The Modern Public Square

This week brought us another unanimous U.S. Supreme Court case that’s arguably more important because it concerned the First Amendment.

The issue was a North Carolina law that made it a felony for registered sex offenders to use any social-networking site that lets minors join. So to be clear, that’s any social-media site, period, that lets minors join. That meant Facebook, LinkedIn, Twitter, or pretty much any other social-media site. The law was even broad enough to include websites like Amazon, WebMD, and the Washington Post. So you almost couldn’t use the Internet.

The defendant was one of more than 1,000 people who’ve been prosecuted under the law. In 2002, when he was 21 years old, he had sex with a 13-year-old girl, and he was charged with it. He pleaded guilty to it and registered as a sex offender. Then the law passed in 2008.

In 2010, he happened to get a traffic ticket dismissed in court, whereupon he logged on to Facebook and posted this to his timeline: “Man God is Good! How about I got so much favor they dismissed the ticket before court even started? No fine, no court cost, no nothing spent … Praise be to GOD, WOW! Thanks JESUS!”

He was indicted for that.

He moved to dismiss on the ground that the law violated the First Amendment, but the trial court denied it. He was convicted at trial and given a suspended prison sentence.

On appeal, the state courts duked it out. The court of appeals agreed with the guy, finding that the law violated the First Amendment. But the state supreme court reversed, finding the law “constitutional in all respects.”

Finally, the federal high court unanimously struck down the law because it plainly applied to websites like Facebook, LinkedIn, and Twitter among others. Facebook itself had 1.79 billion active users—or three times the population of North America.

The Court called these sites “integral to the fabric of our modern society and culture.” They had become our main sources for sharing current events, participating in the public square, and exploring human thought and knowledge. To foreclose access to them was to foreclose the legitimate exercise of First-Amendment rights.

Yes, a state could pass specific, narrowly-tailored laws that regulate the type of conduct that portends crime, like contacting a minor or using a website to gather information about one.

But it couldn’t just cut people off from the public square.

New California Criminal Laws in 2017

Let’s get right to it.

We already covered three of them in prior posts. One was Proposition 64, which legalized recreational marijuana. Another was Proposition 57, which expanded parole eligibility for nonviolent felons and cut back on prosecuting kids as adults. A third was Assembly Bill 1909, which made it a felony for prosecutors to commit Brady violations in bad faith.

Here are five more.

Ransomware is a form of extortion. This is Senate Bill 1137. It amended the Penal Code to punish anyone who introduces ransomware into a computer system or network. It doesn’t matter whether you actually got the ransom or not; it’s a felony punishable by two, three, or four years in the county jail. See Pen. Code § 523.

New business search warrants, less drama. This is Senate Bill 1087. It amended the Evidence Code to make it easier for innocent businesses to comply with search warrants for their records. Now, if a business is not a subject of the underlying investigation, it may be able to produce its records by mail or in some other arms-length way. That’s a lot better than having agents show up to go through your stuff. See Evid. Code § 1560(f).

New motion to vacate a conviction or sentence based on immigration consequences or fresh evidence of innocence. This is Assembly Bill 813. It allows you to ask a court to throw out your case in two situations even though you’ve served out your sentence. The first is if you pleaded guilty because of a legal mistake that undermined your ability to understand the immigration consequences of your plea. The second is if you can present fresh evidence that you were innocent. See Pen. Code § 1473.7.

No more possibility of probation for sex offenses where the victim was unconscious or too intoxicated to consent. This is Assembly Bill 2888. It eliminated probation as a possible sentence for rape, sodomy, oral copulation, or sexual penetration with a foreign object if the victim was unconscious or too intoxicated to consent. It extended a rule that already applied to other, serious sex offenses. See Pen. Code § 1203.065.

No more statute of limitations for felony sex and child-molestation cases. This is Senate Bill 813. It eliminated the statute of limitations for a litany of sex crimes, which now may be prosecuted at any time. Previously, they had to be prosecuted within ten years, or if the alleged victim was under 18, before he or she turned 40. See Pen. Code § 799.

What Are Your Intentions?

In most white-collar cases, the main driver at sentencing is the dollar amount of the victim’s loss, and in federal cases, the rule is that you’re responsible for either the actual loss or your intended loss, whichever is greater. We touched on the difference between actual and intended loss in this post from last spring.

But recently, an influential federal court of appeals had to decide a case in which the defendant stole his employers’ trade secrets but didn’t actually cause or intend any loss.

How so?

The defendant was a young financial analyst who, over a two-year period, worked for two securities firms. Both firms had created computer software to engage in high-frequency trading, where a computer trades at lightning-fast speed in response to market events. Each firm had invested time and money to develop the algorithms behind its software.

The defendant pleaded guilty to copying their computer programs for his own use, but he didn’t sell them, publish them, or take them to a competitor.

Instead, he used them to start making computerized trades himself, and he lost $40,000 in the process. There was no evidence he had any bigger plans for them than that. He got caught when the second firm grew suspicious of the activity on his work computer, which led to his being indicted for wire fraud, computer hacking, and theft of trade secrets.

At sentencing, everyone agreed that the two firms had suffered no actual loss, and there was no evidence the guy intended to cause them any loss at all.

The trial court, however, found that he intended to cause a loss of $12 million because that was the total labor cost that the firms incurred in developing their software.

That number made a big difference. Under the federal sentencing guidelines, it jacked up the guy’s suggested sentence from probation, which may have included some time in home detention or a halfway house, to a sentence of seven to nine years in prison. Based on that, the court sentenced him to three years in prison.

And yet, there was no evidence that the guy intended to cause the victims any loss, let alone a loss that equaled their internal cost of development. Although the trial court could consider such costs under the sentencing guidelines, it could not base its loss estimate on those costs alone without any proof of the defendant’s intent.

So the court of appeals sent the case back for resentencing.

California’s Cybercrime Statute

As promised last week, here’s the lowdown on Penal Code section 502, otherwise known as California’s Comprehensive Computer Data Access and Fraud Act.

Nowadays, of course, cybercrime can include any flavor of fraud, identity theft, or other scheme or swindle that is committed by computers or related to their use. Not to mention other crimes like stalking and child pornography.

Section 502, however, is found in the part of the Penal Code that deals with theft, larceny, and other crimes against property, and it lists fourteen separate ways you can land yourself in hot water by harming, hacking into, or misappropriating computer data or systems or by helping others to do so. See Pen. Code § 502(c). The list covers a lot of ground, and you can read it yourself here if you scroll two-thirds of the way down the page. The law also covers a lot of ground geographically, as it authorizes long-arm jurisdiction over your activities in every state to which or from which you direct them. Id. § 502(j).

The more serious offenses are wobblers. If they are charged as felonies, they are punishable by imprisonment in the county jail for 16 months, two years, or three years; a fine of up to $10,000; or both. If they are charged as misdemeanors they are punishable by imprisonment in the county jail for up to one year; a fine of $5,000; or both.

Some of the fourteen provisions are broad in scope, and one punishes you simply for knowingly using computer services without permission. See Pen. Code § 502(c)(3). If it’s your first violation, and you didn’t cause any injury to any computer data or systems, and you didn’t use more than $950 worth of computer services, then it’s a misdemeanor punishable by up to one year in the county jail, a fine of up to $5,000, or both. The term injury, however, means any alteration, deletion, damage, or denial of access you may have caused. Id. § 502(b)(10). If it’s not your first time, or you did cause injury to data, or you used more than $950 worth of computer services, or it costs the victim more than $5,000 to investigate the breach, then it’s a wobbler punishable as a felony or misdemeanor.

The least serious offenses—where you accessed stuff without permission but didn’t cause any injury—may be infractions if it’s your first time, and you may get off with a fine of $1,000 or less. If it’s not your first time, or if it costs the victim $5,000 or less to investigate the breach, then it’s a misdemeanor punishable by up to one year in the county jail, a fine of up to $5,000, or both. If it costs more than $5,000 to investigate the breach, it’s a wobbler.

Beyond criminal prosecution, section 502 gives the victim a private right of action to sue you civilly for money damages and other relief. The court may even order you to pay the victim’s legal fees, and it may hold you liable for punitive damages if your conduct was bad enough. And parents, take note: you can be held liable for your kid’s conduct. Or, if you’re a college student, you may face automatic disciplinary proceedings at your school on top of everything else. See generally id. § 502(e).

But not all is lost for those who can’t help goofing around at work. First off, there’s an exception to prosecution for acts that were within the scope of your employment, meaning they were reasonably necessary to the performance of your assignment. Id. § 502(h)(1). But even if you acted outside the scope of your employment, you can’t be punished if you didn’t cause any injury to your employer or anyone else, or if the total value of the goods or services you used didn’t exceed $250. Id. § 502(h)(2), (i). See also Chrisman v. City of L.A. (2007) 155 Cal. App. 4th 29, 34-37 (applying these exceptions to a police officer who misused a law-enforcement database to look up celebrities and others). Finally, the statute directs a court to consider alternate sentencing, including community service, if you’ve demonstrated remorse and an inclination not to repeat the offense. Pen. Code § 502(k).

We’re Not Gonna Take It, Anymore!

You may want to tell your boss to take your job and shove it, but if you’re thinking of logging on one last time to wreak some havoc or raid the company’s trade secrets then think again.

Over the summer, a federal court of appeals interpreted California law in a way that makes it a crime for you to access your employer’s computer systems and take, copy, or use the data without permission. Although the federal court’s interpretation doesn’t bind the state’s courts, it may influence them until the state’s supreme court says otherwise.

The appeal was brought by six defendants after their convictions for racketeering and illegal wiretapping. The defendants were convicted of running, working for, or doing business with a private-investigations agency that provided illegal services. The agency bribed local police officers to access confidential law-enforcement databases, and it bribed phone-company employees to illegally wiretap people and record their calls. The government called it a criminal enterprise under the Racketeer Influenced and Corrupt Organizations (“RICO”) statute, and the jury agreed. See 18 U.S.C. §§ 1961-68.

The defendants lost most of their arguments on appeal, but one stuck.

The defendants argued that some of their convictions couldn’t stand because they were based on violations of a federal anti-hacking statute, and the defendants hadn’t hacked into any computers. See 18 U.S.C. § 1030.

That part was true. Three years ago, the same court that heard their appeal had construed section 1030 to punish unauthorized access to information (like hacking into a computer) but not unauthorized use of that information by someone who had authorized access. In that case, the court reversed the conviction of a man who raided his employer’s data in order to start a competing business. See United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc). He may have been guilty of other charges, the court had held, but he couldn’t be guilty of violating section 1030. So here, too, the court reversed those convictions.

Other convictions, however, were based on violations of state law, and that was different. See Cal. Pen. Code § 502. The court held that section 502 doesn’t just punish people for hacking into or harming computers, networks, or data. It also punishes knowingly accessing such systems and then taking, copying, or using data without permission. See id. § 502(c)(2). So the focus is not just hacking but theft or misappropriation as well.

The court noted that California law was not settled on that point. Compare Chrisman v. City of L.A. (2007) 155 Cal. App. 4th 29, 34-37 (finding that section 502 was primarily an anti-hacking statute) with Gilbert v. City of Sunnyvale (2005) 130 Cal. App. 4th 1264, 1281 (interpreting section 502(c)(2) to restrict use and not just access) and People v. Hawkins (2002) 98 Cal. App. 4th 1428, 1440-43 (same).

But until the California Supreme Court decides otherwise, California prosecutors may well charge you criminally for misusing your computer access at work.

So don’t get it twisted, sister. But more on that next week.

Cyber Search Warrants Are Going to the Dogs

It’s true, and reportedly, even the recent search of Jared Fogle’s home involved a Labrador who found a thumb drive of potential evidence.

The dog is one of a handful or two nationwide that’s trained to sniff out electronics and their component parts based on a chemical that’s common to all of them. Law enforcement won’t identify the chemical, but after a few months of training, the dogs learn to detect its odor. They can then be used to search for anything from laptops, tablets, and hard drives to thumb drives, circuit boards, and tiny memory cards.

It’s a relatively new advent but one that’s catching on quickly.

Still, we should remain wary of the potential for abuse. A lot depends on how well these dogs are trained and how scrupulously they are used by their handlers, among other things.

A Convergence of Pot and Patriotism

It’s been a good month for the U.S. Justice Department.

On May 12, it established a new policy that requires agents and prosecutors to electronically record their custodial interrogations in most cases.

Then on May 19, FBI Director James Comey publicly suggested that the Bureau may need to rethink its hiring policy on pot if it wants to attract the best and brightest to combat cybercrime and other threats to national security. You may remember Mr. Comey as the former Deputy Attorney General who, back in 2004, intervened in dramatic fashion when White House officials attempted to railroad a hospitalized John Ashcroft into recertifying a domestic-spying program that the Justice Department had determined was illegal. Say what you want about him, but the man has spent most of his professional life as a prosecutor and public servant. He’s probably no radical.

Mr. Comey’s remarks came during an unscripted, question-and-answer session following a speech he gave in New York. When one attendee said he had a friend who would make a great candidate for the FBI but who hadn’t applied because of the anti-pot policy, Mr. Comey encouraged the man’s friend to apply anyway. In one tongue-in-cheek moment, Mr. Comey said, “I have to hire a great work force to compete with those cybercriminals, and some of those kids want to smoke weed on the way to the interview.”

Two days later, Mr. Comey had to clarify his remarks at a congressional hearing when Alabama Senator Jeff Sessions confronted him about them. The Director hastened to clarify that, no, he didn’t want young people to use marijuana, and more to the point, he wasn’t going to change the Bureau’s policy on his own or any time soon. Too bad. Mr. Comey, with all due respect to the distinguished gentleman from Alabama, you’re right, he’s wrong, and we need all the help we can get.

Now let’s all go get a drink.


Ratings and Reviews

10.0Mani Dabiri
Mani DabiriReviewsout of 7 reviews
The National Trial Lawyers
The National Trial Lawyers
Mani Dabiri American Bar Foundation Emblem