Transcript | US v Pfc. Manning, Appellate Exhibit 139, Court Ruling on Defense Motion to Dismiss Specifications 13 and 14 of Charge II, 06/08/12


UPDATE POST COURT-MARTIAL

United States v. Pfc. Manning was conducted in de facto secrecy. The public was not granted contemporaneous access to court filings or rulings during her trial. In addition to reporting on her trial, I transcribed the proceedings, reconstructed the censored appellate list, and un-redacted any publicly available documentation, in order to foster public comprehension of her unprecedented trial.

As a result of a lawsuit against the military judge and the Military District of Washington brought by the Center for Constitutional Rights, as well as my own FOIA requests and research, an official court record for US v. Pfc. Manning was released seven months after her trial. That record is not complete.

The official trial docket is published HERE and the entire collection of documents is text searchable at usvmanning.org.

*During the pretrial proceedings, court-martial and sentencing of Pfc. Manning, Chelsea requested to be identified as Bradley and addressed using the male pronoun. In a letter embargoed for August 22, 2013 Chelsea proclaimed that she is female and wished to be addressed from that moment forward as Chelsea E. Manning.


This ruling on the defense motion to dismiss specifications 13 and 14 of Charge II for failure to state an offense was read by Judge Lind into the Court record at the June 8, 2012 Article 39(a) Session of United States v. Pfc. Manning.

[BEGIN COURT RULING ON DEFENSE MOTION TO DISMISS SPECIFICATIONS 13 AND 14 OF CHARGE II FOR FAILURE TO STATE AND OFFENSE]



Defense moves the Court to dismiss Specification 13 and 14 of Charge II for failure to state an offense, because the Government has failed to [?] the accused’s conduct, exceeded unauthorized access within the meaning of 18 United States Code (USC) Section 1030(a)(1). 



Government opposes.

After considering the pleadings, evidence presented, and argument of counsel the Court finds and concludes as follows.



1.) Specification 13 and 14 of Charge II, charge Pfc. Manning with violating 18 United States Code (USC) Section 1030(a)(1) and Article 134 UCMJ [Uniform Code of Military Justice]. 



2.) Specification 13 of Charge II alleges that the accused “did, at or near Contingency Operating Station Hammer, Iraq, between on or about 28 March 2010 and on or about 27 May 2010, having knowingly exceeded authorized access on a Secret Internet Protocol Router Network computer, and by means of such conduct having obtained information that has been determined by the United States government pursuant to an Executive Order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, to wit: more than seventy-five classified United States Department of State cables, willfully communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted the said information, to a person not entitled to receive it, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation, in violation of 18 United States Code Section (USC) 1030(a) (1), such conduct being prejudicial to good order and discipline in the armed forces and being of a nature to bring discredit upon the armed forces.”

3.) Specification 14 of the same Charge alleges that the accused “did, at or near Contingency Operating Station Hammer, Iraq, between on or about 15 February 2010 and on or about 18 February 2010, having knowingly exceeded authorized access on a Secret Internet Protocol Router Network computer, and by means of such conduct having obtained information that has been determined by the United States government pursuant to an Executive Order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, to wit: a classified Department of State cable titled “Reykjavik-13”, willfully communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted the said information, to a person not entitled to receive it, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation, in violation of 18 United States Code Section Code Section 1030(a) (1), such conduct being prejudicial to good order and discipline in the armed forces and being of a nature to bring discredit upon the armed forces.”



3.) [not sure why this is No. 3 again.] Defense asserts that the Government theory at trial either that (1) Pfc. Manning exceeded authorized access when he allegedly accessed information for an improper purpose to give to someone not entitled to receive it or (2) Pfc. Manning exceeded authorized access when he allegedly accessed or disclosed information in contravention of the Army’s Acceptable Use Policy (AUP). The Government asserted during oral argument that it will be presenting evidence in addition to the AUP to prove that the accused exceeded authorized access. 



4.) During the Article 32 investigation, Special Agent David Shaver from the United States Army Computer Crimes Investigative Unit testified that he examined the two Secret Internet Protocol Router Network (SIPRNet) computers used by the accused from approximately October 2009 through May 2010. Government quoting [?] pages 425-4[?]7. Special Agent David Shaver testified when logging into both computers the user is presented with a warning banner. (id. 434-435). 



5.) The warning banner states as follows: 



“You are accessing a U.S. Government (USG) Information System that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions:

The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC [communications security] monitoring, network operations and defense, personnel misconduct, law enforcement, and counterintelligence investigations.

At any time, the USG may inspect and seize data stored on this IS.

Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.

This IS includes security measures (e.g., authentication and access controls) to protect USG interests — not for your personal benefit or privacy.

Notwithstanding the above, using this IS does not constitute consent to PM, LE, or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.” (Government enclosure two.)





6.) In January 2011, Special Agent Mark Mander US Army Computer Crimes Investigative Unit interviewed Captain Thomas Cherepko of Headquarters and Headquarters Company, 2nd Brigade Combat Team, 10th Mountain Division who the assistant S6 officer during the time the accused was stationed within Iraq. (Government enclosure five, page one.) Captain Cherepko stated a signed user agreement for each user was required to access SIPRNet, however, he could not locate a copy of the accused signed user agreement.” (id.)



7.) Defense will not contest that Specification 13 and 14 allege every element that the offense charged 18 United States Code (USC) Section 1030(a)(1) and Article 134 UCMJ [United States Military Code of Justice]. Defense challenges the theory as [?] the Specification as deficient, so the challenge has been styled as a failure to state an offense in federal Courts under Federal Rules of Criminal Procedure 12 and what the Government theory is undisputed, the Government addresses [?] the charge prior to trial. See United States v. Nosal 2012 WL 1176119 (9th Cir. 2012)



THE LAW



Failure to state and offense.



1.) The military [?]. The charge in the specification is sufficient if it (1) contains the element of the offense charged will fairly inform the accused of the charge against which he must defend.



2.) Enables the accused to plead an acquittal or conviction in a bar of future prosecution for the same offense.

“In reviewing the adequacy of the specification, the analysis is limited to the language as it appears in the specification, which must expressly allege the elements of the offense, or do so by necessary implication.” United States v. King,71 MJ 50, Footnote 2 (CAAF [Court of Appeals of the Armed Forces] 2012) quoting United States v. Fosler 70 MJ 225, 229 CAAF [Court of Appeals of the Armed Forces], 2011; United States v. Fleig, 16 CMA [Court of Military Appeals] 445, 447 (1966) looking within the confines of the specification.



The motion to dismiss for failure to state and offense is the challenge to the adequacy of the specification in [?] the specification alleges either expressly or by implication every element of the offense so as to give the accused notice and protection against double jeopardy. United States v. Amazaki 67 MJ 666, 669-670 (ACCA [Army Court of Criminal Appeals] 2009) quoting United States v. Crafter 64 MJ 209, 211 CAAF [Court of Appeals for the Armed Forces], 2006. 



THE LAW

Computer Fraud and Abuse Act. (CFAA) 18 United States Code (USC) Section1030(a)(1)



1.) When an accused violates the Computer Fraud and Abuse Act when the accused “knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it” 18 United States Code (USC) Section 1030(a)(1) [?]



2.) 18 United States Code (USC) Section 1030(e)(6) defines the phrase “exceeds authorized access” to “access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter”



ANALYSIS



Statutory Interpretation.



1.) The parts of the defense motion is an interpretation of “exceeds unauthorized access” language of the CFAA. The defense argues that the Government failed to allege that “exceeded authorized access” was in the meaning of CFAA because he was authorized to access the SIPRNet and entitled to access the classified information in question. The Government has alleged in the specification that the accused “exceeded access”. The Government further alleges [?] that will prove that the allege “exceeded authorized access” by the AUP and by other evidence. 



2.) United States v. Starr 51 MJ 528, 532 AFCCA [Air Force Court of Criminal Appeals] 1999. The Air Force Court of Criminal Appeals provided a method to resolve the legal meaning of the statute. The Court said: “It is the function of the legislature to make the laws and the duty of Judges to interpret them. 2A N. Singer, Sutherland Statutory Construction Section 45.[?]3 4th edition, 1984. Judges should interpret statutes so as to carry out the rule of the legislature. United States v. Dickenson 20 CMR 154, 165 CMA [Court of Military Appeals], 1955. Otherwise, they violate the principle of separation of powers. (Singer, supra 35.05)



If the words used in the statute convey a clear or definite meaning a court has no right to look for or impose a different meaning. (Dickenson 20 CMR 365). Thus to interpret statute we employ the following process: (1) [missed a few words] of the statute their ordinary meaning. if the terms are ambiguous, the inquiry is over. (2) If the operative terms in the statute are ambiguous then we examine the purpose of the statute, as well as the legislative history. And (3), if reasonable ambiguity still exists then we apply the rule of lenity and resolve the ambiguity in favor of the accused.



CFAA.



Ordinary meaning of the statute.



A discussed in further detail below, the terms “exceeds authorized access” has been subject to different interpretations under the US Circuit Courts of Appeal, thereby indicating that the statutory language is not clear and definite. Compare Nosal F3d. 2012 WL 1176119; United States v. John 597 F.3d 263 (5th Cir. 2010); and United States v. Rodriguez 628 F.3d 1258 (11th Cir. 2007). Therefore, because an ordinary meaning of the operative language is ambiguous, the Court must look to the purpose of the statute and the statutory history. Starr 51 MJ 532. 



CFAA.



Legislative History.



1.) CFAA was originally enacted in 1984. Act of October 12, 1984 Pub. L. No. 98-473, Sections 2101-2103, 98 Stat. 1837 2190-92. It’s original version, Section 1030(a)(1) punished anyone who knowingly accesses a computer without authorization or having accessed a computer with authorization uses the opportunity such access provides for purposes to which such authorization does not extend; and by means of such conduct obtain information that has been determined by the United States Government to require protection against unauthorized disclosure for reasons of national defense or foreign relations with the intent or with reason to believe that such information so obtained is to be used for the injury of the United States or the advantage of any foreign nation.” Section 212(a) 98 Stat. 2190 


2.) Two years later in 1986, Congress replaced the terms “or having accessed a computer with authorization uses the opportunity such access provides for purposes to which such authorization does not extend” with the term “or exceeds authorized access” Computer Fraud and Abuse Act of 1986 Pub. L. No. 99-474 Section 2(c) 100 Stat. 1213. As the Senate report from the 1986 bill explained, Section 2(c) substitutes “exceeds authorized access” for the more cumbersome phrase in the present 18 United States Code (USC) Section 1030(a)(1) and (2) “or having accessed a computer with authorization, uses the opportunity such access provides for purposes to which such authorization does not extent.” The Committee intends this change to simplify the language of 18 United States Code 1030(a)(1) and (2), and the phrase exceeds authorized access is defines separately in section (2)(g) of the bill. S. REP. No. 99-432, at 4 (1986), reprinted in 1986 USCCAN 2479-2486.



3.) Additionally, Congress added to Section 1030 the definition of “exceeds authorized access” that is presently codified at Section 1030(e)(6), however, its intent to simplify the language [?], Congress changed the scope of the statute. Further, the legislative purpose of histories supports the plain meaning of the statute that Congress enacted the CFAA to deter the criminal element of using computer technology in future frauds. HHR Rep. No. 98-894, 4 (1984) Reprinted in 1984 USCCAN 3689-3690. As originally enacted the CFAA applied to a person who (1) normally accessed without authorization or (2) having accessed a computer with authorization uses the opportunity such access provides for purposes to which such authorization does not extend. Pub. L. No. 98-473 Section 2102 98 Stat. 2190-2191 (1984).



Congress amended the statute by replacing the [?] means of access with the phrase “exceeds authorized access” The [?] agrees with the amendment was simplify the language in 18 USC 1030(a)(1) and (2).

4.) In 1996 Congress enacted 18 United States Code (USC) Section 1030(a)(1) and clarified the differences between the CFAA and the Federal Espionage Statutes. Although there is considerable overlap between 18 United States Code (USC) Section 793(e) and 1030(a)(1) as amended by the NII [National Information Infrastructure ] Protection Act, the two statutes do not reach exactly the same conduct. 1030(a)(1) would target those persons who deliberately break into a computer, to obtain properly classified government secrets, and the try to peddle those secrets to others, including foreign governments. In other words, unlike existing espionage laws prohibiting the theft and peddling government secrets to [?] agents, 1030(a)(1) require proof that the individual knowingly used a computer without authority or in excess of authority for the purpose of attaining classified information. In this sense, the use of the computer that is being proscribed not the unauthorized possession of, access to, or control over the information itself. S. REP. No. 114-357, 6-6 (1996)



5.) Therefore an analysis of the legislative history of the CFAA and the phrase “exceeds authorized access” reveals that the statute is not meant to punish those who use a computer for an an improper purpose and violating the Government terms of use, but rather the statute is designed to criminalize electronic trespassers and computer hackers. Int’l Ass’n of Machinists and Aerospace Workers 390 F. Supp. 2d, 495 quoting Sherman & Co. v. Salton Maxim Housewares, Inc. 94 F. Supp. 2d 817, 820 (E.D. Mich. 2000) 



CFAA Case Law and Conflict Among the Circuits.



1.) In the Nosal III, 856, the appellant convinced its his former co-workers at his previous firm, Korn/Ferry, to help him establish a competing business. The former coworkers used a Korn/Ferry login credentials to download information from a confidential database. They then passed this information along to the appellant. The former coworkers were authorized to access the database and Korn/Ferry had a policy that forbade disclosing confidential information. The defendant was charged with violating 18 United States Code (USC) Section 1030(a)(4) for aiding and abetting Korn/Ferry employees in exceeding their authorized access with the intent to defraud. The appellant filed a motion to dismiss the CFAA charges arguing that the statute [?] only hackers, not individuals who access a computer with authorization, but then misused the misused information that they obtained by means of such access.



2.) The Court in Nosal III, 857 agreed with the appellant argument, and disagreed with the prosecution’s attempt to make the CFAA into a expansive misappropriation statute, when it was originally created as in inside hacking statute. To support this conclusion, the Nosal III Court said the legislative purpose of the CFAA, Congress enacted the CFAA in 1984 primarily to address the growing problem of computer hacking recognizing that intentionally trespassing into someone else’s computer files [missed a few words] information on how to break into that computer. S. Rep. No. 99-432, 9 (1986).



3.) The Nosal Court in the end held the terms “exceed authorized access” in CFAA and its defined by 18 United States Code (USC) 1030(e)(6) does not extend to violations of use restrictions. (id 863). Nosal III defines “exceeds authorized access” to apply to inside hackers or individuals who initial access to a computer is authorized but who accesses unauthorized information or files.



4.) The Nosal III Court, 862 also acknowledged that its ruling differed from previous decisions made by other circuits, namely United States v. John 597 F.3d 263 (5th Cir. 2010) exceeds authorized access occurred when the appellate violated her employers official policy by misusing the company’s internal computer when she properly accessed the computer system and computer account information contained in it and provided the information to others who were able to infer fraudulent charges; and United States v. Rodriguez 628 F.3d 1258 (11th Cir. 2007) exceeds authorized access occurred when an appellant violate his agency’s policy of only obtaining information from its database for official reasons by properly accessing the agency’s computer system and obtained personal information for 17 different individuals for personal reasons. However, the Nosal III Court reasoned its sister circuits incorrectly looked at the culpable actions of the appellants, and did not consider the negative effects of its [?] definition of “exceeds authorized access” to include violations of corporate computer use restrictions or violations of duty of loyalty. Other decisions support Nosal III Court’s narrow view for “exceeds authorized access”. See Orbit One Commc’ns, Inc. v. Numerex Corp. 692 F. Supp. 2d 373, 385 (SDNY 2010); United States v. Aleynikov 737 F. Supp. 2d 173-192 (SDNY 2010); Diamond Power Int’l, Inc. v. Davidson 540 F. Supp. 2d 1322, 1343 (N.D. Ga. 2007); Shamrock Foods Co. v. Gast 535 F. Supp. 2d 962, 965 (D. Ariz. 2008); and Int’l Ass’n of Machinists & Aerospace Workers v. Werner-Masuda 390 F. Supp. 2d 479, 499 (D. Md. 2005).



RULE OF LENITY



1.) With truly ambiguous statutes military courts have consistently applied the rule of lenity. See United States v. Schelin 15 MJ 218, 220 (CMA [Court of Military Appeals] 1983); United States v. Cartwright 13 M.J. 174, 176 & n.4 (CMA [Court of Military Appeals] 1982); United States v. Inthavong 48 MJ, 628-630 (ACCA [Army Court of Criminal Appeals], 1998).



“[t]he rule of lenity, which is rooted in considerations of notice, requires courts to limit the reach of criminal statutes to the clear import of their text and construe any ambiguity against the government.” United States v. Romm 455 F.3d 990, 1001 (9th Cir. 2006).





2.) When applying the rule of lenity in CFAA context the Ninth Circuit Nosal III Court stated, 863: 



“If Congress wants to incorporate misappropriation liability into the CFAA, it must speak more clearly. The rule of lenity requires “penal laws . . . to be construed strictly.” United States v. Wiltberger, 18 US 76 (1820). “[W]hen choice has to be made between two readings of what conduct Congress has made a crime, it is appropriate, before we choose the harsher alternative, to require that Congress should have spoken in language that is clear and definite.” Jones v. United States 529 US 858 (2000).





“This narrower interpretation is also a more sensible reading of the text and legislative history of a statute whose general purpose is to punish hacking – the circumvention of technological access barriers – not misappropriation of trade secrets – a subject Congress has dealt with elsewhere . . . . Therefore, we hold that ‘exceeds authorized access’ in the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use.”





CONCLUSIONS OF LAW



Failure to state and offense.



1.) The language of Specifications 13 and 14 of Charge II includes all the elements of the offense clearly informs the accused of the charge against which he must defend and protects the accused against double jeopardy. See King at 51 Footnote 2; Fosler at 229; Fleig at 445.



2.) Federal cases dismissing charges before evidence is presented due [?] so preceding trial. This Court has the power to do the same under RCM [Rules for Court Martial] 907(b)(1). Whether the Court should dismiss the Specifications before presentation of the evidence depends on whether the issue is capable of resolution without trial or the issue of guilt. In this case, the Government stated in oral argument it would present evidence in addition to the AUP. The Court does not find that the issue is capable of resolution prior to presentation of the evidence. Decisions appropriately decided after presentation of the evidence either as a motion for finding of not guilty under RCM 917 [Rules for Court Martial] or motion for finding the evidence is not legally sufficient. King 71 MJ 50; United States v. Griffith 27 MJ 42, (CMA [Court of Military Appeals] 1988).



3.) The language of the specifications states an offense.



CONCLUSIONS OF LAW



CFAA.



1.) Applying the rule of lenity, the Court will adopt a narrow meaning of “exceeds authorized access” under the CFAA and will instruct the fact finder that the term “exceeds authorized access” is limited to violations of restrictions on access to information and not restrictions on its use. The Court shall craft instructions for defining “exceeding authorized access” in Specifications 13 and 14 of Charge II using the language of the legislative history of 1996. 



2.) Should the Government not prove an element as alleged in the Specifications in accordance with the instructions given in accordance with the narrow view of Nosal III at the close of the evidence the Court shall entertain motions under RCM [Rules for Court Martial] 917 for findings of the evidence or for finding the evidence is not legally sufficient to sustain a guilty finding.



RULING



The defense motion to dismiss Specifications 13 and 14 of Charge II for failure to state an offense is denied. So ordered this 8th day of June 2012.



Is there anything else that we need to discuss with respect to this issue?

[END COURT RULING ON DEFENSE MOTION TO DISMISS SPECIFICATIONS 13 AND 14 OF CHARGE II FOR FAILURE TO STATE AND OFFENSE]