Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Thomas

United States Court of Appeals, Fifth Circuit

December 11, 2017

UNITED STATES OF AMERICA, Plaintiff - Appellee
v.
MICHAEL THOMAS, Defendant-Appellant

         Appeal from the United States District Court for the Eastern District of Texas

          Before WIENER, HIGGINSON, and COSTA, Circuit Judges.

          GREGG COSTA, CIRCUIT JUDGE

         Michael Thomas worked as the Information Technology Operations Manager for ClickMotive, LP, a software and webpage hosting company. Upset that a coworker had been fired, Thomas embarked on a weekend campaign of electronic sabotage. He deleted over 600 files, disabled backup operations, eliminated employees from a group email a client used to contact the company, diverted executives' emails to his personal account, and set a "time bomb" that would result in employees being unable to remotely access the company's network after Thomas submitted his resignation. Once ClickMotive discovered what Thomas did, it incurred over $130, 000 in costs to fix these problems.

         A jury found Thomas guilty of "knowingly caus[ing] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally caus[ing] damage without authorization, to a protected computer." 18 U.S.C. § 1030(a)(5)(A). Thomas challenges the "without authorization" requirement of this provision of the Computer Fraud and Abuse Act. He contends that because his IT job gave him full access to the system and required him to "damage" the system-for example, at times his duties included deleting certain files-his conduct did not lack authorization. In support of his view that the statute does not reach those whose access to a system includes the ability to impair it, Thomas invokes the rule of lenity and principle that vague statutes cannot be enforced. But we conclude that Thomas's conduct falls squarely within the ordinary meaning of the statute and affirm his conviction.

         I.

         Thomas's duties at ClickMotive included network administration; maintaining production websites; installing, maintaining, upgrading, and troubleshooting network servers; ensuring system security and data integrity; and performing backups. He was granted full access to the network operating system and had the authority to access any data and change any setting on the system. Thomas was expected to perform his duties using his "best efforts and judgment to produce maximum benefit" to ClickMotive.

         Thomas was not happy when his friend in the IT department was fired. It was not just a matter of loyalty to his former colleague; a smaller IT staff meant more work for Thomas. So Thomas, to use his word, "tinkered" with the company's system. The tinkering, which started on a Friday evening and continued through Monday morning, included the following:

• He deleted 625 files of backup history and deleted automated commands set to perform future backups.
• He issued a command to destroy the virtual machine[1] that performed ClickMotive's backups for one of its servers and then Thomas failed to activate its redundant pair, ensuring that the backups would not occur.
• He tampered with ClickMotive's pager notification system by entering false contact information for various company employees, ensuring that they would not receive any automatically-generated alerts indicating system problems.
• He triggered automatic forwarding of executives' emails to an external personal email account he created during the weekend.
• He deleted pages from ClickMotive's internal "wiki, " an online system of internal policies and procedures that employees routinely used for troubleshooting computer problems.
• He manually changed the setting for an authentication service that would eventually lead to the inability of employees to work remotely through VPN. Changing the setting of the VPN authentication service set a time bomb that would cause the VPN to become inoperative when someone rebooted the system, a common and foreseeable maintenance function.
• And he removed employees from e-mail distribution groups created for the benefit of customers, leading to customers' ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.