudulent bills submitted to the Government health care program shall constitute prima facie evidence of the amount of the intended loss." U.S.S.G. § 2B1.1, comment. (n.3(F)(viii)) (emphasis added). And because some of Mehmood's patients—and therefore billings—were legitimate, the district court should have deducted those from its calculation of intended loss. Therefore, the sentence was erroneous and remand was appropriate.

Click here to read further Insights from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.