No IN THE SUPREME COURT OF THE UNITED STATES ALBERTA CAPINE, Petitioner. UNITED STATES, Respondent.

Similar documents
No In The SUPREME COURT OF THE UNITED STATES ALBERTA CAPINE, Petitioner, UNITED STATES OF AMERICA, Respondent.

In the Supreme Court of the United States

Supreme Court of the United States

VIRTUAL CERTAINTY IN A DIGITAL WORLD: THE SIXTH CIRCUIT S APPLICATION OF THE PRIVATE SEARCH DOCTRINE TO DIGITAL STORAGE DEVICES IN UNITED STATES

Digitizing the Private Search Doctrine: Is a Computer a Container?

SUPREME COURT OF THE UNITED STATES OF AMERICA

Know Your Rights ELECTRONIC FRONTIER FOUNDATION. Protecting Rights and Defending Freedom on the Electronic Frontier eff.org

Supreme Court of The United States

No IN THE SUPREME COURT OF THE UNITED STATES. ELIZABETH JENNINGS, Petitioner, UNITED STATES OF AMERICA, Respondents.

The Private Search Doctrine and the Evolution of Fourth Amendment Jurisprudence in the Face of New Technology: A Broad or Narrow Exception?

Testimony of Kevin S. Bankston, Policy Director of New America s Open Technology Institute

United States District Court

Recent Federal Developments in Trade Secrets Law:

9th Circ.'s Expansive Standard For Standing In Breach Case

Testimony of Orin S. Kerr Professor, George Washington University Law School

Case No In the SUPREME COURT OF THE UNITED STATES SPRING TERM, 2018 ELIZABETH JENNINGS, Petitioner, UNITED STATES OF AMERICA, Respondent.

Calif. Privacy Act Will Increase Data Breach Liability

NOS ; IN THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT UNITED STATES OF AMERICA, PLAINTIFF-APPELLEE,

Supreme Court of the United States

S11G0644. HAWKINS v. THE STATE. This Court granted certiorari to the Court of Appeals to consider whether

Case 2:13-cr KJM Document 169 Filed 06/13/16 Page 1 of 6 IN THE UNITED STATES DISTRICT COURT EASTERN DISTRICT OF CALIFORNIA

The Private Search Doctrine After Jones Andrew MacKie-Mason

PLAIN VIEW. Priscilla M. Grantham

United States Court of Appeals

By Jane Lynch and Jared Wagner

In The SUPREME COURT OF THE UNITED STATES. October Term, Docket No Albert Greene, United States,

In the Supreme Court of the United States

IN THE SUPREME COURT OF THE STATE OF NEW MEXICO

Petitioner, Respondent.

Case 3:16-mc RS Document 84 Filed 08/14/17 Page 1 of 9 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA I.

No IN THE SUPREME COURT OF THE UNITED STATES. Elizabeth Jennings, Petitioner. United States of America, Respondent.

357 (1967)) U.S. 752 (1969). 4 Id. at 763. In Chimel, the Supreme Court held that a search of the arrestee s entire house

UNITED STATES AIR FORCE COURT OF CRIMINAL APPEALS

United States Court of Appeals

10SA304, People v. Schutter: Fourth Amendment Warrantless Search Contents of iphone Lost or Mislaid Property.

IN THE SUPREME COURT OF THE STATE OF OREGON

Three Threshold Questions Every Attorney Must Answer before Filing a Computer Fraud Claim

Briefing from Carpenter v. United States

NOT FOR PUBLICATION UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

1 See, e.g., Zurcher v. Stanford Daily, 436 U.S. 547, 559 (1978) ( The Fourth Amendment has

I. Introduction. fact that most people carry a cell phone, there has been relatively little litigation deciding


UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF STETSON. v. CASE NO.: 15:16-CR CHR-ESW

Follow this and additional works at:

Supreme Court of the United States

Supreme Court of the United States

v. CIVIL ACTION NO. H

No IN THE DAVID LEON RILEY, On Petition for a Writ of Certiorari to the California Court of Appeal, Fourth District

No IN THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT UNITED STATES OF AMERICA, Plaintiff-Appellant, DAVID NOSAL,

The Burger Court Opinion Writing Database

CASE NO. 1D James T. Miller, and Laura Nezami, Jacksonville, for Appellant.

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF OREGON ADAM MATOT, v. OPINION AND ORDER. CH et al., Defendants.

UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON AT SEATTLE

The State of South Carolina OFFICE OF THE ATTORNEY GENERAL. April 21, 1998

Computer Search and Seizure

MINNESOTA v. DICKERSON 113 S.Ct (1993) United States Supreme Court

STATE OF MICHIGAN COURT OF APPEALS

Case 2:15-cv PA-AJW Document 1 Filed 01/02/15 Page 1 of 11 Page ID #:1 UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA. Deadline.

A (800) (800)

UNITED STATES DISTRICT COURT DISTRICT OF MAINE. UNITED STATES OF AMERICA ) ) v. ) Criminal Number: P-H ) DUCAN FANFAN )

SUPREME COURT OF NEW YORK APPELLATE DIVISION, THIRD DEPARTMENT

SUPREME COURT OF THE UNITED STATES ORDER GRANTING WRIT OF CERTIORARI. Petitioner, Respondent.

United States Court of Appeals

Texas Law Review Online Volume 97

Case 2:13-cr KJM Document 167 Filed 06/08/16 Page 1 of 12

IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT. No D.C. Docket No. 1:10-cr TWT-AJB-6. versus

California v. Greenwood: Police Access to Valuable Garbage

Supreme Court of The United States

United States v. Jones: The Foolish revival of the "Trespass Doctrine" in Addressing GPS Technology and the Fourth Amendment

MEMORANDUM FOR BASIC LEGAL RESEARCH & WRITING I. QUESTIONS PRESENTED. A. Will Mr. Smeek prevail on a motion to suppress the 300 grams of hail seized

In The Supreme Court of the United States

In The SUPREME COURT OF THE UNITED STATES NEW YORK, -versus- AZIM HALL, REPLY BRIEF IN SUPPORT OF PETITION FOR A WRIT OF CERTIORARI

UNITED STATES AIR FORCE COURT OF CRIMINAL APPEALS

UNITED STATES OF AMERICA, PETITIONER DAVID NOSAL, RESPONDENT. No BRIEF FOR PETITIONER

Exceeding authorized access in the workplace: Prosecuting disloyal conduct under the Computer Fraud and Abuse Act

Supreme Court of the United States

Case 1:17-cr RNS Document 37 Entered on FLSD Docket 05/01/2018 Page 1 of 17 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MICHIGAN NORTHERN DIVISION. Petitioner, Case No BC v. Honorable David M.

Security Video Surveillance Policy

THE ABANDONMENT DOCTRINE AND UNITED STATES V. SPARKS I. INTRODUCTION

APPLICATION & SUBSCRIBER AGREEMENT FOR INTERNET ACCESS TO DINWIDDIE CIRCUIT COURT DOCUMENTS APPLICATION

STATE V. GANT: DEPARTING FROM THE BRIGHT-LINE BELTON RULE IN AUTOMOBILE SEARCHES INCIDENT TO ARREST

BUSINESS LAW. Chapter 8 Criminal Law and Cyber Crimes

Indiana Association of Professional Investigators November 16, 2017 Stephanie C. Courter

IN THE COURT OF APPEALS OF NORTH CAROLINA. No. COA Filed: 20 September 2016

LAWS OF CORRECTION & CUSTODY ALABAMA PEACE OFFICERS STANDARDS & TRAINING COMMISSION

IN BRIEF SECTION 24(2) OF THE CHARTER EXCLUSION OF EVIDENCE. Learning Objectives. Materials. Extension. Teaching and Learning Strategies

UNITED STATES COURT OF APPEALS ORDER AND JUDGMENT * Defendant Christopher Scott Pulsifer was convicted of possession of marijuana

Case 1:13-mj JMF Document 5 Filed 11/26/13 Page 1 of 16 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

CRIMINAL PROCEDURE SEARCH INCIDENT TO ARREST WARRANTLESS COLLECTION OF DIGITAL INFORMATION FROM CELL PHONES DEEMED UNCONSTITUTIONAL.

No In The Supreme Court of the United States. Gerrard Leomund, Petitioner, v. United States of America, Respondent.

IN THE SUPREME COURT OF GUAM. PEOPLE OF GUAM, Plaintiff-Appellant, ZACHARY RICHARD ULLOA CAMACHO, Defendant-Appellee. OPINION. Filed: May 7, 2004

IN THE SUPREME COURT OF THE STATE OF OREGON S063197

NOT FOR PUBLICATION WITHOUT THE APPROVAL OF THE APPELLATE DIVISION

United States Court of Appeals

STATE OF WISCONSIN : CIRCUIT COURT : BROWN COUNTY. vs. Case No. 12 CF BRIEF IN SUPPORT OF MOTION TO SUPPRESS EVIDENCE

@ On computers and other networks by the cyber criminals using authorized or unauthorized entry

IN THE SUPREME COURT OF THE UNITED STATES. OCTOBER TERM, 2015 LEVON DEAN, JR., Petitioner. UNITED STATES OF AMERICA, Respondent

IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF MISSISSIPPI EASTERN DIVISION. RYAN GALEY and REGINA GALEY

IN THE UNITED STATES COURT OF APPEALS FOR THE FIFTH CIRCUIT

Transcription:

No. 10-1011 IN THE SUPREME COURT OF THE UNITED STATES 2016 ALBERTA CAPINE, Petitioner. v. UNITED STATES, Respondent. On Argument to the United States Supreme Court from Judgment Entered by the Twelfth Circuit Court of Appeals Decision BRIEF OF RESPONDENT Team 6 Counsel for Respondent

TABLE OF CONTENTS TABLE OF AUTHORITIES.ii QUESTIONS PRESENTED...1 OPINIONS BELOW 1 CONSTITUTIONAL PROVISIONS AND RULES..1 INTRODUCTION.2 STATEMENT OF THE CASE 5 ARGUMENT.7 I. THE COURT OF APPEALS DECISION SHOULD BE UPHELD BECAUSE THE PRIVATE SEARCH EXCEPTION TO THE FOURTH AMMENDMENT APPLIES TO OFFICER MILLER S SEARCH OF MS. CAPINE S COMPUTER FILES.7 A. Alberta Capine had no reasonable expectation of privacy under the Fourth Amendment in the computer files at issue because the private search doctrine applies.8 B. The application of the private search exception should be upheld in this case because Officer Miller was virtually certain to uncover incriminating evidence.13 II. THE COURT OF APPEALS DECISION SHOULD BE AFFIRMED BECAUSE ALBERTA CAPINE EXCEEDED HER AUTHORIZED ACCESS WHEN SHE USED HER EMPLOYEE USERNAME AND PASSWORD TO ACCESS AND DOWNLOAD PRIVATE INFORMATION TO FURTHER A CRIMINAL ENTERPRISE..17 A. Alberta Capine exceeded authorized access by using her work credentials to download, store, and later access private information for a criminal and nonbusiness purpose..18 B. The broad definition of exceeds authorized access is most true to the goals and purpose of the Computer Fraud and Abuse Act...20 C. The application of the broad definition of exceeds authorized access will not raise any fair notice concerns as to what is prohibited by the CFAA..24 CONCLUSION 25 SIGNATURE BLOCK...26 i

TABLE OF AUTHORITIES UNITED STATES SUPREME COURT CASES Brigham City v. Stuart, 547 U.S. 398, 403 (2006).8 Chickasaw Nation v. United States, 534 U.S. 84 (2001) 23 Coolidge v. New Hampshire, 493 U.S. 443, 489 (1971) 10 United States v. Jacobsen, 466 U.S. 109 (1984) 7, 9, 10, 11, 13 United States v. Knotts, 460 U.S. 276, 280 (1982).7, 8 UNITED STATES COURT OF APPEALS CASES In re Application of the United States for Historical Cell Site Data, 724 F. 3d 600, 609 (5th Cir. 2013)..7 Int'l Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006).20, 21 LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009)..22 Rann v. Atchison, 689 F.3d 832 (7th Cir. 2012)..13, 15 Robbins v. Chronister, 402 F.3d 1047, 1050 (10th Cir. 2005) on reh'g en banc, 435 F.3d 1238.23 (10th Cir. 2006) (citing Griffin v. Oceanic Contractors, Inc., 458 U.S. 564, 575, 102 S.Ct. 3245, 73 L.Ed.2d 973 (1982)) 23 United States v. John, 597 F.3d 263 (5th Cir. 2010)...19, 20, 24, 25 United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) 22, 23 United States v. Oliver, 630 F.3d 397, 408 (5th Cir 2011)...15 United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010) 19, 20, 24 U.S v. Rouse, 148 F.3d. 1040, 1041 (8 th Cir. 1998)..12 U.S v. Runyan, 275 F. 3d 397 (5 th Circ. 2001).11, 12 WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012)...22 ii

UNITED STATES DISTRICT COURT CASES Diamond Power Int'l, Inc. v. Davidson, 540 F. Supp. 2d 1322 (N.D. Ga. 2007) 22 Calyon v. Mizuho Sec. USA, Inc., No. 07 CIV. 2241 (RO), 2007 WL 2618658, at *1 (S.D.N.Y. July 24, 2007)..24 People v. Emerson, 766 N.Y.S 2d 482 (Sup. Cit. 2003).12 FEDERAL REGULATIONS 18 U.S.C. 1030 (2006) 17, 18, 22 ADDITIONAL SOURCES Garrett D. Urban, Causing Damage Without Authorization: The Limitations of Current Judicial Interpretations of Employee Authorization Under the Computer Fraud and Abuse Act, 52 WM. & MARY L. REV. 1369, 1387 (2011).21 Orin S. Kerr, Vagueness Challenges to the Computer Fraud and Abuse Act, 94 MINN. L. REV. 1561, 1564 (2010) 21, 22 S. REP. 99-432, at 6-7 (1986), as reprinted in 1986 U.S.C.C.A.N. 2479, 2483 23 iii

QUESTIONS PRESENTED 1. Does the private search exception to the Fourth Amendment permit a police officer to view computer files within the same file folder beyond those viewed by the private party when conducting a reasonable search? 2. Does an employee exceed authorized access in violation of Section 1030(a)(2)(C) of the Computer Fraud and Abuse Act when she uses her work credentials in violation of company policy to access and store private information for a criminal enterprise? OPINIONS BELOW The Court of Appeal s opinion in Capine v. United States is reported at 913 F.3d 1131 (12th Cir. 2015). CONSTITUTIONAL PROVISIONS AND RULES In this case, the Petitioner was charged with multiple counts of drug trafficking, attempted identity theft, and violation of the Computer Fraud and Abuse Act, 18 U.S.C. 1030(a)(2)(C). This appeal further implicates the United States Constitution amend IV. regarding unreasonable search and seizures. 1

INTRODUCTION This case is about boundaries of access. Petitioner Alberta Capine is an employee at Find Funds, Inc., who utilized her work credentials and computer to conduct a criminal narcotics operation. Although company policy prohibited personal use of financial data, Ms. Capine asserts that she did not exceed her authorized access under the terms of the Computer Fraud and Abuse Act. Yet, Ms. Capine used her employer-granted username and password to access, download, and store highly confidential information that she later accessed for a criminal and non-business purpose. Additionally, Ms. Capine claims that the search of her work computer conducted by Officer Miller on September 23rd exceeded the bounds of the private search performed by her roommate and coworker Ester Sundon. Although Officer Miller limited his search to the single file folder investigated by Ms. Sundon labeled transaction history that had already been determined to contain information on Ms. Capine s criminal activities, Ms. Capine argues that the private search exception should not be utilized. First, the private search exception doctrine should apply in this case. Per the requirements of Fourth Amendment jurisprudence, Ms. Capine must demonstrate that she had a reasonable expectation of privacy in the transaction history file folder. However, this is impossible as Ms. Capine had no reasonable expectation of privacy in her computer. The computer she was utilizing belonged to her employer Find Funds, Inc. and she was aware that the computer policies of her company prevented her from utilizing the computer for personal use. She had reason to expect that the files in her computer would not be kept confidential as they could presumably be accessed by her employer. Moreover, even if an expectation of privacy is found, whether or not a search was reasonable is entirely dependent on government action. The Fourth Amendment does not protect against searches conducted by private parties regardless of whether they are 2

reasonable or not. In this case, Ms. Sundon had already opened the transaction history file folder and viewed files within it. Based on prior precedent, the file folder could be viewed as a closed container. Because the police do not exceed the scope or a prior private search when they examine the same closed container more thoroughly than a private party, Officer Miller s search should be considered reasonable. Furthermore, Officer Miller was virtually certain to uncover further incriminating evidence in the transaction history file folder. The files were all approximately the same size and utilized a very descriptive naming system detailing the names of Ms. Capine s business associates. It was eminently clear to a police officer with Officer Miller s training, or even to Ms. Sundon, that the files would contain further information regarding narcotics trafficking. In every step of his investigation, Officer Miller followed best police practices and took abundant precautions to preserve Ms. Capine s privacy interests by limiting his search to the single folder already opened by Ms. Capine. He made a legitimate, good-faith effort to ensure that the spirit of the Fourth Amendment was followed before obtaining a warrant for the rest of the computer. If the facts of this case do not demonstrate that it was virtually certain that incriminating evidence would be uncovered, no case will. Just because Ms. Capine utilized a computer, she should not be allowed to escape prosecution solely because a computer can contain legally irrelevant privacy interests. Police should not be handicapped just because evidence is contained in a digital medium. Such a policy would hamper police efficiency and ensure that they cannot confront cyber crime issues to the detriment of the public interest. Second, Alberta Capine exceeded authorized access and violated Section 1030(a)(2) of the Computer Fraud and Abuse act when she used her employee username and password to access and download personal identifying information to create a client list which she would 3

later use in the sale of illegal narcotics. Section 1030 of the Computer Fraud and Abuse Act prohibits obtaining information from a private computer without authorization or by exceeding authorized access. 18 U.S.C. 1030(a)(2)(C). When first enacted, the CFAA was primarily targeted towards hackers who accessed private information without authorization. The CFAA has been amended multiple times since its enactment and each amendment has expanded the statute s reach to cover not just hacking, but other forms of computer fraud and abuse. As the statute has been interpreted more broadly by the courts, Section 1030 has been applied to instances of insider-employee abuse of private company computer resources. In the present case, Ms. Capine undoubtedly abused company resources and exceeded her authorized access by using her Find Funds company credentials in furtherance of a criminal enterprise. Ms. Capine s employer had a policy prohibiting the use of company computer resources for personal purposes. Despite this policy, Ms. Capine a supervisor in charge of employee computer access used her username and password to access highly sensitive and confidential information, which she saved to her computer and accessed later to create a client list for drug sales. If Ms. Capine had a work purpose to access this information, she could have done so with her username and password. Her access of the PDF files was for a personal, criminal purpose, thereby exceeding any authorization she was given by her employer. Furthermore, Ms. Capine had reason to know that her employer did not authorize her to take information from a work-related database in furtherance of a criminal objective. The egregious abuse of Ms. Capine s access calls for the application of the CFAA in this case. For the reasons stated above, the Court should affirm the Twelfth Circuit s decision to apply the private search exception to the Fourth Amendment and find Ms. Capine in violation of Section 1030(a)(2)(C) of the Computer Fraud and Abuse Act. 4

STATEMENT OF THE CASE On September 23 rd, Officer Miller responded to a citizen tip describing a potential drug trafficking ring. (R. at 2 3). When he arrived at the Petitioner Alberta Capine s apartment, he was allowed entrance by her roommate and coworker, Ester Sundon. (R. at 3). Ms. Sundon revealed that she had discovered suspicious files on Ms. Capine s work computer in a file folder labeled transaction history. (R. at 3). The file folder contained sixteen excel documents and sixteen corresponding pdf files, each clearly labeled with the name of an individual narcotics customer. (R. at 2 3). In addition, each document was roughly the same size as the other documents in the folder. (R. at 3). Utilizing best police practices, Officer Miller asked Ms. Sundon to show him the three files that she had already opened. (R. at 3). Each spreadsheet included a transaction which had previously occurred, listing the date, dollar amounts, and quantities of marijuana, cocaine, methamphetamine and various other controlled substances that had been sold. (R. at 3). Each pdf file contained the names, addresses, social security numbers, dates of birth, telephone numbers, family connections, employment, bank and credit card account information of Ms. Capine s alleged clients. (R. at 3). Because of his extensive training, Officer Miller immediately recognized that he was dealing with a large criminal enterprise. (R. at 3). He asked Ms. Sundon to allow him access to the laptop, which she granted. (R. at 3). In order to preserve the evidence, he copied all sixteen files and pdfs within the transaction history folder onto a flash drive and examined the rest of the files within the folder so that he could personally testify to their contents. (R. at 3). After viewing these documents, Officer Miller had the probable cause necessary to secure a warrant for the rest of the files on Ms. Capine s computer. (R. at 3). He did not examine any additional files or folders on Ms. Capine s computer until the warrant was executed and the police were 5

able to seize the computer. (R. at 3). Ms. Capine was subsequently indicted for multiple counts of drug trafficking, attempted identity theft, and violation of the Computer Fraud and Abuse Act. (R. at 3). The resulting investigation revealed that Ms. Capine had utilized her employment at Find Funds, Inc., a local debt collections agency, to identify and extort her narcotics customers. In her work as a small claims supervisor, Ms. Capine had significant responsibility over the computers of the agency and for employee s access to the financial information databases. (R. at 2). Each employee at the agency was given a unique username and password to access financial databases so they could find information on individuals for debt collection purposes. (R. at 2). Find Funds had explicit policies that did not authorize employees to used company computer resources for personal purposes and took great efforts to preserve the confidentiality of the information by deactivating the usernames and passwords of former employees when they left the company. (R. at 2). It quickly became apparent during the course of the investigation that Ms. Capine had been using the information from her employer s financial database at Sureinf.com to target potential narcotics consumers in furtherance of her drug enterprise. (R. at 3). Once she had identified a potential target, she saved these PDFs to her work computer for later use. (R. at 2 3). The trial court convicted Ms. Capine on all counts. (R. at 3). On appeal, she argued that her use of Find Fund s computer system to hand pick marginalized individuals in order to approach for drug sales was an authorized use of her company s computer system. (R. at 3). Additionally, she argued that Officer Miller s search of the transaction history file folder went beyond established private search exception doctrine and violated Fourth Amendment Protections against unreasonable search and seizure. (R. at 3). Agreeing with the trial court, the Twelfth Circuit Court of Appeals found that she had exceeded authorized access under the 6

CFAA and that Officer Miller s search of the transaction history file folder was reasonable under the Fourth Amendment. (R. at 3). This court granted certiorari on both issues. (R. at 1). ARGUMENT I. THE COURT OF APPEALS DECISION SHOULD BE UPHELD BECAUSE THE PRIVATE SEARCH EXCEPTION TO THE FOURTH AMMENDMENT APPLIES TO OFFICER MILLER S SEARCH OF MS. CAPINE S COMPUTER FILES. The Fourth Amendment to the Constitution of the United States of America grants citizens the right to be secure against unreasonable searches and seizures U.S. Const. amend. IV. Traditionally, application of Fourth Amendment depends on whether the person invoking its protection has experienced a legitimate search or seizure. This analysis is contingent on whether a person can claim a justifiable and reasonable expectation of privacy that has been invaded by government action. United States v. Knotts, 460 U.S. 276, 280 (1982). The United States holds paramount these fundamental protections, and usually requires police officers and other government agents to obtain a warrant before conducting a criminal search. However, in cases where there has been no government action Fourth Amendment protections are significantly curtailed. Id. at 281. The Fourth Amendment is not a general right to privacy; it only protects against certain governmental intrusions. In re Application of the United States for Historical Cell Site Data, 724 F. 3d 600, 609 (5th Cir. 2013). If a private citizen conducts a search and then reports their findings to police officers, the Fourth Amendment analysis fundamentally changes. Because the private party has already viewed the evidence in question, any reasonable expectation of privacy is extinguished and police officers may proceed with a legitimate search. This Court has upheld these actions through the common law private search exception. U.S. v. Jacobsen, 466 U.S. 109 (1984). In this case, the private search exception is applicable and the opinion of the Court 7

of Appeals should be upheld for the following reasons. First, Ms. Capine had no reasonable expectation of privacy in regards to the computer files at issue as it had been destroyed by Ms. Sundon s viewing of the files. Second, Officer Miller was virtually certain to uncover incriminating evidence in the remaining computer files, which allowed him search Ms. Capine s transaction history file folder. A. Albert Capine had no reasonable expectation of privacy under the Fourth Amendment in the computer files at issue because the private search exception applies. This court has previously held that the touchstone of the Fourth Amendment is reasonableness. Brigham City v. Stuart, 547 U.S. 398, 403 (2006). A person seeking to invoke Fourth Amendment protection must be able to claim that a justifiable expectation of privacy has been invaded by government action. United States v. Knotts, 460 U.S. 276, 280 (1982). As such, there are two analytical prongs that must be considered; (1) whether the Petitioner had a reasonable privacy interest, and (2) whether this interest was unduly invaded by government action. In order to prove that they had a justifiable privacy interest, the Petitioner must show that they had both actual, subjective expectation of privacy and that this subjective expectation of privacy is one that society is prepared to recognize as reasonable. Id. at 281. Fourth amendment analysis is an inherently a case-by-case factual inquiry that rejects arbitrary bright line rules. As such, the Court must only consider the surrounding facts in this case when determining if Ms. Capine had a legitimate privacy interest in the file folder labeled transaction history. It can be reasonably concluded that she did not. Ms. Capine could not have possessed an actual expectation of privacy to the transaction history file folder because it was found on the work computer provided to her by Find Funds, Inc. (R. at 11). Ms. Capine was a small claims supervisor at her company with significant responsibility over the computers of the 8

agency and controlled employee s access to the financial information database. (R. at 2). She must have been intimately aware of Find Fund s company policy that prevented employees to use company computer resources for their personal use. (R. at 2). Given this knowledge, it cannot be legitimately inferred that she actually believed that the information on her work computer was private. Moreover, even if Ms. Capine did believe that the filed folders on her work computer were confidential, this is not a belief that society is prepared to recognize as reasonable. Most employees are aware that a work computer is not their own personal property, but rather the property of their employer. Typically, even password protected computers can be overridden by company controls and accessed by employers and coworkers. Passwords in these scenarios are not meant to protect employee privacy, but rather to secure proprietary company and customer information. It is evident that this was Find Funds intent as they deactivated the usernames and passwords of employees when they left the company. (R. at 2). Arguably, Find Funds had a privacy interest in the computer files at issue, but Ms. Capine could not expect that these file folders would remain confidential. Therefore, no legitimate privacy interest was invaded in the case at hand. Even if Ms. Capine did have a legitimate privacy interest in the transaction history file folder, Fourth Amendment protections are still dependent on the reasonableness of searches and seizures. Usually, this has required police to secure a warrant before conducting criminal investigations. However, the key analysis here is dependent on government action. Under the private search exception doctrine, no warrant is required to search materials that a private party has already independently viewed. U.S v. Jacobsen, 466 U.S. 109, 121 (1984). 9

Private searches guarantee no fourth amendment protection. This Court has held that the Fourth Amendment is wholly inapplicable to a search to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent with the Government or with the participation or knowledge of any government official. Id. at 129. The private party is not subject to the same constitutional constraints of a police officer and their searches are not held to the same reasonableness standard. Once the original frustration of privacy occurs, the Fourth Amendment does not prohibit governmental use of the now non-private information. When a private party reveals to police information that they have obtained during private search, the police have done no more than ail to avert their eyes. Coolidge v. New Hampshire, 493 U.S. 443, 489 (1971). Without such a rule, the police would be unreasonably constrained from fulfilling their duty to investigate criminal activity. In U.S v. Jacobsen, the Court held that police officers could search a package that had been previously inspected by a private party without a warrant. Jacobsen, 466 U.S. at 126. In this case, FedEx employees were inspecting a package that had been damaged in transit. Id. at 111. Inside the box, they discovered a duct-taped tube surrounded by newspaper. When they cut open the tube, they found multiple zip-lock bags containing a white, powdery substance they believed to be narcotics. Id. Subsequently, the employees called the Drug Enforcement Administration who observed the open box and removed the bags from the plastic tube. Id. An agent then opened the bag and completed an on-site field test, which positively identified the substance and cocaine. Id. Based on these findings, the DEA received a warrant to search the place to which the package had been addressed and arrested the defendants. Id. The Supreme Court considered whether the DEA s search of the package and field test violated Fourth Amendment protections as they were conducted without a warrant. Appling the 10

private search exception and considering the overall reasonableness of the situation, the Court determined that this was valid search, stating that the search in this instance infringed no legitimate expectation of privacy and hence was not a search within the meaning of the Fourth Amendment. Id. at 120. Even more critically the Court held, once the frustration of the original expectation of privacy occurs, the Fourth Amendment does not prohibit governmental use of the now-non private information. Id. at 117. Since it was apparent that the box contained contraband and very little else, the search was found to be reasonable. Similarly in this case, a private party, Esther Sundon, discovered computer files containing excel spreadsheets with information on marijuana, cocaine, and methamphetamine sales on Ms. Capine s computer. These files were located in a folder labeled transaction history which contained files notated with a very distinct labeling system detailing each of Ms. Capine s business associates. Each excel spreadsheet corresponded to pdf file that contained deeply personal information about Ms. Capine s customers that was later found to have been misappropriated from Ms. Capine s employer, Find Funds Inc. Ms. Sundon viewed three of these files and recognizing the potential criminal implications, much like the Fed Ex workers in Jacobsen, Ms. Capine performed her civic duty and called the police. Officer Miller was dispatched to the scene to investigate. He reviewed the three files that Ms. Sundon had personally viewed as well as the remaining files located within the file folder labeled transaction history in order to preserve evidence and confirm the criminal activity. It is well established precedent that Officer Miller was able to legitimately view the three files searched by Ms. Sundon. The issue is whether he was allowed to investigate the remaining files within the transaction history file folder without a warrant. Once a private search has occurred, a police officer may exceed the bounds of the private search subject to reasonable 11

conditions. U.S. v. Runyan, 275 F. 3d 449 (5th Cir. 2001). Prior precedent has held that an extended search is reasonable if it occurs after a private investigation of a closed container. U.S v. Rouse, 148 F.3d. 1040, 1041 (8th Cir. 1998). Per the private search exception, once a closed container has been opened, any further police search of that container is simply a continuation of the valid search and seizure conducted by the private party. People v. Emerson, 766 N.Y.S 2d 482 (Sup Cit. 2003). The police do not exceed the scope or a prior private search when they examine the same material more thoroughly than the private party. In the context of a closed container search, this means that the police do not exceed the private search when they examine more items within a closed container than did the private searchers. Runyan, U.S. 275 F. 3d at 461 (2001). While a legitimate privacy interest may have existed at one point in time, the individual s expectation of privacy was already compromised if the container was opened and examined by private searchers. Therefore, the police do not engage in a new search if they examine a particular item found in the container. Courts have previously analogized computer file folders to this established closed container precedent. Id. at 465. If computer files are closed and their contents not apparent from the exterior, the reasonable expectation of privacy is continued so long as the file folder had not been searched before contact with the government occurred. Reopening file folders that had already been opened by a private party, become reasonable when done by the police alone. Id. Analogizing computer file folders to floppy disks, police may search any material on a computer file folder provided that the private party had viewed at least one file. Id. at 461. Using the judgment they have gained from extensive police training, police officers are allowed to ascertain what items in the container are subject to a reasonable search. 12

Here, Officer Miller limited his search to the single transaction history file folder that had already been viewed by Ms. Sundon. Ms. Sundon had inspected three files within that folder that she had determined potentially contained evidence of criminal activity. Based on his extensive police training, Officer Miller was able to confirm that these files did contain proof of narcotics trafficking. Because the file folder had already been opened and Ms. Sundon had viewed these three files, Officer Miller s search becomes reasonable. As the closed transaction history file folder had been opened by a private party, Officer Miller was free to investigate the remainder of its contents as a continuation of the original private search. B. The application of the private search exception should be upheld in this case because Officer Miller was virtually certain to uncover incriminating evidence. Even if this Court determines that Ms. Capine had a reasonable privacy interest in the file folder at issue, Officer Miller s search was additionally reasonable because it was almost completely certain that he would discover additional incriminating evidence. The Government has a strong interest in confirming evidence of criminal activity. When police are virtually certain that container hold evidence of incriminating materials, they do not extend the scope of a private search, even when they search beyond what the private party accessed. Jacobsen, 466 U.S at 120. To the extent that additional invasions of a privacy interest occur, they must be tested by the degree to which they exceeded the scope of the original private search. Id. at 131.Generally, police are allowed to move beyond the scope of the private search if they possess a virtual certainty that they will only find evidence of further evidence of criminal activity and not irrelevant legally protected private material. Id. at 118 120. As such, the Court must balance the degree to which the additional search intrudes upon an individual s privacy versus the degree 13

to which it is needed for the promotion of legitimate government interest. Riley v. California, 134 S. Ct. 247 (2014). Such governmental interests generally include legitimate concerns such as public safety and the preservation of evidence. Rann v. Atkinson, 689 F. 3d 832, (7th Cir. 2012). When Officer Miller arrived at the scene, he acted according to best police practices which allowed him to reach the high level of certainty mandated by Fourth Amendment protections. He had received a citizen s tip from Ms. Sundon who had informed police that she had viewed files containing extensive evidence of numerous narcotics transactions conducted by Ms. Capine. Subsequently, he asked Ms. Sundon to show him the three computer files that she had already opened in order to confirm that the files did contain the information she had alleged. As part of his police training, Officer Miller immediately recognized the spreadsheets in the transaction history file folder described various dealings in illicit substances. All of the files in the folder utilized a very descriptive naming system detailing the names of one of Ms. Capine s business associates. For instance, the first two file pairs in the folder were named LitlAl.xlsx, LitlAl.pdf, BigJim.pdf and BigJim.xlsx. This was clearly deliberate on the part of Ms. Capine. Moreover, each excel spread sheet and pdf were approximately the same size as the other documents in the folder. Based on these facts, Officer Miller had every reason to believe that the other files within the transaction history folder contained further incriminating evidence. Recognizing that these files were virtually certain to hold additional evidence, Officer Miller copied the files onto a flash drive to preserve evidence. This is an accepted governmental interest, as computer files can be accessed remotely by co-conspirators or otherwise destroyed by hackers. He then looked through each of the sixteen spreadsheets and their corresponding pdf documents, presumably so 14

that he could personally testify to their contents. Notably, he did not search any other files on the Ms. Capine s work computer. He acted in good faith that he did not need any additional warrant based on the fact that he was continuing Ms. Sundon s legitimate private search. After viewing the spreadsheets and the documents, Officer Miller had probable cause to confiscate that laptop and obtained a valid warrant to search the rest of the computer. Both the 5th circuit and 7th circuits have allowed similar searches. United States v. Oliver, 630 F. 3d. 397 (5th Circ. 2011); Rann v. Atkinson, 689 F. 3d 832 (7th Cir. 2012). In these cases, the likelihood that officers would view private information was much higher than the case at bar. When the police were presented with camera memory cards and flash drives containing evidence of child pornography, the court validated their search even though it was highly likely that these two mediums could contain additional, legally irrelevant private information. This is because when a private party has produced evidence that a digital medium contains evidence of illegality, the police can be virtually certain that the device holds additional incriminating evidence and search it without receiving a warrant. Here the analysis is much simpler, as all of the steps that Officer Miller took in his search were profoundly reasonable. Once police have discovered evidence of illegality as the result of a private search, police may judge the contents of an object by its environment and may search something whose contents would be obviously incriminating based on the contents. Rann, 689 F. 3d at 838. Moreover, police officers are always allowed to use their common sense in determining if something contains evidence of illegality in light of the surrounding circumstances. See generally Oliver, 630 F. 3d. at 397. Because the transaction history file folder was a closed container that had already been found to contain incrimination evidence, Officer Miller took clearly reasonable precautions to 15

secure the evidence and was virtually certain that he would find further evidence. He searched a singular file folder which had already been shown to contain evidence of drug transactions, not an entire hard drive, flash drive, or camera memory card. The chance that he would find private information was far less likely than any of these previously decided cases. Moreover, the documents utilized an extremely detailed naming system and were all approximately the same size. They each had corresponding names that appeared to list one of Ms. Capine s business associates. Ms. Sundon had already opened three of the files and was absolutely certain that they contained evidence of methamphetamine, marijuana and cocaine sales. The fact that all the documents in the file were nearly identical only further supported Officer Miller s sense that they contained further evidence of criminal activity. It was profoundly unlikely based on the facts of this case that he would have found legally irrelevant information that utilized such a precise nomenclature and clear organizational system. If he had opened other folders besides the one labeled transaction history such as photos, documents or even the eponymous C-drive there might be more grounds for stating that the search was unreasonable as such categories are broad and could have contained private non-relevant information. However, no such action occurred here, making it virtually certain that the remaining files within the folder contained further incriminating evidence. There was such a negligible chance that the additional search of the files at issue would be legally irrelevant and protected by legitimate privacy interests that Officer Miller s reasonable and good faith search of the remaining files should be preserved. The dissent of the Court of Appeals court argues that Office Miller could not have reached the high level of certainty necessitated by the Fourth Amendment mostly because computers can contain large amounts of personal and private information. But it is against public policy that different rules be utilized by police in handling cyber-crime issues. Police have never 16

been barred from using their common sense or extensive training in determining whether evidence of criminal activity exists. There should not be a vacuum of law where criminals can be reasonably certain to avoid prosecution for their acts just because they utilized technology. The law must develop with the times, and the public is best served by adapting existing private search doctrine case law to cyber-crime issues. The government does not fail to acknowledge that computers can contain private information beyond what is relevant to a Fourth Amendment search. But when there is such a clear and convincing example of the expansion of a private search that was virtually certain to uncover illegal activity that exists in the case at hand, criminals should not be able to shield themselves with a veil of technology to escape legal due process. Police should not be handicapped just because the evidence at issue is contained in a digital medium and the Court should not create a policy that so hampers police efficiency that cyber-crime issues cannot be adequately combated. Officer Miller took every reasonable step to preserve what may or may not have been Ms. Capine s legitimate privacy interests. If the facts of this case do not demonstrate a virtually certain chance that further illegal evidence would be uncovered within a computer file folder, there could be no case that would satisfy the dissent s requirements. Therefore, the private search exception to the Fourth Amendment should apply and the opinion of the Court of Appeals should be upheld. II. THE COURT OF APPEALS DECISION SHOULD BE AFFIRMED BECAUSE ALBERTA CAPINE EXCEEDED HER AUTHORIZED ACCESS WHEN SHE USED HER EMPLOYEE USERNAME AND PASSWORD TO ACCESS AND DOWNLOAD PRIVATE INFORMATION TO FURTHER A CRIMINAL ENTERPRISE. Alberta Capine was charged and convicted of violating Section 1030(a)(2)(C) of the Computer Fraud and Abuse Act. (R. at 3). Section 1030(a)(2)(C) states that whoever (2) intentionally accesses a computer without authorization or exceeds authorized access, and 17

thereby obtains (C) information from any protected computer is in violation of the Act. 18 U.S.C. 1030(a)(2)(C) (2006). Section 1030(e)(6) defines exceeding authorized access as to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter. 18 U.S.C. 1030(e)(6). Courts have applied the definition of exceeds authorized access differently, but the broad definition is the most true to the overall intent and purpose of the statute and should be applied in this case. A. Alberta Capine exceeded authorized access by using her work credentials to download, store, and later access private information for a criminal and nonbusiness purpose. The Court of Appeals correctly applied the broad definition of exceeds authorized access and found that Ms. Capine exceeded her authorized access. Find Funds company policy dictated that employees were not to use company computer resources for personal purposes. (R. at 2). Since Ms. Capine had significant responsibility over the computers at Find Funds and employee access to the financial information databases used by the company, Ms. Capine was almost certainly aware of this policy. (R. at 2). This policy set the limits on Ms. Capine s access. Ms. Capine was provided with a username and password to access Sureinf.com to find information on individuals for debt collection purposes. (R. at 2 3). Ms. Capine went far beyond this purpose when she accessed, downloaded, and stored highly detailed and sensitive information, including names, social security numbers, dates of birth, phone numbers, employment history, and credit information. (R. at 3). She then stored this information in a folder on her computer, where she would later access them for the purpose of selling illegal narcotics. (R. at 3). Furthermore, it is unclear that Ms. Capine needed to access these individuals information on Sureinf.com at all, and nothing in the record suggests that Ms. Capine needed to download 18

this information to her computer to perform her work tasks. (R. at 2 3). Using her username and password, Ms. Capine could have accessed this information whenever she needed to. There does not appear to be any work purpose behind Ms. Capine s actions. When Ms. Capine opened these files on her computer for a personal purpose, she violated her company s policy and exceeded authorized access under the CFAA. Ms. Capine s abuse of her access mirrors the facts of a variety of other cases in which the courts have found CFAA violations under the broad definition of exceeds authorized access. In United States v. John, the Fifth Circuit found a CFAA violation when the defendant used her employer-granted access to remove highly sensitive financial information to perpetuate fraud on the employer and its customers. United States v. John, 597 F.3d 263 (5th Cir. 2010). The court stated that exceeding the purposes for which access was authorized can qualify as exceeding authorized access, noting that John s use of Citigroup s computer system to perpetuate fraud was not an intended use of that system. Id. at 272. The facts of John are strikingly similar to our current case, in that Ms. Capine accessed highly confidential information, removed this information from a work database and stored it to her computer, and later accessed this information for a purpose not authorized or approved by her employer. Ms. Capine s use of the information taken from a work-related database was not an intended use of her access, and she therefore exceeded authorized access in violation of the CFAA. Similarly, in United States v. Rodriguez, an employee of the Social Security Administration accessed personal identifying information despite company policy forbidding the access of this data for nonbusiness purposes. United States v. Rodriguez, 628 F.3d 1258, 1260 (11th Cir. 2010). The court found that Rodriguez exceeded his authorized access by accessing the personal information without any business purpose. Id. at 1260. While Ms. Capine may have 19

initially needed to research the targeted individuals for work reasons (although whether this is the case is not clear), she later accessed this information to further a criminal enterprise. Like Rodriguez, Ms. Capine accessed this information without any business purpose, contrary to company policy, and should therefore be held liable under the CFAA. Finally, in International Airport Centers v. Citrin, the Seventh Circuit found that while the defendant-employee had general permission to access, he did not have authorization to destroy valuable company information in violation of company policy. Int'l Airport Centers, L.L.C. v. Citrin, 440 F.3d 418, 420 21 (7th Cir. 2006). Invoking principles of agency, the court found that Citrin s general permission to access was terminated when he decided to act contrary to his company s interests. Id. at 420. The factual similarities between the facts of this case and the case at hand strongly support the application of the broad definition to Ms. Capine. Not only did Ms. Capine violate company policy, she acted completely contrary to her employer s interests when she used company credentials to target Find Funds customers for the sale of illegal narcotics. Like Citrin, Ms. Capine s abuse of her employer-granted access supports finding her in violation of the CFAA. B. The broad definition of exceeds authorized access is most true to the goals and purpose of the Computer Fraud and Abuse Act. The statute s definition of exceeding authorized access has led to a circuit split over how Section 1030(a)(2) is to be applied. The Fifth, Seventh, and Eleventh circuits have applied the broad definition of exceeds authorized access. United States v. John, 597 F.3d 263 (5th Cir. 2010). See also Int l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006); United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010). This theory holds that the manner in which an individual uses his access can either terminate the individual s access or qualify as exceeding 20

the individual s authorized access. John, 597 F.3d at 272. This idea is based largely on employer policies that are viewed as dictating the limits of an employee s access. Id. at 272. When an employee acts in contravention to the policy, he or she exceeds authorized access, since the employer did not, in theory, give the employee authorization to use his or her access in a way that is contrary to the company s interests. Id. at 273. Agency principles have also been invoked by the courts when applying this theory. Citrin, 440 F.3d at 420. Since employees are initially granted access for work-related purposes, courts have reasoned that this access is rescinded when the employee decides to use the access for a non-business purpose. Id. at 420 21. In light of the abuses committed by employees using their work credentials for completely unauthorized and unintended purposes, it is the broad definition that should be applied in this case. The broad definition is most true to Congress goal of protecting against hackers and rogue employees looking to do damage with their company authorization. Citrin, 440 F.3d at 420. When first enacted, the CFAA was primarily targeted at hacking, computer misuse to obtain national security secrets, and computer misuse to obtain personal financial records. Orin S. Kerr, Vagueness Challenges to the Computer Fraud and Abuse Act, 94 MINN. L. REV. 1561, 1564 (2010). Since its enactment, the CFAA has been amended multiple times, each time expanding the statute s reach further and further. Id. at 1563; Garrett D. Urban, Causing Damage Without Authorization: The Limitations of Current Judicial Interpretations of Employee Authorization Under the Computer Fraud and Abuse Act, 52 WM. & MARY L. REV. 1369, 1384 (2011). This trend towards expansion is indicative of Congress concern not only with hackers, but also with the abuse of authorization. Citrin, 440 F.3d at 420. In its reports discussing the CFAA, Congress has gone so far as to join insider liability with actions exceeding authorized access. Urban, 21

Causing Damage, supra, at 1387. As an employee of Find Funds, Ms. Capine qualifies as an insider whose actions exceeded her authorized access. Furthermore, as Congress has amended the CFAA, it has never explicitly written employees out of the CFAA s coverage. 18 U.S.C. 1030. In 1986, 1994, 1996, 2001, and 2008, Congress had the opportunity to make it clear that the Computer Fraud and Abuse Act did not apply to employee abuse of access. Kerr, Vagueness Challenges, supra, at 1565 71. Yet it did not do so, and continued towards expansion. Id. at 1569. It also is important to note that the section under which Capine is charged is called Fraud and related activity in connection with computers, supporting the proposition that this statute not only applies to hackers but also to the variety of other abuses and crimes that can be committed using improper access to private information. 18 U.S.C. 1030. The Fourth and Ninth circuits have chosen to apply what is referred to as the narrow version of exceeds authorized access. WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012). See also LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009); United States v. Nosal, 676 F.3d 854 (9th Cir. 2012). Under this definition, an individual only exceeds access when he or she has permission to access a computer, but accesses information on the computer that the individual is not permitted to access. Brekka, 581 F.3d at 1133. Proponents of this definition argue that the language of the CFAA fails to clearly indicate that exceeding authorized access occurs when an employee uses his or her access against an employer s interest. Id. at 1133. Courts applying the narrow view assert that the violation is not dependent on unauthorized use of information, but upon unauthorized use of access. Diamond Power Int'l, Inc. v. Davidson, 540 F. Supp. 2d 1322, 1343 (N.D. Ga. 2007). Yet, even in light of the Diamond Power court s distinction, Ms. Capine s actions qualify as an unauthorized use of her access. It is 22

completely unreasonable to assume that when Find Funds gave Ms. Capine a username and password to access Sureinf.com that the company was giving her license to do whatever she pleased with the information she accessed. Yet, adopting the narrow definition would allow just that, putting individuals whose information is stored in private databases at a substantial risk of having their information accessed and exploited by rogue employees. Since this narrow definition does not properly protect against the variety of computer abuses that the CFAA sought to combat, it should not be applied in this case. Finally, when a statute s text is unclear, we may look to the intent of the statute to decipher its true meaning. Chickasaw Nation v. United States, 534 U.S. 84, 93 94, 122 S. Ct. 528, 535, 151 L. Ed. 2d 474 (2001). Proponents of the narrow view suggest that the CFAA was enacted to primarily target hackers and intentional trespass into computers. United States v. Nosal, 676 F.3d 854, 858 (9th Cir. 2012). But to recognize the statute as protecting against hackers but not against employees who egregiously abuse company computer use policies is to ignore the very thing that Congress seeks to prevent by criminalizing hacking: the misappropriation of information. Hackers typically access private information that they will later exploit. Individuals like Ms. Capine are using their access for the same nefarious result: the exploitation of private information. Rules of statutory interpretation dictate that courts must avoid interpreting the plain language of a statute in a way that produces an absurd result. Robbins v. Chronister, 402 F.3d 1047, 1050 (10th Cir. 2005) on reh'g en banc, 435 F.3d 1238 (10th Cir. 2006) (citing Griffin v. Oceanic Contractors, Inc., 458 U.S. 564, 575, 102 S.Ct. 3245, 73 L.Ed.2d 973 (1982)). Additionally, as Congress discussed liability for employees under the CFAA, much of their concern centered on employees who might briefly access a work computer at work when they are not supposed to or for employees who access the wrong computer in their 23

own department. S. REP. 99-432, at 6 7 (1986), as reprinted in 1986 U.S.C.C.A.N. 2479, 2483. The difference between harmless accidental access and Ms. Capine s actions is vast, and Ms. Capine s actions were not what was troubling Congress when it was discussing when employees should be held liable. Therefore, applying the language of the statute to include criminal employees like Capine would not be an absurd result. Calyon v. Mizuho Sec. USA, Inc., No. 07 CIV. 2241 (RO), 2007 WL 2618658, at *1 (S.D.N.Y. July 24, 2007). C. The application of the broad definition of exceeds authorized access will not raise any fair notice concerns as to what is prohibited by the CFAA Furthermore, application of the broad definition of exceeds authorized access will not lead to claims of inadequate notice or a downpour of frivolous CFAA prosecutions. Company policies will set the parameters for access, making it clear when an employee is acting in contravention of those parameters. In Rodriguez, the Social Security Administration had a policy that prohibited employees like Rodriguez from obtaining information from the work databases without a business reason. United States v. Rodriguez, 628 F.3d 1258, 1260 (11th Cir. 2010). Similarly, in John, John s employer had an official policy prohibiting the misuse of the company s computer systems and confidential information. United States v. John, 597 F.3d 263, 272 (5th Cir. 2010). Finally, in our current case, Find Funds policy prohibited employees from using company computer resources for personal purposes. (R. at 2). The Act being applied here is the Computer Fraud and Abuse Act. Prosecutors will understand that taking a brief Sudoku break at work does not qualify as computer fraud and abuse. The application of the broad definition might require some employers to create more detailed computer policies, but it will also prevent employees from abusing access to private information databases by claiming to be authorized users. Furthermore, in Ms. Capine s case, 24

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback