October 16, 2018

Trump Campaign Officials Likely Violated the CFAA

This article was first published in Law360.

There are many interesting details about the Trump’s campaign contacts with Russian officials that are contained in the George Papadopoulos Statement of Offense, and are available from other facts recently disclosed, including Donald Trump Jr.’s contacts with Wikileaks, but as a former federal prosecutor with the Computer Crime & Intellectual Property Section of the Justice Department, the facts relating to potential violations of the Computer Fraud & Abuse Act (“CFAA”), which, in general is the federal criminal law against computer hacking, are what jump out to me. In particular, the publicly available evidence strongly suggests that certain Trump campaign officials had knowledge that Russian hackers had penetrated the DNC computer system before this became publicly known, and sought political benefit from this and by maximizing the disclosure’s negative impact on the Hillary Clinton. If this is true, it appears that there is probable cause to charge Trump officials, and maybe the President himself, with felony violations of the CFAA.

Turning first to what we do know; The Papadopoulos Statement of Offense establishes Papadopoulos had a number of meetings with individuals in Europe, including one who was identified as the “Professor,” who allegedly had connections “to senior Russian officials.” In particular, at an April 26, 2016, meeting, the Professor allegedly informed Papadopoulos that he had learned that the Russians had obtained “dirt” on then candidate Clinton … ‘They (the Russians) have dirt on her’; ‘the Russians had emails of Clinton”; ‘they have thousands of emails.’” These emails seemingly can be traced to March 19, 2016, when Clinton campaign chairman John Podesta reportedly receives a phishing email, which led to the theft of the emails going back years, including embarrassing campaign correspondence. The U.S. intelligence agencies have unanimously concluded Russia’s intelligence agency, the GRU, was responsible for the hacking. The public did not learn of the Russian breaches into the Democratic Committee’s computer network until June 14, 2016, or approximately six weeks after Papadopoulos had learned of it.

It is not entirely clear from the Statement of Offense with whom at the Trump campaign Papadopoulos shared this exact information, but it strains credulity that he did not share it with senior officials shortly after the April 26, meeting. Further, less than one month later, Donald Trump Jr. received an email from an intermediary with contacts in Russia saying that the Russian government had information that “would incriminate Hillary and her dealing with Russia and would be very useful to your father,” which described as “part of Russia and its government’s support for Mr. Trump.” To which Junior replied “great,” setting up the now-infamous meeting in Trump Tower on June 9. It is highly likely that the information relates to the Clinton emails that had been obtained from the DNC’s computers. The same afternoon as the meeting, Trump tweeted for the first time about Clinton’s missing emails.

In addition we have just learned that Trump Jr. was in contact with Wikileaks: “Hiya, it’d be great if you guys could comment on/push this story,” WikiLeaks said in a message to Mr. Trump on Oct. 3, 2016, that included a quote from Mrs. Clinton in which she said she wanted to “just drone this guy” “Already did that earlier today,” Mr. Trump said in response. “It’s amazing what she can get away with.” In a message a week later, WikiLeaks asked Mr. Trump to have his father Tweet a link to a site where users could search through hacked emails from Democrats. “There’s many great stories the press are missing and we’re sure some of your follows will find it,” WikiLeaks said, adding that the group had just released more emails stolen from Mrs. Clinton’s campaign chairman, John D. Podesta. Mr. Trump did not respond. Fifteen minutes later, however, his father tweeted: “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged system!”

Assuming that Trump campaign officials, including Donald Trump Jr. as well as perhaps, Donald Trump himself, had prior knowledge of the Russian hacking and the Clinton emails and provided even limited advice on what and when to release the information, which is not an unreasonable based on the above, are any or all of them guilty of aiding and abetting a violation of section 1030(a)(2)(C) of the CFAA?

In general, the relevant section of the CFAA makes it a crime to “intentionally access[] a computer without authorization … and thereby obtain[] … information from any protected computer.” This simply means that individuals who hack into a computer system without the permission of the operator of the system and obtain information, such as social security numbers or emails have committed a crime. It undoubted applies to the hackers who actually broke into the DNC computer system.

Federal law also imposes liability where an individual “aids, abets, counsels, commands, induces or procures” the commission of a crime, and he or she is punished to the same extent as the person who committed the crime. In other words, if you know someone is going to commit a crime and you encourage him to do so you are equally guilty of committing the crime as the person who actually did the act. More specifically, under Supreme Court precedent, a person is liable for aiding and abetting a crime “if and only if he (1) takes an affirmative act in furtherance of the offense, and (2) with the intent of facilitating the offense’s commission.” Thus, a person cannot be charged with a criminal offense where the offense has been completed.

In the case of whether Trump officials violated the CFAA, the analysis become more complicated because the subsection of the CFAA that prohibits improperly accessing a computer really involves two separate offenses as described above. . It is a misdemeanor where the offense simply involved accessing a computer without authorization and obtaining information. The offense becomes an enhanced felony if “the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any state.” Since the felony provision requires additional acts, the misdemeanor portion of the statute can be complete, but because the felony provision of the subsection requires proving all the elements of a separate crime, it would likely be treated by the courts as a separate offense even if formally categorized as a sentencing enhancement. For example, where a defendant uses the information he obtained from hacking a computer to extort money the felony enhancement provision would apply.

At present there is no evidence that Trump officials at the time knew that the Russians had hacked the DNC and obtained Clinton emails. The officials learned of it only after the hacking was complete, and thus cannot be charged under the misdemeanor provision. However, if the Trump officials used the stolen emails to further a crime or tort then the first requirement of aiding and abetting the felony enhancement provision is satisfied which appears to be the case.

The government also must establish that the defendant acted “with the intent of facilitating the offense’s commission.” According to the Supreme Court “the intent must go to the specific and entire crime charged,” so here, the government would have to show that a Trump official had the requisite intent as to the entire CFFA crime, not just the felony enhancement provision. Here, the evidence indicates that the Trump officials either were told that the emails were hacked or they would have known from the circumstantial evidence. For example, the London professor informed Papadopoulos that the Russians “have dirt on” Clinton, and “they have thousands of emails.” Papadopoulos claims that this information was shared with high ranking Trump campaign officials, including Sam Clovis. It also seems likely that these emails were the source of the “dirt” that was the topic of the May 9, 2016, attended by Donald Trump Jr. among others. Further, WikiLeaks asked Mr. Trump to have his father Tweet a link to a site where users could search through hacked emails from Democrats, and told him that the group had just released more emails stolen from Mrs. Clinton’s campaign chairman, John D. Podesta. Although Don Jr. didn’t respond to this email, his father tweeted: “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged system!” This strongly suggests that Don Jr. told his father who implicitly encouraged Wikileaks to release more information.

The final hurdle is what tort or other crime satisfies the felony enhancement provision. Since the statute includes torts and state crimes, the universe of possibilities is extremely large. At least one commentator has suggested an invasion of privacy tort based on the publication of private emails, but there are certainly other possibilities under state law. For example, the California version of the CFAA makes it a crime to “[k]knowingly access[] and without permission … makes use of any data from a computer, computer system or computer network ….” Since under this provision the crime would not be complete until the emails were publicly disclosed, the stolen information was used in furtherance of a violation of a California criminal law. There also are almost undoubtedly other state laws that were violated.

Based on the above assumptions, understanding and legal analysis, there appears to be enough evidence to charge certain Trump campaign officials, including Sam Clovis, with a felony violation of the CFAA. It also appears that Trump Jr. had knowledge of the Russian hacking before it became known to the public. To the extent that there is evidence that he was involved in the timing of the disclosure, he may also have violated the CFAA. Finally, there is evidence that the President may have violated the CFAA as well based on the timing of comments he made and their contents that may be seen as encouraging the timing of their release. Charging Trump campaign officials with violating the CFAA is perhaps not the most serious charge that officials may be facing, however, such a violation really goes to the crux of the Mueller investigation and would affirmatively answer the question of whether Trump campaign officials “colluded” with Russia.

Speak Your Mind