Computer Crimes

The Federal Docket

DOJ releases updated charging policy for cases brought under the Computer Fraud and Abuse Act

The Department of Justice has released its updated policies for bringing criminal cases under the Computer Fraud and Abuse Act. Among other things, the updated policies state, for the first time, that the DOJ will not pursue charges against “good-faith security research,” which includes efforts to hack into a network without access in order to expose or identify potential risks and vulnerabilities. The Electronic Frontier Foundation, an organization that focuses on civil liberties in the digital context, has lauded the new policies as a “good start,” while cautioning that they do not “go far enough.”

United States v. Morehouse (4th Cir. May 2022)

The Fourth Circuit vacated a defendant’s sentence after finding that the sentencing court improperly applied the enhancement for distributing child sexual exploitation materials in exchange for valuable consideration. In doing so, the Court overruled its prior holding based on the pre-2016 Guidelines Manual and held that the enhancement only applies if there is a “two-sided exchange.”

United States v. Brandon Fleury (11th Cir. December 2021)

The Eleventh Circuit affirmed the defendant’s convictions for transmitting interstate threats under 18 USC 875(c) and cyberstalking under 18 USC 2261A(2)(B) after the defendant had created various social media accounts with aliases such as Ted Bundy and Nikolas Cruz (the school shooter from Parkland, Florida) and sent harassing and threatening messages to members of the victims’ families. The Court rejected the defendant’s First Amendment challenges, holding the cyberstalking statute was not overbroad since the elements were generally aimed at unprotected conduct with criminal intent and the statute was not unconstitutional as applied since the defendant’s speech included “true threats.”

United States v. Nicolescu (6th Cir. October 2021)

The Sixth Circuit affirmed the convictions of two defendants charged with operating a large cyber fraud scheme involving fake car auctions on ebay, stolen identities, and cryptocurrency. The Court vacated their sentences, however, after finding that they erroneously received an enhancement for receiving stolen property and being in the business of receiving and selling stolen property, since the enhancement does not apply to defendants who sell property they themselves stole. The Court held that the enhancement for production or trafficking of unauthorized access devices did apply, however, even though the defendants were already being sentenced for aggravated identity theft.

United States v. Soybel (7th Cir. September 2021)

The Seventh Circuit affirmed a defendant’s sentence for initiating cyber attacks against his former employer. The Court held that suppression was not warranted where agents monitored the defendant’s internet traffic through a pen register for IP addresses, which was not meaningfully distinguishable from a pen register for phone numbers.

Van Buren v. United States (U.S. Supreme Court, June 2021)

In a 6-3 decision, the Supreme Court held that a defendant “exceeds authorized access” to a computer under the CFAA if they access information from an area in the computer that they are not authorized to access, and the Court clarified that a defendant does not violate the CFAA simply by using their authorized access for an improper purpose or motive. In doing so, the Court rejected the Government’s broad reading of the law and cautioned it could apply to innocuous conduct such as employees using work computers to send personal emails.

United States v. Jason Kaushmaul (11th Cir. January 2021)

The Eleventh Circuit affirmed a defendant’s conviction for distributing child pornography, holding the sentencing court did not plainly err in sentencing the defendant to the 15-year mandatory minimum based on finding that his prior Florida conviction for promoting the sexual performance of a child was a predicate prior offense.

COVID-19 Relief Bill Contains “Protecting Lawful Streaming Act” Criminalizing Illegal Streaming

The most recent COVID-19 relief bill contained a new criminal law called the “Protecting Lawful Streaming Act.” The new law makes it a felony to host streams of copyrighted works without permission, punishable by up to 10 years in prison. While politicians have stressed that the law is only aimed at “commercial, for profit piracy services,” the text of the law is much broader, and would allow prosecutions of individuals and could be applied against those making “fair use” of copyrighted material.

United States v. Thomas Alonzo Bolin (2nd Cir. September 2020)

The Second Circuit vacated a defendant’s supervised release condition and remanded for resentencing holding that a condition of release prohibiting him from online speech promoting or endorsing violence was unconstitutionally vague and violated defendant’s right to free speech under the First Amendment. The Court held that language in the condition defining “violence” included open-ended language allowing the condition to be applied without limits.

Feds Announce 170+ Arrests in Dark Net Opioid Investigation

The DOJ and DEA have announced the arrests of 179 people and the seizure of $6.5 million stemming from an international investigation targeting suspected opioid trafficking through the Darknet. Individuals have been arrested in 7 different countries on charges relating to selling opioids through the internet and will likely see additional charges such as money laundering.

Scroll to Top