28 December 2010

Creative Prosecution?

Did you know that reading your spouse's email is a crime? (at least in Michigan)


Bad Monkey said...

Actually pretty straightforward case.

I feel for the guy and all, but he really didn't have a right to hack her account. Sure they share the computer, but that doesn't mean they share the e-mail account.

Even as much as I hate the idea of prosecutors deciding to ignore what is a crime this is one where the prosecutor could have used a little discretion. Although I would love to see Jessica back up this one:
"he had wonderful skills and was highly trained."

Really, highly trained, figured out to look in the book she kept next to the laptop. Want to bet it was labeled user-name password.

Anonymous said...

@ Bad Monkey. What is straight forward about it?
The guy didn't have a right to go through her email. So what. Doing something a person doesn't have a right to do doesn't mean a crime was committed.

A cursory look at the Michigan Identity Theft Act requires two things: 1. the use of personal identifying information 2. to do any of the following: obtain credit, goods, services, money, property, a vital record, a confidential telephone record, medical records or information, or employment.

The second part first because it appears the most difficult element to prove. Shoehorning titillating emails between lovers to fit the type of information that must be sought under the act seems on the surface most difficult. (No idea how Michigan case law comes down on whether the included classes of information must be sought or mere opportunity to access them is enough for a violation. In other words, when the guy was looking for lover's emails and skimmed over bank statements in the inbox while searching.)

The first part second. The Michigan code defines “personal identifying information” in a lengthy definitions provision. The usual suspects are included: social security number, mother's maiden name and so on. The only references to passwords deals exclusively with those related to financial accounts. Many other types of information is included in the definition provision, passwords to generic email accounts are not.

I am not an authority on Michigan law nor do I pretend to be. I am curious if the Act is as elastic as the prosecution believes.

Criminal Lawyers Glasgow said...

Thanks v much for posting - it is interesting that this can be considered to be a hacking offence under computer misuse legislation. Will be interesting to see if appealed or if any further developments next year.

Looking forward to further posts. Best wishes, Beltrami Solicitors Criminal Defence Lawyers Glasgow

Bad Monkey said...

@ Anon -
Neither do I claim to be an expert on the law in Michigan. I am however capable of reading it. And as I said, I personally feel bad for the guy, but can see how he may well have run afoul of the law on this.

Did he use "personally identifying information". Obviously debatable when one considers what that phrase might mean and what he is accused of using (a username and password).

Luckily the statute I think he was charged under (since it has yet to be specifically named from everything I've seen) doesn't use that phrase.

Michigan 752.795 Prohibited conduct. section 5

"A person shall not intentionally and without authorization... do any of the following:

(a) Access ... a ... computer network to ... use the service of a ... computer system, or computer network."

Hmmm, pretty clear actually.

And from looking at the law it seems like it may just be section 5 they are hitting with because according to 752.797 (penalties)

"(2) A person who violates section 5 is guilty of a crime as follows:

(a) Except as provided in subdivision (b), the person is guilty of a felony punishable by imprisonment for not more than 5 years or a fine of not more than $10,000.00, or both."

Why yes, they do talk about him facing up to five years in jail and a felony conviction for computer misuse. Right on the nose of this law actually.

Yes, normally this statue is probably used to prosecute people who commit identity theft or steal trade secrets, because they may have violated it to gain access to the information they then use. But it really doesn't seem a stretch to see how it could be applied.

Bad Monkey said...

I take it back, I could be bothered to see exactly what he was charged with.


You can run a search for him there. You find this case: 2010-230991-FH

In that case there is an action registered for 03/04/2010 indicating the charge(penalty section actually) 752.7972A for "COMPUTERS/UNAUTHOR. ACCESS"

Yeah, he was charged with what I thought he was charged with since they reference a penalty (752.7972A) that only applies to the particular charge I was thinking of.