Cannibal Cop Not Guilty Of 'Thought Crime'... And Didn't Violate The CFAA

from the still-nutty dept

Tue, Dec 8th 2015 2:48pm — Mike Masnick

Earlier this year, we wrote about the crazy, but troubling, case against former NY Police Department officers Gilberto Valle, who has been dubbed "the cannibal cop" for fantasizing about kidnapping, raping, killing and eating around 100 women. A key question in the case: where is the line between fantasizing and... planning out a crime. But, the case drew even more interest from us because after the court basically tossed out all the charges as "thought crimes" that aren't actually illegal, it kept in place the CFAA charge, claiming that Valle violated the anti-hacking law by using the police deatabase to look up information on one of the women he was fantasizing about. Now, that's creepy and disturbing and an abuse of his position in the NYPD... but that does not make it a CFAA violation. It's the nuttiness of this case, and the remaining CFAA charge that resulted in reporter Sarah Jeong referring to the CFAA as "the law that sticks" when all else fails.

The CFAA, again, is the Computer Fraud and Abuse Act, which is supposed to be used against people who hack into others computers. But, as we've covered a whole bunch of times here on Techdirt, these days it's often used to pile on against anyone who does something prosecutors don't like... like using a computer. And that seemed to be the case here. Thankfully, however, the appeals court for the Second Circuit has rejected that argument and cleared Valle of the CFAA violation (it also said that his fantasizing isn't a crime either).

As per usual in CFAA cases, the issue in this case was over the definition of "exceeds authorized access." Prosecutors keep trying to make this mean "does something on a computer that goes against a terms of service or terms of employment." But that super broad definition isn't just dangerous, it basically makes almost everyone a criminal. Thankfully, the court recognized this, though it admits that part of that is just because the law is too ambiguous to make a call. It even looks at the legislative history and notes that it could support either argument, but it needs to be more before allowing the CFAA to be used that way:

At the end of the day, we find support in the legislative history for both Valle’s and the Government’s construction of the statute. But because our review involves a criminal statute, some support is not enough. Where, as here, ordinary tools of legislative construction fail to establish that the Government’s position is unambiguously correct, we are required by the rule of lenity to adopt the interpretation that favors the defendant.

And it notes, in agreeing with a few other key CFAA rulings, that adopting a broader construction of the law could have an "effect on millions of ordinary citizens caused by the statute's unitary definition of 'exceeds authorized access'" (which is quoting the key Nosal decision that rejected a broad definition under the CFAA). Indeed, the court recognizes that even if Valle seems like a particularly terrible person, it must be aware that its decision will impact many others:

Whatever the apparent merits of imposing criminal liability may seem to be in this case, we must construe the statute knowing that our interpretation of “exceeds authorized access” will govern many other situations.... It is precisely for this reason that the rule of lenity requires that Congress, not the courts or the prosecutors, must decide whether conduct is criminal. We, on the other hand, are obligated to “construe criminal statutes narrowly so that Congress will not unintentionally turn ordinary citizens into criminals.”... While the Government might promise that it would not prosecute an individual for checking Facebook at work, we are not at liberty to take prosecutors at their word in such matters. A court should not uphold a highly problematic interpretation of a statute merely because the Government promises to use it responsibly....

There is a dissent from Judge Chester Straub, in which he argues that there is no actual ambiguity in the law, and if you violate what your employer says you can do with our computer, well, then you might just be a felon:

In reaching this result, the majority discovers ambiguity in the statutory language where there is none. Under the plain language of the statute, Valle exceeded his authorized access to a federal database in violation of the CFAA.

And, Judge Straub says, if that means that just about everyone is a criminal, well, that's a problem for Congress to solve:

The majority opinion, apparently without irony, concludes that giving effect to the plain language of the statute would somehow “place us in the position of [the] legislature.” ... But where, as here, the statute’s language is plain and unambiguous, the “sole function of the courts is to enforce it according to its terms.” ... It may well be that the CFAA sweeps broadly. But such is a matter for policy debate... and the Congress is free to amend the statute if it chooses

Thankfully, his opinion on this did not become the majority opinion.

14-2710-Complete-Opn (PDF)14-2710-Complete-Opn (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cannibal cop, cfaa, gilberto valle, thought crime

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Roger Strong (profile), 8 Dec 2015 @ 2:54pm

Thank you for not filing "cannibal cop" stories under "asset forfeiture."
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 3:16pm

THEY GOT IT RIGHT!
Where, as here, ordinary tools of legislative construction fail to establish that the Government’s position is unambiguously correct, we are required by the rule of lenity to adopt the interpretation that favors the defendant.

PLEASE, will the courts please remember this rule in all future cases? I've been dumbfounded over the past two decades at how, when a computer is involved, the rule of lenity seems to be thrown out the window.
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 3:30pm

Swiss Army knife
It looks like the CFAA is just another one of those big stick laws that are (or can be stretched to be) so broad and all-encompassing that they give police and prosecutors a potent Swiss Army knife to use against virtually anyone the 'powers that be' don't like. Kind of like the old "treason" charge in the age of kings.
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 3:41pm

It's sad when judges basically go with the argument that congress fucked this up but oh well not my problem.

The courts are a check against both the executive and legislative branches. Punting responsibility for screwing things up is just punting on their duty.
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 3:50pm

Response to: Anonymous Coward on Dec 8th, 2015 @ 3:41pm
The saddest part is that it completely ignores the practical effects of that judicial indifference. By interpreting the law in a largely nonsensical way bc of poor nonspecific congressional language you're condemning people to a life labeled as a criminal for trivial "violations". You're ruining lives. Even if the law is fixed everyone in the meantime has their lives destroyed
[ link to this | view in thread ]
Jordan, 8 Dec 2015 @ 3:55pm

PLanning a crime
Conspiracy is a crime. What's the difference between planning a crime, and planning a fantasy crime? Does one need to take concrete steps? Does one need a map saying "kidnap and eat here" before it's considered wrong legally?

Even if he had never been charged, is it appropriate for a police officer to fantasize about murdering civilians?
[ link to this | view in thread ]
crade (profile), 8 Dec 2015 @ 4:21pm

I agree with the dissenter.

"authorized" has a clear definition in the dictionary and it isn't (and shouldn't be) the Judge's responsibility to correct horrible laws, and doing so is counterproductive.

It doesn't make bad laws into good ones, it just covers up the most obvious evidence that the law needs correcting and makes enforcement more arbitrary.
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 4:39pm

Response to: crade on Dec 8th, 2015 @ 4:21pm
So they should just send people to jail based on horrible laws in the meantime? Then hope it is fixed at some point.

Note this doesn't get people out of jail if they were convicted based on the horrible law
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 6:43pm

Damn, this dude is really into oral gratification. I hope he doesn't eat them on the first date. And I bet when he told her he wanted to eat her her mind never made the proper connection, cannibal. We really should look into this guys formative years.
[ link to this | view in thread ]
Wyrm (profile), 8 Dec 2015 @ 6:55pm

Funny how both the majority and dissent both conclude the same -that it's up to the Congress to change an ambiguous law - but disagree sternly on what to do while the ambiguous law is active.
- the judge can consider the rule of leniency, concluding that doubt favors the accused.
- or the judge can consider to read it however he wants because... here the one in charge, period.

Obviously (I hope), I favor the first option.
First because bad laws should not be legal traps, turning everyone into a criminal just waiting for his turn to attract the wrong kind of attention.
Second because that is the only way to give Congress an incentive to actually fix anything.
And let's not forget the third point: that we already have to many examples of bad laws being repeatedly used and abused. (DMCA, asset forfeiture, CFAA, to name just a few)
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 8:20pm

Reverse
I actively think about eating Gilberto Valle and sucking the marrow out of his bones...Will I now get slapped with the long dick of the law?
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 9:00pm

As often as not the "Fraud and Abuse Act" part of the title could accurately be thought of as referring to a government Act of Fraud and Abuse when some poor sucker they want to nail to a tree has used a computer.
[ link to this | view in thread ]
PaulT (profile), 8 Dec 2015 @ 9:26pm

Re: PLanning a crime
"What's the difference between planning a crime, and planning a fantasy crime? Does one need to take concrete steps?"

I would damn well hope so, else every writer of fiction is a criminal by the other definition, at the very least.

"Even if he had never been charged, is it appropriate for a police officer to fantasize about murdering civilians?"

No. Hence the fact that he is no longer employed as such. Criminal prosecution, however, should require criminal action.
[ link to this | view in thread ]
Anonymous Coward, 8 Dec 2015 @ 9:50pm

Whatever else I am fairly certain this man should not be in a position where he can ruin people's lives due to mental instability.
[ link to this | view in thread ]
PaulT (profile), 8 Dec 2015 @ 9:58pm

Re:
""authorized" has a clear definition in the dictionary"

Actually, it has several, and it depends on where you wish to apply them. The problem is how far someone has to go until something is no longer "authorised". Here, the officer was authorised to access the database, he simply wasn't authorised to perform the specific actions. That's what is problematic.

If an unauthorised person gained access, that would be a clear unauthorised use and there would be no argument. If an authorised person used the part that they were authorised to use but bypassed security to access something they shouldn't, that's equally clear cut. But, while you're using the system, your access switches back and forth between legal and felony depending on what you search for? That's rather less acceptable.

Sure, fire the guy, pin him with charges relating to harassment, stalking, anything that can be prosecuted. But, it's right for a judge to recognise that violating an employer's acceptable use policy should not be a felony, even if the employer is a police department. Leave it as a civil matter, and prosecute any real criminal actions where appropriate.

"It doesn't make bad laws into good ones, it just covers up the most obvious evidence that the law needs correcting and makes enforcement more arbitrary."

...and leaves people who would be innocent under the corrected law to rot in prison while other people correct their mistakes, and may not guarantee their release even when that's happened. Surely you understand the problem there?

I understand your point that sometimes it takes gross violations for authorities to take notice and fix these things, but if bad laws exist I'd rather have a buffer in place that doesn't apply them to the letter against all common sense and decency.
[ link to this | view in thread ]
PaulT (profile), 8 Dec 2015 @ 10:05pm

Re:
So, fire him and make sure his public record shows exactly why. Nobody's saying he should have remained a police officer, only that he should not be thrown in jail on the flimsiest excuse just because prosecutors couldn't find anything else to pin on him.
[ link to this | view in thread ]
Joel Coehoorn, 9 Dec 2015 @ 9:09am

So... CFAA is fine then
Based on this, why bother updating CFAA at all? It seems like a better plan would be ensuring this reasonable interpretation was squarely embedded into the judicial system.

...not that accomplishing this would be any easier.
[ link to this | view in thread ]
PaulT (profile), 9 Dec 2015 @ 9:24am

Re: So... CFAA is fine then
No. A law that's open to interpretation is as open to bad interpretation as good. This judge happened to rule correctly - in the subjective opinion of many here - but at least one person disagreed completely. If he was the judge, the defendant would be rotting in jail for essentially entering a badly intentioned Google search (hyperbole perhaps but there's little real difference apart from the ownership of the database).

Where possible, it's better to remove the ambiguity than have a person's life depend on who happens to be sitting at the bench one day. It's great that judges do have some control, but it's not always for the better. It's annoying to be defending such a dangerous individual, but wrongly applying this law is equally dangerous
[ link to this | view in thread ]