Court Says Gov't Can't Double Dip And Charge Email Hackers With A Felony For Both Hacking & Hacking Email

from the good-ruling dept

Orin Kerr has an interesting blog post, discussing how the government has been rejected in an attempt to turn a misdemeanor email hacking case into a felony, by finding two overlapping laws to charge the guy with for the single action. Kerr nicely summarizes the issue as follows:
Federal criminal law has two overlapping misdemeanor criminal offenses that prohibit hacking into an e-mail account. The first, 18 U.S.C. 2701, specifically prohibits hacking into an e-mail account stored on an ISPís server. The second, 18 U.S.C. 1030(a)(2), generally prohibits hacking into any computer, which will always be implicated when a person hacks into an e-mail account. The present overlap is largely a historical accident. When the two sections were enacted, both in 1986, Section 1030ís scope was very narrow. There was little overlap. But Section 1030 has been expanded over time so that it now covers every computer. As a result, 2701 in its current form is redundant: It doesnít do any work that 1030 doesnít already do. However, that overlap matters because violations of 2701 and 1030(a)(2) are normally misdemeanors, but Section 1030 contains an enhancement: The crime becomes a felony if it is conducted in furtherance of another crime. The present overlap between 1030 and 2701 raises the prospect that prosecutors might try to use the felony enhancement to engage in a kind of double-counting. Hereís the question: Can DOJ charge hacking into an e-mail account as a felony by claiming that it is a 1030 violation in furtherance of a 2701 violation?
Apparently the Justice Department originally tried this with the guy arrested for hacking Sarah Palin's email, but later changed the charges. However, in this other case, United States v. Cioni, the 4th Circuit appeals court has rejected this line of reasoning by the government, and made it clear that it's attempting to double dip over a single action in order to turn a misdemeanor into a felony. The court points out that this pretty clearly violates US principles on double jeopardy:
Looking simply at the allegations of Count 2, it does appear that the government charged Cioni with unauthorized access or attempted access to information in [Victim 1]'s e-mail account and sought to elevate that charge to a felony by alleging that the access to [Victim 1]'s e-mail also constituted a violation of § 2701. Moreover, the facts that the government offered into evidence in support of Count 2 confirm this reading. . . . We thus conclude that a merger problem did arise, implicating double jeopardy principles, and that therefore the felony conviction on Count 2 must be vacated, and, as requested by Cioni, the count remanded for entry of a simple misdemeanor conviction, under § 1030(a)(2)(C).

. . . . Count 4, which claims two crimes, one in furtherance of the other, is actually based on Cioniís single unsuccessful attempt to access [Victim 2]'s AOL electronic e-mail account. Moreover, this is all that the government proved at trial. If the government had proven that Cioni accessed [Victim 2]ís e-mail inbox and then used the information from that inbox to access another personís electronic communications, no merger problem would have arisen. But the government charged and attempted to prove two crimes using the same conduct of attempting, but failing, to access only [Victim 2]ís e-mail account. This creates a merger problem, implicating double jeopardy principles.
Always good to see courts get things right.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Roland, Apr 21st, 2011 @ 9:38pm

    This guy will be considered innocent until proven broke.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Bikerelc (profile), Apr 21st, 2011 @ 10:11pm

    It still raises the question

    So in the "rare" case that somebody were to say hack an email account in order to access another computer however would most likely raise a different verdict. Basically the court finally got a technology case right for a change.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Apr 21st, 2011 @ 10:29pm

    Re: It still raises the question

    but ... but ... the Internet!!

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    blaktron (profile), Apr 21st, 2011 @ 10:43pm

    To be honest...

    In order to get at any of AOL's email servers, you would have to bypass at least a perimeter firewall (which is a computer) and then attack the mail server (another computer). So in essence, under the law, I think this one could be argued a felony if anybody knew what the hell they were arguing.

    *You would also have to spoof at least one of the following, which would be a 3rd computer, or more: Kerberos server, some sort of trusted authority, or even just an IP address to a couple of routers or a DNS server. There are a lot of components involved in even trying something like this to the point where you would even stand out from countless normal attacks on public ranges that anyone competent could paint a dangerous cloud of a massive attack.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    blaktron (profile), Apr 21st, 2011 @ 10:45pm

    Re: To be honest...

    Unless he was literally just guessing the password to the account, in which case if hes a criminal so are tens of millions of people around the world trying to snoop a friend, spouse, coworker or employee

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Apr 21st, 2011 @ 10:47pm

    An important question that seems to be overlooked is why do we appoint a government that even tries to do something that it shouldn't even attempt in the first place?

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    The eejit (profile), Apr 21st, 2011 @ 11:53pm

    Re:

    Because governing is clearly that Stupid Gun that supervillains everywhere always wanted, is why.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Christopher (profile), Apr 22nd, 2011 @ 1:04am

    Re: Re:

    No, it isn't. The problem is that we live in an imperfect world where too many people say that just because they dislike something, it should be illegal and because that thing is now illegal, you don't have to adhere to laws.

    Yes, I have had people actually use that argument in real life.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    PRMan, Apr 22nd, 2011 @ 3:39am

    Unsuccessful?!?

    We are wasting court time and resources on an "unsuccessful" attempt at hacking?!? For God's sake, why?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Mark, Apr 22nd, 2011 @ 5:30am

    Re: Unsuccessful?!?

    We are wasting court time and resources on an "unsuccessful" attempt at murder?!? For God's sake, why?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Steve, Apr 22nd, 2011 @ 5:38am

    Re: Re: To be honest...

    Ding Ding Ding... You win a prize!

    "The hacker, David Kernell, had obtained access to Palin's account by looking up biographical details such as her high school and birthdate and using Yahoo!'s account recovery for forgotten passwords." - Wikipedia

    He was trying to prove the Sarah Palin was using an AOL email account to conduct government "business" in order to circumvent the freedom of information act (or Alaska's equivalent). The account he "hacked" was gov.palin@yahoo.com

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 22nd, 2011 @ 5:56am

    this is news?!?!?

    This is what ALWAYS happens in criminal cases. ALWAYS they find several different ways to charge you with the same crime. Watch any of those "true crime" shows on TV and you'll see what I mean. Get arrested for DUI here in PA and you'll most likely get charged and convicted of _3_ different offenses. While it's noteworthy is that _one_ judge stopped this abuse from happening in _one_ case, what we should really be discussing is why this always flies in 99.99% of other cases.

    I've often wondered why they bring multiple charges for the same thing like they do. The best guess that I can make is that when they go to the bargaining table they can drop the redundant and extraneous charges and walk away looking magnanimous.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Chris Rhodes (profile), Apr 22nd, 2011 @ 7:31am

    Re: this is news?!?!?

    Get arrested for DUI here in PA and you'll most likely get charged and convicted of _3_ different offenses.

    That's generally because they are for different offenses. This was literally the same offense.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Apr 22nd, 2011 @ 7:31am

    Re: Re: Unsuccessful?!?

    hacking =/= murder

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Apr 22nd, 2011 @ 1:14pm

    Re: Re: this is news?!?!?

    No. Not different. The "offenses", of course, are worded differently (that's what make them, uh, different) but you're being charged in different ways FOR THE EXACT SAME infringement. And this ALWAYS happens. In the DUI in PA example, one charge is "opearing a motor vehicle while intoxicated" another is "operating a motor vehicle under the influence of alcohol" and the 3rd is specific to the range of BAC (forget how it is worded)

    Yes, you get THREE different charges for driving drunk ONCE. And it is not only DUI - this is the case with the vast majority of criminal charges.

    The only noteworthy thing is this one judge called "shenanigans" for a change.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    shimomura, Jul 29th, 2012 @ 8:04am

    Hacking

    My team & I offer hacking services.We can hack/recover? any email id,FACEBOOK & website servers & grant our clients access..We always? provide proof before payment so you know you are not being ripped off.Send me a mail "shimomurat@yahoo.com".We try to reply every client ASAP & execute the project in the quickest time-frame possible

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This