Friday, September 04, 2015

The Laptop, the Private Search and the 4th Amendment

After Aron Lichtenberger was charged with possessing, receiving and distributing child pornography, he filed a motion to suppress evidence.  U.S. v. Lichtenberger, 786 F.3d 478 (U.S. Court of Appeals for the 6th Circuit 2015).  The Court of Appeals began its opinion by explain how the prosecution arose:
On November 26, 2011, in the afternoon, Lichtenberger was with Karley Holmes, his girlfriend, at their shared home in Cridersville, Ohio. They lived there with Holmes's mother, who owned the residence. That day, two friends of Holmes's mother came over to the residence and told both Holmes and her mother that Lichtenberger had been previously convicted of child pornography offenses.

One of the mother's friends then called the police. Several officers, including Douglas Huston, from the Cridersville Police Department[,] came to the residence. Holmes requested that the police escort Lichtenberger off the property because she did not want him living there anymore. Officer Huston determined that Lichtenberger had an active warrant for his arrest for failing to register as a sex offender, arrested him, and removed him from the property.

Later that day, Holmes went into the bedroom she shared with Lichtenberger and retrieved his laptop. At the suppression hearing, she testified that she wanted to access his laptop because defendant `would never let me use it or be near him when he was using it and I wanted to know why.’ The laptop was password protected, but Holmes hacked the laptop by running a password recovery program. She then changed the password.

Once she accessed the laptop, she clicked on different folders and eventually found thumbnails [sic ] images of adults engaging in sexual acts with minors. She clicked on one of the thumbnails to see the larger image. When she found the first image, she took the laptop to the kitchen to show her mother. There, they clicked through several more sexually-explicit images involving minors. She closed the laptop and called the Cridersville Police Department.

Officer Huston returned to the residence. In the kitchen, Holmes told the officer that she found child pornography on the defendant's laptop. She also told him that the laptop belonged to the defendant and that he was the only one who would access and use it. She explained that one time she tried to use the laptop and the defendant immediately became upset and told her to stay away from it. Lastly, Holmes told Officer Huston that she hacked the laptop to access it because it was password protected.

Officer Huston then asked Holmes if she could boot up the laptop to show him what she had discovered. Holmes opened the laptop lid and booted it up to take it out of sleep mode. She then reentered the new password she created. Officer Huston asked her to show him the images. Holmes opened several folders and began clicking on random thumbnail images to show him. Officer Huston recognized those images as child pornography. He then asked Holmes to shut down the laptop.

After consulting with his police chief over the phone, Officer Huston asked Holmes to retrieve other electronics belonging to Lichtenberger. She gave him Lichtenberger's cell phone, flash drive, and some marijuana. Huston then left the premises with those items, the laptop, and its power cord.
U.S. v. Lichtenberger, supra.  The “defendant” in the excerpt above is, of course, Lichtenberger. U.S. v. Lichtenberger, supra. 
The court goes on to explain that Holmes
later testified that when she was reviewing Lichtenberger's laptop, she viewed approximately 100 images of child pornography saved in several subfolders inside a folder entitled `private.’  Holmes also testified that she showed Officer Huston `a few pictures’ from these files, although she was not sure if they were among the same images she had seen in her original search. Officer Huston testified that Holmes showed him `probably four or five’ photographs.
U.S. v. Lichtenberger, supra.  The opinion includes a footnote after the first sentence in the passage quoted above, in which the court explains that the images
`were in a folder marked “private,” and when you clicked on the folder it came up with multiple other folders. And they were labeled with numbers that said two, three, four, five up to 12, and then when you clicked on one of those files, it came up with images in those individual files.’
U.S. v. Lichtenberger, supra. 
The opinion then goes on to explain that Lichtenberger was indicted on
December 5, 2012, on three counts of receipt, possession, and distribution of child pornography under 18 U.S.C.§§ 2252(a)(2), (a)(4)(B), and (b). Before trial, Lichtenberger moved to suppress all evidence obtained pursuant to Officer Huston's warrantless review of the laptop with Holmes on November 26, 2011. 

Lichtenberger argued that when Officer Huston directed Holmes to show him what she had found, Holmes was acting as an agent of the government such that the search was impermissible under the 4th Amendment. The government countered that the review Officer Huston conducted was valid under the private search doctrine, which permits a government agent to verify the illegality of evidence discovered during a private search. Following a suppression hearing and additional briefing from the parties, the district court granted Lichtenberger's motion to suppress the laptop evidence.  The government appeals.
U.S. v. Lichtenberger, supra. 
The Court of Appeals began its analysis of both parties’ arguments on appeals by explaining that the “private search doctrine”
originated from the Supreme Court's decision in U.S. v. Jacobsen, 466 U.S. 109 (1984). As with any 4th Amendment case, the facts underlying the Jacobsen case are key to its holding. In 1981, Federal Express (`FedEx’) employees were inspecting a package—a box wrapped in brown paper—that had been damaged in transit. . . . The employees opened the box and discovered that it contained a duct-tape tube about ten inches long nestled among wadded sheets of newspaper. . . The employees removed the tube from the box and cut a slit in the end of the tube.

Inside, they found multiple zip-lock bags of a white, powdery substance. . . .The employees placed the bags back in the tube, put the tube back in the box, and called the Drug Enforcement Administration (`DEA’). . . . A DEA agent arrived and found the box open on a desk. . . . The agent observed that the tube inside had a slit cut into it, and removed the bags from the tube. . . .He opened each bag and removed a trace amount of the powder for an on-site field test. . . . The test positively identified the substance as cocaine. . . . Based on the agent's findings, the DEA procured a warrant to search the place to which the package had been addressed and subsequently arrested the defendants. . . .
U.S. v. Lichtenberger, supra.  The court goes on to explain that the issue before the
Supreme Court was whether the DEAagent's search of the package and field test of its contents—both conducted without a warrant—violated the 4th Amendment. If so, the package and any evidence obtained pursuant to the warrant based on its contents were inadmissible. The Court began with the fundamental principle that the 4th Amendment protects `an expectation of privacy that society is prepared to consider reasonable.’ . . . When a government agent infringes on this reasonable expectation, a `search’ occurs for the purposes of the 4th Amendment, and the government must obtain a warrant or demonstrate that an exception to the warrant requirement applies. However, the 4th Amendment only protects against `governmental action; it is wholly inapplicable “to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official.”’ . . . (quoting Walter v. U.S., 447 U.S. 649 (1980). . . .

Applying these principles, the Supreme Court distinguished between the invasion of privacy that resulted from the FedEx employees' search . . . and the invasion that resulted from the DEA agent's subsequent review, because `[o]nce frustration of the original expectation of privacy occurs, the 4th Amendment does not prohibit governmental use of the now-nonprivate information.’ The Court held that, in a situation where `a governmental search . . . follows on the heels of a private one [,]’ `[t]he additional invasions of [a person's] privacy by the government agent must be tested by the degree to which they exceeded the scope of the private search.’ . . . In other words, the government's ability to conduct a warrantless follow-up search of this kind is expressly limited by the scope of the initial private search. . . .

The Court therefore analyzed whether the DEA agent's after-occurring search had exceeded the scope of the FedEx employees' initial search of the package. The Court found that the agent's removal of the cocaine from the package remained within the scope—and was therefore permissible under the 4th Amendment—because he was merely confirming what the employees had told him and there was a `virtual certainty’ that he was going to find contraband and little else in the package. Id. (citing Coolidge v. New Hampshire, 403 U.S. 443 (1971) and Burdeauv. McDowell, 256 U.S. 465 (1921)).

The Court then evaluated whether the cocaine field test conducted by the agent exceeded the scope of the initial private search and found that it had because the FedEx employees had taken no similar action. . . . However, the Court concluded that the field test—which would merely confirm or refute that the powder was cocaine—could not disclose any facts in which the defendants had a legitimate privacy interest protected by the 4th Amendment, and was therefore independently permissible to the extent it exceeded the scope of the initial private search. . . .
U.S. v. Lichtenberger, supra. 
The Court of Appeals then explained that Lichtenberger argued that its decision in U.S. v. Allen, 106 F.3d 695 (1997), barred the application of the private search doctrine in his case:
In Allen, we declined to extend the private search doctrine to an after-occurring search of a motel room—`a temporary abode containing personal possessions’ that is akin to a home. We explained that,

[u]nlike the package in Jacobsen . . . which `contained nothing but contraband,’ Allen's motel room was a temporary abode containing personal possessions. Allen had a legitimate and significant privacy interest in the contents of his motel room, and this privacy interest was not breached in its entirety merely because the motel manager viewed some of those contents. Jacobsen, which measured the scope of a private search of a mail package, the entire contents of which were obvious, is distinguishable on its facts; this Court is unwilling to extend the holding in Jacobsen to cases involving private searches of residences.
U.S. v. Lichtenberger, supra (quoting U.S. v. Allen, supra).
The court went on to explain that Lichtenberger argued that because the laptop was
in his home and because laptops may contain private information similar to that in a home, our holding in Allen prevents application of the private search doctrine to his case. While there is good reason to be concerned about the breadth of private information contained in a laptop . . . Lichtenberger's argument goes a step too far. Homes are a uniquely protected space under the 4th Amendment, and that protection `has never been tied to measurement of the quality or quantity of information obtained.’ Kyllo v. U.S., 533 U.S. 27 (2001). Rather, any and all details in a home `are intimate details, because the entire area is held safe from prying government eyes.’ Kyllo v. U.S., supra. The fact remains that Officer Huston did not search Lichtenberger's home. We decline to extend the protection afforded to homes to a laptop computer.

The parties do not dispute that Holmes acted solely as a private citizen when she searched Lichtenberger's laptop, that she invited Officer Huston into a common area of the residence she and Lichtenberger shared (the kitchen), and that she then showed the officer a sample of what she had found. The district court found that this fact pattern was analogous to the critical elements of Jacobsen -- a private search followed closely by a governmental search -- and held the private search doctrine applied in this case. We agree. This case presents an after-the-fact confirmation of a private search. Accordingly, Jacobsen properly applies. . . .
U.S. v. Lichtenberger, supra. 
The court therefore found that
the scope of Officer Huston's search of Lichtenberger's laptop exceeded that of Holmes' private search conducted earlier that day. This is, in large part, due to the extensive privacy interests at stake in a modern electronic device like a laptop and the particulars of how Officer Huston conducted his search when he arrived at the residence.
U.S. v. Lichtenberger, supra. 
It went on to explain that when Officer Huston arrived, he asked Holmes to show him
what she had found. While the government emphasizes that she showed Officer Huston only a handful of photographs, Holmes admitted during testimony that she could not recall if these were among the same photographs she had seen earlier because there were hundreds of photographs in the folders she had accessed. And Officer Holmes himself admitted that he may have asked Holmes to open files other than those she had previously opened. As a result, not only was there no virtual certainty that Officer Huston's review was limited to the photographs from Holmes's earlier search, there was a very real possibility Officer Huston exceeded the scope of Holmes's search and could have discovered something else on Lichtenberger’s laptop that was private, legal, and unrelated to the allegations prompting the search—precisely the sort of discovery the Jacobsen Court sought to avoid in articulating its beyond-the-scope test.

All the photographs Holmes showed Officer Huston contained images of child pornography, but there was no virtual certainty that would be the case. The same folders—labeled with numbers, not words—could have contained, for example, explicit photos of Lichtenberger himself: legal, unrelated to the crime alleged, and the most private sort of images. Other documents, such as bank statements or personal communications, could also have been discovered among the photographs. So, too, could internet search histories containing anything from Lichtenberger's medical history to his choice of restaurant. The reality of modern data storage is that the possibilities are expansive.
U.S. v. Lichtenberger, supra. 
The Court of Appeals therefore held that “[i]n light of” the
information available at the time the search was conducted, the strong privacy interests at stake, and the absence of a threat to government interests, we conclude that Officer Huston's warrantless review of Lichtenberger's laptop exceeded the scope of the private search Holmes had conducted earlier that day, and therefore violated Lichtenberger's 4th Amendment rights to be free from an unreasonable search and seizure.

The laptop evidence and evidence obtained pursuant to the warrant issued on the basis of its contents must be suppressed.

U.S. v. Lichtenberger, supra. 

Wednesday, September 02, 2015

Sexual Assault, the Guilty Plea and the Surveillance Video

Joseph Stevenson was
charged with numerous offenses relating to his sexual attacks of three women between 2007 and 2009. The evidence against him appeared to be strong, consisting of identifications by the women and a DNA match. The cases were consolidated, and Stevenson chose to represent himself.

As trial approached, he attempted to obtain a surveillance video of the Cheetahs gentlemen's club parking lot where one of the women was sexually assaulted. When it became clear that the State had lost the video, Stevenson moved to dismiss the charges. The district court denied his motion on March 9, 2011.

On November 9, shortly before trial was set to begin, Stevenson informed the district court that Cheetahs still had the actual machine that the club had used to record surveillance footage: According to Stevenson, the manager had unplugged the machine when the video had been requested, but it required a password that she did not know and therefore she could not retrieve the recording. Stevenson argued that the video should exist on the machine's hard drive and he would not be ready for trial until he saw it. The parties decided that a computer technician would attempt to `break into’ the machine and access the video overnight.

The next day, without any explanation, Stevenson pleaded guilty to two counts of attempted sexual assault.
State v. Stevenson, 2015 WL 4768841 (Supreme Court of Nevada 2015). 
The Supreme Court goes on to explain that on
February 21, 2012, before sentencing, Stevenson moved to withdraw his plea on the ground that he had been misled about the existence of the video. According to Stevenson, he had only pleaded guilty because his court-appointed standby counsel told him that the video could not be viewed unless the machine was sent back to the company that made it, which would take several months and could erase the video.

But after he pleaded guilty, Stevenson allegedly learned that the video could be extracted in mere days and there was no risk of damaging it in the process. The district court conducted an evidentiary hearing regarding this claim where Stevenson's investigator, the computer technician, and Cheetahs' manager testified. After their testimony, the district court denied Stevenson's motion pursuant to Crawford v. State, 117 Nev. 718, 30 P.3d 1123 (Supreme Court of Nevada 2001), finding that his plea was entered into knowingly, voluntarily, and intelligently.
State v. Stevenson, supra.
In his appeal to the Supreme Court, Stevenson argued that Crawford v. State’s
exclusive focus on whether the plea was knowing, voluntary, and intelligent lacks foundation in [Nevada Revised Statutes] 176.165. He points out that before Crawford, this court had interpreted §176.165 to permit the withdrawal of a guilty plea before sentencing for any `fair and just’ reason, which included reasons beyond just whether the plea was validly entered. See State v. Second Judicial District Court (Bernardelli), 85 Nev. 381, 455 P.2d 923, 926  (Nevada Supreme Court 1969). (`The granting of the motion to withdraw one's plea before sentencing is proper where for any substantial reason the granting of the privilege seems fair and just’); . . . see also Mitchell v. State, 109 Nev. 137, 848 P.2d 1060 (Nevada Supreme Court 1993) (holding that the appellant presented a fair and just reason to withdraw her plea where she had a credible claim of innocence, the State would not be prejudiced, and only a minor amount of money was involved).
State v. Stevenson, supra.
The Supreme Court went on to explain that in order to
resolve Stevenson's contention, it is necessary to understand how this court's interpretation of § 176,165 has evolved over time. In relevant part, [Nevada Revised Statutes] 176.165 provides that a defendant who has pleaded guilty may petition the court to withdraw his plea `before sentence is imposed or imposition of sentence is suspended.’ Although the statute makes clear that a defendant can move to withdraw his plea, it says nothing about the circumstances in which his motion should be granted.

This court first outlined these circumstances shortly after §176.165 was enacted. In Bernardelli, the defendant argued that the district court abused its discretion by denying his motion to withdraw his plea.  Because the statute was silent regarding the issue, we looked to federal courts for guidance, recognizing that § 176.165 was modeled after an almost identical federal rule, Federal Rule of Criminal Procedure 32(d). . . . Relying on Gearhart v. U.S., 272 F.2d 499 (U.S. Court of Appeals for the D.C. Circuit 1959), we held that a district court may grant a motion to withdraw a guilty plea before sentencing `where for any substantial reason the granting of the privilege seems “fair and just.”’ Bernardelli, supra, 85 Nev. at 385, 455 P.2d at 926.

In cases subsequent to Bernardelli, we did not explain what constituted a fair and just reason sufficient to permit withdrawal of a plea. Instead, we acted on a case-by case basis and considered the totality of the circumstances to determine whether allowing withdrawal would be fair to the defendant and the State. But we were not always careful to explain the test we were applying, see Jezierski v. State, 107 Nev. 395, 812 P.2d 355 (Nevada Supreme Court 1991) (reversing based upon `public policy’ considerations); Mitchell v. State, supra (reversing without mentioning the `fair and just’ language), and a discussion of whether the plea was validly entered began to creep into our analysis, Mitchell v. State, supra (explaining that the defendant bore the burden of demonstrating that her plea `was not entered knowingly and intelligently’ (quoting Bryant v. State, 102 Nev. 268, 721 P.2d 364 (Nevada Supreme Court 1986))).

This confusion came to a head in Crawford, when, for the first time, we focused the `fair and just’ analysis solely upon whether the plea was valid, holding that `[t]o determine whether the defendant advanced a substantial, fair, and just reason to withdraw a plea, the district court must . . . determine whether the defendant entered the plea voluntarily, knowingly, and intelligently.’ Crawford v. State, supra. Since Crawford, we have repeatedly observed that the only relevant question when considering whether a defendant should be permitted to withdraw his plea before sentencing is whether the plea was entered into knowingly, voluntarily, and intelligently. In applying this standard, we have refused to permit withdrawal of pleas that were valid even if the defendant presented an otherwise fair and just reason for withdrawing his plea.
State v. Stevenson, supra (emphasis in the original).
The Supreme Court then took up the issue as to whether the
withdrawal standard announced in Crawford is supported by §176.165. `[Q]uestions of statutory construction, including the meaning and scope of a statute, are questions of law, which this court reviews de novo.’ City of Reno v. Reno Gazette–Journal, 119 Nev. 55, 63 P.3d 1147 (Nevada Supreme Court 2003).  `When Nevada legislation is patterned after a federal statute or the law of another state, it is understood that the courts of the adopting state usually follow the construction placed on the statute in the jurisdiction of its inception.’  Advanced Sports Info., Inc. v. Novotnak, 114 Nev. 336, 956 P.2d 806 (1998)  (internal quotation marks omitted).

As we observed in Bernardelli ,§ 176.165 was modeled after Federal Rule of Criminal Procedure 32(d). Around the time that the statute was enacted, federal courts interpreting Rule 32(d) allowed a defendant to withdraw his guilty plea `”if for any reason the granting of the privilege seems fair and just.”’ Gearhart v. U.S., 272 F.2d 272 F.2d (U.S. Court of Appeals for the D.C. Circuit 1999) (quoting Kercheval v. U.S. 274 U.S. 220 (U.S. Supreme Court 1927)); see also U.S. v. Stayton, 408 F.2d 559 (U.S. Court of Appeals for the 3d Circuit 1969) (`In weighing motions for withdrawal of a guilty plea before sentencing, the test to be applied by the trial courts is fairness and justice’).

What constituted a fair and just reason was unsettled, and a conflict eventually emerged between courts who held that withdrawal should be permitted in almost every circumstance and courts who held that the defendant must first present a plausible ground for withdrawal. Federal Rule of Criminal Procedure 32(d) (advisory committee's note (1983)). But under either view, withdrawal was permitted for reasons other than merely whether a plea was knowing, voluntary, and intelligent. See, e.g., Kadwell v. U.S., 315 F.2d 667 (U.S. Court of Appeals for the 9th Circuit 1963) (`Rule 32(d) imposes no limitation upon the withdrawal of a guilty plea before sentence is imposed, and such leave should be freely allowed’). . . ; U.S. v. Sambro, 454 F.2d 918 (U.S. Court of Appeals for the D.C. Circuit 1971) (`a judge may but need not allow presentence withdrawal when the defendant establishes that there are circumstances which might lead a jury to refuse to convict notwithstanding his technical guilt of the charge. Or, a judge might allow withdrawal because the defendant has become aware of some collateral consequences of conviction which he wants to avoid’ (internal citation omitted)).

More recently, federal courts have expressly rejected the notion that the “fair and just” analysis turns upon the validity of the plea. U.S. v. Ortega–Ascanio, 376 F.3d 879 (U.S. Court of Appeals for the 9th Circuit 2004). Thus, the statement in Crawford which focuses the `fair and just’ analysis solely upon whether the plea was knowing, voluntary, and intelligent is more narrow than contemplated by [Nevada Revised Statutes § 176.165 We therefore disavow Crawford's exclusive focus on the validity of the plea and affirm that the district court must consider the totality of the circumstances to determine whether permitting withdrawal of a guilty plea before sentencing would be fair and just.
State v. Stevenson, supra (emphasis in the original).
The Supreme Court then explained that,
[h]aving determined that a district court may grant a defendant's motion to withdraw his guilty plea before sentencing for any reason where permitting withdrawal would be fair and just, we turn now to the reasons Stevenson has given as to why withdrawal was warranted.

The crux of Stevenson's argument below as to why he should be allowed to withdraw his plea was that the members of his defense team lied about the existence of the video in order to induce him to plead guilty. The district court considered this contention and gave Stevenson considerable leeway to demonstrate how he was lied to or misled. Stevenson struggled to articulate a cohesive response, pointing instead to circumstances which, viewed in context, were neither inconsistent nor suspicious.

After considering Stevenson's arguments, as well as the testimony presented at the multiple evidentiary hearings, the district court found that no one lied to Stevenson about the time it would take to determine whether the video could be extracted or otherwise misled him in any way. The district court also found that Stevenson's testimony in this regard was not credible. We must give deference to these findings so long as they are supported by the record, see Little v. Warden, 117 Nev. 845, 34 P.3d 540,  (Nevada Supreme Court 2001) (giving deference to factual findings made by the district court in the course of a motion to withdraw a guilty plea), which they are. Based on these findings, withdrawal was not warranted on this ground.
State v. Stevenson, supra.
The court then went on to point out that
[s]imilarly unconvincing is Stevenson's contention that he was coerced into pleading guilty based on the compounded pressures of the district court's `erroneous’ evidentiary ruling regarding his motion to suppress the video, standby counsel's pressure to negotiate a plea, and time constraints.

We need not consider whether the lower court's ruling regarding the video was correct, because even assuming it was not, undue coercion occurs when `a defendant is induced by promises or threats which deprive the plea of the nature of a voluntary act.’ Doe v. Woodford, 508 F.3d 563 (U.S. Court of Appeals for the 9th Circuit 2007). . . , not where a court makes a ruling later determined to be incorrect, see generally Brady v. U.S., 397 U.S. 742 (U.S. Supreme Court 1970) (`[A] voluntary plea of guilty intelligently made in the light of the then applicable law does not become vulnerable because later judicial decisions indicate that the plea rested on a faulty premise’).

Moreover, time constraints and pressure from interested parties exist in every criminal case, and there is no indication in the record that their presence here prevented Stevenson from making a voluntary and intelligent choice among the options available. See Doe v. Woodford, 508 F.3d. 563 (U.S. Court of Appeals for the 9th Circuit 2007) (`The test for determining whether a plea is valid is whether the plea represents a voluntary and intelligent choice among the alternative courses of action open to the defendant’); Miles v. Dorsey, 61 F.3d 1459 (U.S. Court of Appealsfor the 10th Circuit 1995) (`Although deadlines, mental anguish, depression, and stress are inevitable hallmarks of pretrial plea discussions, such factors considered individually or in aggregate do not establish that [a defendant's] plea was involuntary’).
State v. Stevenson, supra.
Next, the Supreme Court took up the facts in this case and the issue of the plea,
[f]inally, we reject Stevenson's implied contention that withdrawal was warranted because he made an impulsive decision to plead guilty without knowing, definitively, whether the video could be viewed.

Stevenson did not move to withdraw his plea for several months, which contradicts his suggestion that he entered his plea in a state of temporary confusion while in the throes of discovering that the video was not easily accessible. See U.S. v. Alexander, 948 F.2d 1002 (U.S. Court of Appeals for the 6th Circuit 1991) (explaining that one of the goals of the fair and just analysis `is to allow a hastily entered plea made with unsure heart and confused mind to be undone, not to allow a defendant to make a tactical decision to enter a plea, wait several weeks, and then obtain a withdrawal if he believes that he made a bad choice in pleading guilty’). . . ; U.S. v. Barker, 514 F.2d 208 (U.S. Court of Appeals for the D.C.Circuit 1975) (`A swift change of heart is itself strong indication that the plea was entered in haste and confusion’).

Most importantly, Stevenson relied upon the uncertainty surrounding the video as leverage to negotiate an extremely favorable plea despite the apparently strong evidence against him. See U.S. v. Ensminger, 567 F.3d 587 (U.S. Court of Appeals for the 9th Circuit 2009) (`The guilty plea is not a placeholder that reserves [a defendant's] right to our criminal system's incentives for acceptance of responsibility unless or until a preferable alternative later arises. Rather, it is a grave and solemn act, which is accepted only with care and discernment’). . . .
State v. Stevenson, supra.
The Court of Appeals therefore held that
[c]onsidering the totality of the circumstances, we have no difficulty in concluding that Stevenson failed to present a sufficient reason to permit withdrawal of his plea. Permitting him to withdraw his plea under the circumstances would allow the solemn entry of a guilty plea to `become a mere gesture, a temporary and meaningless formality reversible at the defendant's whim.’  U.S. v. Barker, supra. This we cannot allow.
State v. Stevenson, supra.
And in a final footnote at the end of its opinion, the court noted that Stevenson
urges us to consider his `colorable claim of innocence’ when evaluating whether he presented a fair and just reason for withdrawing his plea. See Woods v. State, 114 Nev. 468, 958 P.2d 91 (Nevada Supreme Court 1998). Stevenson fails to support his contention that he has a colorable claim of innocence.

State v. Stevenson, supra.

Monday, August 31, 2015

The Passwords, the Computer Fraud and Abuse Act and the Statute of Limitations

This post examines an opinion issued in a case in which a woman – Chantay Sewell -- sued “her former boyfriend, . . . Phil Bernardin,” alleging that he “had gained access to her e-mail and Facebook accounts without her permission and therefore in violation of the [Computer Fraud and Abuse Act] and the [Stored Communications Act]. Sewell v. Bernardin, 2015 WL 4619519 (U.S. Court of Appeals for the 2d Circuit 2015).
Both the Computer Fraud and Abuse Act [CFAA] and the Stored Communications Act [SCA] are primarily “criminal” statutes, in that if you violate their provisions with the requisite intent, you can, and may very well be, prosecuted in federal court by an Assistant U.S.Attorney.  But each also creates a civil cause of action so that those who have been the target of conduct that violates either statute (or both statutes) can sue for damages.  Federal criminal statutes, at least, often include a private cause of action; the premise is that citizens who have been the target of a violation of either statute (or both statutes) can sue for damages, which provides a supplemental enforcement method. The theory is that, since prosecutors probably cannot prosecute every violation of either statute or both statutes, allowing civil enforcement suits supplements enforcement of either or both statutes. This practice is known as enabling private attorney generals and you can,, if you are interested, read a Wikipedia entry about this here.
And that brings us to the facts that resulted in this case. As the Court of Appeals explains,
[i]n order to resolve this appeal, we address a matter of first impression in this Circuit: the operation of the statutes of limitations applicable under the civil enforcement provisions of the Computer Fraud and Abuse Act (CFAA), 18 U.S. Code § 1030, and the Stored Communications Act (SCA), 18 U.S. Code §2701, et seq. A plaintiff bringing an action under the CFAA's civil enforcement provision must do so `within 2 years of the date of the act complained of or the date of the discovery of the damage.’ 18 U.S. Code § 1030(g). The SCA provides that `[a] civil action under this section may not be commenced later than two years after the date upon which the claimant first discovered or had a reasonable opportunity to discover the violation.’ 18 U.S. Code § 2707(f).

The plaintiff, Chantay Sewell, filed suit under both statutes alleging that her former boyfriend, defendant Phil Bernardin, had gained access to her e-mail and Facebook accounts without her permission and therefore in violation of the CFAA and the SCA. She asserts that she discovered that she could not log into her www.aol.com (AOL.) e-mail account on or about August 1, 2011 `because her password was altered.’ Complaint ¶ 11 (J.A. 5). More than six months later, on or about February 24, 2012, she contends, she discovered that she could not log into her www.facebook.com (`Facebook’) account `because her password was altered.’ Complaint ¶ 12 (J.A. 5). The district court granted Bernardin's motion to dismiss Sewell's claims as untimely, and Sewell appealed. 
Sewell v. Bernardin, supra.
The Court of Appeals began its analysis of Sewell’s appeal by explaining that
[w]e accept as true at this stage of the proceedings all facts alleged in Sewell's complaint. See Town of Babylon v. Fed. Housing Finance Agency, 699 F.3d 221 (U.S. Court of Appeals for the 2d Circuit 2012). According to those allegations, Sewell and Bernardin were involved in a `romantic relationship' from in or about 2002 until 2011. Sewell maintained a private e-mail account with AOL and a private social media account with Facebook, including in 2011 and 2012. She did not knowingly share her account passwords with Bernardin or any other person and was the only authorized user of each account.

On or about August 1, 2011, Sewell discovered that her AOL password had been altered, and she was therefore unable to log into her AOL e-mail account. That same month, malicious statements about her sexual activities were e-mailed to various family members and friends `via Sewell's own contacts list maintained privately within her email account.’ Complaint ¶ 19 (J.A. 6).

On February 24, 2012, Sewell found herself unable to log into her Facebook account. Then, on March 1, 2012, someone other than she posted a public message from her Facebook account containing malicious statements, again concerning Sewell's sex life. Sewell alleges that Bernardin obtained her AOL and Facebook passwords without her permission while he was a guest in her home. Verizon Internet records confirmed that Bernardin's computer was used to gain access to the servers on which Sewell's accounts were stored. He then changed her AOL and Facebook passwords. Bernardin allegedly thereby obtained access to Sewell's electronic communications and other personal information and sent messages purporting to be from her.
Sewell v. Bernardin, supra. The court included two footnotes in the passage quoted above:  The first said, “Sewell's characterization of her relationship with Bernardin is contained in an affidavit filed with the district court on February 14, 2014.” Sewell v. Bernardin, supra. The
second footnote said “[i]n her complaint, Sewell describes an e-mail sent in or around August 2011 using her personal contacts list as containing `malicious statements toward Sewell regarding certain sexually transmitted diseases and sexual activities.’”  Sewell v. Bernardin, supra.
The opinion then went on to explain that
[o]n May 15, 2013, Sewell filed a separate suit against Bernardin's wife, Tara Bernardin, and `John Does # 1–5,’ apparently believing that Tara Bernardin and others unknown to her had gained access to her Internet accounts. The complaint raised claims strikingly similar to those that she is pursuing in the instant action. Tara Bernardin settled her suit with Sewell on September 27, 2013, and the court accordingly entered judgment in Sewell's favor shortly thereafter.

Several months later, on January 2, 2014, Sewell filed the instant action against Phil Bernardin, alleging violations of the SCA and CFAA. On August 2, 2014, the United States District Court for the Eastern District of New York (Arthur D. Spatt, Judge ) granted Bernardin's motion to dismiss, holding that Sewell's claims were time-barred under the CFAA's and SCA's applicable two-year statutes of limitations. This appeal followed.
Sewell v. Bernardin, supra.
The Court of Appeals then began its analysis of the issues in this case, explaining that
[w]e review the grant of a motion to dismiss under Federal Rule of Civil Procedure12(b)(6) de novo, `accepting as true factual allegations made in the complaint, and drawing all reasonable inferences in favor of the plaintiff[ ].’ Town of Babylon v. Federal Housing Finance Agency, 699 F.3d 221 (U.S. Court of Appeals for the 2d Circuit 2012).  `Dismissal under Federal Rules of Civil Procedure Rule 12(b)(6) is appropriate when a defendant raises a statutory bar,’ such as lack of timeliness, `as an affirmative defense and it is clear from the face of the complaint, and matters of which the court may take judicial notice, that the plaintiff's claims are barred as a matter of law.’ Staehr v. Hartford Financial Services Group, 547 F.3d 406 (U.S. Court of Appeals for the 2d Circuit 2008). 
Sewell v. Bernardin, supra.  Rule 12(b)(6), which you can find here, says that a party to litigation (usually a defendant) can assert the defense that the plaintiff’s Complaint “fails to state a claim upon which relief can be granted.” You can read more about Rule 12(b)(6) motions here.
Next, the Court of Appeals summarized the relevant provisions of the CFAA and the SCA and noted the length and “tolling” of the pertinent statute of limitations for each statute. Sewell v. Bernardin, supra.  It began with the CFAA, explaining that the
CFAA criminalizes, inter alia, `intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain [ing] . . . information from any protected computer,’ 18 U.S. Code § 1030(a)(2)(C), and `intentionally access[ing] a protected computer without authorization, and as a result of such conduct, caus[ing] damage and loss.’  18 U.S. Code § 1030(a)(5)(C).

The statute also provides a civil cause of action to `[a]ny person who suffers damage or loss by reason of a violation of this section.’ 18 U.S. Code § 1030(g). To be timely, such a civil suit must be filed `within 2 years of the date of the act complained of or the date of the discovery of the damage’ 18 U.S. Code § 1030(g). `Damage’ . . . is defined as `any impairment to the integrity or availability of data, a program, a system, or information.’ 18 U.S. Code § 1030(e)(8) The statute of limitations under the CFAA accordingly ran from the date that Sewell discovered that someone had impaired the integrity of each of her relevant Internet accounts.
Sewell v. Bernardin, supra. 
The court then did the same for the SCA, explaining that under the SCA it is a crime to:
(1)  intentionally access[ ] without authorization a facility through which an electronic communication service is provided; or
 (2) intentionally exceed[ ] an authorization to access that facility; and thereby obtain[ ], alter[ ], or prevent[ ] authorized access to a wire or electronic communication while it is in electronic storage in such system. . . .
Sewell v. Bernardin, supra (quoting 18 U.S. Code § 2701(a)).  It went on to explain that
[a]s with the CFAA, the SCA establishes a civil cause of action. `[A]ny . . . person aggrieved by any violation of this chapter in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind’ may file suit. 18 U.S. Code § 2707(a). A civil action under this section must be commenced no 1later than two years after the date upon which the claimant first discovered or had a reasonable opportunity to discover the violation.’ 18U.S. Code § 2707(f).

In other words, the limitations period begins to run when the plaintiff discovers that, or has information that would motivate a reasonable person to investigate whether, someone has intentionally accessed the `facility through which an electronic communication service is provided’ and thereby obtained unauthorized access to a stored electronic communication. 18 U.S. Code § 2701(a).
Sewell v. Bernardin, supra.
The Court of Appeals then took up the issue involved in Sewell’s appeal, noting that
[t]he district court granted Bernardin's motion to dismiss Sewell's claims as untimely based on the court's conclusion that Sewell was `aware that the integrity of her computer had been compromised’ as of August 1, 2011. Sewell v. Bernardin, 50 F.Supp.3d 204 (U.S. District Court for the Eastern District of New York 2014). The court reasoned that Sewell's August 1, 2011, discovery—which related to the unauthorized use of her AOL account—provided her with a reasonable opportunity to discover the full scope of Bernardin's alleged illegal activity more than two years before she brought this suit on January 2, 2014. We agree with the district court as its decision related to Sewell's AOL account, but disagree with it as it related to her Facebook account.

Sewell discovered the `damage’ to her AOL account for CFAA purposes on August 1, 2011, when she learned that she could not log into her AOL e-mail account. That she may not have known exactly what happened or why she could not log in is of no moment. The CFAA's statute of limitations began to run when Sewell learned that the integrity of her account had been impaired.
Sewell v. Bernardin, supra.
The court then pointed out that Sewell’s
CFAA and SCA claims with regard to her AOL account were first made on January 2, 2014, and were premised on damage and unauthorized access to her AOL account which she had or should have discovered some two years and five months earlier. The two-year statutes of limitations had therefore run.
Sewell v. Bernardin, supra.  In a footnote, the court points out that
[a]lthough the complaint alleges that Sewell's AOL account was improperly accessed on multiple occasions subsequent to August 1, 2011, Sewell does not raise any arguments on appeal with respect to these alleged violations. We thus take no position as to whether claims based on those subsequent violations would be timely under the CFAA or the SCA, or whether such claims would otherwise survive Bernardin's motion to dismiss.
Sewell v. Bernardin, supra.
The Court of Appeals then took up her Facebook claims, noting that Sewell’s
Facebook-related claims, by contrast, appear to have accrued on or about February 24, 2012. Her complaint alleges that she `was the sole authorized user of’ her Facebook account. . . . On or about `February 24, 2012, [she] discovered that she could no longer log into or access her account with www.facebook.com because her password [had been] altered.’ . . .  

There is nothing in the facts as alleged in the complaint from which to infer that anyone gained unauthorized access to her Facebook account before then. Thus, taking these allegations as true, there would have been no damage, for CFAA purposes, or violation, for SCA purposes, for Sewell to discover with respect to her Facebook account before that date, which was less than two years before the suit was brought.
Sewell v. Bernardin, supra.
The court went on to explain that
[t]he fact that Sewell had discovered `damage’ to her AOL account based on her inability to access AOL's computer servers at an earlier date does not lead to a different result. Contrary to the district court's remark, Sewell did not allegedly discover `that the integrity of her computer had been compromised’ as of August 1, 2011. Sewell v. Bernardin, 50 F.Supp.3d 204 (U.S. District Court for the Eastern District of New York August 2014) (emphasis added). She discovered only that the integrity of her AOL account had been compromised as of that time.

Her CFAA claim accordingly is premised on impairment to the integrity of a computer owned and operated by AOL, not of her own physical computer. As a result, Sewell has two separate CFAA claims, one that accrued on August 1, 2011, when she found out that she could not access her AOL account, and one that accrued on February 24, 2012, when she found out that she could not access her Facebook account.
Sewell v. Bernardin, supra.
The Court of Appeals then took up Sewell’s “Facebook-related SCA claim”, noting that,
[l]ike her Facebook-related CFAA claim, [this] claim is also timely. Under the SCA, a civil plaintiff must file her claim within two years of discovery or a reasonable opportunity to discover intentional and unauthorized access to an electronic communication facility.

The district court concluded that Sewell `had a reasonable opportunity to discover the Defendant's illegal activity” vis-à-vis her Facebook account as of August 1, 2011. Sewell v. Bernardin, supra, 50 F.Supp.3d at 213. . . . But as we have noted, there is no allegation in the complaint that Sewell's Facebook account and the computer servers on which her information was stored were tampered with before February 24, 2012, when she alleges that she was unable to log into her Facebook account. She could not reasonably be expected to have discovered a violation that, under the facts as alleged in the complaint, had not yet occurred.
Sewell v. Bernardin, supra.
It also pointed out that the U.S. District Court Judge’s
conclusion may rest on the assumption that a plaintiff is on notice of the possibility that all of her passwords for all of the Internet accounts she holds have been compromised because one password for one Internet account was compromised. We do not think that that is a reasonable inference from the facts alleged in the complaint.

We take judicial notice of the fact that it is not uncommon for one person to hold several or many Internet accounts, possibly with several or many different usernames and passwords, less than all of which may be compromised at any one time. At least on the facts as alleged by the plaintiff, it does not follow from the fact that the plaintiff discovered that one such account—AOL e-mail—had been compromised that she thereby had a reasonable opportunity to discover, or should be expected to have discovered, that another of her accounts—Facebook—might similarly have become compromised.
Sewell v. Bernardin, supra.
And it explained that
[w]e pause to acknowledge that the statutes of limitations governing claims under the CFAA and SCA, as we understand them, may have troubling consequences in some situations. Even after a prospective plaintiff discovers that an account has been hacked, the investigation necessary to uncover the hacker's identity may be substantial. In many cases, we suspect that it might take more than two years. But it would appear that if a plaintiff cannot discover the hacker's identity within two years of the date she discovers the damage or violation, her claims under the CFAA and SCA will be untimely.
Sewell v. Bernardin, supra.
Finally, the Court of Appeals explained that Sewell
does have the option of initiating a lawsuit against a John or Jane Doe defendant, but she must still discover the hacker's identity within two years of discovery or a reasonable opportunity to discover the violation to avoid dismissal. This is because we have concluded `that Rule 15(c) does not allow an amended complaint adding new defendants to relate back if the newly-added defendants were not named originally because the plaintiff did not know their identities.’ Barrow v. Wethersfield Police Dep't, 66 F.3d 466, 470 (U.S. Court of Appeals for the 2d Circuit 1995).
Sewell v. Bernardin, supra.
The Court of Appeals therefore ordered that “[f]or the foregoing reasons, the judgment of the district court is AFFIRMED in part and VACATED and REMANDED in part for further proceedings.” Sewell v. Bernardin, supra.
You can, if you are interested, read more about this case in the news stories you can find here, here and here