Course No.: 9200-710 (& 810)-001
Course ID: 85723 & 85725
Time: M, W 4:45-6:15 p.m.
|Professor Jay Dratler, Jr.||
Across from Room 231D (IP Alcove)
|Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2010 Jay Dratler, Jr.|
|For permission, see CMI.|
Notes and Questions on Hotmail, Czubinski, and Morris
What specific subsection of today's version of Section 1030 best applies to the acts of the defendants in Hotmail? What specific words or phrases in that subsection best fit their behavior? Do any words or phrases require interpretation or constuction as applied them? If so, what is the preferred interpretation, and why? What criminal penalties would/should apply to the Hotmail defendants? Could they be convicted of a felony (with a jail term of a year or more), or only misdemeanors (with a lesser sentence)? Is criminalizing their activities appropriate from the perspective of social and economic policy?
2. Czubinski might be called a "data voyeur": he looked but he didn't touch. His case is interesting for three reasons. First, it demonstrates how prosecutors may attempt to "stretch" general-purpose criminal laws, adopted for other purposes, to cover computer crimes. Prosecutorial overreaching of this sort is understandable and hardly uncommon. Cf. Dowling v. United States, 473 U.S. 207, 228-229, 105 S.Ct. 3127, 87 L. Ed. 2d 152 (1985) (reversing conviction, under federal statute criminalizing interstate transportation of solen goods, for copyright infringement involving interstate distribution of "bootleg" phonorecords). Overreaching often results in congressional action to cover explicitly conduct that the general-purpose statute could not be strectch to reach. Second, Czubinski demonstrates the extentand the limitationsof the Computer Fraud and Abuse Act. Finally, it demonstrates another understandable but troubling phenomenon: the tendency of prosecutors to select defendants who, they believe, will not "play" well before juries. What about Czubinski made him an ideal candidate for prosecution in this regard? Was the court right to discount Czubinski's malodorous views in applying the statute?
3. The prosecutor's first attempt to nail Czubinski involved the general wire-fraud statute, 18 U.S.C. § 1343, which is quoted in footnote 4 of the court's opinion. Among other things, that statute requires "a scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses[.]" Did Czubinski perpetrate such a "scheme or artifice"? Doesn't the quoted language, at least in ordinary understanding, contemplate some sort of fraud or theft? Did Czubinski perpetrate a fraud or theft?
In an effort to convince the court that he did, the prosecutor cited cases involving bribery or corruption of public officials. In those cases, the prosecution had proceeded on the theory that a corrupt public official "defrauded" or "stole from" the public by depriving the public of his or her honest services. As the Czubinski court notes, the Supreme Court threw out this creative interpretation, but Congress restored it by amending the statute to include a definition of "scheme or artifice to defraud" that makes explicit reference to "honest services."
Before Congress so amended the statute, was it clear that the statute should cover bribery, corruption, and conflict of interest? See McNally v. United States, 483 U.S. 350, 361, 107 S.Ct. 2875, 97 L.Ed.2d 292 (1987). Would a public official of ordinary intelligence expect that accepting a bribe or having a conflict of interest would result in a successful prosecution for fraud or theft?
4. Lack of clarity in criminal statutes is more than a mere drafting pecadillo. It can offend fundamental notions of due process and thereby reach constitutional diminesion. As the Supreme Court explained:
Connally v. General Construction Co., 269 U.S. 385, 391, 46 S.Ct. 126, 70 L.Ed. 322 (1926). Does/should the same principle apply when a statute is otherwise clear but a zealous prosecutor attempts to assert an overreaching construction?
5. Once Congress amended the wire-fraud statute to insert the new definition of "scheme or artifice to defraud," the overreaching interpretation became law, however odd it might seem linguistically. Was court here correct in concluding that cases involving bribery, corruption, and conflicts of interest were inapposite, and that Czubinski did not deprive the public of his "honest services" to the same extent? If Czubinski had practiced his "data voyeurism" while he was supposed to be on the job, he would have deprived the public of his services (honest or not) during that time. Would/should that be enough to convict him? Would an affirmative answer make a federal felon out of every federal employee who "plays hookey" or takes too long a coffee break?
6. Congress adopted the Computer Fraud and Abuse Act in part because of the difficulty of prosecuting computer crimes under general-purpose fraud and theft statutes. Suppose a "hacker" breaks into a computer system, uploads her video games, and uses the system without authorization to play them. Has she "defrauded" the system's owner? Has she stolen anything that can be characterized as "property"?
Some states have statutes criminalizing "theft of services," which can be adapted to such cases. See N.Y. Penal Law § 165.15(10) (McKinney Supp. 1992) ("A person is guilty of Theft of Services if he [obtains or has] control . . . over . . . business, commercial or industrial equipment or facilities of another person, knowing that he is not entitled to the use thereof, and with intent to derive a commercial or other substantial benefit for himself or a third person, he uses or diverts to the use of himself or a third person such . . . equipment or facilities"). Yet these statutes are also subject to both abuse and interpretation. See Weg v. Macchiarola, 995 F.2d 15, 16-17 (2d Cir. N.Y. 1993) (noting failure of state prosecution for personal use of state computer by systems manager in Board of Education, where state court declined to find that computer was "business equipment"). Rather than stretch a general-purpose statute to fit, many states and Congress designed statutes specially for computer crimes. The Comuter Fraud and Abuse Act was one of those statutes.
7. What specific subsectionand what specific words and phrases in itarguably applied to Czubinski's "data voyeurism"? What specific words and phrases got him off the hook?
Does the relevant subsection read the same way today as it did when this case was decided? If not, would a prosecution of Czubinski under that same subsection be successful today? Is the answer clear? Could a prosecutor today nail Czubinski under any other subsections? If so, which ones? Does their language raise any question of interpretation?
8. Since adopting it 1984, Congress had amended Section 1030 seven times by year-end 2001. (A list of amendments appears in the "HISTORY" section of the annotations, immediately after the statute's current language, in the annotated version of the statute available, for example, on LEXIS.) Why do you think the statute suffered so many amendments in less than twenty years? Are prosecutors, the courts and Congress still adjusting to the unforeseen consequences of computer technology and use? Whatever the reason, it behooves lawyers to check the current version of the statute for possible later amendments before attempting to apply it.
9. The Morris case interprets statutory language that has been changed. Nevertheless, it is an important decision for two reasons. First, it is a classic case of statutory interpreation, involving everything from punctuation to legislative history. Second, it illustrates how courts may resolve a statutory ambiguity against a criminal defendant, despite the traditional rule that penal statutes are strictly construed.
As the Morris court states, statutory exegesis is needed only when the plain language of the statute is ambiguous. Can you articulate precisely the ambiguity in this case? The word "ambiguity" implies two or more plausible meanings of the same statutory language. Can you articulate them precisely?
Once the party asserting an ambiguity (here the defendant Morris) has convinced the court that one exists, the court must entertain all reasonable arguments bearing on the resolution of the ambiguity. Here the court considers: (1) puncutation, (2) the purpose and sense of the statute as a whole, (3) the language and meaning of other sections of the same statute, (4) the congressional committee reports, and (5) the history of statutory amendments and the reasons for them. The term "legislative history" is itself ambiguously general, for its is broad enough to encompass all of the last four considerations.
On which of these five aids to interpretation does the court ultimately rely most heavily? Does its doing so make sense? Is its reasoning persuasive, and its conclusion correct?
10. Under what specific subsection(s), and on what specific words and phrases in each, did successful prosecution of Morris depend? Would the same result apply under today's version of the statute? Would prosecution of Morris be easier or harder today? Would he be guilty of a felony, or only a misdemeanor?
11. Congress added the civil cause of action in subsection (g) as part of the 1994 amendments. See Computer Abuse Amendments Act of 1994, Pub. L. No. 103-322, Title XXIX, § 290001(d), 108 Stat. 2097 (Sept. 13, 1994). This civil offense, buried in a criminal staute deep in the bowels of the federal Criminal Code (Title 18 of the United States Code), is a trap for the unwary. Does its existence suggest good reason for reading any unfamiliar statute from beginning to end?
If Morris had performed his little "experiments" today, could he have been sued by all the various institutions whose computers his "worm" brought down? If so, for what relief would he have been liable? Might his financial future be uncertain?
12. Czubinski's acts apparently did no harm. Morris' acts did plenty. Yet Morris seemed to be more heedless of consequences than a deliberate and purposeful wrongdoer. After all, his original goal was to improve computer security by testing it.
Does/should the statute take culpability (or the lack thereof) into account in assessing liability? Should courts take it into account in sentencing? Should courts exercise particular care in applying criminal law to computer crimes in which reckless, negligent, or even innocent acts may have tremendous, even disastrous, consequences? Or should criminal defendants be liable for all the harm they cause, even if they could not reasonably foresee that harm at the time of their acts that caused it? If even experts could not foresee the extent of the harm?