The Internet Law Resource Center™ is the complete information solution for practitioners in cyberlaw. Follow the latest developments on ICANN’s gTLD program, keyword advertising, online privacy,...
Dec. 3 — A police officer was wrongfully convicted of federal computer fraud for using job-related access rights to law enforcement databases in order to find personal information about the subjects of his violent sexual fantasies, the U.S. Court of Appeals for the Second Circuit held Dec. 3.
Judge Barrington D. Parker, writing for a 2-1 majority, said legislative history supported the view that the statutory phrase “exceeding authorized access” meant accessing information on a computer without having authorization—not, as the government argued, using authorized access rights for an unauthorized purpose.
The case broadens a circuit split over whether the Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(2), should be read as a narrow anti-hacking statute or as a broader law that prohibits misuse of information obtained from a computer network by an authorized user.
The broader interpretation is frequently advanced by law enforcement as well as employers, who contend that the CFAA is violated by departing employees who use their computer credentials to access and copy proprietary information for later use in a new job.
The case was a criminal one. However, Peter Toren, a partner with Weisbrod Matteis & Copley PLLC in Washington and a former Justice Department Computer Crimes Unit prosecutor, told Bloomberg BNA Dec. 3 that courts bound by the decision are unlikely to ignore its holding in civil cases.
“Generally courts have applied the rule to civil and criminal cases in the same way,” Toren said.
Toren said he believes the majority interpreted the CFAA correctly.
“At the time [the officer] accessed the database he had authorization to access it, and that's what the statute is all about,” Toren said. “It's not about how you use the materials afterward.”
The CFAA provides several causes of action for taking information or committing fraud during an unauthorized computer access or an access in excess of authorization.
Defendant Gilberto Valle was a New York City Police Department officer who spent an extensive amount of his personal time engaged in online fantasy discussions about aberrant, violent sexual scenarios involving kidnapping, rape and torture. These discussions sometimes involved women he knew personally.
Valle used his credentials to search restricted law enforcement databases for addresses and other information about the subjects of his fantasies. Personal use of the databases violated NYPD rules.
Valle, dubbed the “cannibal cop” in the press after his arrest, was charged with violating the CFAA and with conspiracy to kidnap. He appealed his conviction on the CFAA count.
The Second Circuit first turned to legislative history after finding that the phrase “exceeds authorized access” was ambiguous as to whether it means the purpose for accessing information or the actual files and databases accesses. After its 1984 passage, Congress amended the CFAA in 1986, substituting “exceeds authorized access” for the prior language, “having accessed a computer with authorization, us[ing] the opportunity such access provides for purposes to which such authorization does not extend.”
The prosecution argued that this language was a mere simplification not meant to change the statute's scope. Valle, though, pointed to language in a Senate Committee Report showing that Congress meant to “remove[ ] from the sweep of the statute one of the murkier grounds of liability” by eliminating the word “purposes” from the CFAA.
The court found the legislative history to be ambiguous, but credited Valle's interpretation. “In explaining the revisions, the Committee understood authorization in spatial terms, namely, an employee going beyond the parameters of his access rights,” the court said.
The legislative history and the existence of a circuit split proved that the provision is ambiguous, the court said. Applying the criminal law's rule of lenity, under which criminal provisions must be interpreted narrowly, the court overturned Valle's CFAA conviction.
Judge Susan L. Carney joined the majority opinion.
Judge Chester J. Straub dissented, arguing that the plain text of the CFAA prohibits accessing databases in violation of any access restriction, regardless of its nature. Because the text is unambiguous, Straub urged, the CFAA's legislative history and the rule of lenity are irrelevant.
Justin Anderson and Randall Jackson of the U.S. Attorney's Office in New York represented the U.S. Edward Zas of the Federal Defenders of New York Inc. in New York represented Valle.
To contact the reporter on this story: Joseph Wright in Washington at email@example.com
To contact the editor responsible for this story: Thomas O'Toole at firstname.lastname@example.org
The dissent can be found at http://www.bloomberglaw.com/public/document/United_States_of_America_v_Valle_Valle_Docket_No_1404396_2d_Cir_N/1
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)