Following up on my earlier post, the mental health issue - where sensitive, is not a 'free pass' for us to turn a blind eye to what damage to the integrity and tarring of the domain investing community RDCE is accruing with his actions, and to where there may be offences of criminality, and in the most recent episode of his *desperate pursuit of a ‘$100 billion market cap’.
*A multitude of poorly executed ‘money-grabs’ e.g. ‘Skool’ under a long disbanded brand name (Digitalcandy).
Addressing my most recent concern;-
https://smartbranding.com/the-power...ryan-ewen-strategic-investments-that-pay-off/
Listen, approx. - 8:25 - 9:05
‘There’s a bank and they rebranded last year and they had a CCTLD rather than a com, someone tried to sell it to the bank – the bank said no. They came to me and said, ‘Look Ryan, basically can you help’ and because I’ve a background in financial services and stuff, I can open doors, so what I did was I opened up the e-mail records and there was a flood of e-mails, sensitive e-mails – customer account (forms?), internal communication, and all I did was package it up and sent it to the CEO, the head of the legal team, and then they had no option but to pay for the domain because basically they should have done it already.’
What he describes, which I have very good reason to believe is factual, but regardless – it’s another platform where keen followers of his will tune in and believe this highly immoral and frankly, what I interpret as and would confidently put forward as
criminal behaviour is an acceptable form of ‘
business’.
‘
because I’ve a background in financial services and stuff, I can open doors, so what I did was I opened up the e-mail records and there was a flood of e-mails, sensitive e-mails’
In the podcast, RDCE recounts the
steps he made to secure the sale (to the bank who had previously said ‘
no’) through his knowledge/ ‘
background in financial services’ and ability to ‘
open doors’; his statements on the podcast communicate to me, he premeditatively knew the value and/or vulnerability/leverage that opening these email records could/would eventually provide.
By my interpretation, his own statement demonstrates intent and awareness - RDCE wasn’t acting accidentally or naively (stumbling across the e-mails) but rather fully understood the implications of opening up the records, from access, every
intention in handling the emails for the purpose of leverage in a negotiation over the bank
who had previously stated ‘no’.
He professes to have built '
500 websites', and has been in the
'financial services' industry for at least a minimum of 12 years, reasonably by his experience and the nature of the job he would be aware of the common pitfalls and 'horror stories', how to prevent/avoid them (and how to use them to his advantage if he had any intention to do so).
With that in mind,
‘
what I did was I opened up the e-mail records and there was a flood of e-mails, sensitive e-mails – customer account (forms?), internal communication,’
It is my opinion, also considering the notion of intent, RDCE has been in breach of GDPR Articles 5,6,9.
‘Article 5(1) GDPR – Principles relating to processing of personal data
Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);’
‘Article 6(1) GDPR – Lawfulness of processing
Processing shall be lawful only if and to the extent that at least one of the following applies:’
None of the following applies to RDCE’s processing of the data, he did not have consent to ‘
package it up’ (by reasonable expectation is that RDCE should be competent and fully aware of
his obligations under data handling with a ‘
background in financial services’, finance company with his older brother since 2012).
Plausibly, with ‘
a flood of e-mails, sensitive e-mails - customer account (forms?), internal communication,’ - I deduct a level of special category personal data was also contained within the e-mails.
Article 9 provides
additional protection for special categories of personal data (often referred to as ‘sensitive data’), such as data concerning racial or ethnic origin, political opinions, religious beliefs, health, sexual orientation, etc. Processing this data is
prohibited unless one of the exceptions under
Article 9(2) applies, such as explicit consent, protection of vital interests, or legal claims.
Note: and whilst claims of accidental receipt of sensitive information might not immediately be illegal, once the recipient realises the data is sensitive and not intended for them
, they have an obligation (furthermore, as a registered data handler himself and under the FCA’s Code of Conduct as with his ‘
financial background’) to handle it appropriately, such as by notifying the rightful owner or securely deleting it which he does not say he does, instead and by his own admission RDCE - ‘
all I did was package it up’, handling/processing data he did not own or have any right to and non-consensually packaged and distributed/presented the sensitive data in a specific manner - ‘
and sent it to the CEO, the head of the legal team,’ (methodical), for its intended purpose:
to sell the domain name to the bank.
What I interpret as cause for prosecution
on criminal grounds,
Data Protection Act 2018 (DPA 2018)
RDCE:
‘
I opened up the e-mail records’
‘and then they had no option but to pay for the domain’
‘
all I did was package it up’
‘
and sent it to the CEO, the head of the legal team,’
Section 170 of the Data Protection Act 2018 – Unlawful obtaining etc. of personal data
(1) It is an offence for a person knowingly or recklessly—
(a) to
obtain or
disclose personal data
without the consent of the controller,
(b) to procure the disclosure of personal data to another person without the consent of the controller, or
(c) after obtaining personal data, to retain it without the consent of the person who was the controller in relation to the personal data when it was obtained.
Note, if RDCE used the sensitive data obtained
(‘
I opened up the e-mail records’) to coerce the bank into purchasing the ‘
com’ in question it would qualify as
blackmail under UK law/jurisdiction.
Section 21, Theft Act 1968 defines
blackmail as making an unwarranted demand with *menaces. Whereas, RDCE by his own admission (allegedly) sent the information to the CEO
and legal team (without prior instruction), ‘
then they had no option but to pay for the domain,’ - language, demeanour and actions highly suggestive of blackmail. Please see also below
, Fraud Act 2006 as this is also misleading (false representation) that they had ‘
no option’.
Theft Act 1968, Section 21 - Blackmail.
(1)A person is guilty of blackmail if, with a view to gain for himself or another or with intent to cause loss to another, he makes any unwarranted demand with *menaces; and for this purpose, a demand with *menaces is unwarranted unless the person making it does so in the belief—
(a)that he has reasonable grounds for making the demand; and
(b)that the use of the menaces is a proper means of reinforcing the demand.
*The definition of ‘
menaces’ from a legal perspective; would the threat influence or coerce a reasonable person of normal stability and courage
to give in to the demand?
(Note: Bank previously said ‘
no’)
‘
no option but to pay for the domain,’
Qualifying as a ‘
menace’ if it also
takes advantage of the particular vulnerabilities of the person (entity). For instance, threat/implied threat of exposure of sensitive personal or financial information can constitute ‘
menaces’ because of the reputational or economic damage they could cause (like the reputational and potentially financial harm to the bank in this scenario).
With a ‘
background in financial services’, claiming to have run a finance company with his brother since 2012 (approximately 12 years), reasonably he would have been fully au fait with the gravity
– note he did not send only to the CEO but also (by my deduction) methodically to ‘the head of the legal team’.
RDCE by his own admission on the podcast with Tatiana, from the unidentified person approaching him for ‘
help’ after the bank said ‘
no’,
intentionally (in my opinion) leveraged through his prior knowledge via
‘background in financial services’ using the sensitive information to coerce the bank into buying the domain, this would likely constitute extortion through blackmail.
I’d also be looking at the unauthorised access under the Computer Misuse Act 1990 & unlawful interception under Regulation of Investigatory Powers Act 2000 (RIPA).
Part 1.
Fraud Act 2006, Section 2 & 4
By his own admission he has established
intention, plus taking into account RDCE’s proven track-record/propensity for misleading actions for personal financial gain;-
Section 2, Fraud by false representation
(1)A person is in breach of this section if he—
(a)dishonestly makes a false representation, and
(b)intends, by making the representation—
(i)to make a gain for himself or another, or
(ii)to cause loss to another or to expose another to a risk of loss.
It is of my opinion, RDCE set to
deliberately mislead the bank into thinking they needed (had ‘no option but’) to purchase the domain to protect their sensitive data, this would be classified
as fraud.
Section 4, Fraud by abuse of position
‘I’ve a background in financial services and stuff, I can open doors’
‘
sent it to the CEO, the head of the legal team’
(1)A person is in breach of this section if he—
(a)occupies a position in which he is expected to safeguard, or not to act against, the financial interests of another person,
(b)dishonestly abuses that position, and
(c)intends, by means of the abuse of that position—
(i)to make a gain for himself or another, or
(ii)to cause loss to another or to expose another to a risk of loss.
(2)A person may be regarded as having abused his position even though his conduct consisted of an omission rather than an act.
In conclusion, and it is of my opinion, deduced from RDCE’s
own statements in the podcast with Tatiana - it suggests RDCE had clear awareness of his actions and their consequences. He leveraged his technical knowledge/experience, quote ‘
background in financial services and stuff, I can open doors’ to access sensitive data, knowingly used this information to pressure the bank into purchasing a domain ‘
sent it to the CEO, the head of the legal team’, and demonstrated
with intent to exploit the situation for financial gain.
These actions likely amount to serious
violations under GDPR, the
Data Protection Act 2018, the
Theft Act 1968 (
blackmail), and the
Fraud Act 2006, with possible breaches of the
Computer Misuse Act and RIPA as well.
