Jeff Hamlin approaches his clients’ problems personally, as if he were solving them for someone in his own family. He carefully weighs all sides of the issue, assesses all the evidence and considers the consequences of various outcomes. In recommending a course of action, he gives his honest and direct judgment of how to achieve what is best for the client. In carrying out that course of action, he consistently applies the sum of his knowledge and skills.
With a practice focused on white-collar criminal defense, major civil litigation and government contracts, Jeff understands the weight of the legal problems his clients face. Often, the wrong outcome can mean prison, financial loss and personal devastation. Knowing that, he invests himself fully in each case, applying the full breadth of his experience acquired in a broad range of practice areas. Jeff dedicates himself to understanding the fine details of each case and the governing legal landscape. In that way, he is able to help his clients identify the most promising way through their legal problem.
A litigator who has handled cases in environmental law, civil rights, and legal ethics, Jeff now focuses his practice on white-collar defense, FTC litigation, government contracts, health care litigation and Internet gaming. Among his many cases, he has successfully represented the former CEO of an Internet company charged with securities fraud, the owner of a pharmaceutical supply company charged with diverting pharmaceuticals, and a kidney dialysis provider seeking to operate in a city that had closed itself to new dialysis stations.
Jeff began his career as an environmental associate in the Washington, D.C. office of Latham & Watkins. In 2007, he joined Jeff Ifrah at Greenberg Traurig, where he began to focus his practice on government contracts, health care and white-collar defense. In 2009, Jeff joined Ifrah PLLC as its first associate.
Throughout his legal career, Jeff has been committed to pro bono work. He recently represented two naturalized citizens who were being investigated for mortgage fraud in Northern Virginia. He also worked with Washington’s Whitman-Walker Clinic to prosecute an Americans with Disabilities Act case against D.C. Public Schools and helped obtain immigration relief for a teenage orphan from Guinea, West Africa.
Awards + Recognition
- The Daily Journal (Los Angeles) published an article by Jeffrey Hamlin that argues that a U.S. district judge in New York State was incorrect in permitting a criminal fraud case to go forward based on a novel interpretation of the "intangible property rights" theory.
- The Daily Journal also published another article by Jeffrey Hamlin where he discusses the current recession's effect on federal prison sentences and "good time credits".
- The Houston Chronicle ran an October op-ed in which Jeffrey Hamlin analyzes the still-pending sentencing of former Enron CEO Jeffrey Skilling.
- CALI Award, Sexual Orientation and the Law, Spring 2001
Professional + Community
- Member, National Association of Criminal Defense Lawyers
- Member, American Bar Association
Defending a Healthcare Provider Against Claims of Fraud
Our client, a prominent anesthesiologist, employed a medical services billing specialist to submit insurance claims for his practice and surgery center. The terms of the specialist’s contract stated that she would receive 18% of each claim she filed using a specific step-by-step submission and follow-up process.
After the billing specialist was terminated for not following the established submission procedures, she sued the doctor to retain her full commission on outstanding claims she had worked on prior to her dismissal, including those that hadn’t yet been paid. In addition to this contract dispute, she also accused our client and his surgery center of fraud, alleging that they funneled money into a “secret account” to avoid paying her commission under the contract.
Although there was very little basis for the fraud claim, the court allowed it to move forward. Jeff understood the importance of attempting a settlement on the contract claim, so he analyzed the agreement and claims reports and devised a methodology for valuing the claim. When the plaintiff refused to settle, Jeff and the client pursued mediation with confidence, understanding both the fair value of the case and specific details of the parties’ contract. During mediation, the plaintiff’s side raised several arguments that demonstrated their lack of familiarity with the contract. Jeff’s thorough understanding of certain provisions allowed the defendant to quickly address and dismiss the arguments. As a result, the plaintiff ended up settling for much less than she originally claimed.
While the settlement terms are confidential, our client was thrilled with the final result, not only with the amount and the dismissal of the fraud claims, but also in terms of how well the matter was handled.
Obtaining a Reversal of Conviction and Sentence Reduction for Securities Fraud
Ifrah Law represented a former Homestore.com executive, Stuart Wolff, who was indicted for securities fraud. During a six-year battle with the U.S. Attorney’s Office for the Central District of California, the trial and appellate teams worked together
to secure a reversal of the client’s conviction and a new trial.
In the months leading up to the second trial, the defense team, which included Jeff Ifrah of Ifrah Law, leveraged irregularities with discovery to obtain dismissal of all charges related to PricewaterhouseCoopers, Homestore’s former accounting firm. As a result, the sentence on remand was reduced by 70 percent relative to the sentence imposed after the first trial.
Jeff Ifrah was the only attorney Mr. Wolff retained from the beginning of the case to its conclusion. Mr. Ifrah began managing the legal team after the first trial, continued through the appellate process, and also in the team’s preparation for trial on remand.
Jeff Ifrah was responsible for formulating and executing the strategy that resulted in the 70 percent reduction of Mr. Wolff’s sentence.
(U.S. v. Wolff, Case No. 2:05-cr-00398 (U.S. District Court, Central District of California))
Successfully Defending a Government Contractor Against a Terminated Employee’s Health Care Claim
Ifrah Law successfully defended a government contractor against claims by a terminated company employee. Our client, a health care professional supplier, faced allegations that it failed to offer the former employee COBRA insurance coverage, as required under the COBRA statute.
Ifrah Law conducted a bench trial in the U.S. District Court for the Eastern District of Virginia in January 2012. The judge sustained minimal claims and awarded the plaintiff a mere $500.
(Middlebrooks v. Godwin Corporation, U.S. District Court, Eastern District of Virginia, No. 1:10CV1306))
Successful Insurance Settlement for Single Mother of Four
Over 10 years ago, a divorced mother of four purchased a disability insurance policy that was sold to her as a noninterest-bearing savings plan. A bungled application process resulted in coverage that was considerably more expensive than the agent had led her to believe, so she asked for a reduction in coverage that would bring her payment in line with the quoted rate. The insurance agent assured her that he could amend her policy.
For 10 years, she paid the reduced premium in full and on time. When the policy expired, she contacted the insurance company to request the lump-sum payment she had been promised. The insurance company denied that she was entitled to any such payment, saying that the payment benefit had been cancelled when the agent revised the policy a decade earlier.
Ifrah Law appealed the decision and represented the client at non-binding mediation. The firm obtained a favorable settlement on our client’s behalf, the full amount of which went directly to her.
In January 2017, the Obama Administration will transfer power to the incoming Trump Administration, and Congress will convene with a Republican majority in both houses. Predictions abound as to what legislative and regulatory changes will transpire under the new administration. Earlier this month, WSJ Pro hosted a live video event to discuss how the election will impact financial regulation. Financial Regulation Editor Jacob Schlesinger moderated the discussion with two Washington financial-policy analysts: Brian Gardner of Keefe, Bruyette & Woods, and Ian Katz of Capital Alpha Partners. Both analysts expect aggressive deregulation of the financial sector according to the President-Elect’s promises during the campaign. Among the many topics covered, Gardner and Katz emphasized (i) potential changes to the Dodd-Frank Act, (ii) personnel changes at various agencies, including the Securities and Exchange Commission (SEC), and (iii) a more lenient approach to enforcement.
President-Elect Trump campaigned on a promise to get rid of the Dodd-Frank Act. Enacted in the wake of the 2008 recession, Dodd-Frank sought to limit the risks that banks can take and provided for consumer protection through the creation of the Consumer Financial Protection Bureau (CFPB). However Gardner and Katz agree that wholesale repeal of Dodd-Frank is unlikely, partly because Republicans will have a slim majority in the Senate and, thus, may lack the sixty votes needed to end a filibuster. If Senate Democrats unite in their opposition to repeal, they can prevent a vote altogether. Gardner and Katz think it more likely that the administration will modify Dodd-Frank at the margins.
Katz expects targeted efforts in that regard. For example, he predicts that the CFPB will be weakened, but not abolished. The new administration can weaken the Bureau by replacing its current single director with a Republican appointee, or by changing its structure to that of a commission with no more than three of five commissioners from either party. Given the President-Elect’s populist message, efforts to abolish the CFPB would be politically risky: the Bureau was established to protect consumers.
The administration could also target CFPB regulations. Gardner notes that promulgated rules will likely survive, but non-final rules may be withdrawn and rewritten. For example, in June 2016, CFPB proposed new restrictions on payday lending, but they have not yet been finalized. If the proposed rules are still pending in January 2017, the new administration may scrap them in favor of less onerous restrictions.
In addition to these modifications related to Dodd-Frank, Gardner and Katz discussed personnel changes at various agencies, including the Securities Exchange Commission (SEC). Although President-Elect Trump campaigned on a promise to “drain the swamp,” leaks from his transition team suggest he will rely to a great extent on veterans of past Republican administrations. Heading the efforts for independent regulators like the SEC, the Commodity Futures Trading Commission (CFTC), and the Federal Reserve is Paul Atkins, an ex-SEC Commissioner who disfavors regulation. Atkins almost certainly is looking for potential appointees who share his view. Gardner does not anticipate major shifts in the regulatory environment but, as Katz notes, individuals appointed to lead these agencies will set the tone and influence each agency’s enforcement priorities. Codified rules likely will remain, but agencies faced with close questions or grey areas of the law will probably resolve them in favor of industry.
All that said, President-Elect Trump’s candidacy did not unfold as many predicted. It will be interesting to see whether and how these expected changes to financial regulation materialize under the new administration.
In March 2015, I wrote about the ongoing dispute between the FTC and LabMD, an Atlanta-based cancer screening laboratory, and looked at whether the FTC has the authority to take enforcement action over data-security practices alleged to be insufficient and therefore “unfair” under section 5(n) of the Federal Trade Commission Act (“FTCA”). On November 13, 2015, an administrative law judge ruled that the FTC had failed to prove its case.
In 2013, the FTC filed an administrative complaint against LabMD, alleging it had failed to secure personal, patient-sensitive information on its computer networks. The FTC alleged that LabMD lacked a comprehensive information-security program, and had therefore failed to (i) implement measures to prevent or detect unauthorized access to the company’s computer networks, (ii) restrict employee access to patient data, and (iii) test for common security risks.
The FTC linked this absence of protocol to two security breaches. First, an insurance aging report containing personal information about thousands of LabMD customers was leaked from the billing manager’s computer onto peer-to-peer file-sharing platform LimeWire, where it was available for download for at least eleven months. Second, Sacramento police reportedly discovered hard copies of LabMD records in the hands of unauthorized individuals. They were charged with identity theft in an unrelated case of fraudulent billing and pleaded no contest.
Incriminating as it all might seem, Administrative Law Judge D. Michael Chappell dismissed the FTC’s complaint entirely, citing a failure to show that LabMD’s practices had caused substantial consumer injury in either incident.
Section 5(n) of the FTCA requires the FTC to show that LabMD’s acts or practices caused, or were likely to cause, substantial injury to consumers. The ALJ held that “substantial injury” means financial harm or unwarranted risks to health and safety. It does not cover embarrassment, stigma, or emotional suffering. As for “likely to cause,” the ALJ held that the FTC was required to prove “probable” harm, not simply “possible” or speculative harm. The ALJ noted that the statute authorizes the FTC’s regulation of future harm (assuming all statutory criteria are met), but that unfairness liability, in practice, applies only to cases involving actual harm.
In the case of the insurance aging report, the evidence showed that the file had been downloaded just once—by a company named Tiversa, which did so to pitch its own data-security services to LabMD. As for the hard copy records, their discovery could not be traced to LabMD’s data-security measures, said the ALJ. Indeed, the FTC had not shown that the hard copy records were ever on LabMD’s computer network.
The FTC had not proved—either with respect to the insurance aging report or the hard copy documents—that LabMD’s alleged security practices caused or were likely to cause consumer harm.
The FTC has appealed the ALJ’s decision to a panel of FTC Commissioners who will render the agency’s final decision on the matter. The FTC’s attorneys argue that the ALJ took too narrow a view of harm, and a substantial injury occurs when any act or practice poses a significant risk of concrete harm. According to the FTC’s complaint counsel, LabMD’s data-security measures posed a significant risk of concrete harm to consumers when the billing manager’s files were accessible via LimeWire, and that risk amounts to an actual, substantial consumer injury covered by section 5(n) of the FTCA.
The Commissioners heard oral arguments in early March and will probably issue a decision in the next several months. On March 20th, LabMD filed a related suit in district court seeking declaratory and injunctive relief against the Commission for its “unconstitutional abuse of government power and ultra vires actions.”
Last July, we reported on United States v. Davis, an Eleventh Circuit decision in favor of privacy rights. In that case, a three-judge panel held that cell phone users have a reasonable expectation of privacy in their cell phone location data. If the government wants to collect the data, it must first obtain a probable-cause warrant, as required by the Fourth Amendment.
The groundbreaking decision seemed a clear victory for privacy rights, but the victory proved to be ephemeral. Last year, the en banc court agreed to revisit the question and, weeks ago, declared that subscribers do not have a reasonable expectation of privacy in their cell tower location data. As a result, the government can collect such data from third-party service providers if it shows reasonable grounds to believe the information is relevant and material to an ongoing criminal investigation.
In February 2010, defendant Quartavius Davis was convicted on multiple counts for robbery and weapons offenses. Davis appealed on grounds that the trial court admitted cell tower location data that the prosecution had obtained from a cell phone service provider in violation of Davis’ constitutional rights. An Eleventh Circuit panel agreed with Davis. Speaking for the court, Judge Sentelle explained that Davis had a reasonable expectation of privacy in the aggregation of data points reflecting his movement in public and private places. The government’s collection of the data was a warrantless “search” in violation of the Fourth Amendment.
To reach that decision, the panel leaned heavily on a 2012 Supreme Court case called United States v. Jones. In Jones, the Court announced that the government must have a probable-cause warrant before it can place a GPS tracking device on a suspect’s car and monitor his travel on public streets. The Court so held based on a trespass (or physical intrusion) theory. Absent probable cause, the government could not commandeer the suspect’s bumper for purposes of tracking his movement, even if each isolated movement was observable in public. Several Justices went further, suggesting that the same result should obtain even without a trespass. They hinted that location data might be protected because individuals have a reasonable expectation of privacy in the sequence of their movements over time. It was this persuasive but nonbinding privacy theory that guided the Eleventh Circuit’s panel decision.
On rehearing, the en banc court rejected the panel’s approach. The court noted that Davis could prevail only if he showed that a Fourth Amendment “search” occurred and that the search was unreasonable. He could show neither. To demonstrate a search, Davis had to establish a subjective expectation and objective expectation of privacy in his cell tower location data. But this case involved the collection of non-content cell tower data from a third-party provider who collected the information for legitimate business purposes: the records were not Davis’ to withhold. According to the court, Davis had no subjective expectation of privacy in the data because cell phone subscribers know (i) that when making a call, they must transmit their signal to a cell tower within range, (ii) that in doing so, they are disclosing to the provider their general location within a cell tower’s range, and (iii) that the provider keeps records of cell-tower usage. But even if Davis could claim a subjective expectation of privacy, he could not show an objective expectation. In the court’s view, Supreme Court precedent made clear that customers do not have a reasonable expectation of privacy in non-content data voluntarily transmitted to third-party providers. Because there was no “search,” there could be no violation of Davis’ constitutional rights.
The en banc court explained further that Jones did nothing to undermine the third-party doctrine. For one, Jones involved a government trespass on private property. But the records in Davis were not obtained by means of a government trespass or even a search, so Jones did not control. Additionally, Jones involved location data that was first collected by the government in furtherance of a criminal investigation. By contrast, Davis involved location data that was first compiled by a service provider in the ordinary course of business. Simply put, “[t]he judicial system does not engage in monitoring or a search when it compels the production of preexisting documents from a witness.”
The post Cell Tower Location Data Privacy Decision Reversed appeared first on Crime In The Suites.
FTC seems more confident than ever in its authority to go after companies with insufficient data security measures. As of January 2015, FTC had settled 53 data-security enforcement actions, and FTC Senior Attorney Lesley Fair expects that number to increase.
Not everyone is sanguine about FTC’s enforcement efforts. Companies targeted for administrative action complain that the Commission is acting beyond its delegated powers under the Federal Trade Commission Act (the “FTCA”). So far, courts have declined to intervene in any administrative action that is not yet resolved at the agency level.
One such case involves LabMD, Inc., an Atlanta-based cancer-screening laboratory. At least nine years ago, someone downloaded onto the billing department manager’s computer a peer-to-peer file-sharing application called Limewire. Hundreds of files on the computer were designated for sharing on the network, including an insurance aging report that contained personal information for more than 9,000 LabMD customers. In 2008, a third party notified LabMD that the aging report was available on Limewire. The application was promptly removed from the billing department manager’s computer, but the damage allegedly had been done. According to FTC, authorities discovered in October 2012 that data from the aging report and other LabMD files were being used to commit identify theft against LabMD’s customers.
Ten months later, FTC filed an administrative complaint against LabMD alleging that it had failed to employ reasonable and appropriate data security measures. FTC further alleged that LabMD could have corrected the problems at relatively low cost with readily available security measures. By contrast, LabMD’s customers had no way of knowing about the failures and could not reasonably avoid the potential harms, such as identity theft, medical identity theft, and disclosure of sensitive, private, medical information. On these facts, FTC alleged that LabMD had committed an unfair trade practice in violation of the FTCA.
LabMD tried to get the administrative action dismissed on several grounds, including that the FTCA does not give the Commission express authority to regulate data-security practices. The Commission denied LabMD’s motion, explaining that Congress gave FTC broad jurisdiction to regulate unfair and deceptive practices that meet a three-factor test: section 5(n) provides that, in enforcement actions or rulemaking proceedings, the Commission has authority to determine that an act or practice is “unfair” if (i) it causes or is likely to cause substantial injury to consumers which is (ii) not reasonably avoidable by consumers themselves and (iii) not outweighed by countervailing benefits to consumers or competition. Commissioners noted that the FTCA as passed in 1918 granted FTC the authority to regulate unfair methods of competition. When courts took a narrow view of that authority, Congress responded by amending the FTCA to clarify that the Commission has authority to regulate unfair acts or practices that injure the public, regardless of whether they injure one’s competitors. According to the Commission, the statutory delegation is intentionally broad, giving FTC discretionary authority to define unfair practices on a flexible, incremental basis. For these and other reasons, the administrative action against LabMD would proceed.
Having failed to get the case dismissed, LabMD sought relief from the federal courts to no avail. On January 20, 2015, the U.S. Court of Appeals for the Eleventh Circuit dismissed LabMD’s suit for lack of subject-matter jurisdiction. The court explained that it lacked the power to decide LabMD’s claims in the absence of final agency action. FTC had filed a complaint and issued an order denying LabMD’s motion to dismiss. But neither was a reviewable agency action because neither represented a “consummation of the agency’s decision-making process.” Moreover, “no direct and appreciable legal consequences” flowed from the actions and “no rights or obligations had been determined” by them.
LabMD can challenge FTC’s data-security jurisdiction only after the Commission’s proceedings against it are final. That may well be too late. As a result of FTC’s enforcement action, the company was forced to wind down its operations more than a year ago.
LabMD is one of very few companies to test FTC’s data-security jurisdiction. In 2007, a federal court in Wyoming sided with FTC in holding that the defendant’s unauthorized disclosure of customer phone records was an unfair trade practice in violation of the FTCA. The Tenth Circuit affirmed that decision on appeal.
More recently, a district court in New Jersey gave FTC a preliminary victory against Wyndham Worldwide Corporation. In that case, the court held that FTC’s unfairness jurisdiction extends to data-security practices that meet the three-factor test under Section 5(n). That decision is currently on appeal before the Third Circuit. During oral argument on March 3rd, the three-judge panel signaled little doubt that FTC has authority to regulate unreasonable cybersecurity practices. Instead, the panel was concerned with how the Commission exercises that authority—specifically, whether and how it has given notice as to what data security measures are considered to be “unfair.”
Recently, the Tenth Circuit Court of Appeals considered the dividing line between free speech guarantees and the state’s authority to criminalize threat speech. In United States v. Heineman, the court held that the government must prove specific intent in true-threat cases: to obtain a conviction, prosecutors must prove not just that the defendant intended to communicate a threat, but that he intended for the recipient to feel threatened.
The underlying case was brought against Aaron Heineman, a white supremacist from Utah. Several years ago, he composed a “poem” and e-mailed it to a professor at the University of Utah. The writing addressed the professor by name and opened with the statement, “Come the time of the revolution[,] we will convene to detain you [a]nd slay you . . . .” Fearing for his safety, the professor notified authorities, who traced the e-mail back to Heineman. Heineman was charged with one count of sending an interstate threat in violation of 18 U.S.C. § 875(c).
At trial, Heineman claimed that he suffered from Asperger’s Disorder and, therefore, could not foresee that the professor would feel threatened by the poem. But the trial judge signaled that Heineman could be convicted on proof that he meant to send the communication, regardless of whether he intended a particular result.
After a bench trial, Heineman was convicted based on findings that he knowingly transmitted a communication containing a threat and that his poem was a “true threat” because it would cause a reasonable person to conclude that he intended to cause bodily injury.
On appeal, the Tenth Circuit reversed. Speaking for the court, Circuit Judge Harris Hartz explained that the district court’s “reasonable person” standard was not sufficiently protective of free-speech rights, especially given the Supreme Court’s 2003 decision in Black v. Virginia. In Black, the Court upheld Virginia’s authority to ban cross burnings carried out with the intent to intimidate, but prohibited the state from treating cross burning itself as prima facie evidence of that intent. The Court explained, “‘[T]rue threats’ encompass statements where the speaker means to communicate a serious expression of intent to commit an act of unlawful violence to a particular individual or group of individuals.” The Court continued, “Intimidation . . . is a specific type of ‘true threat’ where a speaker directs a threat to a person or group of persons with the intent of placing the victim in fear of bodily harm or death.”
The Tenth Circuit applied these definitions in Heineman’s case and concluded that, under the First Amendment, he could only be convicted of making a true threat if he intended the professor to feel threatened. In Judge Hartz’s view, when the Black Court said the speaker must “mean[ ] to communicate,” the Court was saying that the speaker must intend to communicate threatening words and to instill fear. Indeed, the plurality in Black criticized the prima facie rule precisely because it failed to distinguish between cross burning for purposes of stoking anger and resentment, on one hand, from cross burning for purposes of threatening or intimidating a victim, on the other. The former was considered protected speech, whereas the latter was proscribable as a “true threat.”
The Tenth Circuit is one of two federal appellate courts to interpret Black as requiring subjective intent. Six others have rejected that approach. One such decision has already made its way to the Supreme Court. By next summer, we should know whether the Tenth Circuit got it right.
The post The Road to True Threats is Paved with Intimidating Intentions appeared first on Crime In The Suites.