Cybercrime & Technology

SACRAMENTO – Attorney General Kamala D. Harris and Assemblymember Jacqui Irwin (D-Thousand Oaks) today unveiled legislation to modernize California’s collection and publication of criminal justice data. The OpenJustice Data Act builds on Attorney General Harris’s historic open data initiative, OpenJustice, to improve accountability and transparency in California’s criminal justice system.

“Data and technology have the power to dramatically increase transparency and accountability in our criminal justice system,” said Attorney General Harris. “This legislation will bring criminal justice data reporting into the 21st Century. I thank Assemblymember Irwin for standing with me to support the adoption of technology by law enforcement.”

Assembly Bill 2524 will convert Crime in California and other annual reports published by the California Department of Justice into digital data sets that will be published on the Attorney General’s OpenJustice Web portal.  These reports provide statistical summaries including numbers of arrests, complaints against peace officers, hate crime offenses, and law enforcement officers killed or assaulted. The OpenJustice Web portal will transform the way this information is presented to the public with interactive, accessible visualization tools, while making raw data available for public interest researchers.

"Right now we are sitting on mountains of valuable criminal justice data that local law enforcement work hard to provide in the public interest.  We need to make sure that this information is available to the public and that we are using it effectively.  AB 2524 is a common-sense measure that will help bring California into the 21st century,” said Assemblymember Irwin.

Additionally, AB 2524 will bring the state’s data collection into the 21st century by requiring local law enforcement agencies to submit all currently required statistical reports digitally.  Despite the fact that electronic reporting provides for more accurate and efficient data submission, approximately 60% of local law enforcement agencies still submit required data to the California Department of Justice (DOJ) on paper.  The OpenJustice Data Act will direct all agencies to transition to digital reporting, which will improve the quality and completeness of data, allow for more frequent updates to data contained within the OpenJustice Web portal, and ensure a much more efficient use of taxpayer resources in the long-term.

“I look forward to working with Attorney General Harris and Assemblymember Irwin to further advance our commonly shared goal of strengthening the relationships between law enforcement and the communities in which we live and serve.  Law enforcement leaders across California stand ready to ensure that the modernization of data reporting is feasible for even the smallest of police departments.  The alchemizing of this data will serve to better inform Californians about the crime our officers encounter every day and the subsequent actions taken,” said Oxnard Police Chief Jeri Williams.

Attorney General Harris first launched the OpenJustice initiative in 2015 as a mechanism for improving community trust in law enforcement, enhancing government accountability, and informing public policy. 

Last month, the Attorney General announced the release of OpenJustice 1.1, which enriched the Web portal’s initial data sets with city, county, and state level context including population and demographic information, unemployment rates, poverty rates, and educational attainment levels.  In addition to providing greater transparency, this information enables policymakers to craft informed, data-driven public policy.

Attorney General Harris has announced that the Department of Justice will augment the OpenJustice Web portal with new criminal justice datasets created through recent legislation, including reports on racial and identity profiling (AB 953, Weber) and officer and civilian-involved uses of force (AB 71, Rodriguez). 

Attorney General Harris has also taken several steps to strengthen the trust between law enforcement and California communities.  She directed a 90-day Review of her Division of Law Enforcement’s policies on use of force and implicit bias, convened the state’s law enforcement leaders to share best practices through her 21st Century Policing Working Group, created the first POST-certified course on Procedural Justice and Implicit Bias in the U.S., and developed a pilot for body-worn cameras for DOJ Special Agents.

SAN FRANCISCO - Attorney General Kamala D. Harris today issued a consumer alert warning California businesses to be aware of phishing scams that target the workplace and can lead to data breaches and loss of funds. The scam is commonly called “brand spoofing” or “phishing” because the spam mail sent uses familiar or legitimate-sounding names of companies to trick consumers into disclosing confidential personal information. In the last few weeks, the California Department of Justice has received notifications of data breaches from California companies that have fallen victim to this type of scam. 

Complaints and reports describe cybercriminals sending fake emails to businesses in an attempt to trick employees into handing over critical data and in some instances money.  Based on recent attacks, these phishing emails will falsely appear to be coming from an executive within the business and will be sent to employees that have access to sensitive data and finances.  For example, an email that looks like it is being sent from an executive may direct an employee in the finance department to transfer money to an account outside the country or an email sent to an HR manager may ask for all employee W2 forms to be sent to a fake CEO email address.

When employees respond to such emails, they may be facilitating a data breach that puts their co-workers or others at risk of identity theft and subjects their company to significant monetary and reputational costs.

The FBI has issued a public service announcement warning about business email compromise, and the Identity Theft Resources Center and security experts have also warned about this type of scam.

There are measures businesses can take to reduce the risk of falling victim to such scams.  In the latest California Data Breach Report, issued last month, the Attorney General‘s office discussed minimum reasonable security controls that businesses should implement, including some that address phishing.

Tips on Combatting Phishing in the Workplace

• Educate employees on phishing, focusing on the types of data likely to be targeted in individual job roles.
• Control access to sensitive data and systems with a “need-to-know” and “least privilege” policy.
• Implement multi-layered network boundary defenses that can detect anomalies in inbound and outbound traffic.
• Use two-factor authentication to confirm requests to transfer funds (such as phone verification of an email request – to a pre-established number, not one provided in the email).
• Implement malware defenses, to protect against malicious software delivered by phishing emails (and other vectors).
• “Whitelist” software that is authorized to run on your network, and prevent execution of all others.

For More Information

California Attorney General’s California Data Breach Report (February 2016)

FBI on Business Email Compromise (August 2015)

Identity Theft Resources Center on CEO Phishing (March 2016)

Krebs on Security, Phishers Spoof CEO, Request W2 Forms (Feb. 2016). 

LOS ANGELES - Attorney General Kamala D. Harris today announced the release of OpenJustice v1.1, the next version of her criminal justice transparency initiative, which seeks to make public an unprecedented amount of data in easy-to-use and digestible ways so that we can hold ourselves accountable and improve public policy to make California safer. The OpenJustice v1.1 rollout includes new features focused on allowing Californians to better understand how the criminal justice system is working in their specific communities.

Now at a city, county, and state level, the OpenJustice Dashboard shows crime, clearance, and arrest rates, as well as arrest-related deaths, deaths in custody, and law enforcement officers killed or assaulted. Because public safety is also impacted by many societal factors outside of law enforcement, the Dashboard incorporates important contextual data such as population and demographic information, unemployment rates, poverty rates, and educational attainment levels. Through interactive maps, charts and tools, everyone – from communities to law enforcement to policymakers – will be able to identify where our system is doing well to promote public safety and equity in the justice system, and in what areas we must continue to improve.

“OpenJustice adds accountability and transparency to California’s criminal justice system – helping to rebuild the trust between law enforcement and the communities we are sworn to protect,” said Attorney General Harris. “This data helps clarify a simple truth: too many boys and young men of color are being arrested and killed by police. By releasing vast amounts of criminal justice data, OpenJustice v1.1 adds numbers and facts to the national debate on police-community relations. Law enforcement agencies across the nation should embrace data-driven policy changes to improve our criminal justice system and make our streets safer.”

In September 2015, Attorney General Harris launched OpenJustice by publishing three data sets at a statewide level, and committing to continue to release additional criminal justice data collected by the California Department of Justice. OpenJustice v1.1 delivers on that promise by releasing new data and at a more detailed level.

For each data set, anyone can use the Dashboard to look at overall trends, and also sort by race, gender, and age to better understand how different demographic groups are impacted by the justice system. The updated site also enables users to see the types of crimes (violent and property) and arrests (felonies and misdemeanors) across jurisdictions, compared to the California and national averages, and over time. In addition, the site continues to highlight the real danger that law enforcement personnel face everyday to keep our communities safe.

The OpenJustice initiative builds on Attorney General Kamala D. Harris’s leadership by deploying 21st century “Smart on Crime” approaches to improve public safety.  As California’s chief law enforcement officer, Attorney General Harris has worked to introduce new technology to the Department of Justice and law enforcement agencies across the state.  She has also championed the use of data to measure outcomes in public education and understand their impact on the criminal justice system.

In addition to OpenJustice, Attorney General Harris has also taken several steps to strengthen the trust between law enforcement and California communities. She directed a 90-day Review of her Division of Law Enforcement’s policies on use of force and implicit bias, convened the state’s law enforcement leaders to share best practices through her 21st Century Policing Working Group, created the first POST-certified course on Procedural Justice and Implicit Bias in the U.S., and developed a pilot program to test body-worn cameras within the Department of Justice.

The OpenJustice Dashboard will continue to spotlight metrics from across the justice system and a broad array of data sets will be released to foster accountability and trust. This tool will enable researchers, civic coders, journalists, and policymakers to help tackle seemingly intractable problems in the criminal justice system. 

To view all of the data released today, visit OpenJustice (http://openjustice.doj.ca.gov).

SAN FRANCISCO – Attorney General Kamala D. Harris today addressed the Stanford Cyber Initiative to release a comprehensive report detailing the nature of data breaches reported to her office over the past four years.  The report found that between 2012 and 2015, there were 657 data breaches, which compromised over 49 million records of Californians’ personal information.   The report is accompanied by recommendations from the Attorney General for organizations, businesses and lawmakers on how to protect against data breaches, and points to a specific set of actions that companies and organizations should start with to meet the state and federal mandates of reasonable security. Last year, 178 breaches placed 24 million records of Californians at risk.  This means that as many as three in five Californians may have been victims of a data breach in 2015 alone. “Government and the private sector have a shared responsibility to safeguard consumers from threats to their privacy, finances, and personal security,” said Attorney General Harris.  “California is leading the nation with measures to prevent data breaches, but we can do better.  This report clearly articulates basic steps that businesses and organizations must take to comply with the law, reduce data breaches, and better protect the public and our national security.” The report includes information on the most common types of data breached, explains what types of breaches different industry sectors were most susceptible to, and provides recommendations to reduce the frequency and impact of future breaches.

Types of Data Breached 

• Social Security numbers, payment card data, and medical information were the top three types of data breached over the past four years.

Industry Sectors 

• The retail sector has been the most vulnerable industry, accounting for 24% of breaches and 42% of records breached in the past four years.
• The financial sector accounts for the second largest share of breaches at 18%, and 26% of records breached. Social Security numbers are the most common data breached in this sector.
• The healthcare industry accounts for 16% of breaches, and continues to be particularly vulnerable to physical breaches.
• Small businesses represent 15% of all reported breaches.

Recommendations for Organizations

• Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program, since not doing so would be indicative of a failure to provide reasonable security.
• Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.  This procedure provides greater protection than the username-and-password combination typically used for online shopping accounts, health care websites and patient portals, and web-based email accounts.
• Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers.  This is particularly important for health care, which appears to be lagging behind other sectors in this area.
• Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files.  This measure is free, fast, and effective in preventing identity thieves from opening new credit accounts.

Recommendations for State Policy Makers

• Collaborate to harmonize state breach laws on key dimensions.  Such an effort could reduce the compliance burden for companies, while preserving innovation, maintaining consumer protections, and retaining jurisdictional expertise.

As data threats evolve, California must remain at the forefront of identifying and implementing creative and effective ways to fend off attackers.  In 2004, California passed its information security statute (AB 1950, Wiggins), which requires businesses that collect personal information to use “reasonable security practices and procedures.” In 2003, California became the first state to mandate data breach notification, requiring businesses and state agencies to inform consumers when a security breach compromises their personal information (AB 700, Simitian). As of 2012, any breach involving more than 500 Californians must be reported to the Attorney General’s Office (SB 24, Simitian).

Attorney General Harris has invested the best talent and resources of the California Department of Justice into the fight for cyber security.  In 2011, she created the eCrime Unit, which is tasked with investigating and prosecuting large-scale identity theft, technology crimes, and crimes that target electronic devices, networks, or intellectual property.  In 2012, Attorney General Harris established the Privacy Enforcement and Protection Unit to enforce and regulate state and federal laws regulating the collection, retention, disclosure, and destruction of personal information, as well as to educate organizations and consumers on privacy responsibilities and rights.

Furthermore, a number of recommendations from Attorney General Harris’s previous data breach reports have been enacted into law.  SB 46 (Corbett), which took effect in January 2014, added online account credentials to the list of personal data covered under SB 24 (Simitian).  In 2014, AB 1710 (Dickinson) was enacted, requiring the source of a breach of such data to offer identity theft prevention or mitigation services at no cost to the affected person and for no less than 12 months.  The law took effect in January 2015.  In 2015, SB 570 (Jackson) amended the breach law to require the use of a format for breach notices that makes them easier to understand. It took effect in January 2016.

View the full California Data Breach Report February 2016.

SAN FRANCISCO – California Attorney General Kamala D. Harris is commemorating international Data Privacy Day by reminding consumers of three easy steps to take to protect against identity theft in 2016. Attorney General Harris is also partnering with Facebook to share privacy tips for Facebook users, as part of her commitment to incorporating technology into government. The Attorney General’s Facebook video message can be found here: http://on.fb.me/dataprivacydaycalifornia. January 28, Data Privacy Day, is observed in the U.S., Canada and Europe as an opportunity to promote privacy awareness.

Identity theft is a privacy crime that cost individuals and businesses $16 billion in 2014,the last year for which information is available.[1] There were 12.7 million victims of identity theft in the U.S. – that is one victim every 2.5 seconds. Over 1.5 million victims were in California.

The following three Data Privacy Day tips are a good starting point for consumers to begin to protect themselves from identify theft.

1.     Order your credit reports (free).  

Consumers are highly encouraged to regularly monitor their credit files. Proactive credit monitoring can help consumers catch errors and quickly identify potential identity theft issues. Consumers are entitled by law to get a credit report from each of the three major credit bureaus every year, at no cost.

FREE annual credit reports can be ordered online at www.annualcreditreport.com or through the toll-free phone number:  (877) 322-8228. After receiving the reports, make sure to review them thoroughly for information that is not recognized and take action on anything suspicious. For more information, please visit: How to Order Your Free Credit Reports: Tips for Consumers.  All consumers are entitled to one free credit report every 12 months, from each credit reporting company, and should not have to input or share credit card information for these reports.

2.     Protect your electronics with strong passwords (free).

Smartphones and tablets contain a lot of personal information, such as banking, shopping, and location information in apps and emails. Consumers should make a habit of locking their devices just as they lock their homes and vehicles. Additionally, rather than using a 4-digit passcode which can be cracked in minutes, consumers should use a strong password that contains at least 8 characters, including letters, numbers and symbols. Consider using a phrase and substituting numbers and symbols for letters. For example, “how much wood would a woodchuck chuck?” might be Hmww1wcc? (Don’t use that one!)  

Many smartphones, including both Apple and Android phones, provide lock or passcode tools in the “Settings” feature of their devices. Device manufacturers today offer advanced technologies like fingerprint sensors and “lock patterns” that can make it very difficult to access a stolen device.

General screen lock information:

• iPhones and iPads (iOS)

New Apple products protect devices with a thumbprint or a numeric passcode, or a combination of both.

From home screen, select SETTINGS, then TOUCH ID & PASSCODE. On older products, select SETTINGS, then GENERAL, then PASSCODE.  Follow instructions and remember to set how quickly you want the device to lock (one minute, five minutes, etc.)

More on Apple locks: www.support.apple.com/en-us/HT204060 

• Android devices

Depending on your type of device, Android allows you to use a pattern unlock, a personal identification number (PIN), or an alpha-numeric password. Though the language varies in different Android devices, you can generally follow this path:

Select MENU on the home screen. Select SETTINGS, then SECURITY, then CHANGE SCREEN LOCK.

Check the version of your Android device: www.support.google.com/nexus/answer/4457705

More on Android locks: www.support.google.com/nexus/answer/2819522?hl=en

For more information on strong passwords, please visit:  Safe Password Practices - Refresh Here!

3.     Freeze your credit files ($30) – or place a fraud alert (free).

Consumers who believe they may be victims of identity theft should consider freezing their credit files. A credit freeze is the strongest consumer protection against serious types of identity theft that involve Social Security numbers. It prevents the opening of new accounts but does not affect existing credit accounts. Credit freezes remain on accounts until the account holder temporarily or permanently lifts the freeze.

To activate a credit freeze, consumers must contact each of the three credit bureaus. Once the credit bureaus have frozen the requested credit records, a potential thief cannot open a credit account, get a loan, or do certain other things in the account holder’s name. Consumers who need to open a new credit account during the freeze can “lift” the freeze in advance for a limited period of time by contacting the credit bureau (sometimes for a small fee).

Credit freezes are free to victims of identity theft who have a corresponding police report.  Otherwise, freezes cost $10 per credit bureau.  For consumers 65 and older, each freeze is $5. For more information, please visit: How to “Freeze” Your Credit Files

An alternative to a freeze is a fraud alert. Consumers who are in the market for new credit, insurance, or employment may find a credit freeze cumbersome as the freeze must be lifted every time a request is made for new credit. Instead, consumers looking for new credit may want to consider placing a fraud alert on their accounts. Fraud alerts offer a free, fast, and effective way to protect against a potential identity thief opening new credit accounts under an account holder’s identity. A fraud alert signals to credit grantors that requests for new credit accounts or credit extensions may be coming from an identity thief and it requires merchants to take extra steps to verify the identity of the applicant. To place a fraud alert, consumers only need to contact one of the three credit bureaus, which will result in all three placing the alert. A fraud alert lasts 90 days and can be renewed.

For more information on fraud alerts, visit: Breach Help: Consumer Tips from the Attorney General

ADDITIONAL INFORMATION

California Attorney General identity theft information:  www.oag.ca.gov/idtheft

California Attorney General privacy information:  www.oag.ca.gov/privacy

Data Privacy Day: https://www.staysafeonline.org/data-privacy-day/about.

[1] Javelin Strategy & Research, 2015 Identity Fraud Study, available at www.javelinstrategy.com.

SACRAMENTO - Attorney General Kamala D. Harris and Placer County District Attorney R. Scott Owens today announced the arraignment of Riley Bangerter, 36, of Roseville, on 11 charges of identity theft, in a case of cyber harassment. Bangerter pled not guilty when he was arraigned on January 11, 2016.

Bangerter was arrested on December 3, 2015, following an investigation by Attorney General Harris’ eCrime Unit, which found that he had superimposed images of his ex-wife onto pornographic images and posted them online, accompanied by her personal identifying information.

“Bangerter’s heinous actions sought to humiliate, belittle and destroy the personal and professional life of his victim,” said Attorney General Harris.  “This prosecution sends a clear message to all who dare to perpetrate the crimes of cyber harassment and cyber exploitation, that these cowardly acts will not be tolerated in California.  I thank the Placer County District Attorney’s office for their partnership and commitment to holding Bangerter accountable for these deplorable acts.”

Bangerter is charged with identity theft – violating Penal Code section 530.5, which prohibits the misuse of personal identifying information.  The case is being prosecuted by the Placer County District Attorney’s office.

During her tenure, Attorney General Harris has pioneered the prosecution of cyber exploitation cases, successfully securing criminal convictions and sentences for those who post intimate photos or videos online without the consent of the individual depicted. 

In 2011, Attorney General Harris created the eCrime Unit within the California Department of Justice to identify and prosecute identity theft crimes, cybercrimes and other crimes involving the use of technology.  In April 2015, Attorney General Harris announced that Kevin Bollaert was sentenced to eighteen years of incarceration (a sentence later revised to eight years in prison followed by ten years of mandatory supervision) for operating a cyber exploitation website, ugotposted.com.  The site allowed the anonymous, public posting of nude or explicit photographs without the subject’s permission and also included the subject’s full name, location, age and Facebook profile link.  Bollaert also extorted victims, charging them $250 to $350 to remove the content posted without their permission.

In June 2015, Attorney General Harris announced a three-year jail sentence for Casey Meyering, who operated a cyber exploitation website called WinByState.com and an associated site TakedownHammer, where he extorted victims seeking to have their images removed.  Charles Evens, who hacked into email accounts to steal intimate images and then sold the images to cyber exploitation website operator Hunter Moore, pleaded guilty to hacking in June 2015.

Attorney General Harris convened a Cyber Exploitation Task Force in February 2015, a public-private partnership comprised of 50 major technology companies (including Microsoft, Google, Facebook, Yahoo, and Twitter), victims’ advocates, and legislative and law enforcement leaders.  In October 2015, Attorney General Harris and the task force unveiled a  first-of-its-kind online resource hub with tools for victims, the technology industry, and law enforcement agencies.

In September 2015, Governor Jerry Brown signed into law two new measures Attorney General Harris sponsored to combat and prevent cyber exploitation.  Senate Bill 676 (Cannella, R-Ceres) enables law enforcement to destroy cyber exploitation images and AB 1310 (Gatto, D-Glendale) allows search warrants to be issued for crimes related to cyber exploitation and allows for the prosecution of cyber exploitation cases in the county where the victim resides or in the county where the images were posted.

SAN FRANCISCO - Attorney General Kamala D. Harris today released guidance on location privacy on smartphones, tablets, and email as part of National Cyber Security Awareness Month, a campaign to promote a safer, more secure, and more trusted Internet.

The Attorney General’s new information sheet, Location, Location, Location: Tips on Controlling Mobile Tracking, comes at a time when nearly two-thirds of Americans own a smartphone. In fact, it’s been reported that the average consumer is never more than three feet away from his or her phone.[1]

Connected devices are convenient, but they also pose unique privacy challenges. Our smartphones and tablets are “always on” and “always on us,” broadcasting where we are, where we have been, and even where we are going. This is a concern for many of us, and for domestic violence and stalking victims, it can be dangerous.

Location, Location, Location explains how to use system settings on Android and iOS devices to manage GPS and other location tracking functions.  The new information sheet also explains how email location tracking works and offers step-by–step instructions for stopping it in Gmail, Outlook, and Yahoo Mail.

Location, Location, Location can be found with Getting Smart About Smartphones, Breach Help, and a library of easy-to-read privacy materials on the Attorney General’s website at www.oag.ca.gov/privacy/info-sheets. 

Resources

Location, Location, Location: Tips on Controlling Mobile Tracking: https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-18.pdf?

Getting Smart About Smartphones: Tips for Consumers 

English: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/smartphones_consumers.pdf

Spanish: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_15a_smartphonesConsumer_sp.pdf

Getting Smart About Smartphones: Tips for Parents

English: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/smartphones_parents.pdf

Spanish: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_15b_smartphonesParents_sp.pdf

National Cyber Security Awareness Month: www.staysafeonline.org/ncsam/

[1] www.getelastic.com/the-end-of-bricks-and-mortar-retail-as-we-know-it/

LOS ANGELES - Today, Attorney General Kamala D. Harris announced the launch of a new, first-of-its-kind online resource hub with tools for victims, technology companies and law enforcement agencies to combat cyber exploitation, the criminal act of posting intimate photos or videos online without the consent of the individual.  Today’s announcement is a culmination of nine months of work by the Attorney General’s Cyber Exploitation Task Force, a collaboration between the Department of Justice, major technology companies, law enforcement, and victims’ advocates. 

In response, elected officials and leaders in the technology industry released the following statements of support:

Antigone Davis, Head of Global Safety Policy, Facebook:

"Sharing intimate images of someone without their consent can be both devastating and dangerous for the victim. Such activity is not allowed on Facebook and we are proud to support Attorney General Harris’ anti-cyber exploitation initiative to raise awareness of this abhorrent practice and promote tools to fight it.”

Jacqueline Beauchere, Chief Online Safety Officer, Microsoft:

"Non-consensual distribution of sexual content, commonly known as ‘revenge porn’, is a horrific violation of privacy that can damage nearly every aspect of a victim’s life. Microsoft commends Attorney General Harris' commitment to this issue and we are proud to support this effort to help ensure victims have easy access to the tools they need to regain control of their images and their privacy. We hope this new online hub, which includes reporting information for online services such as Microsoft’s new reporting site for Bing, OneDrive and Xbox Live, will prove to be a valuable resource for victims."

Danielle Keats Citron, Lois K. Macht Research Professor & Professor of Law, University of Maryland Carey School of Law:

“Attorney General Kamala Harris's Working Group has set a major milestone in the fight against cyber exploitation today.  In my research of hate crimes in cyberspace, I’ve interviewed more than 50 exploitation victims.  Victims had a hard time finding employment because their nude images and contact information appeared prominently in online searches. They were terrified that strangers would confront them in person. They moved; some changed their names; all were distraught. The fallout was devastating. AG Harris's work is groundbreaking, educating victims about their rights, providing training to law enforcement, securing essential legislation, and working with companies on best practices. The Working Group's efforts in California are a model for the rest of the country.” 

John Doherty, Vice President of State Policy & Politics and General Counsel, TechNet:

“TechNet applauds Attorney General Kamala Harris' efforts to crack down on cyber exploitation, which violates a victim on a deeply personal and private level.  We’re proud that the technology industry has come together in support of this important issue to provide victims an avenue of protection. Over the past 50 years, the Internet has revolutionized the way we communicate, engage in commerce, and collaborate with friends and colleagues around the world.  Overwhelmingly, these changes have been a force for good.  But, clearly there is a dark side, and we must remain vigilant in the effort to protect Internet users from this type of terrible and troubling cyber exploitation.” 

Bob Stresak, Executive Director, California Commission on Peace Officer Standards and Training (POST):

“The Commission on Peace Officer Standards and Training is honored to be a part of the Attorney General’s working group in a progressive effort to combat cyber exploitation.  As technology advances, criminal activity takes new forms.  This often presents challenges for law enforcement.  Law enforcement must advance in its ability to proactively address and effectively respond to those challenges.  To that end, the Commission on POST will continue in its commitment to provide the best training available to the law enforcement community.”

California Assemblymember Mike Gatto (D-Glendale):

“Cyber exploitation is a serious crime.  I was proud to partner with Attorney General Harris on legislation to eliminate jurisdictional loopholes and give additional tools to law enforcement to investigate and prosecute this type of crime. The Department of Justice’s resource hub will play an important role in the fight to end cyber exploitation in California.”

California Senator Anthony Cannella (R-Ceres):

“Cyber exploitation greatly disrupts the lives of victims.  I am glad that California remains in the forefront of fighting this horrendous crime. We need victims to be more aware that there are resources to protect them.  This is a valuable tool to help in ending cyber exploitation.”

LOS ANGELES - Attorney General Kamala D. Harris today announced the launch of a new, first-of-its-kind online resource hub with helpful tools for victims, the technology industry and law enforcement agencies to combat cyber exploitation, the criminal act of posting intimate photos or videos online without the consent of the individual.  Today’s announcement is a culmination of nine months of work by the Attorney General’s Cyber Exploitation Task Force, a collaboration between the Department of Justice, major technology companies, law enforcement, and victims’ advocates.   

“Posting intimate images online without consent is a cowardly crime that humiliates and belittles victims,” said Attorney General Harris. “These new tools will assist law enforcement in combating cyber exploitation and support victims in seeking justice. I would like to thank our partners from our task force, whose work will have a global impact in combatting this heinous crime.”

Attorney General Harris’s effort is centered on a newly created online resource hub that will work to empower victims with information on how to have images posted without permission removed from popular websites and search engines, and provide clear guidance to local law enforcement about new and existing laws to investigate and prosecute cyber exploitation cases. The resource hub will include a Best Practice Guide for technology companies to help them develop policies that prevent the posting and sharing of cyber exploitation images. 

Designed to be a one-stop-shop for law enforcement, victims and technology companies, the site will include information graphics with steps individuals can take after being a victim of cyber exploitation, and the first-ever comprehensive collection of major technology platforms’ privacy policies and links to report improper use of intimate images and how to have them removed from social media sites and online search engines.

“Attorney General Kamala Harris's Working Group has set a major milestone in the fight against cyber exploitation today.  In my research of hate crimes in cyberspace, I’ve interviewed more than 50 exploitation victims.  Victims had a hard time finding employment because their nude images and contact information appeared prominently in online searches. They were terrified that strangers would confront them in person. They moved; some changed their names; all were distraught. The fallout was devastating,” said Danielle Keats Citron, Lois K. Macht Research Professor & Professor of Law at the University of Maryland Carey School of Law. “AG Harris's work is groundbreaking, educating victims about their rights, providing training to law enforcement, securing essential legislation, and working with companies on best practices. The Working Group's efforts in California are a model for the rest of the country.”

“TechNet applauds Attorney General Kamala Harris' efforts to crack down on cyber exploitation, which violates a victim on a deeply personal and private level.  We’re proud that the technology industry has come together in support of this important issue to provide victims an avenue of protection,” said John Doherty, Vice President of State Policy & Politics and General Counsel at TechNet. “Over the past 50 years, the Internet has revolutionized the way we communicate, engage in commerce, and collaborate with friends and colleagues around the world.  Overwhelmingly, these changes have been a force for good.  But, clearly there is a dark side, and we must remain vigilant in the effort to protect Internet users from this type of terrible and troubling cyber exploitation.”

In tandem with the launch of the anti-cyber exploitation initiative, Attorney General Harris issued a Law Enforcement Bulletin, with instructions for all California law enforcement agencies on how to use and enforce new and existing laws related to cyber exploitation crimes. This past legislative session, Attorney General Harris sponsored two bills to enable more effective prosecution of cyber exploitation crimes: AB 1310 and SB 676. Both laws were signed by Governor Jerry Brown and become effective January 1, 2016. 

AB 1310, sponsored by Assemblymember Mike Gatto (D-Glendale), expands the jurisdictional options for prosecuting cyber exploitation cases and allows law enforcement to use a search warrant to investigate cyber exploitation cases. SB 676, sponsored by Senator Anthony Cannella (R-Ceres), adds cyber exploitation to the list of computer crimes eligible for forfeiture and destruction of property as part of a judgment and provides law enforcement with a process for seizing and destroying cyber exploitation images.

The initiative will also include a digital campaign, lead by the Attorney General’s Cyber Exploitation Task Force, using the hashtag #EndCyberExploitation, to raise awareness of the crime and connect victims with resources.   

The Attorney General’s cyber exploitation website was launched in October to mark Domestic Violence Awareness Month and Cyber Security Awareness Month. According to the Cyber Civil Rights Initiative (CCRI), a partner in the working group, more than 90% of victims of cyber exploitation are women and girls. In CCRI’s survey of cyber exploitation victims, 51% reported having suicidal thoughts.

In January 2015, Attorney General Harris convened a task force of 50 major technology companies (including Microsoft, Google, Facebook, Yahoo, and Twitter), victims’ advocates, and legislative and law enforcement leaders to fight cyber exploitation. The Attorney General’s working group on cyber exploitation is focused on four key areas: (1) education and prevention, (2) law enforcement education and training , (3) technology leadership and (4) legislation. This initiative is the culmination of this group’s work over the last nine months. 

Attorney General Harris created the eCrime Unit in 2011 to identify and prosecute identity theft crimes, cybercrimes, and other crimes involving the use of technology. The California Department of Justice is leading the nation in prosecuting these crimes, having garnered the first successful prosecution of a cyber exploitation operator in the country.  Earlier this year, Kevin Bollaert was sentenced to eight years imprisonment followed by ten years of supervised release for his operation of a cyber exploitation website that allowed the anonymous, public posting of intimate photos accompanied by personal identifying information of individuals without their consent.

The new resource hub can be found at http://oag.ca.gov/cyberexploitation.   

LOS ANGELES - Attorney General Kamala D. Harris today issued a statement in response to Governor Jerry Brown’s signature of Assembly Bill 1310 (Gatto, D-Glendale), one of two cyber exploitation bills sponsored by Attorney General Harris.

“This new law gives law enforcement important tools necessary to hold cyber exploitation perpetrators accountable and bring justice to victims,” said Attorney General Harris. “AB 1310 furthers the ability of law enforcement to gather evidence and prosecute these heinous cases. I thank Assemblymember Gatto for authoring this critical measure.”

AB 1310 amends current law by allowing search warrants to be issued for cyber exploitation crimes, giving law enforcement the ability to search electronic databases and retrieve the victims’ images.  AB 1310 also allows for the prosecution of cyber exploitation cases in the county where the victim resides or in the county where the images were posted.  Since posters and website operators commonly reside outside of the victim’s jurisdiction, this change in the law will relieve some of the burden placed on the victim during the prosecution of the case. 

“With this legislation, law enforcement will be able to more effectively investigate and prosecute cyber exploitation criminals across multiple jurisdictions,” said Assemblymember Gatto.  “I applaud the Attorney General for championing this measure and thank Governor Brown for signing it into law.”

This year, Attorney General Harris sponsored two bills to enhance the prosecution of cyber exploitation in the state.  Senate Bill 676 (Cannella, R-Ceres), signed by the governor last month, enables law enforcement to seek the forfeiture and destruction of cyber exploitation images. 

On October 14, the Attorney General’s Cyber Exploitation Working Group will announce its findings and unveil new resources for victims, law enforcement, and tech companies in the fight against cyber exploitation.  This new initiative represents the culmination of a 9 month-long collaboration on four key areas: developing industry best practices, education and prevention, law enforcement training and collaboration, as well as legislation and advocacy.  The working group includes major technology companies such as Facebook, Microsoft, Twitter, Yahoo!, Google, and Instagram.

Attorney General Harris created the eCrime Unit in 2011 to identify and prosecute identity theft crimes, cybercrimes, and other crimes involving the use of technology. The California Department of Justice is leading the nation in prosecuting these crimes, having garnered the first successful prosecution of a cyber exploitation operator in the country. In 2015, Kevin Bollaert was sentenced to eight years imprisonment followed by ten years of supervised release for his operation of a cyber exploitation website that allowed the anonymous, public posting of intimate photos accompanied by personal identifying information of individuals without their consent.