Filed: Dec. 22, 2006
Latest Update: Mar. 02, 2020
Summary: Opinions of the United 2006 Decisions States Court of Appeals for the Third Circuit 12-22-2006 USA v. Carlson Precedential or Non-Precedential: Non-Precedential Docket No. 05-3562 Follow this and additional works at: http://digitalcommons.law.villanova.edu/thirdcircuit_2006 Recommended Citation "USA v. Carlson" (2006). 2006 Decisions. Paper 32. http://digitalcommons.law.villanova.edu/thirdcircuit_2006/32 This decision is brought to you for free and open access by the Opinions of the United State
Summary: Opinions of the United 2006 Decisions States Court of Appeals for the Third Circuit 12-22-2006 USA v. Carlson Precedential or Non-Precedential: Non-Precedential Docket No. 05-3562 Follow this and additional works at: http://digitalcommons.law.villanova.edu/thirdcircuit_2006 Recommended Citation "USA v. Carlson" (2006). 2006 Decisions. Paper 32. http://digitalcommons.law.villanova.edu/thirdcircuit_2006/32 This decision is brought to you for free and open access by the Opinions of the United States..
More
Opinions of the United
2006 Decisions States Court of Appeals
for the Third Circuit
12-22-2006
USA v. Carlson
Precedential or Non-Precedential: Non-Precedential
Docket No. 05-3562
Follow this and additional works at: http://digitalcommons.law.villanova.edu/thirdcircuit_2006
Recommended Citation
"USA v. Carlson" (2006). 2006 Decisions. Paper 32.
http://digitalcommons.law.villanova.edu/thirdcircuit_2006/32
This decision is brought to you for free and open access by the Opinions of the United States Court of Appeals for the Third Circuit at Villanova
University School of Law Digital Repository. It has been accepted for inclusion in 2006 Decisions by an authorized administrator of Villanova
University School of Law Digital Repository. For more information, please contact Benjamin.Carlson@law.villanova.edu.
� NOT PRECEDENTIAL
UNITED STATES COURT OF APPEALS
FOR THE THIRD CIRCUIT
No. 05-3562
UNITED STATES OF AMERICA,
Appellee,
v.
ALLAN CARLSON,
Appellant.
On Appeal from the Judgment of the United States District Court
for the Eastern District of Pennsylvania
(D.C. No. Crim. 05-3562)
District Judge: Honorable Berle M. Schiller
Submitted Under Third Circuit LAR 34.1(a)
December 12, 2006
Before: SMITH, ROTH, Circuit Judges, and IRENAS,* Senior District Judge.
(Filed December 22, 2006 )
*
Honorable Joseph E. Irenas, Senior United States District Judge for the District of
New Jersey, sitting by designation.
1
� OPINION
IRENAS, Senior United States District Judge.
On July 14, 2005, the District Court for the Eastern District of Pennsylvania
imposed upon Appellant Allan Eric Carlson a sentence of 48 months imprisonment, a
term of supervised release of three years, restitution of $14,970.63, and a special
assessment of $7,900.00 after a jury found him guilty of computer and identification fraud
in violation of 18 U.S.C. § 1030(a)(5)(A)(I) & (ii) (the “Computer Fraud and Abuse Act”)
and 18 U.S.C. § 1028(a)(7)(the “Identity and Information Fraud Act”).1 Carlson appeals
the order denying his Fed. R. Crim. P. 29 motion for judgment of acquittal. The basis for
his motion was insufficiency of the evidence brought against him under the Computer
Fraud and Information Act.2 We will affirm.
I.
This Court has jurisdiction to review the order of judgment in a criminal case
pursuant to 28 U.S.C. § 1291. We exercise de novo review of the District Court’s denial
of Carlson’s motion for judgment of acquittal. Unites States v. Flores, 454 F.3d 149, 154
1
Specifically, the jury convicted Carlson of 26 counts of intentionally causing damage
to a protected computer, 26 counts of knowingly making unauthorized access to a
protected computer and thereby recklessly causing damage, and 27 counts of identity
fraud.
2
Carlson does not contest his conviction stemming from his violation of the
Identification and Information Fraud Act, 18 U.S.C. § 1028(a)(7).
2
�(3d Cir. 2006).
II.
Prior to his arrest and conviction, Carlson was an avid Philadelphia Phillies fan
living in California. (Appellant’s Brief, 2). He became savvy with internet use and
technology in 1999, and in 2000 began posting messages on online bulletin boards
devoted to the Philadelphia Phillies as a way to communicate with other Phillies fans.
(JA 3.139- 44).
Beginning in 2001, Carlson engaged in two types of e-mail activities that caused
damage to other internet users: “direct attack” e-mailing, in which Carlson sent
thousands of e-mails to one particular e-mail address,3 and “indirect attack” e-mailing,
where he sent one e-mail to many e-mail addresses.4
In employing the direct attack method, Carlson sent thousands of e-mails mainly to
a few e-mail addresses at the Philadelphia Phillies. Although the ‘from’ field indicated
that the e-mails were sent from various e-mail addresses not his own,5 such as the FBI and
3
The Government referred to such tactics as “direct attacks” on individual e-mail
users, as the user’s e-mail inbox would immediately flood with e-mails sent by Carlson
through a third party’s IP address.
4
The Government referred to this as an “indirect attack,” in that it did not flood any
one e-mail user’s account immediately, but rather would flood the sender’s e-mail address
when e-mails sent to invalid addresses were bounced back to the sender. Because
Carlson sent e-mails from addresses of other internet users, e-mails would be bounced
back to those inboxes, rather than the inbox of Carlson.
5
This act is referred to as “spoofing.”
3
�the Philadelphia Phillies, they were not sent from those individuals and entities, but rather
by Carlson using the Internet Protocol (“IP”) addresses of other computers. Carlson
claims that he sent these e-mails in an attempt to inform journalists and Phillies
management about issues with the management of the Phillies that he considered
problematic, and to start conversations among other internet users concerning such
problems. The evidence produced at trial showed that while some e-mails concerned the
Phillies, others did not.
Examples of Carlson’s direct attacks are as follows. On November 7, 2001,
Carlson sent 1,168 e-mails entitled “The Mariner’s Didn’t Trade A-Rod” from
“SpecialProsecutor@fbi.gov,” an e-mail address belonging to a Canadian internet user, to
six writers at Philadelphia Newspapers, Inc. (“PNI”). (JA 1.112, Supp. App. 4). On
November 11, 2001, Carlson sent over 5,000 e-mails entitled “Sign JASON GIAMBI” to
one address at the Phillies. (JA 2.107-113; Supp. App. 44-45). On March 12, Carlson
sent 1,800 e-mails to one address at the Phillies, and another 1,800 e-mails to another
Phillies’ address. (JA 2.115-7, 2.128-9; Supp. App. 44). On March 14, 2002, Carlson
sent an e-mail entitled “The Color of Crime” about raced-based crimes to 5,514
employees of PNI. The e-mails appeared to be from either Lillian Swanson, Ombudsman
of the Philadelphia Inquirer, or Walker Lundy, an editor of the Inquirer. (JA 1.143-45;
Supp. App. 43, 49, 66-134).
When employing the indirect attack method, Carlson would send spam e-mails
4
�from spoofed accounts to thousands of people whose addresses he collected primarily by
using computer software.6 For example, On November 16, 2001, Carlson used the e-mail
address of Greg Dubrow, a man with whom he had disagreements in conversations on an
internet bulletin board. Carlson sent over 5,000 e-mails from Dubrow’s address to a
Phillies address, as well as thousands of e-mails to other addresses, from which Dubrow
received 6,000 returned e-mails. (JA 2.113; Supp. App. 44, 137-8). On November 19,
2001, Carlson spoofed the e-mail address of Paul Hagen, a sports writer at the
Philadelphia Daily News, which caused 6,638 copies of this e-mail to be returned to Paul
Hagen’s e-mail inbox. (JA, 1.125-127, 3.27-56; Supp. App., 43, 135, 136). On April 9,
2002, Carlson sent thousands of e-mails from an address of a man who he claimed
“stalked” him on the internet, 7,000 of which were returned as undeliverable to the
alleged stalker’s inbox . (JA 2.78-82).
At trial, Carlson admitted to engaging in these activities, but denied that he knew
that each time he employed the “indirect attack” method of e-mailing, it would result in a
spoofed e-mailer’s receipt of hundreds of returned e-mails.7 (JA 3.176-77). He also
denied intending to cause damage by sending thousands of e-mails to one e-mail address,
6
The collection of large lists of e-mail addresses for use in spam or bulk mailing is
referred to as “harvesting.”
7
Carlson obtained many e-mail addresses from the unsecured networks of high school
and college alumni websites. Because the e-mail addresses of students typically become
invalid after they graduate, such websites contain a large number of invalid addresses.
Carlson claims he did not consider this result.
5
� which would clog the address, result in delays, and at times require the purging of all e-
mails, causing valuable business-related e-mails to be permanently lost.8
The present appeal centers around whether the jury’s conviction of Mr. Carlson
based upon the finding that he intended to cause damage when he sent e-mails, using both
direct and indirect attacks, was supported by the evidence.
III.
We must view the sufficiency of the evidence claim 9 in the light most favorable to the
Government, Wolfe, 245 F.3d at 261, and should sustain a verdict if “any rational trier of
fact could have found the essential elements of the crime beyond a reasonable doubt.”
United States v. Dent,
149 F.3d 180, 187 (3d Cir. 1998) (quoting United States v. Voigt, 89
F.3d 1050,1080 (3d Cir. 1996)). A court, however, “must be ever vigilant in the context of
Fed. R. Crim. P. 29 not to usurp the role of the jury by weighing credibility and assigning
weight to the evidence, or by substituting its judgment for that of the jury.”
Flores, 454 F.3d
at 154. Accordingly, an appellant bears a “very heavy burden” to prove the evidence
8
For example, on August 4, 2002, Carlson sent thousands of e-mails from the e-mail
address of the vice president of public relations at Knight-Ridder, PNI’s parent company,
which resulted in the return of 12,000 e-mail messages. Carlson engaged in a similar
activity on August 14, 2002. However on this occasion the e-mails were sent from the
address of Knight-Ridder’s president. The number of returned e-mails was so large that
the company had to shut down its server and rid it of all pending e-mails. (JA 2.56-65).
9
Carlson properly preserved his argument of insufficiency of evidence for appeal by
moving for a judgment of acquittal at the conclusion of the evidence. United States v.
Wolfe, 245 F.3d 257, 261 (3d Cir. 2001).
6
�presented was insufficient to support the verdict. United States v. Gonzalez, 918 F.2d 1129,
1132 (3d Cir. 1990) (quoting United States v. Losada,
674 F.2d 167, 173 (2d Cir. 1982)).
The Computer Fraud and Abuse Act requires proof that a criminal defendant:
knowingly cause[d] the transmission of a program, information,
code, or command, and as a result of such conduct, intentionally
cause[d] damage without authorization, to a protected computer.
18 U.S.C. § 1030(a)(5)(A)(I)(emphasis added). Section 1030(e)(8) defines “damage” as
“any impairment to the integrity or availability of data, a program, a system, or
information.” Although the statute itself does not define “intentionally,” this Court has
defined it in the criminal context as performing an act deliberately and not by accident.
United States v. Barbosa, 271 F.3d 438 (3d Cir. 2001). Accordingly, the Government was
required to prove at trial that Carlson deliberately caused an impairment to the integrity or
availability of data, a program, a system, or information.
The jury, after being properly charged as to both the elements of the crime and the
definitions of relevant terms used therein, found that Carlson knowingly accessed a
computer without authorization and intentionally caused damage thereto. Significantly,
the District Court defined the meaning of intent as follows:
A person acts intentionally when what happens was the defendant’s
conscious objective. To act intentionally means to do an act
deliberately and not by accident. The ultimate fact of intent, though
subjective, may be established by circumstantial evidence based
upon a person’s outward manifestations, his words, his conduct, his
acts and all the surrounding circumstances disclosed by the
evidence and the rational and logical inferences that may be drawn
from them. To find the defendant guilty of Counts 1 through 26, you
7
� must find beyond a reasonable doubt that he intended to cause
damage to the protected computer.
(JA 4.16, 9-19).
At trial, Carlson admitted that in using the direct e-mailing method and sending
thousands of e-mails to one inbox, the targeted inbox would flood with e-mails and thus
impair the user’s ability to access his other “good” e-mails. (JA 3.164-65). Carlson
argued, however, that he only believed the targeted e-mail user’s ability to access his e-
mail would be impaired for a few minutes.
Carlson contended that, in employing the indirect e-mailing method, although he
intentionally spoofed e-mail addresses from which he sent thousands of e-mails at a time,
he did not intend that the consequence of this would be to flood the spoofed sender’s
mailboxes with mail that was returned to sender and with replies requesting that the
sender not e-mail the recipient in the future. (Appellant’s Brief, 2).
The testimony reflected, however, that Carlson was a sophisticated internet and e-
mail user. Carlson himself admitted to extensive knowledge of use of the internet and
software, including knowledge of how to harvest e-mail addresses from websites, to send
mass mailings, to use proxy servers, and to spoof e-mail addresses. (JA 3.151-156,
3.176-177). It is clear from the evidence that Carlson’s level of internet savvy, combined
with his actions, could rationally be used as circumstantial evidence to conclude that
Carlson intended the consequences of his actions.
8
� IV.
We hold that sufficient evidence was presented at trial such that a reasonable juror
could have found that Carlson, who intentionally accessed a computer without
authorization, also intended the resultant damage. The Judgment of Conviction is
affirmed.
9
�
