A college student accused of illegally hacking into Alaska Governor Sarah Palin’s e-mails says a court had declared the e-mails part of the public record. Among a number of issues, the federal case addresses whether e-mail is property and thereby subject to privacy protection. -DB
Wired
May 20, 2009
By Kim Zetter
A surprise legal maneuver by the defense in the Sarah Palin hacking case could undermine key charges carrying the stiffest potential penalties.
A lawyer for the Tennessee college student charged with hacking into the Alaska governor’s Yahoo e-mail account last year says his client couldn’t have violated Palin’s privacy because a judge had already declared her e-mails a matter of public record.
“He’s not suggesting that e-mail can’t be private,” says Mark Rasch, a former Justice Department cybercrime prosecutor. “He’s saying this particular e-mail was not private or personal because of who she is and because it wasn’t intimate communication. ”
Additionally, photos that 20-year-old David Kernell allegedly obtained of Palin and her family were not private since the Palins are “the subjects of untold numbers of photo-ops,” the lawyer argued last week, in one of a slew of motions and memorandums attacking the government’s four-count federal indictment against Kernell.
Threat Level broke the story last September that a hacker had obtained unauthorized access to Palin’s Yahoo e-mail account — gov.palin@yahoo.com — by using publicly available information to reset her password to “popcorn.” The intruder then posted screenshots of Palin’s e-mail, as well as her new password, to a forum at 4chan.org under the handle “Rubico,” enabling other intruders to access the account. Bloggers quickly traced the name Rubico to an e-mail address that Kernell was known to use.
Last October, federal prosecutors in Tennessee had Kernell indicted on one felony count of violating the Computer Fraud and Abuse Act. Then in March prosecutors filed three more charges — one count of identity theft for allegedly impersonating Palin to access her e-mail account; one count of wire fraud for allegedly scheming to defraud Palin of property by obtaining information from her account and posting it to a web forum; and one count of obstruction of justice for allegedly destroying evidence.
Now defense lawyer Wade Davies is asking a federal judge to dismiss all of the charges on various grounds, with particular attention to the hacking and wire fraud charges. The attorney’s pretrial arguments provide insight into his defense strategy should the matter proceed to trial.
Last year, following the initial indictment, Davies objected to the computer hacking charge on the grounds that the government had erroneously used two misdemeanors pertaining to the same crime to elevate the charge to a felony. In order for hacking to be a felony under the federal law, it has to be done for the purpose of committing an additional crime, or a “tortious” act — i.e., an action that could give rise to a civil suit.
But in a circular argument, the government had essentially charged Kernell with obtaining unauthorized access to information in Yahoo’s computers for the criminal purpose of obtaining unauthorized access to the information.
In March, prosecutors addressed the circular problem by amending the charge to state that Kernell’s alleged unauthorized computer access violated Palin’s privacy, committing a tortious act under the laws of Tennessee, where Kernell resides.
Davies, however, says the Tennessee law is improperly invoked, and Palin isn’t entitled to privacy protection.
Tennessee, he says, only recognizes an invasion of privacy when the invasion exposes something that is inherently private, and the victim was placed in a false light by the invasion. But Palin wasn’t placed in a false light by the alleged hack, and her privacy wasn’t invaded since “an Alaska court has issued an order requiring Ms. Palin to preserve the correspondence in her private e-mail accounts on the grounds that the e-mails are public records.”
Davies is referring to litigation that was filed by an Alaskan activist before the alleged hack occurred. That lawsuit sought Palin’s private e-mail. The activist charged that Palin used her Yahoo accounts to conduct official government business and therefore e-mail in the accounts was part of the public record and should be disclosed under Alaska’s public records statute. A judge ruled, after news of the hack broke, that Palin was required to preserve the correspondence in her private accounts until the lawsuit was resolved.
Davies implies in his motion to dismiss that there are reasonable grounds to conclude that Palin’s Yahoo correspondence was a public record, and cites case law showing that information that already appears on the public record can’t be considered private.
As for photos of Palin and family members that Kernell allegedly obtained from the account, Davies says there’s no expectation of privacy for the images, because the people depicted in the photos “continue to regularly and voluntarily appear in the national media.”
Without the privacy violation, the government has no felony case, Davies argues. Therefore he wants the charge reduced to a misdemeanor.
Calls to Davies and federal prosecutors in Tennessee were not returned, but Rasch finds the argument compelling.
“He’s also saying that what was in the e-mails would ultimately have been revealed [under litigation] therefore she had no expectation of privacy in it,” says Rasch.
Rasch says that although the alleged public-records status of the e-mail doesn’t give anyone the right to break into the account, “it would be very difficult for [the government] to allege a breach of privacy” if the e-mail is a public record.
He also says that in order to prove a privacy interest in the e-mails, the government would have to share the contents of the e-mails. “I don’t see how they could prosecute the case without doing it,” he says. “Those are the exhibits. They can ask the court to submit them under seal, but how do I as a juror decide if there was an invasion of privacy if I don’t know what he looked at?”
Palin’s office did not return a call seeking comment.
Aside from the computer fraud and privacy charge, Davies also took issue with a wire fraud charge alleging that his client deprived Palin of property by accessing her e-mail. Davies argues that the charge isn’t valid because e-mails constitute “ethereal” property, not “traditional property” as defined by the law. Kernell, he wrote, “was not trying to steal from Sarah Palin.”
Rasch says the argument that e-mail is not property is “interesting” but will likely fail to get the wire fraud charge dismissed. However, if the matter goes to trial, he says the attorney might be able to convince a jury that Kernell simply accessed the e-mail out of curiosity, not out of an intent to defraud.
He notes that the issue over whether e-mail constitutes property and therefore carries privacy protection is one that the laws don’t cover sufficiently.
“It’s not to say that there is no property interest in e-mail, but we don’t do very well in this country about defining the value of it [in terms of] privacy,” he says. “It’s a valid question and it has broader social implications.”
Kernell’s trial is scheduled for Oct. 27.
If convicted of all four charges, he faces 18 to 24 months in prison and a fine of between $4,000 and $40,000, according to a federal sentencing guidelines based on the allegations. Had he been charged with misdemeanors, he would likely have faced probation or house arrest.
Copyright 2009 Wired