By Julie Liu
It is generally understood that certain online behaviors can lead to trouble in the employer-employee context. Many of us are familiar with stories of people who were fired or denied jobs after posting incendiary selfies, offensive messages, or rants about work on social media. While risking one’s employment status is enough to worry about, being criminalized for online behaviors is an entirely different possibility. Up until last week, one case has led second circuit courts to wrestle with defining the criminal liability associated with two particular online behaviors: the violation of workplace policies on computer use, and “thoughtcrime,” specifically the online posting of fantastical statements.
The case, U.S. v. Valle, originates from the 2012 arrest of New York City police officer Gilberto Valle. Valle was charged with conspiracy to commit kidnapping, following his wife’s discovery of posts and chats detailing his cannibalism, torture, and murder fantasies in his online history. A second charge was violation of the Computer Fraud and Abuse Act (CFAA). Valle had used a restricted police database to look up information about an individual without a law enforcement purpose, as prohibited by NYPD policy. The jury convicted Valle on both counts. The district court dismissed the conspiracy count but upheld the count of the CFAA violation. A previous circuit split on the scope of the CFAA meant an uncertain outcome for the appeal. However, on December 3, 2015, the U.S. Court of Appeals for the Second Circuit overturned the district court’s upholding of the CFAA conviction.
The CFAA, known as the federal anti-hacking law, prohibits the intentional access of computers without authorization or in excess of authorization. Prior to the Second Circuit’s opinion, a circuit split dominated relevant case law. The Fourth and Ninth circuits construe the statute narrowly (i.e., “exceeds authorized access” applies only to violations of restrictions on access to information, or actual hacking). On the other hand, the First, Fifth, Seventh, and Eleventh Circuits favor a broad interpretation (i.e., the CFAA applies to employees who breach a duty of loyalty or act based on interests adverse to the employer). In line with the Fourth and Ninth circuits, the Electronic Frontier Foundation argues that a broad reading could potentially criminalize millions for non-hacking behaviors such as checking Facebook at work (if prohibited under workplace policy). Such individuals could face up to five years in prison for first-time offenses.
The Second Circuit agreed with these concerns, emphasizing an obligation “to ‘construe criminal statutes narrowly so that Congress will not turn ordinary citizens into criminals.” While this evens out the split, employees in jurisdictions that have adopted a broad construction should be cautious about any employer-prohibited computer use.
The other aspect of the ruling—that the government cannot punish people for what amount to thoughtcrimes—is not employee-specific but still noteworthy. The question of when fantasies become criminal has been hotly debated and raises important due process and First Amendment issues. Prior to the Second Circuit’s decision, scholars noted that defendants arguing a fantasy defense could be wrongly convicted based on the thought-content of their expressions (especially when very perverse or disturbing) rather than their conduct, and would need additional protections under the law to prevent this.
Does this decision change anything? The Second Circuit appears to have taken a step away from the risk of wrongful conviction, but not necessarily the risk that jurors’ notions of morality and sensibility will strongly influence their fact-finding duties. The court made clear that its decision was based primarily on the government’s failure to prove actual criminal intent. Fantasies should not be considered harmless, the court indicated, but prosecution is not necessarily the solution.
Image source: lifehack.org.