Bitcoin ExpertIntroduction:

On August 15, a major Bitcoin investor filed a lawsuit for $224 million because his cryptocurrency had been stolen, and he argued that telecommunications giant AT&T was at fault for fraud and gross negligence in connection with the theft. See, e.g., Gertrude Chavez-Dreyfuss, “U.S. investor sues AT&T for $224 million over loss of cryptocurrency,” Reuters, Aug. 15, 2018, at https://www.reuters.com/article/us-cryptocurrency-at-t-lawsuit/us-investor-sues-att-for-224-million-over-loss-of-cryptocurrency-idUSKBN1L01AA. The complaint, which was filed in the U.S. District Court in Los Angeles, argued that the plaintiff’s cellphone provider is legally responsible for his stolen Bitcoin. See, e.g., id. This case is unique in that it is the “first-ever attempt to hold carriers accountable for port out scams.” See Lorenzo Franceschi-Bicchierai-1[1], “Bitcoin Investor Sues AT&T After Losing $23 Million In SIM Swap Hack,” Motherboard, Aug. 15, 2018, at https://motherboard.vice.com/en_us/article/pawwkz/bitcoin-investor-sues-att-23-million-sim-swap-hack.

A number of lawsuits surrounding digital currencies, and Bitcoin in particular, have been filed of late, and this is just one of the many legal issues for the courts to resolve. This article discusses the potential for cellphone carriers to be held liable for thefts of cryptocurrencies that occur as a result of SIM or “port out” swaps.

Discussion:

The complaint against AT&T was filed based on transactions that occurred in January of this year, which amounted to what the plaintiff argues were a “’digital identity theft’ of his cellphone account.” See, e.g., Gertrude Chavez-Dreyfuss, supra. According to the sixty-nine page complaint, the theft occurred via a SIM swap fraud. See id. SIM stands for “subscriber identification module,” and SIM cards are inserted into mobile devices to authenticate a particular user and provide that individual’s data. See id. When a SIM swap takes place, cellphone carriers are deceived “into transferring a subscriber’s phone number to a SIM card controlled by someone else. Once that person gets the phone number, it can be used to reset the subscriber’s passwords and access online accounts.” Id. SIM swapping is also referred to as “SIM hijacking” or a “port out scam.” See Lorenzo Franceschi-Bicchierai-1, supra.

In the case at issue, the plaintiff contends that on January 7, his phone number was stolen and taken control of by hackers who accessed his Bitcoin account and stole $24 million worth of the digital currency. See id. According to the plaintiff, his number had previously been stolen in June of 2017, and AT&T had promised him additional security measures and protections after that occurrence. See id. Despite such assurances, the January 2018 theft took place, and the complaint alleges that “’AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective.’” Id.

Whether or not a telecommunications carrier should be held liable for a particular theft is a complex legal question, and this is the first case involving this question with respect to a cryptocurrency. See id. This case is significant in part because SIM swapping and digital currency thefts have become increasingly common, and more victims may attempt to recoup their losses by holding their cellphone providers responsible. See, e.g., Lorenzo Franceschi-Bicchierai-2, “The SIM Hijackers,” Motherboard, Jul. 17, 2018, at https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin.

Part of the plaintiff’s theory for recovery is that AT&T was aware of the risk of SIM swapping and did not take adequate measures to prevent future recurrences. See, e.g., Lorenzo Franceschi-Bicchierai-1, supra. This argument has support from some experts in the fields of cybersecurity, SIM swapping, telecommunications, and cryptocurrencies. For example, one professor at Carnegie Mellon University worked as a chief technologist for the Federal Trade Commission (FTC) in 2016, and during her tenure there, she attempted to study how prevalent SIM swapping thefts are. See Lorenzo Franceschi-Bicchierai-2, supra. In that same year, that expert also became a victim of a port out scam, and she has since expressed her view that cellphone carriers are well aware of this problem but are not taking sufficient steps to address it. See id.

To establish whether a telecommunications provider should be liable for a theft of cryptocurrency that resulted from a port out scam, courts will consider a number of factors. Among these factors are what steps, if any, a provider took/takes to prevent or mitigate the risk of such thefts, whether a carrier has a legal duty to protect end users from SIM swaps and related problems, and whether a given provider’s actions rise to the level of negligence or an even greater degree of culpability. Expert witnesses will play an important role in addressing these matters. Litigation of this kind involves examining complex technologies, and experts in hacking and cybersecurity, mobile carriers and regulation, SIM swapping, digital currencies, privacy, and related fields can offer invaluable assistance. These issues have stumped even federal regulators, so experts will be indispensable and can break down otherwise inaccessible information, providing explanations to attorneys and courts that are easily understood. Those with expertise in port out scams and cyberattacks can help establish certain elements of a case, such as what the industry standard for the telecommunications field is and whether the current standard is adequate. Experts can also articulate what constitutes negligence, gross negligence, or other types of conduct with respect to mobile providers and SIM swapping.

If the plaintiff and future victims of SIM swapping prevail against their cellphone carriers, the amount of damages they are entitled to will be a question for the courts. Because the damages at issue arise from the loss of cryptocurrency, experts who can speak to the value of Bitcoin or other digital currencies can help juries reach figures for compensatory relief. The appropriate amount of damages can be difficult to adjudge without experts’ guidance because there are over 1,800 digital currencies, and “[c]ryptocurrencies have a market capitalization of about $200 billion, according to data.” Chavez-Dreyfuss, supra.

In addition to the compensatory damages requested, which the plaintiff claims amount to $23.8 million, the lawsuit seeks $200 million in punitive damages against AT&T. See id. The rationale behind the punitive damages claim is that AT&T did not handle the security breaches of the plaintiff’s information seriously and failed to take measures to ensure its employees “are not complicit in theft and fraud.” See Complaint at 5, para. 12, Terpin v. AT&T,(C.D. Cal. 2018) (No. 2:18-cv-6975).

The plaintiffs argue that certain AT&T employees “facilitated the SIM swap” and “colluded with the hackers in perpetuating the fraud” at issue. See id. at 59, para. 208. The defendant’s conduct is alleged to be “despicable,” “willful and with conscious disregard of the rights and safety” of the plaintiff, and the complaint claims the defendant’s actions subjected the plaintiff to “cruel and unjust hardship in conscious disregard of his rights.” See id. at 60, para. 215. To substantiate these claims regarding AT&T’s behavior, the plaintiff will likely require expert witness evidence regarding specific actions that constitute such willful or otherwise serious behavior as to justify punitive damages.

In fact, part of the plaintiff’s request for such damages is predicated on the idea that if the defendant is made to pay the amount requested in punitive damages, the company will take future instances of SIM swapping more seriously and be more cautious with the individuals it hires and gives authority to. See id. at 5, para. 12. Experts may be able to attest to whether or how punitive damages have impacted a company’s behavior and if such damages have effected the types of positive changes plaintiffs have sought. Defense experts have several options for objecting to punitive awards, which may include demonstrating that such damages do not accomplish what is intended, challenging the amount requested, arguing that certain mitigating factors should decrease damages, and persuading a jury that the defendant’s conduct was not malicious or otherwise serious enough to justify a punitive award.

The defendant has stated that it disputes the plaintiff’s allegations but has not yet released any specifics regarding its defense. See, e.g., Lorenzo Fraceschi-Bicchierai-1, supra. However, one attorney who reviewed the lawsuit expressed doubts that the case will go to trial. See id. His skepticism is rooted in the fact that cellphone carriers generally “include arbitration clauses in their terms of services with their customers” and that while “the security issues pointed out in the lawsuit are serious,” a court may not be the appropriate forum to resolve them. See id.

Whether an arbitration agreement precludes relief from a court is an issue that may necessitate expert witness input. At times, arbitration agreements have been set aside, but for this to occur, a compelling public policy reason must often be provided. Experts may argue that an arbitration clause should not be invoked because of an issue that is unique to a particular claim—perhaps the defendant’s conduct was severe enough to nullify such an agreement, or the amount of damages incurred may be a reason to ignore arbitration provisions.

The plaintiff’s attorneys claim they do not believe the arbitration clause will be an issue and feel confident the case will go to trial. See id. The complaint alleges that the defendant violated several binding promises made to the plaintiff regarding security. See Complaint at 16-19, para. 45-51, supra. If there is sufficient evidence to establish that such a breach occurred, expert testimony may help the plaintiff persuade a court that because the defendants broke their promises, the plaintiff should not be required to resolve his claims through arbitration because doing so would uphold a one-sided agreement.

Experts for the plaintiff may argue that if a court invokes an arbitration agreement drafted by the party that committed a breach, those who violate contracts are rewarded, and the redress of an aggrieved party is unjustly limited. In the case at hand, the plaintiff’s attorneys enumerated various reasons why enforcing the arbitration clause would be unconscionable and would deny the plaintiff certain remedies that are legally available to him. See id. at 34-5, para. 97-101. The plaintiff requested the court to reject arbitration, largely based upon the claim that the combination of the defendant’s conduct and customer agreement render an arbitration agreement unenforceable because of unconscionability, fairness concerns, and contradictory statutory provisions. See id. To persuade a court to deny the arbitration clause, the plaintiff’s attorneys may require evidence from experts in arbitration, contracts, and/or the telecommunications industry.

To gain a judge’s agreement and compel the parties to abide by an arbitration agreement, defense experts can argue that consumers knowingly and voluntarily entered into such agreements and should not be able to set them aside simply because they find their end of a bargain unappealing. Experts can also point to the prevalence of arbitration clauses in telecommunications contracts and offer evidence to establish that such clauses are the industry standard. If a court rules that arbitration is the standard practice, experts on both sides can provide responsive analysis. Experts who favor arbitration may explain why the industry standard is adequate, while opposing experts may argue that standard should be higher and arbitration dispensed with. In any event, with respect to whether or not arbitration should be the required way to address this litigation, experts in contracts, arbitration, and the mobile phone industry can offer tremendous insight for both sides.

Conclusion:

The lawsuit against AT&T regarding SIM swapping and the theft of digital currency may be the first of its kind, but it is unlikely to be the last. Attorneys may wish to watch this litigation closely, and the case may set a precedent for future legal actions of a similar nature. Multiple factors make this lawsuit noteworthy, and expert witnesses are likely to play a critical part at each juncture. Attorneys who deal with digital security, Bitcoin or other cryptocurrencies, mobile carriers, privacy, and related fields will benefit greatly if they involve experts early in litigation and utilize them frequently to help obtain desired results.

[1]There are two articles by LorenzoFranceschi-Bicchierai from the same publication. Lorenzo Franceschi-Bicchierai-1 refers to the August 15, 2018 article. Lorenzo Franceschi-Bicchierai-2 indicates the July 17, 2018 story.