Computer Hacking Defendant Loses in U.S. Supreme Court, Violates CFAA

February 11, 2016
« Next Previous »

Computer Hacking Defendant Loses at U.S. Supreme Court Due To CFAA Violations

CFAA Violations

In a unanimous decision, the U.S. Supreme Court held recently that the former executive of a logistics company was properly found guilty of violating the Computer Fraud and Abuse Act (CFAA), even though the jury was given erroneous instructions that required a higher burden than set forth in the statute.

The Facts of the Case

After resigning as president of Exel Transportation Services (ETS), defendant Michael Musacchio accessed the company’s computer system without authorization. The defendant was ultimately indicted and charged under the CFAA, 18 U. S. C. §1030(a)(2)(C), which makes it a crime if a person “intentionally accesses a computer without authorization or exceeds authorized access” and thereby “obtains…information from any protected computer.” The defendant never argued in the trial court that his prosecution violated the 5-year statute of limitations applicable to the hacking charges. At trial, the Government did not object when the District Court instructed the jury that §1030(a)(2)(C) “makes it a crime . . . to intentionally access a computer without authorization and exceed authorized access,” even though the conjunction “and” added an additional element. The jury found the defendant guilty.

On appeal, the defendant challenged the sufficiency of the evidence supporting his conspiracy conviction and argued, for the first time, that his prosecution on one count was barred by the statute of limitations. In affirming his conviction, the Fifth Circuit assessed the defendant’s sufficiency challenge against the charged elements of the conspiracy count rather than against the heightened jury instruction, and it concluded that he had waived his statute-of-limitations defense by failing to raise it at trial.

 The Court’s Decision

The Supreme Court affirmed the Fifth Circuit’s decision, holding that the sufficiency of the evidence in a criminal case should be measured against the elements of the charged crime and not against the elements set forth in an erroneous jury instruction. In reaching its decision, the Court noted that a sufficiency review essentially addresses whether the Government’s case was strong enough to reach the jury and does not focus on how the jury was instructed.

As Justice Clarence Thomas further explained in the Court’s opinion:

The government’s failure to introduce evidence of an additional element does not implicate these principles, and its failure to object to a heightened jury instruction does not affect sufficiency review. Since Musacchio does not dispute that he was properly charged with conspiracy to obtain unauthorized access or that the evidence was sufficient to convict him of the charged crime, the Fifth Circuit correctly rejected his sufficiency challenge.

The Court also rejected the defendant’s argument that the charges were time barred. As noted by the Court, a defendant cannot successfully raise a statute-of- limitations defense for the first time on appeal.

“When a defendant fails to press a limitations defense, the defense does not become part of the case and the Government does not otherwise have the burden of proving that it filed a timely indictment,” Justice Thomas explained. “When a defendant does not press the defense, then, there is no error for an appellate court to correct—and certainly no plain error.”