Georgia Supreme Court Overturns Computer Crime Conviction For Man Who Copied Himself On Emails Sent To His Boss

from the one-for-you,-one-for-me dept

It's not just the CFAA that can be abused. This law -- recently trimmed a bit by the US Supreme Court -- has been abused for years to go after web scrapers, researchers, and information-wants-to-be-free activists. The recent ruling does narrow the scope of that law a bit, but the CFAA still has the potential to do serious damage when wielded carelessly or vengefully.

The state of Georgia has its own set of computer crime laws and they're just as capable of being interpreted by prosecutors to criminalize acts that shouldn't be criminal offenses. Fortunately, a state court has made a sensible reading of the law to overturn a conviction for computer trespass -- one that saw a former Norcross (GA) city employee hit with felony charges. (h/t Andrew Fleischman)

Jereno Kinslow was a city IT employee who had some problems with his new boss, Greg Cothran. Cothran criticized Kinslow's work performance, leading to a "loud outburst" from Kinslow. This apparently made Cothran concerned Kinslow might sabotage the city's network. Certain "safety measures" were put in place and Kinslow was eventually fired.

Before Kinslow was let go, he utilized his administrator-level access to forward copies of emails sent to Cothran to his own personal email account. This was discovered by Cothran months later when he received a bounce notification specifying Kinslow's email account. This alleged "criminal trespass" formed the basis for charges that resulted in Kinslow being convicted of a felony and sentenced to ten years of probation.

Kinslow challenged his conviction under this statute, claiming prosecutors did not present evidence that he had actually violated the law. The Georgia Supreme Court agrees [PDF] with Kinslow.

OCGA § 16-9-93 (b)(2) defines the offense of computer trespass, in relevant part, as “us[ing] a computer or computer network with knowledge that such use is without authority and with the intention of . . . [o]bstructing, interrupting, or in any way interfering with the use of a computer program or data.” Kinslow was charged with committing computer trespass by “us[ing] a computer network with knowledge that such use was without authority and with the intention of obstructing and interfering with data from a computer, by copying Greg Cothran’s e-mails and causing them to be forwarded to his own private e-mail account.”

The State thus was required to prove that Kinslow used a computer network knowingly without authority with the intention of obstructing or interfering with the use of data.We conclude that the evidence presented at trial was insufficient to prove that Kinslow’s use was done with the intention of obstructing or interfering with the use of data.

The court says the facts don't fit the charged crime. There was no "obstruction" of data when Kinslow intercepted copies of Cothran's emails.

Contrary to the State’s suggestion, the State presented no evidence that Kinslow’s e-mail forwarding scheme “blocked” or even “hindered” the flow of data in the form of e-mails to Cothran, who continued to receive those e-mails intended for him. Rather, the evidence showed only that Kinslow’s actions created an additional flow of data to another account.

There you have it: copying is not theft obstruction.

But wait, said the state, maybe it's an [re-reads statute]... um… "interruption?"

Nope, says the court:

“Interrupt” carries a similar definition of stopping or hindering, although “interrupt” often denotes a more temporary stoppage than “obstruct,” such as “to make a break in the continuity of.” Again, the State presented no evidence that Kinslow’s actions hindered the flow of e-mails to Cothran, either permanently or temporarily.

Making copies also doesn't "interfere" with the flow of data, the court decides. The flow of data was so unobstructed, uninterrupted, and un-interfered with that Kinslow's supervisor didn't even know it was happening until one of the emails bounced.

It's a short, solid ruling that forces the state to accept the fact that words have meanings, and those meanings cannot be distended to encompass the actions seen here.

The dissent, however, thinks the court should have broadened the law to encompass all sorts of innocuous behavior by using the very loosest definitions of the word "interfere."

Webster’s New Twentieth Century Dictionary (2d ed. 1983); “to interpose in a way that hinders or impedes: come into collision or be in opposition . . . to enter into or take a part in the concerns of others,” Webster’s Ninth New Collegiate Dictionary (9th ed. 1985); and “to come between so as to be a hindrance or an obstacle . . . to intervene or intrude in the affairs of others; meddle.” The American Heritage Dictionary of the English Language (3d ed. 1992). Black’s Law Dictionary (11th ed. 2019) primarily defines “interfere” as “[t]he act or process of obstructing normal operations or intervening or meddling in the affairs of others.”

So, under these definitions, shoulder-surfing someone else's Facebook account would be a criminal act. Sure, probably no one would attempt to criminally charge anyone for doing this, but that's the expansive reading the Chief Justice of this court thinks is correct.

This is a good ruling that clearly delineates what is or isn't covered by this computer crime law. And while Kinslow's actions may have been cheap, dishonest, and all-around lousy, they weren't criminal.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cfaa, computer crime, emails, georgia, greg cothran, hacking, jereno kinslow


Reader Comments

Subscribe: RSS

View by: Thread


  • icon
    That Anonymous Coward (profile), 2 Jul 2021 @ 4:08am

    "defines “interfere” as “[t]he act or process of obstructing normal operations or intervening or meddling in the affairs of others.”"

    So does that mean Greg can be sued since he used a computer to obstruct the normal operations of Jereno, by meddling & intervening in the affairs of others??

    "the City’s computer network settings had been altered by checking a box"

    A Y F K M??

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 2 Jul 2021 @ 7:53am

    I have to wonder if the Third Party Doctrine could be applied, in this case. Shouldn't it go both ways?

    reply to this | link to this | view in chronology ]

  • icon
    sumgai (profile), 2 Jul 2021 @ 8:38am

    I wonder why we don't see any quotes from Kinslow as to why took this action. My bet would be that he was watching to see if Cothran was going to bad-mouth him to others within the department, or possibly to a prospective new employer. The fact that Kinslow didn't initiate any lawsuit after several months tells me that Cothran didn't do so, and he clossed the email account.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jul 2021 @ 11:04am

    Before Kinslow was let go, he utilized his administrator-level access to forward copies of emails sent to Cothran to his own personal email account.

    This sentence and the headline are quite misleading, and make it sound like maybe he just stuck his personal address in the BCC field—which may violate confidentiality, but isn't especially sinister and doesn't usually require special access. What actually happened is that he set up a forwarding rule such that all emails sent to the boss, by anyone, would be sent to his personal account: "The City [...] discovered that the [...] settings had been altered [...] to cause Cothran’s incoming e-mail messages to be copied and forwarded to Kinslow’s personal [...] account. [...] This forwarding continued until it was discovered [...], two months after Kinslow’s termination."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jul 2021 @ 11:16am

    Hmmm

    Creating a forwarding rule for ALL of your boss's emails (heck anyone in a company) seems like a mighty evil trespass and nefarious deed. That's basically espionage. Seems like it ought to be punishable somehow someway.
    I'd sure like to have BCC of every email Bill Gates/Black Turtleneck and the CEO at your local biotech company send/sent. Probably be rather profitable.....

    reply to this | link to this | view in chronology ]

    • icon
      Tanner Andrews (profile), 5 Jul 2021 @ 5:55am

      Re: Hmmm

      a forwarding rule for ALL of your boss's emails

      Probably a bad thing to do, especially in what we call the ``real world''. But in the rarified atmosphere of government, all that stuff is, or ought to be, public records. It is the public's business being carried out, by the public's paid servants.

      So, while the defendant appears to have done everything wrong, and clumsily, condemnation may be unduly harsh on these facts.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jul 2021 @ 10:55pm

    Looks like they had no confidentiality policy in place with established fines... and resorted to anything they could find to punish the guy. Their legals are two times bad.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.