An interesting case out of San Francisco this week casts further doubt on the federal government’s poor attempts at regulating the internet. This time around, it’s an alleged violation of the double Jeopardy clause mixed with a bit of privacy invasion.
Should accessing someone’s email without authorization be considered a federal crime?
US v Cioni | The Case
According to the briefing for the case, here’s how it all went down:
“This case concerns defendant Elaine Cioni’s conviction for crimes committed in the course of harassing her former lover and his wife. Cioni was convicted on five felony charges. Only two of these charges — Counts 2 and 4 — are the subject of this brief.
Count 2 of the Superseding Indictment claims that on numerous occasions between November 2006 and March 2008, Cioni gained unauthorized access and exceeded authorized access to AOL’s email servers and obtained Maureen Enger’s unopened emails. (J.A. 37.) Count 4 alleges that on March 12, 2008, Cioni gained unauthorized access and exceeded authorized access to an AOL computer and obtained messages in Patty Freeman’s email account. (J.A. 39.)”
In the original case, Cioni was given felony punishment for a misdemeanor crime. Where the confusion actually comes into play has to do with the literal reading of the CFAA (Computer Fraud and Abuse Act). The fed has punishments for those that are repeat offenders in this situation, but first time offenses are generally ruled as a misdemeanor.
What the prosecution claimed was that the violations were further than what is outlined in the SCA (Stored Communications Act). For these reasons, the prosecution did not feel that the SCA covered the offense properly and pushed for a tougher punishment.
"The government has piggybacked computer crime violations to punish misdemeanor conduct as two felonies," said EFF Senior Staff Attorney Marcia Hofmann. "This misreading of the law would let the government charge anyone who accesses someone else's email with a felony. That was not Congress's intent when it created these statutes."
Obviously tensions are pretty high.
What the CFAA Actually Says
The CFAA outlines provisions to protect against unauthorized access that leads to the accidental (or unintended) divulging of classified or protected information. The statute specifically protects information related the Atomic Energy Act of 1954, Financial records, information on departments within the government, or information from any protected computer.
It’s hard to pinpoint exactly where the law was misinterpreted, but examination of the two codes shows many similarities that allow the law (in this particular circumstance) to be read either way. Cioni hacked AOL to retrieve the emails, and those are “protected” computers under federal law.
Felony or Misdemeanor?
While the punishment to a simple lover’s quarrel may seem harsh, it’s worth asking if the Fed is in the right. In this case, Cioni was convicted of five felony charges. Even if they struck two, she still faces punishment for the other three. My point being that Cioni is being punished for this, even with “leniency” on her side.
Is it ok to just go hacking other people’s emails because of a disagreement? Should it be a federal crime? What are your thoughts?