Bad facts make bad law, as the legal saw goes. But it cuts both ways: Sometimes bad people make good law.
Consider the following exhibits: a cocaine dealer, a child pornographer, a purveyor of suspect penis-enlargement pills, and two accused hackers.
The courtroom challenges they brought resulted in rulings that dramatically expanded your rights, from helping to keep your email and whereabouts private to reducing gadget searches at the U.S. border and limiting the legal definition of unlawful hacking.
You don't have to applaud these people as people. They're pretty much dirtbags. Just be thankful for the legal precedents their cases set.
STEVE WARSHAK
What he did: Sold questionable male-enhancement pills, raking in $400 million.
Warshak ran Berkeley Premium Nutraceuticals of Cincinnati, which by 2004 had sales of about $250 million annually, largely because of its male-enhancement product, Enzyte. He was accused of fabricating studies supposedly showing that the pills increased penis size by up to 31 percent, and he claimed, falsely, that the pills were developed by scientists at Stanford University and Harvard University. He was also accused of auto-enrolling customers, charging them monthly fees on their credit cards without their permission.
Indicted in 2006, Warshak and a few co-workers were accused of 112 counts, including mail, wire, and bank fraud, money laundering, and misbranding. Warshak was convicted of multiple charges and sentenced to 25 years, which was later cut by more than half.
How did Warshak's crimes benefit your rights?
While investigating the case, the authorities obtained, without proper warrants, about 27,000 emails from the ISP Nu Vox. Warshak challenged that search on the grounds that there was no probable cause, and won.
"If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment," the 6th US Circuit Court of Appeals ruled in 2010.
The court did not order a new trial, saying the constitutional error was harmless. But the case stands for the proposition that the government needs a warrant to access your email stored on third-party servers. The government took the position that a warrant was not required for email stored for longer than six months, as it was assumed abandoned under the Electronic Communications Privacy Act.
The government did not appeal the outcome.
Although the appeals court only covers Kentucky, Michigan, Ohio and Tennessee, many ISPs, including Google, Yahoo and Microsoft began requiring warrants for e-mail and other stored data in the wake of the decision, despite ECPA's language requiring only a subpoena, not a probable cause warrant for e-mail and other documents stored for more than six months on a third-party server.
"I think the Warshak decision is a landmark decision at the intersection of the internet and the Fourth Amendment," says Martin Weinberg, Warshak's attorney.
ANTOINE JONES
What he did: Dealt drugs.
The owner of the Levels nightclub in the District of Columbia, Jones was arrested in 2005 and accused of buying massive amounts of cocaine from Mexican drug dealers, which he resold. Almost 100 kilos of coke were seized, in addition to $850,000 in cash. After three trials – one reversed by the Supreme Court and two mistrials – Jones pleaded guilty this year to conspiracy drug charges and was sentenced to 15 years in prison.
How did Jones' drug-dealing benefit your rights?
In overturning Jones' conviction and life sentence, the Supreme Court ruled in 2012 that the authorities needed a warrant to affix a GPS tracker to his vehicle and monitor his movements for 28 days, which linked him to various drug houses. The case obliterated the Obama administration's position that attaching a GPS device to a vehicle was not a search and did not require a warrant from a judge.
Following the ruling, the FBI stopped using thousands of GPS devices it was employing without warrants. "This is one of the biggest Fourth Amendment cases in recent memory," says Hanni Fakhoury, an Electronic Frontier Foundation staff attorney. "It was huge."
The Justices also wrote, in the ruling, that they thought they should review the so-called "business-records" exemption that allows the authorities to obtain banking, medical, and telephone records without a probable-cause warrant. Though the court last month rejected without comment a related challenge to the NSA phone metadata program, which allows federal spies to collect all calling information in the United States.
LORI DREW
What she did: Involved in cyber bullying that led to teen's suicide.
Drew played a role in facilitating a fake MySpace profile of a non-existent 16-year-old boy named Josh Evans. The account was used to flirt with, and then reject, a 13-year-old Missouri girl, Megan Meier, who then committed suicide.
Drew's indictment charged that in September 2006 she conspired to create the account with her then 13-year-old daughter, Sarah, and a then-18-year-old employee and family friend named Ashley Grills, for the purpose of impersonating Josh Evans and inflicting psychological harm on Meier.
How did Drew's bad parenting benefit your rights?
The case hinged on the government's argument that violating a website's terms of service is the legal equivalent of computer hacking. Drew faced a maximum sentence of five years in prison for each of the three felony charges under the Computer Fraud and Abuse Act.
Los Angeles federal jurors, however, rejected the felony charges and found Drew guilty in 2008 of three misdemeanor counts of gaining unauthorized access to MySpace for the purpose of obtaining information on Meier — misdemeanors that potentially carried up to a year in prison.
In 2009, U.S. District Judge George Wu set aside the guilty verdicts. "It basically leaves it up to a website owner to determine what is a crime," Wu said. "And therefore it criminalizes what would be a breach of contract."
The government declined to appeal. Drew's attorney, H. Dean Steward, said people concerned "about being prosecuted" for violating an online terms of service agreement "should feel a bit better now."
DAVID NOSAL
What he did: Accused of hacking former employer's computer system.
In 2004, corporate headhunter Nosal left the California executive search firm Korn/Ferry to start a competing business, and he was looking for an edge. He convinced some of his former colleagues still at the company to use their legitimate access to Korn/Ferry computers to grab confidential source lists, and pass them to Nosal.
How did Nosal's treachery enhance your rights?
Nosal was charged with three felony Computer Fraud and Abuse counts, on the theory that he'd essential hacked Korn/Ferry's computers when he had his former co-workers leak information from them.
The 9th U.S. Circuit Court of Appeals, the judges reversed the three hacking counts, ruling last year that actual intrusion, not a breach of an employer's computer-use policy, was required to trigger prosecution as a hacker under the CFAA.
"Under the government’s proposed interpretation of the CFAA, posting for sale an item prohibited by Craigslist’s policy or describing yourself as 'tall, dark and handsome,' when you are actually short and homely will earn you a handsome orange jumpsuit," the court ruled, adding in a footnote that the government's interpretation of the law opens employees up to arrest, not merely dismissal, for playing Farmville at work.
Nosal was still convicted earlier this year on trade secret theft and mail fraud charges. Sentencing is set for next year.
The recent prosecution of Andrew Auernheimer, aka Weev, threatens to undermine the gains seen in the Nosal and Drew cases. Auernheimer was sentenced earlier this year to 3.5 years in prison after being charged with breaching the Computer Fraud and Abuse Act for obtaining the personal data of more than 100,000 iPad owners from AT&T's publicly accessible website. His case is on appeal.
Orin Kerr, a former federal prosecutor and a CFAA expert who has volunteered to defend Auernheimer pro bono, notes that the case against Weev "is deeply flawed and that the principles the case raises are critically important for civil liberties online."
HOWARD COTTERMAN
What he did: Possessed hundreds of child pornography images.
While crossing the Arizona border into the United States in 2007, agents seized three laptops and a camera from convicted child molester Howard Cotterman and transported the gear 170 miles away for a two-day search that uncovered hundreds of child porn images.
How did Cotterman's lust for porn benefit your rights?
Under the "border search exception" of United States law, international travelers, including US citizens, can be searched without a warrant as they enter the country. The Obama administration has aggressively used this power to search travelers' laptops, sometimes copying the hard drive before returning the computer.
Cotterman challenged the practice in court, and this year the 9th Circuit confirmed 8-3 that border agents may indeed undertake a search of a gadget's content on a whim, just like they could with a suitcase or a vehicle. However, the court ruled, a deeper forensic analysis using software to decrypt password-protected files or to locate deleted files now requires "reasonable suspicion" of criminal activity.
The decision significantly bolsters the digital rights of travelers. It didn't help Cotterman, though. The court found enough "reasonable suspicion" based on the facts that Cotterman was on a "lookout" list – because he was a convicted sex offender and frequently traveled to Mexico, a known destination for sex tourism. What’s more, adding to reasonable suspicion, under what the court labeled as the "totality of the circumstances," was the fact that some of the files on one of the laptops were password protected.
Cotterman's lawyers have asked the Supreme Court to reverse the decision, and uphold the lower court's ruling that the authorities did not have the power to whisk away the gadgets for inspection at all.
