The Minority Report of the House Permanent Select Committee on Intelligence just came out, and it contains a copy of an email sent by Donald J. Trump Jr. that doesn’t look so good for the First Son of the United States (FSOTUS). Specifically, the email suggests that Don Jr. probably committed a crime — a violation of Computer Fraud and Abuse Act; such a violation is at least a misdemeanor, and may amount to a felony depending on the specific underlying facts.
On September 21, 2o16, Donald Trump Jr. emailed Kellyanne Conway, Steve Bannon, Jared Kushner, and several other senior campaign officials:
Guys I got a weird Twitter DM from [W]ikileaks. See below. I tried the password and it works and the about section they reference contains the next pic in terms of who is behind it. Not sure if this is anything but it seems like it’s really wikileaks asking me as I follow them and it is a DM. Do you know the people mentioned and what the conspiracy they are looking for could be? These are just screen shots but it’s a bully [sic] built out page claiming to be a PAC let me know your thoughts and if we want to look into it.
The messages exchanged between Trump Jr. and WikiLeaks relate to login information to putintrump.org, an anti-Trump website which was poised to launch. WikiLeaks described the account as operated by a PAC that is “a recycled pro-Iraq war PAC;” that PAC purported to have guessed the password, which was “putintrump.”
Okay, so none of that sounds particularly shocking at first blush. We already knew Trump Jr. was communicating directly with WikiLeaks, and absent some kind of conspiracy (which has not been suggested), there was no reason to believe efforts to hack into the PAC’s accounts, however successful, were attributable to Don Jr..
That’s why Don’s email is a game-changer. What’s new is that this email is evidence (or perhaps more accurately, an admission) that Don violated U.S.C. § 1030(a)(2(c)). The statute prohibits:
So let’s see. First, we have “intentionally accessing a computer” – kind of a slam-dunk. Trump Jr.’s email says, “I tried the password and it works.” That seems about as clear as it could get. He intentionally accessed a computer. Any other interpretation would defy basic logic.
Next, there’s the “without authorization or exceed[ing] authorized access” part. Most of us picture cyber-hacking to be complex crimes only committed by those possessing elite levels of technical savvy. Not true, though. Simply guessing someone’s password can be just as illegal as far more complex cyber-invasion. As cybercrime expert and law professor Orin S. Kerr explained in his textbook, Computer Crime Law:
Guessing a password is something like picking a physical lock, and using a stolen password is something like making a copy of the key and using it without the owner’s permission. Indeed, bypassing password gates using stolen or guessed passwords is a common way to ‘hack’ into a computer.
And, as Kerr said in his own analysis on the subject, Trump Jr.’s email “sounds a lot like an admission that he committed a federal crime, and in particular a violation of 18 U.S.C. § 1030(a)(2)(c).”
Now let’s turn to the final requirements. For the action to be illegal, the unauthorized access must result in the actor “obtain[ing] information from any protected computer.” Did Don Jr.”obtain information”? It seems clear that he did.
He described the information he observed, which related to the origin of the PAC: “the about section they reference contains the next pic in terms of who is behind it,” and he also sent along screen shots of that very information. Now’s a good time to point out that under the law, “obtaining” information doesn’t necessarily require downloading or otherwise copying the information; it just requires observing the data. Of course, since FSOTUS screen-shotted the info, that makes things even clearer.
But was the computer involved a “protected computer”? What does that even mean? Well, there’s a specific definition for that term in the statute. Under 18 USC § 1030(e)(2), a “protected computer” is any computer means a computer used in or affecting financial institutions or the United States Government, or, “used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.”
In this case, we’re talking about a server that’s hosting a website that people can connect to from around the world. It’s pretty clearly a “protected computer,” for purposes of this statute.
So all that adds up to a pretty obvious misdemeanor unless Don Jr. could somehow convincingly plead that his accessing the website should be considered “unintentional.” Such a claim seems pretty tough, if not downright impossible.
There’s more, too. While U.S.C. § 1030(a)(2) is a misdemeanor, there’s a related section —18 U.S.C. § 1030(c)(2)(B)—that describes felony-level unauthorized access:
i) the offense was committed for purposes of commercial advantage or private financial gain;
(ii) the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or(iii) the value of the information obtained exceeds $5,000.
Did Don Jr. try the guessed password “for purposes of commercial advantage or private financial gain”? It would certainly be a reasonable inference that he did so to help his father win the 2016 election, and it’s not a very long walk from that win to financial gain. Alternatively, was the information obtained worth more than $5,000? While not certain, it sure could have been. When information is the subject of illegal activity, that information can be valued several different ways. One such method is the market value of the information and another is the cost to produce the information. The value of the information Trump Jr. obtained isn’t necessarily clear – but $5,000 is a pretty low bar when we’re talking about the American presidency.
Is it likely that Don Jr. will be prosecuted for computer hacking at either the misdemeanor or the felony level? No. I wouldn’t bet on prosecutorial resources being deployed to nail the First Son for trying out a hacked password – even if such a prosecution would appear to want a pretty clear outcome.
[image via Chip Somodevilla/Getty Images]