Yes, it really is a crime to hack into a Major League Baseball team’s computer

46 Comments

I wasn’t going to write about this because I figured someone at ESPN would remove it by now. But nope, it’s still there! It’s ESPN Legal Analyst Lester Munson’s take on the Cardinals hacking thing. And it’s literally legal malpractice:

Q: Is it actually a crime to hack into the data and the files of a Major League Baseball team?

A: It’s certainly ethically questionable, but whether it is a crime is far less certain . . .

No, it really is a crime, as we discussed yesterday. There could be a question as to whether prosecutors will bother with it, as prosecutors always have the discretion to ignore something, but that’s not the question Munson was asked. Seriously and without hyperbole: if a client asked you if hacking into the files of a business were a crime, and you, as a lawyer, said “well, that depends . . .” you have committed malpractice. Because it is a crime. It says so in 18 U.S.C. section 1030. In layman’s terms, to prove a violation of the law you have to show:

  • The defendant intentionally accessed a computer without authorization, or that they exceeded authorized access;
  • That the access of the computer involved an interstate or foreign communication; and
  • By engaging in this conduct, the defendant obtained information from a computer used in interstate or foreign commerce or communication

That’s it. Based on what we know now, there was that much which happened.

It’s possible Munson was thinking of another possible law with a higher standard than the quite malleable CFAA — the Economic Espionage Act comes to mind — but he doesn’t explain that anywhere here, nor was he asked about that specifically. Generically speaking, it is illegal to hack into a businesses computer, assuming the term “hack” means “enter without authorization,” as it almost always does.

Maybe someone isn’t charged over this. Maybe, if charged they aren’t indicted. Maybe if indicted they beat the rap. You have to prove such things, obviously. The facts matter. But it is absolutely, positively a crime to hack into the data and the files of a Major League Baseball team or any other business.

Then there’s this:

In addition to showing that the stolen information was not otherwise available, the prosecutor must be able to show that Cardinals executives knew they were committing a crime. If the Cardinals’ activity was just a dirty trick or an attempt at getting even with a former colleague, the hacking might not qualify as a crime.

It doesn’t take a legal analyst to know that ignorance of the law is not a defense. There is not a “dirty trick” exemption here. That woman I mentioned yesterday? Who was one of the most famous defendants of a Computer Fraud and Abuse Act prosecution after she bullied someone with a fake Myspace account? She was admittedly trying to pull a dirty trick. She was still arrested, indicted and convicted under the CFAA. Her conviction was set aside because the judge later ruled that merely making up a false username was not “intentionally accessing a computer without authorization,” but there is no such fine distinction here, based on what we know.

I’m not sure why the largest sports outlet on the planet provides misinformation like this. I’m not sure why, based on his track record, they continue to use Lester Munson as their go-to legal expert. But this is simply wrong, and it’s no different than if they got the reported facts of a sports story wrong. In that case they’d take the story down or alter it. This one has been up for hours, unchanged.