« "Two Parties, Two Platforms on Criminal Justice: The Republicans nod to reforms, then take a sharp right turn." | Main | Has the drug war really "made policing more violent"? »

July 19, 2016

Nearly four years(!?!) in federal prison for MLB scout who hacked into rival team's research and notes

As reported in this local article, headlined "Former Cardinals scouting director sentenced to 46 months for hacking Astros database," a notable defendant got a significant federal prison sentence for some illegal corportate espionage. Here are some of the details:

The former St. Louis Cardinals scouting director who admitted he hacked accounts of the Houston Astros to gain insight into their operations was sentenced Monday afternoon to 46 months in prison.

Chris Correa pleaded guilty in January to five counts of unauthorized access to a protected computer. As part of his plea, Correa admitted to using the accounts of three Astros employees to view scouting reports, amateur player evaluations, notes on trade discussions and proposed bonuses for draft picks.  The information he accessed was given an estimated value of $1.7 million by the U.S. Attorney’s office.

Correa, 36, also admitted taking measures to conceal his identity. The sentence includes two years of supervised release and restitution payment of $279,038.65.  He will remain free until he is to report to prison, in two to six weeks....

During his guilty plea six months ago, Correa contended he hacked into the Astros accounts to see if former Cardinals employees had taken proprietary data or statistical models to use in their new positions with the Astros. Correa told prosecutors he found evidence that it did occur, U.S. Attorney Kenneth Magidson told the Post-Dispatch at that time....

Giles Kibbe, general counsel for the Astros, said after the sentencing that Correa accessed the Houston team’s database 60 times on 35 different days. “I don’t know what he saw or thought he saw,” Kibbe said, adding that what was clear from listening to U.S. District Judge Lynn N. Hughes during the sentencing is this: “The Astros were victims in this case.”...

Houston and its general manager, Jeff Luhnow, who began his baseball career with the Cardinals more than a decade ago, have repeatedly denied that Luhnow or any other former Cardinals employees brought information to the Astros. “The Astros refute Mr. Correa’s statement that our database contained any information that was proprietary to the St. Louis Cardinals,” the team said in a statement in January. Along with the U.S. attorney’s investigation, in which no other member of the Cardinals’ organizations was charged, the team completed an internal investigation; its outcome was Correa’s dismissal a year ago....

Correa read a four-minute statement to the judge before Hughes handed down his sentence. “I behaved shamefully,” Correa said, in apologizing to the Astros. “The whole episode represents the worst thing I’ve ever done by far.”

As he continued reading, offering an apology to his family with the promise to “regain your trust,” Hughes stopped Correa, asking him to turn around and speak directly to family members attending the hearing. Correa did so, his voice breaking as he repeated his apology. Correa said that because of his actions, he lost his career and his house, and he will work with his wife to rebuild “a quiet life of integrity.”

Hughes chastised Correa several times for his actions, comparing them to middle-school behavior. The judge used as an example a teacher asking Correa if he threw the eraser to which Correa would justify the action by saying: “Bobby did, too!”

“I hope it didn’t work then. It’s not going to work now,” Hughes said. The judge likened Correa’s hacking actions to altering a check by adding extra zeroes “and wiping out someone’s bank account.” Hughes also disclosed in court that Correa had been using prescription drugs without a prescription since the hacking charges, and that he could also have been prosecuted for that crime.

Hughes noted that Correa had taken college classes in ethics, asking: “At any time did you think hacking the Astros’ computers and using other people’s passwords was ethical?”

“No, your honor,” Correa said. Correa left the courthouse without comment, climbing into the passenger seat of a white SUV that was quickly driven away....

As part of his plea in January, Correa admitted to illicitly accessing Houston’s database through three accounts from at least March 2013 to the end of June 2014. He began by accessing the email account of one Astros employee who used to work for the Cardinals, referred to in the documents as “Victim A.” Although never mentioned by name in the documents, two of the former employees being described are believed to be Luhnow and Sig Mejdal. Both were key architects in the early days of the Cardinals’ analytic departments, and both are now baseball operations execs in Houston.

Correa took advantage of the fact that “Victim A” had used a password for his Astros email that was similar to the one he used with the Cardinals. He had gained the password when “Victim A” turned in his Cardinals laptop before leaving the team. Correa was able to access the accounts of two other Houston employees and through them see information in a database nicknamed “Ground Control.” On March 24, 2013, Correa viewed an Excel file of every amateur player eligible for the draft as well as the Astros’ internal evaluations and the scouts’ proposed bonuses to offer the players. He also looked at the Astros’ evaluations of Cardinals’ prospects.

That June, during the draft, Correa entered Ground Control and filtered the Astros’ information on players not yet drafted. He also looked at specific pages for two players, neither of whom the Cardinals drafted.

During that visit he looked at Houston’s scouting information for three of the eight players the Cardinals’ selected the previous day in rounds three through 10. At baseball’s trade deadline, July 31, Correa peered into Houston’s notes on trade discussions. In March 2014, he again entered the database and looked at 118 pages of what court documents called “confidential information.”

Cardinals general manager John Mozeliak and other team officials have stated they did not know about the breaches until investigators alerted them in early 2015.

I have reprinted the details of this "hacker's crime" because I am struggling to see what aggravating factors justified a nearly four-year prison sentence for a white-collar offenders who would appear to present no obvious risk to public safety and who has admitted his misdeeds and seems to show genuine remorse for his computer crimes.  I sumrise from the press description here that the the defendant's federal sentencing guidelines range was driven up significantly by the U.S. Attorney's determination that the "estimated value" of corporate information accessed here was $1.7 million.   But the fact that the defendant was ordered to pay less than $300K in restitution suggest that the actual harm to the Cardinals was far less than the economic number that appears to have driven the defendant's sentence up so much under the applicable sentencing guidelines.

Because I have not done a careful study of lots of recent computer crime cases, I am not sufficiently informed about whether this particular defendant's crime was distinctly bad or whether his sentence is distinctly severe.  But I do know that modern problems in the US with mass incarceration is aggravated when we now have persons who pose no threat to public safety and who commit crimes that seem to have a relatively small impact on a huge rich company getting sent away to federal prison for a really long period of time.

July 19, 2016 at 10:28 AM | Permalink

Comments

DOn't know that less than 4 years is a really long time.

Posted by: federalist | Jul 19, 2016 11:04:26 AM

Hacking computer records to invade the privacy of others and use the material for financial gain or more nefarious reasons seems to me some sort of threat to public safety.

What definition of "public safety" is being used here? If he directly embezzled funds by hacking the accounts would that be a threat to public safety? Viewing the records of the players can very well include viewing material that could seriously affect their livelihood or even their shot at MLB careers. And, he still paid close to 300K restitution. For some of us, that doesn't' sound trivial. Plus, it was a plea -- I'd think it theory could have been more.

I think saying he provides "no" threat to public safety is misleading. If you mean that keeping in a regular prison is not necessary for public safety, okay, but this sort of thing very well might be more troubling than some simple theft which is a more narrow thing.

Posted by: Joe | Jul 19, 2016 11:20:18 AM

Joe comes close to making a good point. What Joe is trying to point out is that not all criminals who cause harm do so in a manner that compromises public safety and therefore, a long(ish, in this case) sentence isn't necessarily unwarranted for non-violent offenders who cause significant harm.

I get Doug's procedural argument, and I suspect that a lesser sentence here could have sufficed. But I wasn't the judge.

Posted by: federalist | Jul 19, 2016 11:36:50 AM

Since some people are given life for little more than this, this sentence is "merely" symptomatic of the general problem of over-sentencing. Lawmakers are sleepwalking while Rome burns.

Posted by: peter | Jul 19, 2016 11:38:45 AM

"Joe comes close to making a good point."

:)

I'm trying to get a sense of what "compromises public safety" means. The person here hacked computer records for personal gain and harmed third parties in the process. I looked up the term:

Public Safety refers to the welfare and protection of the general public. It is usually expressed as a governmental responsibility. Most states have departments for public safety. The primary goal of the department is prevention and protection of the public from dangers affecting safety such as crimes or disasters.

definitions.uslegal.com/p/public-safety/

Prof. B referenced "persons who pose no threat to public safety" but hacking into computers in a way to invade privacy, put the sanctity of computer data integrity at risk and provide fiscal and reputation harms to a MLB baseball team (or whatever) might not be "violent" but is concerning as a matter of public safety. It's something akin to someone who trespasses on government property for a joke. We still worry about harm of people going on the property -- its integrity is a matter of public welfare. So, is the sanctity of computer data in this case.

At least, it seems reasonable to think so. The issue of degree and if locking the guy up in a prison for this length of time is the best way to address it remains open too.

Posted by: Joe | Jul 19, 2016 12:03:03 PM

Joe, in ordinary parlance, public safety has to do with physical harms (or the threat of physical harm). Words have their meanings stretched enough--let's cabin that tendency here.

Posted by: federalist | Jul 19, 2016 12:09:39 PM

I have less sympathy for this fellow for a different reason--though I too take Doug's point about actual damages. The reason is that even though this article doesn't say so another article makes clear that this is a CFAA case. Anyone who has been following CFAA litigation in the 9th circuit (especially Nosal I, Nosal II, and the recent Power case) know that the bigger problem with the CFAA is that people are getting jail sentences due to wild and implausible readings of what "unauthorized access" means. Orin Kerr has blogged abut this reality. EFF also has blogged about it too.

So here we have a guy who actually did what is the heart of what the CFAA should be about, actual hacking rather than password sharing. I'm less concerned about an excessive sentence for an actually guilty guy and more concerned about innocent people who did nothing wrong getting caught up in overzealous prosecutions. If one is genuinely concerned about over-criminalization under this law cases like Nosel II and Power are where one should look, not at this case.

Posted by: Daniel | Jul 19, 2016 12:10:14 PM

"public safety has to do with physical harms"

The integrity of the computer system ultimately is important to protect against physical harm to people and property. MLB in particular has a "public" character here. I think this person can be said to have some threat to public safety even granting this narrowing qualifier.

But, in "ordinary parlance," that sounds a tad limiting. The transit police, e.g., protecting against hacking of riders' computer files in the way used here would be part of their job to protect the "safety" of the "public." Anyway, maybe Prof. B. will comment.

Posted by: Joe | Jul 19, 2016 12:26:44 PM

Joe, the way to deal with that is not to expand the meaning of "public safety" (although I grant that the word "safe" itself is used to describe one's ability to deal with a company online without worrying about identity theft). This guy isn't a threat to public safety. The proper response to Doug's point about the lack of physical harm is to point out that not all serious crimes involve physical harm, not to get into quibbles about how far we can take a term whose heartland meaning deals with physical harm. You undercut your point and make yourself look silly.

Of course, you're in good company Joe. Maples v. Thomas is a great example of wordsmithing versus analysis. The Court seized on the "abandonment" without peering behind the fact that abandonment in that context had a willfulness element which was excised in the Maples opinion. Maybe people like the result--but the dishonesty should trouble (although I suspect it doesn't trouble people like you Joe or Doug). Same here--Doug's context is clear, and you're playing word games. You're not clever enough to do it.

Posted by: federalist | Jul 19, 2016 12:54:44 PM

Or while I am at it, Sotomayor's idiocy regarding the Louisiana Supreme Court's resolution of a speedy trial issue. Sotomayor seized on the fact that a delay was caused by the state's action without looking to whether the delay was attributable to the state. She covered for this by referencing the Louisiana Supreme Court's opinion (forgetting of course, that it's not her job to grade the paper, but determine whether the record supported the judgment below--remember, Sonia, judgment winners can change horses).

Posted by: federalist | Jul 19, 2016 12:57:51 PM

The people of Missouri should impeach the judge and make him/her move to Houston. The guy should not have been charged with a crime. The judge is known to have had sex with a dog back in high school. I found that on the internet and I did not hack.

Posted by: Liberty1st | Jul 19, 2016 1:36:47 PM

"point about the lack of physical harm"

It might have been helpful if he actually said "physical harm," but "public safety" (I provided multiple examples) sounds more open-ended.

Furthermore, even there, the integrity of the computer system -- especially involving national public entities like MLB teams -- has some importance to protect safety from "physical harm." But, we moved on to something else, perhaps.

Posted by: Joe | Jul 19, 2016 3:09:53 PM

On the one hand, he's guilty of something perfectly analogous to common-law theft. Not too many folks going to argue that that makes him not a threat to public safety.

Posted by: Fat Bastard | Jul 19, 2016 3:29:55 PM

Joe, give it up. You're a contentious moron. The "public" in "public safety" generally means real live human beings. Yes, harming inanimate things may cause danger to real live human beings (e.g., knocking out water systems), but so what?

And your reference to "national public entities like MLB teams" should have embarrassed you when you wrote it. That's not even bootstrapping. This guy got a peek at some info. No indication he's likely to do it again, and he's not a malware guy--he used a password. This crime had ZERO impact on public safety, even under your cockamamie stretches.

You're not anywhere close to being as smart as you think you are.

Posted by: federalist | Jul 19, 2016 3:34:59 PM

"he's not a malware guy--he used a password."

Yes this is true but it is important to distinguish this case from password sharing. In this case he stole the passwords without the knowledge and permission of the original account holder. Malware is used in a minority of these types of cases; most password cracking is accomplished along similar lines as to what Correa did.

Posted by: Daniel | Jul 19, 2016 4:04:02 PM

Great discourse, federalist and Joe (and others), and I now finally have some time to jump in and clarify/comment:

1. When I use terminology like threat/risk to public safety, I am generally thinking about a person who creates a threat/risk of producing significant physical/financial harm or who may make the general public feel "less safe" about going about their usual business. Ergo, I tend to think of a person who breaks into cars in a secluded parking garage to be a threat to public safety even if he runs away whenever a person walks into the garage. Similarly, I would view a person who seeks to "hack" credit card info from stores to be a threat to public safety even if he never has a physical encounter with anyone.

2. My definition aside, I am eager to thank Joe (and federalist) for providing a useful reminder that a term like "public safety" is vague and can be given lots of different meanings/nuances. Also, I agree with both Joe and federalist that many offenders who are "non-violent" can do quite significant harm and can deserve very severe sentences. Bernie Madoff is a great example of a non-violent offender who did lots of harm to lots of people without using any violence. And, critically, I often favor --- mostly for deterrence reasons --- use of significant punishments for high-profile offenders who knowingly cause lots of harm (e.g., I see some wisdom in the willingness of the Chinese to use the death penalty for horrific political/economic crimes that cause lots of harm, and I suspect few would argue that "non-violent" treason ought not be punished severely).

3. As I understand the crime here, a mid-level MLB executive thought a rival MLB executive/team was "cheating"; he responded by cheating himself via illegal computer hacking. The crime apparently harmed the Cardinals financially, ergo the restitution punishment (though I wonder how that exact $$ amount was determined, and the harm was far less than the Cardinals likely make in concession sales during any home-game). More to the point, I see zero basis for believing an executive without any criminal history who did something stupid/illegal to try to get a leg up on a business rival is a one-man, crime-wave waiting to happen (on-line or elsewhere). This is not to say that this defendant should not be punished for his crime, but rather to question what public benefits are thought to follow from sending Correa to the federal pen (at taxpayer expense) for nearly four years rather than, say, for just one year or two.

4. Ultimately, my chief point/concern in this case is in part reflected by federalist's suggestion that 46 months is not really a long sentence, and Daniel's assertion that he is "less concerned about an excessive sentence for an actually guilty guy [than] about innocent people who did nothing wrong getting caught up in overzealous prosecutions." Both sentiments reveal the kinds of reasoning/feelings that help make the US the world's leader in incarceration: e.g., the thinking seems to go "46 months is not really so long, so why bother worrying too much if this liberty deprivation is really justified/needed" OR "why worry about folks getting slammed too hard with too much prison time if we are sure they are actually guilty."

5. A bit off point, but... I continue to wonder why federalist always seems so eager to pollute useful conversations with insults. Do you get an extra bit of sadist pleasure, federalist, calling folks terms like "contentious moron"? Unless it brings you some pleasure, I struggle to see what such name-calling adds to an otherwise useful discourse. Just sayin'

Posted by: Doug B. | Jul 19, 2016 4:05:39 PM

Doug, No. 4 isn't fair to me at all. Four years isn't that long. It's just not. And you should acknowledge that AND then make your point that four years (i.e., one or two too many) contributes to having more in the pokey than we should. But on top of that, I acknowledged that maybe a lesser sentence could have sufficed. You owe me a clarification, I believe.

Daniel--good point, but I was just saying that to show that this guy wasn't a threat to public safety, not that what he did wasn't serious.

Doug, the Chinese system is tyranny--and capital punishment in that context isn't wise, it's evil.

Posted by: federalist | Jul 19, 2016 4:18:33 PM

I forgot to address point 5. The reason I do this---look at Joe's post: "I'm trying to get a sense of what 'compromises public safety' means." I can't imagine a comment more infused with passive-aggressiveness. Then he "thinks" this guy who took at advantage of figuring out a password (a confluence of facts not likely to occur) is a danger to public safety. The language of a contentious ninny. So why not call that bit of d-baggery out? I mean seriously Doug, do you really take Joe's idea that someone who took advantage of someone else's lack of password diligence to get some scouting info as a "public safety threat"---it's precisely that kind of idiocy that gets disabled cancer patients beaten bloody in a TSA line. At some point the BS-detector has to go off on this peevish twerpiness. And then the "national public entities like MLB baseball teams"---you can't parody that sort of pseudo-intellectual ridiculousness.

This isn't sadism (a poorly chosen word), but hygiene.


Posted by: federalist | Jul 19, 2016 4:47:37 PM

This sentence is abusive and absurd. The punishment is theoretically supposed to fit the crime, and this just doesn't do that. A sentence of a year and a day would have been more than adequate. He would be away from his family for 8 or 9 months, spend a little time at a halfway house, and then he'd be home. Instead, the government will be wasting $30,000 or so a year to babysit him in a prison camp where he can catch up on all the John Grisham novels he's missed, and sit around doing nothing. The judge is an idiot.

Posted by: Barry | Jul 19, 2016 5:36:58 PM

@Doug

You twisted the meaning of my words to suit your agenda. I merely asserted that I was /less/ concerned about strong sentencing for the guilty than I was about overzealous prosecutors. Less concerned does not equal unconcerned. I think this greater concern about overzealous prosecutions is warranted due to the extensive collateral consequences that flow from a guilty verdict/plea in out present system. Even a felony conviction with a short prison sentence can still carry great damage due to these collateral consequences. Time is better spent getting the guilt/innocence equation correct than having an interminable debate over sentencing lengths *when dealing with this specific law* that has a history of overzealous prosecutions.

Posted by: Daniel | Jul 19, 2016 7:08:11 PM

federalist: have you ever been forced to do anything for 46 months? I think that is a long time to be forced to do anything, let alone sit in prison while your friends and family move on with their lives and you are completely deprived of liberty. I assume you would not say that I should not worry/care about who is the next Prez because they will be in power for the not-long time of four years. That said, semantics of what is "long" aside, it seems we both agree that little public benefit is served by putting this hacker in prison for this period of time. In the other topic, civility, it seems you just rather be a name-caller than a polite person, but I will not understand how that advances either your message or your mission.

Daniel: i am sorry if you think I twisted your words; I meant no offense AND I largely agree that misuse of CFAA is an even bigger problem than excessive sentencing in CFAA cases. That all said, I think it not only telling that this judge felt eager to send this defendant away for so long, but also that it is unlikely anyone is really going to complain or lament this waste of resourses.

Posted by: Doug B. | Jul 19, 2016 8:19:37 PM

Doug, we are talking about sentencing, and four years isn't that long. But even aside from this quibble (and I believe the words you used were "really long time". But even assuming this niggling point you make is fair to me, you completely ignore the other stuff I said. Now it may be that your commenting on the general uncaring about people in the pokey---but it's not fair to use me as an example of that uncaring given what I've said in this thread, and, for that matter, elsewhere. As you know, I am extremely wary of harsh sentences being visited upon people for relatively minor transgressions. Part of that is the justice aspect, and another part is that a harsh sentencing regime for serious crimes cannot survive when non-serious crimes (or worse, things that shouldn't even be crimes) get swept up. I believe in harsh sentences for armed robbery, not getting lost on one's snowmobile in a storm and wandering into a restricted area.

Re: Joe, you didn't answer my question---do you really think this idea of Joe's:, i.e., that someone who took advantage of someone else's lack of password diligence to get some scouting info as a "public safety threat" is a serious attempt at rational discourse? I don't.

I suspect we fundamentally agree on this sentence, and part of my reaction was to call you out on hyperbole--in the sentencing context a little less than four years is not "a really long time." I get it, you champion yourself as a defender of liberty by sticking up for those who are or will be incarcerated. But this is a somewhat idiosyncratic view, and you should realize that and tailor your arguments better instead of trying to hold me up as someone who doesn't get it. I do get it.


Posted by: federalist | Jul 20, 2016 8:40:09 AM

A few quick responses, federalist:

1. You are right that I used the term "really long," and I concede that the adjective "really" may go too far in this context. And I also happily acknowledge that you are generally "extremely wary of harsh sentences being visited upon people for relatively minor transgressions." Putting these sematics together, I am still left to wonder whether you think the defendant here (a) received a "harsh sentence" and/or (b) committed only a "relatively minor transgression." But, in the end, my follow-up query is even more semantics.

2. Speaking of semantics, I do think Joe's comments reflect "a serious attempt at rational discourse" much more than you calling him a "contentious moron" and a "contentious ninny" who is engaged in "d-baggery" and a "kind of idiocy." Specifically, I surmised Joe to be asking the (sensible and useful) question of whether I was suggesting that a computer hacker would never be a person who poses any threat to public safety. You may not have be impressed with how this back-and-forth played out, but I very much considered Joe's comments "a serious attempt at rational discourse." Even more to the point, I find his respectfully efforts to push/question how I am using of vague terms to be much more useful than your (too frequent) disrepectful efforts to belittle the comments of others with excessive name calling.

3. Finally, federliast, and perhaps another example of interesting semantic battles, I continue to find strange that you think it is "idiosyncratic" for me to be a defender of liberty by sticking up for those who are or will be deprived of liberty through incarceration.

Posted by: Doug B. | Jul 20, 2016 2:11:45 PM

1. Doug, read my posts---it's obvious I have deep skepticism, but I don't have all the info the court did.

2. Doug, you didn't really answer the question--I didn't talk about Joe's comments in general, just the idea that a guy who fortuitously gets the chance to figure out a password and who uses it, is somehow a "public safety threat". That's just nonsense. And the reference to MLB teams being public entities is just silly. When ordinary people talk about "public safety threats" they are not talking about some guy who figured out a password and accessed scouting reports.

3. Doug, your view that our harsh punishments for people for serious and evil crimes is somehow an indictment of our free society is idiosyncratic. I'm about as anti-statist as one can get, and I don't think LWOP for a 17 who brutally rapes and murders an old lady calls into question my commitment to freedom. You do.

Posted by: federalist | Jul 20, 2016 2:28:04 PM

And yeah, his crime wasn't that serious---he fell into temptation. Not good, but I don't think he's horrible.

Posted by: federalist | Jul 20, 2016 2:29:02 PM

Doug, the damage by Correa was to the Astros, not to the Cardinals.

As someone who follows baseball, the value estimate of $1.7 million strikes me as plausible.

I look at it two ways. On the cost side, an MLB team spends several million dollars per year on their baseball front office staffs (from the GM down through assistants, scouts, and analytics staffers). Correa accessed a significant portion of their annual work product, so valuing that information at $1.7 million passes the smell test.

Another way to think about is the value of draft picks. Younger, pre-free agency players are underpaid versus what they'd get on the open market. Because of MLB's draft and salary structure. To put some context around it, analysts have calculated an expected value for late 1st round / early 2nd round picks of around $10 million to $15 million. Expected value declines as the draft progresses, and we aren't talking about information that truly takes away or adds picks. The information taken conceivably improves the quality (and value) of each pick by adding another team's analysis to the mix, however. In other words, the cumulative expected value of a team's annual draft picks is high enough ($20 million plus is very reasonable) that it doesn't take much of a percentage increase or decline to get to $1.7 million.

All of that said, however, I'm fairly skeptical on whether a 46 month sentence is that much more of a deterrent than a 1-2 year sentence. On the one hand, I can see an argument for hefty deterrence, especially because my view is that the chance of getting away with this type of crime is relatively good if someone knows what they're doing more than Correa. On the other hand, once someone in Correa's position has been found out and is a federal felon who is going to serve meaningful time in prison, I don't know that 18 months in prison versus 46 months matters much as a deterrent. It's virtually certain that he's never going to work in baseball again. The specific circumstances of his high-profile crime mean that he's going to be readily identified as the Chris Correa who committed this crime and presumably have a really tough time finding a position of responsibility in any industry. So, not to make light of serving time incarcerated, but I don't see that the length of the prison sentence - above some threshold of a non-trivial sentence - is the big deterrent for this sort of crime.

Posted by: Dave T | Jul 20, 2016 3:49:24 PM

I appreciate the clarification.

"When I use terminology like threat/risk to public safety, I am generally thinking about a person who creates a threat/risk of producing significant physical/financial harm or who may make the general public feel "less safe" about going about their usual business."

As Dave T notes, sounds like 'significant financial harm' was involved here and MLB provides a special "public" connection in that respect. And, not appropriately responding will encourage others to use computer hacking for more financial or other wrongdoing. It seemed to me to fit.

The issue about the proper punishment and the question of scale (replace "no" with some other qualifier, my concern would be different) is duly noted.

Posted by: Joe | Jul 21, 2016 10:19:40 AM

Ugh, Joe, you just can't give up in making a fool out of yourself. Talking about a guy who fortuitously figured out a password and accessed some confidential issues which maybe caused hard and soft costs of $1.7MM to an organization worth hundreds of millions of dollars as a risk to public safety is silly. Yeah, maybe we can lump his conduct into broader categories (but remember we're still talking about his conduct) and maybe then stretch the meaning of public safety well past what people ordinarily think (and to boot label an MLB team some sort of public entity for purposes of determining "public safety"), but then we've played dumb semantic games just to keep you from looking stupid. Yeah, some hackers could be a threat to public safety---this guy, um no, particularly since it almost certainly is not going to happen again (one of Doug's original points).

And really, were you really harping on Doug for saying no rather than negligible? No--you're just trying to avoid admitting that your criticisms were, at best, tendentious niggling.

Posted by: federalist | Jul 21, 2016 2:28:54 PM

Doug - what do you think the appropriate sentence here is? One thing that seems to be missing in much of this discussion is the need for general deterrence for white collar criminals. A relatively trivial sentence of 12 months has little meaningful deterrent effect especially where such defenders frequently suffer nothing more than reputational harm rather than longer term consequences associated with other crimes- which may likewise have limited public harm. As for aggravated facts they're readily evident- the defendant repeatedly accessed the database and would have continued to do so had he not been caught. that type of repetitive behavior is frequently a signal for judges to sentence more stringently

Posted by: Giant Angry Bear | Jul 24, 2016 1:37:21 PM

Giant Angry Bear's comment is appreciated.

I do think at times a year sentence for a white collar prisoner will be harsher given the other type of prisoner more often is more experienced in the criminal justice system. The time served in a "country club prison" (which in various cases is probably not a fair term) is one difference. But, for some white collar criminals, the drop-off is much harder for them to bear.

Also, for white collar criminals, an extended post-confinement probation/parole period might have certain limitations that affect their previous standard of living much more. This would be particularly so if it inhibits previous employment and other opportunities. This would also be something to consider when applying punishments, jail time not the only punishment.

Posted by: Joe | Jul 25, 2016 11:49:57 AM

Post a comment

In the body of your email, please indicate if you are a professor, student, prosecutor, defense attorney, etc. so I can gain a sense of who is reading my blog. Thank you, DAB