Cannibal Cop Not Guilty Of 'Thought Crime'… And Didn't Violate The CFAA

from the still-nutty dept

Earlier this year, we wrote about the crazy, but troubling, case against former NY Police Department officers Gilberto Valle, who has been dubbed “the cannibal cop” for fantasizing about kidnapping, raping, killing and eating around 100 women. A key question in the case: where is the line between fantasizing and… planning out a crime. But, the case drew even more interest from us because after the court basically tossed out all the charges as “thought crimes” that aren’t actually illegal, it kept in place the CFAA charge, claiming that Valle violated the anti-hacking law by using the police deatabase to look up information on one of the women he was fantasizing about. Now, that’s creepy and disturbing and an abuse of his position in the NYPD… but that does not make it a CFAA violation. It’s the nuttiness of this case, and the remaining CFAA charge that resulted in reporter Sarah Jeong referring to the CFAA as “the law that sticks” when all else fails.

The CFAA, again, is the Computer Fraud and Abuse Act, which is supposed to be used against people who hack into others computers. But, as we’ve covered a whole bunch of times here on Techdirt, these days it’s often used to pile on against anyone who does something prosecutors don’t like… like using a computer. And that seemed to be the case here. Thankfully, however, the appeals court for the Second Circuit has rejected that argument and cleared Valle of the CFAA violation (it also said that his fantasizing isn’t a crime either).

As per usual in CFAA cases, the issue in this case was over the definition of “exceeds authorized access.” Prosecutors keep trying to make this mean “does something on a computer that goes against a terms of service or terms of employment.” But that super broad definition isn’t just dangerous, it basically makes almost everyone a criminal. Thankfully, the court recognized this, though it admits that part of that is just because the law is too ambiguous to make a call. It even looks at the legislative history and notes that it could support either argument, but it needs to be more before allowing the CFAA to be used that way:

At the end of the day, we find support in the legislative history for both Valle?s and the Government?s construction of the statute. But because our review involves a criminal statute, some support is not enough. Where, as here, ordinary tools of legislative construction fail to establish that the Government?s position is unambiguously correct, we are required by the rule of lenity to adopt the interpretation that favors the defendant.

And it notes, in agreeing with a few other key CFAA rulings, that adopting a broader construction of the law could have an “effect on millions of ordinary citizens caused by the statute’s unitary definition of ‘exceeds authorized access'” (which is quoting the key Nosal decision that rejected a broad definition under the CFAA). Indeed, the court recognizes that even if Valle seems like a particularly terrible person, it must be aware that its decision will impact many others:

Whatever the apparent merits of imposing criminal liability may seem to be in this case, we must construe the statute knowing that our interpretation of ?exceeds authorized access? will govern many other situations…. It is precisely for this reason that the rule of lenity requires that Congress, not the courts or the prosecutors, must decide whether conduct is criminal. We, on the other hand, are obligated to ?construe criminal statutes narrowly so that Congress will not unintentionally turn ordinary citizens into criminals.?… While the Government might promise that it would not prosecute an individual for checking Facebook at work, we are not at liberty to take prosecutors at their word in such matters. A court should not uphold a highly problematic interpretation of a statute merely because the Government promises to use it responsibly….

There is a dissent from Judge Chester Straub, in which he argues that there is no actual ambiguity in the law, and if you violate what your employer says you can do with our computer, well, then you might just be a felon:

In reaching this result, the majority discovers ambiguity in the statutory language where there is none. Under the plain language of the statute, Valle exceeded his authorized access to a federal database in violation of the CFAA.

And, Judge Straub says, if that means that just about everyone is a criminal, well, that’s a problem for Congress to solve:

The majority opinion, apparently without irony, concludes that giving effect to the plain language of the statute would somehow ?place us in the position of [the] legislature.? … But where, as here, the statute?s language is plain and unambiguous, the ?sole function of the courts is to enforce it according to its terms.? … It may well be that the CFAA sweeps broadly. But such is a matter for policy debate… and the Congress is free to amend the statute if it chooses

Thankfully, his opinion on this did not become the majority opinion.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Cannibal Cop Not Guilty Of 'Thought Crime'… And Didn't Violate The CFAA”

Subscribe: RSS Leave a comment
Anonymous Coward says:


Where, as here, ordinary tools of legislative construction fail to establish that the Government’s position is unambiguously correct, we are required by the rule of lenity to adopt the interpretation that favors the defendant.

PLEASE, will the courts please remember this rule in all future cases? I’ve been dumbfounded over the past two decades at how, when a computer is involved, the rule of lenity seems to be thrown out the window.

Anonymous Coward says:

Swiss Army knife

It looks like the CFAA is just another one of those big stick laws that are (or can be stretched to be) so broad and all-encompassing that they give police and prosecutors a potent Swiss Army knife to use against virtually anyone the ‘powers that be’ don’t like. Kind of like the old “treason” charge in the age of kings.

Anonymous Coward says:

Re: Response to: Anonymous Coward on Dec 8th, 2015 @ 3:41pm

The saddest part is that it completely ignores the practical effects of that judicial indifference. By interpreting the law in a largely nonsensical way bc of poor nonspecific congressional language you’re condemning people to a life labeled as a criminal for trivial “violations”. You’re ruining lives. Even if the law is fixed everyone in the meantime has their lives destroyed

Jordan (profile) says:

PLanning a crime

Conspiracy is a crime. What’s the difference between planning a crime, and planning a fantasy crime? Does one need to take concrete steps? Does one need a map saying “kidnap and eat here” before it’s considered wrong legally?

Even if he had never been charged, is it appropriate for a police officer to fantasize about murdering civilians?

PaulT (profile) says:

Re: PLanning a crime

“What’s the difference between planning a crime, and planning a fantasy crime? Does one need to take concrete steps?”

I would damn well hope so, else every writer of fiction is a criminal by the other definition, at the very least.

“Even if he had never been charged, is it appropriate for a police officer to fantasize about murdering civilians?”

No. Hence the fact that he is no longer employed as such. Criminal prosecution, however, should require criminal action.

crade (profile) says:

I agree with the dissenter.

“authorized” has a clear definition in the dictionary and it isn’t (and shouldn’t be) the Judge’s responsibility to correct horrible laws, and doing so is counterproductive.

It doesn’t make bad laws into good ones, it just covers up the most obvious evidence that the law needs correcting and makes enforcement more arbitrary.

PaulT (profile) says:

Re: Re:

“”authorized” has a clear definition in the dictionary”

Actually, it has several, and it depends on where you wish to apply them. The problem is how far someone has to go until something is no longer “authorised”. Here, the officer was authorised to access the database, he simply wasn’t authorised to perform the specific actions. That’s what is problematic.

If an unauthorised person gained access, that would be a clear unauthorised use and there would be no argument. If an authorised person used the part that they were authorised to use but bypassed security to access something they shouldn’t, that’s equally clear cut. But, while you’re using the system, your access switches back and forth between legal and felony depending on what you search for? That’s rather less acceptable.

Sure, fire the guy, pin him with charges relating to harassment, stalking, anything that can be prosecuted. But, it’s right for a judge to recognise that violating an employer’s acceptable use policy should not be a felony, even if the employer is a police department. Leave it as a civil matter, and prosecute any real criminal actions where appropriate.

“It doesn’t make bad laws into good ones, it just covers up the most obvious evidence that the law needs correcting and makes enforcement more arbitrary.”

…and leaves people who would be innocent under the corrected law to rot in prison while other people correct their mistakes, and may not guarantee their release even when that’s happened. Surely you understand the problem there?

I understand your point that sometimes it takes gross violations for authorities to take notice and fix these things, but if bad laws exist I’d rather have a buffer in place that doesn’t apply them to the letter against all common sense and decency.

Wyrm (profile) says:

Funny how both the majority and dissent both conclude the same -that it’s up to the Congress to change an ambiguous law – but disagree sternly on what to do while the ambiguous law is active.
– the judge can consider the rule of leniency, concluding that doubt favors the accused.
– or the judge can consider to read it however he wants because… here the one in charge, period.

Obviously (I hope), I favor the first option.
First because bad laws should not be legal traps, turning everyone into a criminal just waiting for his turn to attract the wrong kind of attention.
Second because that is the only way to give Congress an incentive to actually fix anything.
And let’s not forget the third point: that we already have to many examples of bad laws being repeatedly used and abused. (DMCA, asset forfeiture, CFAA, to name just a few)

PaulT (profile) says:

Re: So... CFAA is fine then

No. A law that’s open to interpretation is as open to bad interpretation as good. This judge happened to rule correctly – in the subjective opinion of many here – but at least one person disagreed completely. If he was the judge, the defendant would be rotting in jail for essentially entering a badly intentioned Google search (hyperbole perhaps but there’s little real difference apart from the ownership of the database).

Where possible, it’s better to remove the ambiguity than have a person’s life depend on who happens to be sitting at the bench one day. It’s great that judges do have some control, but it’s not always for the better. It’s annoying to be defending such a dangerous individual, but wrongly applying this law is equally dangerous

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...