Cannibal Cop Not Guilty Of 'Thought Crime'... And Didn't Violate The CFAA
from the still-nutty dept
Earlier this year, we wrote about the crazy, but troubling, case against former NY Police Department officers Gilberto Valle, who has been dubbed "the cannibal cop" for fantasizing about kidnapping, raping, killing and eating around 100 women. A key question in the case: where is the line between fantasizing and... planning out a crime. But, the case drew even more interest from us because after the court basically tossed out all the charges as "thought crimes" that aren't actually illegal, it kept in place the CFAA charge, claiming that Valle violated the anti-hacking law by using the police deatabase to look up information on one of the women he was fantasizing about. Now, that's creepy and disturbing and an abuse of his position in the NYPD... but that does not make it a CFAA violation. It's the nuttiness of this case, and the remaining CFAA charge that resulted in reporter Sarah Jeong referring to the CFAA as "the law that sticks" when all else fails.The CFAA, again, is the Computer Fraud and Abuse Act, which is supposed to be used against people who hack into others computers. But, as we've covered a whole bunch of times here on Techdirt, these days it's often used to pile on against anyone who does something prosecutors don't like... like using a computer. And that seemed to be the case here. Thankfully, however, the appeals court for the Second Circuit has rejected that argument and cleared Valle of the CFAA violation (it also said that his fantasizing isn't a crime either).
As per usual in CFAA cases, the issue in this case was over the definition of "exceeds authorized access." Prosecutors keep trying to make this mean "does something on a computer that goes against a terms of service or terms of employment." But that super broad definition isn't just dangerous, it basically makes almost everyone a criminal. Thankfully, the court recognized this, though it admits that part of that is just because the law is too ambiguous to make a call. It even looks at the legislative history and notes that it could support either argument, but it needs to be more before allowing the CFAA to be used that way:
At the end of the day, we find support in the legislative history for both Valle’s and the Government’s construction of the statute. But because our review involves a criminal statute, some support is not enough. Where, as here, ordinary tools of legislative construction fail to establish that the Government’s position is unambiguously correct, we are required by the rule of lenity to adopt the interpretation that favors the defendant.And it notes, in agreeing with a few other key CFAA rulings, that adopting a broader construction of the law could have an "effect on millions of ordinary citizens caused by the statute's unitary definition of 'exceeds authorized access'" (which is quoting the key Nosal decision that rejected a broad definition under the CFAA). Indeed, the court recognizes that even if Valle seems like a particularly terrible person, it must be aware that its decision will impact many others:
Whatever the apparent merits of imposing criminal liability may seem to be in this case, we must construe the statute knowing that our interpretation of “exceeds authorized access” will govern many other situations.... It is precisely for this reason that the rule of lenity requires that Congress, not the courts or the prosecutors, must decide whether conduct is criminal. We, on the other hand, are obligated to “construe criminal statutes narrowly so that Congress will not unintentionally turn ordinary citizens into criminals.”... While the Government might promise that it would not prosecute an individual for checking Facebook at work, we are not at liberty to take prosecutors at their word in such matters. A court should not uphold a highly problematic interpretation of a statute merely because the Government promises to use it responsibly....There is a dissent from Judge Chester Straub, in which he argues that there is no actual ambiguity in the law, and if you violate what your employer says you can do with our computer, well, then you might just be a felon:
In reaching this result, the majority discovers ambiguity in the statutory language where there is none. Under the plain language of the statute, Valle exceeded his authorized access to a federal database in violation of the CFAA.And, Judge Straub says, if that means that just about everyone is a criminal, well, that's a problem for Congress to solve:
The majority opinion, apparently without irony, concludes that giving effect to the plain language of the statute would somehow “place us in the position of [the] legislature.” ... But where, as here, the statute’s language is plain and unambiguous, the “sole function of the courts is to enforce it according to its terms.” ... It may well be that the CFAA sweeps broadly. But such is a matter for policy debate... and the Congress is free to amend the statute if it choosesThankfully, his opinion on this did not become the majority opinion.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cannibal cop, cfaa, gilberto valle, thought crime
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
THEY GOT IT RIGHT!
PLEASE, will the courts please remember this rule in all future cases? I've been dumbfounded over the past two decades at how, when a computer is involved, the rule of lenity seems to be thrown out the window.
[ link to this | view in thread ]
Swiss Army knife
[ link to this | view in thread ]
The courts are a check against both the executive and legislative branches. Punting responsibility for screwing things up is just punting on their duty.
[ link to this | view in thread ]
Response to: Anonymous Coward on Dec 8th, 2015 @ 3:41pm
[ link to this | view in thread ]
PLanning a crime
Even if he had never been charged, is it appropriate for a police officer to fantasize about murdering civilians?
[ link to this | view in thread ]
"authorized" has a clear definition in the dictionary and it isn't (and shouldn't be) the Judge's responsibility to correct horrible laws, and doing so is counterproductive.
It doesn't make bad laws into good ones, it just covers up the most obvious evidence that the law needs correcting and makes enforcement more arbitrary.
[ link to this | view in thread ]
Response to: crade on Dec 8th, 2015 @ 4:21pm
Note this doesn't get people out of jail if they were convicted based on the horrible law
[ link to this | view in thread ]
[ link to this | view in thread ]
- the judge can consider the rule of leniency, concluding that doubt favors the accused.
- or the judge can consider to read it however he wants because... here the one in charge, period.
Obviously (I hope), I favor the first option.
First because bad laws should not be legal traps, turning everyone into a criminal just waiting for his turn to attract the wrong kind of attention.
Second because that is the only way to give Congress an incentive to actually fix anything.
And let's not forget the third point: that we already have to many examples of bad laws being repeatedly used and abused. (DMCA, asset forfeiture, CFAA, to name just a few)
[ link to this | view in thread ]
Reverse
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: PLanning a crime
I would damn well hope so, else every writer of fiction is a criminal by the other definition, at the very least.
"Even if he had never been charged, is it appropriate for a police officer to fantasize about murdering civilians?"
No. Hence the fact that he is no longer employed as such. Criminal prosecution, however, should require criminal action.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Actually, it has several, and it depends on where you wish to apply them. The problem is how far someone has to go until something is no longer "authorised". Here, the officer was authorised to access the database, he simply wasn't authorised to perform the specific actions. That's what is problematic.
If an unauthorised person gained access, that would be a clear unauthorised use and there would be no argument. If an authorised person used the part that they were authorised to use but bypassed security to access something they shouldn't, that's equally clear cut. But, while you're using the system, your access switches back and forth between legal and felony depending on what you search for? That's rather less acceptable.
Sure, fire the guy, pin him with charges relating to harassment, stalking, anything that can be prosecuted. But, it's right for a judge to recognise that violating an employer's acceptable use policy should not be a felony, even if the employer is a police department. Leave it as a civil matter, and prosecute any real criminal actions where appropriate.
"It doesn't make bad laws into good ones, it just covers up the most obvious evidence that the law needs correcting and makes enforcement more arbitrary."
...and leaves people who would be innocent under the corrected law to rot in prison while other people correct their mistakes, and may not guarantee their release even when that's happened. Surely you understand the problem there?
I understand your point that sometimes it takes gross violations for authorities to take notice and fix these things, but if bad laws exist I'd rather have a buffer in place that doesn't apply them to the letter against all common sense and decency.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
So... CFAA is fine then
...not that accomplishing this would be any easier.
[ link to this | view in thread ]
Re: So... CFAA is fine then
Where possible, it's better to remove the ambiguity than have a person's life depend on who happens to be sitting at the bench one day. It's great that judges do have some control, but it's not always for the better. It's annoying to be defending such a dangerous individual, but wrongly applying this law is equally dangerous
[ link to this | view in thread ]