Judge Rejects Guilty Plea From AOL Employee

The Hobo writes "Newsday has a story on a New York judge who rejected Jason Smather's guilty plea. Smathers, covered previously on Slashdot, was the AOL employee who stole and sold AOL addresses to spammers. The judge himself apparently cancelled his AOL subscription due to receiving too much spam. While he didn't like what Jason did, he wasn't convinced a crime had been committed under the CAN-SPAM law, which requires that a person be deceived."

Does not compute

[October_30th]

Authorities said Smathers, who was fired by AOL in June, used another employee's access code to steal the list of AOL customers in 2003 from its headquarters in Dulles, Va., and sold it to spammers for more than $100,000.

I don't understand how this is not deceptive, fraudulent and illegal...

Re:Does not compute

[The+Only+Druid]

It doesn't matter if its deceptive or fradulent, because the charge was specifically done under a particular law: the can-spam act, which has specific requirements. The judge determined that the charge failed to allege an actual violation of that law.

Essentially, the judge instituted a 12(b)(6) motion, dismissing the suit for failure to state a claim upon which action could be based.

Re:Does not compute

[YrWrstNtmr]

It is. It just doesn't meet the specifics of CAN-SPAM, which is evidently what he was charged with, and tried to plead guilty to.

What the judge did was, IMHO, right, in the same way that bank robbery doesn't meet the specifics of the traffic laws.

Charge him with what he actually did, and let him plead guilty to that.

Re:Does not compute

[zakezuke]

I don't understand how this is not deceptive, fraudulent and illegal...

Perhaps it should be, but it's not. No one was actually deceived, the guy flat out used someone else's access code to gain access to a mail list and sell it. For example, if you gave a key to your house and I used it to go in and copy your phone list and sell it to a telemarketer. It's not trespass or breaking and entering because you gave me a key. It might not be deceptive because you might have given me the key to feed your cat and I might not have intended to copy your phone list at that time. And it's not theft because I only made a copy of your phone list. And there is no violation of copyright because a list of names and contact info can't be copyrighted.

I might be guilty of violating your trust but I don't see how any crime was committed.

Re:Does not compute

[The+Only+Druid]

Actually, I did make the mistake of not being clear. I was saying "essentially its a 12b6", in that I wasn't sure of the proper criminal reference. My bad.

For those not clear what we're talking about: in the Federal Rules of Civil Procedure, rule 12, subsection B, subsection 6 allows for a motion that a claim be dismissed for failure to state a claim upon which an action can be granted. The criminal analogue is Federal Rules of Criminal Procedure 5.1(f), I believe. Both rules essentially say the following: if ALL the claims of the prosecution are entirely true, there still isn't a valid claim.

Re:Does not compute

[jhigh]

You don't know for a fact that he had no permission from the company to access this data. If another employee gave him the access code they are, like it or not, they are being granted a license to access what ever data and resources are associated with that account. This would be *stupid* and ground for dismissal but in it self hardly a criminal act.

And this is why security policies are so important. If AOL's security policy explicitly states that no user is allowed to access another user's account, even if that user was given the password, then it is illegal because it would be unauthorized use of a computer. The computer doesn't belong to the user, and therefore the user has no right to authorize anyone else to use their account. It all depends on what AOL has stated in their security policy.

But will he be charged with theft?

[Antony-Kyre]

He stole a list of e-mail addresses. Isn't that theft? Even if he doesn't get charged with sending out spam, he did commit other crimes, right?

Re:But will he be charged with theft?

[TummyX]

Copyright is evil. Information wants to be free. Something about beer. Let the guy go! blah blah blah
</range>

Re:But will he be charged with theft?

[TummyX]

whoops, xml error, i know. i'm used to writing range tags.

CAN-SPAM

[FiReaNGeL]

Maybe a crime hasn't been committed against this (obscure) law, but stealing critical info from the company you're working for and selling it to the highest bidder (or in this case, spammer) sure is. Was he accused of the wrong thing or what?

Re:CAN-SPAM

[hackstraw]

Maybe a crime hasn't been committed against this (obscure) law

Law in general is obscure. You know a society is too complex and complicated when highly respected people in that society have full time jobs to simply know the rules of that society.

Ding!

[Asshat+Canada]

You've got Bail!

Stealing is not a crime?

[toupsie]

Didn't the guy steal millions upon millions of AOL Screen Names and fence them? Isn't that covered under the STEAL-SHIT Act? Can I guarantee a reservation in his court? I have my eyes on this Porsche.

I wonder if AOL users

[multiplexo]

could band together and sue this guy and the asshole he sold the list to in civil court with a class action lawsuit. Nail him to the tune of a few billion dollars just to add insult to injury. Of course he should first spend some time in a nice secure federal pound-me-in-the-ass penitentiary. Having his anus blown out and being several billion dollars in debt would be just punishment and a fine deterrent.

Nice to know that judge respects the law

[Software]

It's good to know that the judge respects and applies the law _as written_, and doesn't try to punish the defendant because he (the defendant) is a total scumbag.

I would rather the law had been written such that selling legitimate addresses to spammers was punishable by death, but that's not the way it happened. So, given that the CAN-SPAM law doesn't prohibit selling addresses to spammers (which may or may not be true), it seems like the right decision.

By the way, this guy needs a new defense lawyer. BADLY.

Re:Theft / Invasion of Privacy

[The+Only+Druid]

Apparently, the prosecutors didn't believe they could prove those crimes, since the claim doesn't include charges of those crimes. The judge isn't allowed to create charges: the judge can only determine the validity of charges made by the prosecutors.

Re:Shouldn't he recuse himself?

[techno-vampire]

Actually, it looks like he's doing everything he can to avoid even the appearance of bias. He rejected the guilty plea because he's not convinced that the accuse's actions fit the requirements of the CAN-SPAM act. If he were biased, he'd just let the guy plead guilty and be done with it.

The Law versus Justice

[geekwench]

(Obligatory disclaimer: IANAL)

Unfortunately, there are a couple of different things going on, here. First is the judge's inability to see the poverbial forest for the trees. Second is the ability to prove the merits of the case.

The CAN-SPAM Act is one of the most useless pieces of tripe ever to be bulldozed through Congress, and the reason for this is the list of qualifiers that was written in. The "standard of deception" is one of these items. To actually convict someone under this provision in CAN-SPAM, the spammer would have to send out an e-mail promising "Free Screensavers of Puppies, Kitties, and Unicorns!" that actually redirects to the "Girls fscking Giant Horse C*cks eXXXtravaganza!" website. In saying that the charges did not meet the standard, Judge Hellerstein was factually correct.

Smathers did not decieve the AOL members whose information was sold, nor the spammers who purchased it. The AOL members were not told "Oh, don't worry; I wouldn't _think_ of selling your information for to a bunch of sleazebags," and I'm sure that the spammers were under no illusions about the legality of the addresses they purchased. However, what he did commit was fraud. He defrauded the AOL users, and the company, and fraud is most certainly a prosecutable offense. Trying him under the CAN-SPAM statute seems like a really poor legal strategy.

Personally, I'd love to see the existing laws used more forcefully. And I wouldn't go after the spammers, but after the people who hire them. There are already statutes governing things like mortgage banking, mail fraud, practicing medicine without a license, dispending medications without a license... and very few of the existing laws are used to prosecute the companies that give spammers their raison d' etre. Go after the source, and the flood will ebb.

Re:Judge had AOL

[ScrewMaster]

Yes, but on the other hand he had the good sense to get rid of it. That's probably more than a lot of judges can say.

Well what do you know...

[MXK]

...reverse psychology does work!

Howl! Gnash!

[TiggertheMad]

He stole a list of e-mail addresses. Isn't that theft?

No, the **IA is EVIL! It's a backup copy! I bought it several years agon on vinyl, and so I am entitled to a space shifted copy! It isn't theft, because they still have a cop-

WAITAMINUET! I'm sorry. I didn't know that this was a story about spammers...

KILL the spammer! They are bandwidth thieves, stealing a 'commons' from all of us! This guy is a THIEF, he took a copy of a private list! Publish his address someone, so I can mail him a sack of POOP!

Did the Prosecution Let Smathers Slip Away?

[BMcWilliams]

To make matters even more confusing, Smathers originally signed a document, available here, in November saying he agreed to plead guilty to violating 18 USC 2314, Interstate Transportation of Stolen Property. (To this legal sparrow, that seems like an appropriate charge.)

Then, on December 2, Smathers was arraigned instead for violating 18 USC 371, Conspiracy to Defraud the US Government. Smathers pled NOT guilty at the arraignment.

Then we have today's proceedings, with Smathers trying to enter a guilty plea, apparently to violating CAN-SPAM.

An "information" documentfiled at his arraignment does suggest Smathers was involved in sending decpetive and misleading spam using the AOL customer list. So maybe there is a CAN-SPAM aspect to this case.

But it really does look like the US Attorney's office was trying too hard to get a CAN-SPAM conviction under its belt.

There may be an interesting reason for this...

[fmaxwell]

The judge himself apparently cancelled his AOL subscription due to receiving too much spam. While he didn't like what Jason did, he wasn't convinced a crime had been committed under the CAN-SPAM law, which requires that a person be deceived.

If "Jason" isn't responsible, perhaps AOL is. If AOL was negligent in their security, then they can be held accountable for the damages that their users suffered. So by not putting the blame on Jason, AOL could be in the judge's sights. This might be a lot smarter move on the part of the judge than anyone realizes. Or I could be totally off-base.