Court Says Gov't Can't Double Dip And Charge Email Hackers With A Felony For Both Hacking & Hacking Email
from the good-ruling dept
Orin Kerr has an interesting blog post, discussing how the government has been rejected in an attempt to turn a misdemeanor email hacking case into a felony, by finding two overlapping laws to charge the guy with for the single action. Kerr nicely summarizes the issue as follows:Federal criminal law has two overlapping misdemeanor criminal offenses that prohibit hacking into an e-mail account. The first, 18 U.S.C. 2701, specifically prohibits hacking into an e-mail account stored on an ISP’s server. The second, 18 U.S.C. 1030(a)(2), generally prohibits hacking into any computer, which will always be implicated when a person hacks into an e-mail account. The present overlap is largely a historical accident. When the two sections were enacted, both in 1986, Section 1030’s scope was very narrow. There was little overlap. But Section 1030 has been expanded over time so that it now covers every computer. As a result, 2701 in its current form is redundant: It doesn’t do any work that 1030 doesn’t already do. However, that overlap matters because violations of 2701 and 1030(a)(2) are normally misdemeanors, but Section 1030 contains an enhancement: The crime becomes a felony if it is conducted in furtherance of another crime. The present overlap between 1030 and 2701 raises the prospect that prosecutors might try to use the felony enhancement to engage in a kind of double-counting. Here’s the question: Can DOJ charge hacking into an e-mail account as a felony by claiming that it is a 1030 violation in furtherance of a 2701 violation?Apparently the Justice Department originally tried this with the guy arrested for hacking Sarah Palin's email, but later changed the charges. However, in this other case, United States v. Cioni, the 4th Circuit appeals court has rejected this line of reasoning by the government, and made it clear that it's attempting to double dip over a single action in order to turn a misdemeanor into a felony. The court points out that this pretty clearly violates US principles on double jeopardy:
Looking simply at the allegations of Count 2, it does appear that the government charged Cioni with unauthorized access or attempted access to information in [Victim 1]'s e-mail account and sought to elevate that charge to a felony by alleging that the access to [Victim 1]'s e-mail also constituted a violation of § 2701. Moreover, the facts that the government offered into evidence in support of Count 2 confirm this reading. . . . We thus conclude that a merger problem did arise, implicating double jeopardy principles, and that therefore the felony conviction on Count 2 must be vacated, and, as requested by Cioni, the count remanded for entry of a simple misdemeanor conviction, under § 1030(a)(2)(C).Always good to see courts get things right.
. . . . Count 4, which claims two crimes, one in furtherance of the other, is actually based on Cioni’s single unsuccessful attempt to access [Victim 2]'s AOL electronic e-mail account. Moreover, this is all that the government proved at trial. If the government had proven that Cioni accessed [Victim 2]’s e-mail inbox and then used the information from that inbox to access another person’s electronic communications, no merger problem would have arisen. But the government charged and attempted to prove two crimes using the same conduct of attempting, but failing, to access only [Victim 2]’s e-mail account. This creates a merger problem, implicating double jeopardy principles.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: double jeopardy, email, felony, hacking
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
It still raises the question
[ link to this | view in thread ]
Re: It still raises the question
[ link to this | view in thread ]
To be honest...
*You would also have to spoof at least one of the following, which would be a 3rd computer, or more: Kerberos server, some sort of trusted authority, or even just an IP address to a couple of routers or a DNS server. There are a lot of components involved in even trying something like this to the point where you would even stand out from countless normal attacks on public ranges that anyone competent could paint a dangerous cloud of a massive attack.
[ link to this | view in thread ]
Re: To be honest...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Yes, I have had people actually use that argument in real life.
[ link to this | view in thread ]
Unsuccessful?!?
[ link to this | view in thread ]
Re: Unsuccessful?!?
[ link to this | view in thread ]
Re: Re: To be honest...
"The hacker, David Kernell, had obtained access to Palin's account by looking up biographical details such as her high school and birthdate and using Yahoo!'s account recovery for forgotten passwords." - Wikipedia
He was trying to prove the Sarah Palin was using an AOL email account to conduct government "business" in order to circumvent the freedom of information act (or Alaska's equivalent). The account he "hacked" was gov.palin@yahoo.com
[ link to this | view in thread ]
this is news?!?!?
I've often wondered why they bring multiple charges for the same thing like they do. The best guess that I can make is that when they go to the bargaining table they can drop the redundant and extraneous charges and walk away looking magnanimous.
[ link to this | view in thread ]
Re: this is news?!?!?
That's generally because they are for different offenses. This was literally the same offense.
[ link to this | view in thread ]
Re: Re: Unsuccessful?!?
[ link to this | view in thread ]
Re: Re: this is news?!?!?
Yes, you get THREE different charges for driving drunk ONCE. And it is not only DUI - this is the case with the vast majority of criminal charges.
The only noteworthy thing is this one judge called "shenanigans" for a change.
[ link to this | view in thread ]
Hacking
[ link to this | view in thread ]