Wednesday, January 21, 2009

Chutzpah in Kansas City

Maybe you saw this story: It says a Kansas City woman has been indicted by a federal grand jury for using her U.S. Department of Agriculture laptop to manage “prostitution businesses and correspond with clients”.

According to the story, Laurie Lynn McConnell, a statistician for the USDA’s Risk Management Agency, operated the prostitution businesses with John Miller, who also lives in Kansas City. It says the two – using the names Dark Phoenix and USA Honies – used the USDA laptop, cell phones, Pay Pal and “other electronic means” to operate their businesses. (Why, I wonder, didn’t they just buy their own laptops?)

I can’t find a lot of details online about their operation, but the story I’ve cited says they recruited prostitutes, advertised their services and took $100 from the fee paid for each “appointment.” McConnell and Miller advertised their businesses on Craigslist and other sites, screened potential clients and established a series of PayPal accounts that let clients pay the prostitution fees online.

The story says McConnell and Miller are charged with (i) conspiring to use computers, cell phones and other electronic devices to promote prostitution and with (ii) conspiracy to commit money laundering. What about a computer crime charge?

McConnell apparently exceeded the scope of her authorized access to use the USDA laptop. I don’t know what the USDA’s computer use policies for its employees are, but I suspect they would not encompass using a USDA laptop to run a business – especially an illegal business – on the side. So, McConnell presumably exceeded her authorized access to the USDA laptop.

The problem with using that as the basis of a charge of violating 18 U.S. Code § 1030 (which, as I’ve noted before, is the basic federal computer crime statute) is that § 1030 only makes exceeding authorized access a crime when certain conditions are met. Under § 1030(a)(2), it’s a crime to intentionally exceed one’s authorized access to a computer and thereby obtain information from any of the following: a financial institution, a federal agency or a “protected computer.” A protected computer is a computer used in interstate or foreign commerce, so the laptop I’m writing this on (like your computer, if you’re reading this) qualifies; being hooked to the Internet is itself enough to satisfy the interstate or foreign commerce requirement.

From the very little I know about this case, I don’t see any basis for charging McConnell under § 1030(a)(2). She presumably exceeded her authorized access to the USDA laptop, but I don’t see any indication that she did so in order to obtain information from a federal agency or from someone else’s computer. She was simply using the laptop as a tool to facilitate the conduct of her illegal prostitution business.

Section 1030(a)(4) makes it a crime to exceed one’s authorized access to a computer in order to execute a scheme to defraud and obtain “anything of value” (other than the use of the computer if such use is not worth more than $5,000). Again, based on the very little I know, I don’t see any basis for charging McConnell with this crime, either; while she was (according to the charges) exceeding her authorized access to the laptop and doing so to commit a crime, the crime was prostitution, not fraud.

So not an “exceeding authorized access” case, at least not under federal law. Chutzpah, though, definitely.

No comments: