About the Case
United States v. McClain
1. Whether federal liability for obstruction of justice constitutionally attaches to misleading a local investigator or modifying a press release in light of a congressional investigation, pursuant to 18 U.S.C. §§ 1512(b)(3), 1519.
2. Whether liability under the criminal provisions of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, constitutionally extends to violations of terms of employment or online terms of service.
This case concerns the proper boundaries of federal criminal liability arising from the application of the obstruction-of-justice and computer fraud statutes. Peter McClain was convicted by a unanimous jury on two counts of obstruction and on two counts of violating the Computer Fraud and Abuse Act (“CFAA”). He moved for judgment of acquittal, was denied by the district court, and now appeals to the 2nd Circuit.
McClain was the chief of information technology at the Teletronix Corporation, a cell phone manufacturer based in New York City. He was known for his strong opinions about the industry, and even designed a prototype for a new cell phone. Online, however, he maintained another identity. He went by the handle “cellacious,” sung the praises of the Anonymous hacking collective, and at least once visited a chat room frequented by its members. He hacked into Jonathan’s Starbucks card, a (real-life) online social experiment in the use of digital currency. Participants could buy coffee using a mobile screenshot of Jonathan’s card, and would “pay it forward” by reloading the card. But McClain used code to pilfer the balance and transfer it to his own Starbucks cards, which he then attempted to sell on eBay.
Legal trouble for McClain was clearly brewing by June 2011, when authorities suspected Anonymous of causing a blackout of New York City’s electronic infrastructure, including subway lights, DMV equipment, and library computers. Investigators traced much of the denial-of-service attack to computers at none other than Teletronix. Meanwhile, the United States Senate and the Federal Communications Committee were gearing up for an investigation of their own. Senators Redgrove and Meyer announced on Meet the Press that they would hold cell phone manufacturers accountable for concealing the link between cell phones and cancer. Earlier that month, McClain had received a copy of a World Health Organization study, indicating that “there could be some risk.” At that time, he told the CEO of Teletronix, Lisa Laing, “Let’s just hope they don’t get us on this.”
Laing called McClain to her office on June 17. A week earlier, the assistant commissioner of the New York City Department of Investigations (DOI) had contacted Laing to enlist her help with the investigation of the hacking attack. After her meeting with McClain, she wrote to thank him and asked that he “please get to the bottom of this—do what you have to do to salvage the situation.” Two days later, McClain acted. He entered the press department at Teletronix on a Sunday and added the following language to a press release slated for release the next day: “We stand out from the pack, and it’s precisely because the use of our cell phones carries absolutely zero risk of causing cancer, now or at any point in the future.” He also emailed Sal Palukas, the DOI assistant commissioner, to assure him that no Teletronix employee had participated in the cyber attack, nor was affiliated with Anonymous.
After receiving this email, Palukas referred the case to the Department of Justice. Laing terminated McClain’s employment on June 25, telling him that his termination was temporary and that he was free to “grab [his] stuff.” A week prior, Laing had discovered that McClain was both accessing and downloading company files: He made copies of his prototype, emailed himself a screenshot of his Anonymous chat window, and tried to delete it from Teletronix servers. His employment contract stated the company policy of assigning all inventions to Teletronix and forbidding employees from retaining copies of corporate records, plans, or sketches without the prior approval of the company.
Conviction and Appeal
McClain was convicted on four of the five indictment counts. Count one alleges document falsification under 18 U.S.C. § 1519 for having knowingly altered or made a false entry in the press release; and count two charges a § 1512(b)(3) violation such that by misleading Palukas, McClain intended to prevent communication of information to federal officers about a possible federal offense. Counts three through five, pursuant to the criminal provisions of the CFAA, allege access “without authorization or in excess of authorization” of the following, respectively: Teletronix servers; the computer on Starbucks’ network housing Jonathan’s card; and a protected eBay computer. The jury acquitted on count five, which charged unlawful access in violation of eBay’s restrictions on gift card sales.
At the close of the government’s case-in-chief, the District Court denied McClain’s motion for judgment of acquittal. Following his conviction, he renewed this motion and the District Court upheld the verdict over McClain’s vagueness and sufficiency challenges. Among other arguments, McClain had claimed there was no “reasonable likelihood” that his press release would have reached the purview of federal investigators, in contravention of Fowler v. United States, 131 S. Ct. 2045 (2011). The Court rejected Fowler’s applicability, however. As to the CFAA convictions, the Court held that “contractual violations lay the basis for criminal liability under [the] statute—as well as in this case.” It relied heavily, however, on a decision that was later vacated by the Ninth Circuit in United States v. Nosal, 642 F.3d 781 (9th Cir. 2011), vacated, reh’g granted en banc, No. 10-10038, 2011 WL 5109831, at *1 (9th Cir. Oct. 27, 2011).