Georgia Supreme Court Overturns Computer Crime Conviction For Man Who Copied Himself On Emails Sent To His Boss

from the one-for-you,-one-for-me dept

It’s not just the CFAA that can be abused. This law — recently trimmed a bit by the US Supreme Court — has been abused for years to go after web scrapers, researchers, and information-wants-to-be-free activists. The recent ruling does narrow the scope of that law a bit, but the CFAA still has the potential to do serious damage when wielded carelessly or vengefully.

The state of Georgia has its own set of computer crime laws and they’re just as capable of being interpreted by prosecutors to criminalize acts that shouldn’t be criminal offenses. Fortunately, a state court has made a sensible reading of the law to overturn a conviction for computer trespass — one that saw a former Norcross (GA) city employee hit with felony charges. (h/t Andrew Fleischman)

Jereno Kinslow was a city IT employee who had some problems with his new boss, Greg Cothran. Cothran criticized Kinslow’s work performance, leading to a “loud outburst” from Kinslow. This apparently made Cothran concerned Kinslow might sabotage the city’s network. Certain “safety measures” were put in place and Kinslow was eventually fired.

Before Kinslow was let go, he utilized his administrator-level access to forward copies of emails sent to Cothran to his own personal email account. This was discovered by Cothran months later when he received a bounce notification specifying Kinslow’s email account. This alleged “criminal trespass” formed the basis for charges that resulted in Kinslow being convicted of a felony and sentenced to ten years of probation.

Kinslow challenged his conviction under this statute, claiming prosecutors did not present evidence that he had actually violated the law. The Georgia Supreme Court agrees [PDF] with Kinslow.

OCGA § 16-9-93 (b)(2) defines the offense of computer trespass, in relevant part, as “us[ing] a computer or computer network with knowledge that such use is without authority and with the intention of . . . [o]bstructing, interrupting, or in any way interfering with the use of a computer program or data.” Kinslow was charged with committing computer trespass by “us[ing] a computer network with knowledge that such use was without authority and with the intention of obstructing and interfering with data from a computer, by copying Greg Cothran’s e-mails and causing them to be forwarded to his own private e-mail account.”

The State thus was required to prove that Kinslow used a computer network knowingly without authority with the intention of obstructing or interfering with the use of data.We conclude that the evidence presented at trial was insufficient to prove that Kinslow’s use was done with the intention of obstructing or interfering with the use of data.

The court says the facts don’t fit the charged crime. There was no “obstruction” of data when Kinslow intercepted copies of Cothran’s emails.

Contrary to the State’s suggestion, the State presented no evidence that Kinslow’s e-mail forwarding scheme “blocked” or even “hindered” the flow of data in the form of e-mails to Cothran, who continued to receive those e-mails intended for him. Rather, the evidence showed only that Kinslow’s actions created an additional flow of data to another account.

There you have it: copying is not theft obstruction.

But wait, said the state, maybe it’s an [re-reads statute]… um… “interruption?”

Nope, says the court:

“Interrupt” carries a similar definition of stopping or hindering, although “interrupt” often denotes a more temporary stoppage than “obstruct,” such as “to make a break in the continuity of.” Again, the State presented no evidence that Kinslow’s actions hindered the flow of e-mails to Cothran, either permanently or temporarily.

Making copies also doesn’t “interfere” with the flow of data, the court decides. The flow of data was so unobstructed, uninterrupted, and un-interfered with that Kinslow’s supervisor didn’t even know it was happening until one of the emails bounced.

It’s a short, solid ruling that forces the state to accept the fact that words have meanings, and those meanings cannot be distended to encompass the actions seen here.

The dissent, however, thinks the court should have broadened the law to encompass all sorts of innocuous behavior by using the very loosest definitions of the word “interfere.”

Webster’s New Twentieth Century Dictionary (2d ed. 1983); “to interpose in a way that hinders or impedes: come into collision or be in opposition . . . to enter into or take a part in the concerns of others,” Webster’s Ninth New Collegiate Dictionary (9th ed. 1985); and “to come between so as to be a hindrance or an obstacle . . . to intervene or intrude in the affairs of others; meddle.” The American Heritage Dictionary of the English Language (3d ed. 1992). Black’s Law Dictionary (11th ed. 2019) primarily defines “interfere” as “[t]he act or process of obstructing normal operations or intervening or meddling in the affairs of others.”

So, under these definitions, shoulder-surfing someone else’s Facebook account would be a criminal act. Sure, probably no one would attempt to criminally charge anyone for doing this, but that’s the expansive reading the Chief Justice of this court thinks is correct.

This is a good ruling that clearly delineates what is or isn’t covered by this computer crime law. And while Kinslow’s actions may have been cheap, dishonest, and all-around lousy, they weren’t criminal.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Georgia Supreme Court Overturns Computer Crime Conviction For Man Who Copied Himself On Emails Sent To His Boss”

Subscribe: RSS Leave a comment
8 Comments
That Anonymous Coward (profile) says:

"defines “interfere” as “[t]he act or process of obstructing normal operations or intervening or meddling in the affairs of others.”"

So does that mean Greg can be sued since he used a computer to obstruct the normal operations of Jereno, by meddling & intervening in the affairs of others??

"the City’s computer network settings had been altered by checking a box"

A Y F K M??

sumgai (profile) says:

I wonder why we don’t see any quotes from Kinslow as to why took this action. My bet would be that he was watching to see if Cothran was going to bad-mouth him to others within the department, or possibly to a prospective new employer. The fact that Kinslow didn’t initiate any lawsuit after several months tells me that Cothran didn’t do so, and he clossed the email account.

Anonymous Coward says:

Before Kinslow was let go, he utilized his administrator-level access to forward copies of emails sent to Cothran to his own personal email account.

This sentence and the headline are quite misleading, and make it sound like maybe he just stuck his personal address in the BCC field—which may violate confidentiality, but isn’t especially sinister and doesn’t usually require special access. What actually happened is that he set up a forwarding rule such that all emails sent to the boss, by anyone, would be sent to his personal account: "The City […] discovered that the […] settings had been altered […] to cause Cothran’s incoming e-mail messages to be copied and forwarded to Kinslow’s personal […] account. […] This forwarding continued until it was discovered […], two months after Kinslow’s termination."

Anonymous Coward says:

Hmmm

Creating a forwarding rule for ALL of your boss’s emails (heck anyone in a company) seems like a mighty evil trespass and nefarious deed. That’s basically espionage. Seems like it ought to be punishable somehow someway.
I’d sure like to have BCC of every email Bill Gates/Black Turtleneck and the CEO at your local biotech company send/sent. Probably be rather profitable…..

Tanner Andrews (profile) says:

Re: Hmmm

a forwarding rule for ALL of your boss’s emails

Probably a bad thing to do, especially in what we call the “real world”. But in the rarified atmosphere of government, all that stuff is, or ought to be, public records. It is the public’s business being carried out, by the public’s paid servants.

So, while the defendant appears to have done everything wrong, and clumsily, condemnation may be unduly harsh on these facts.

Leave a Reply to Jerry Cancel reply

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...