Domingo Rivera

Digital Forensics Consultant & Cyber Lawyer

United States v. Rich (4th Cir., 2015)

Accused of violating the Computer Fraud and Abuse Act and enter into a plea agreement…. then figure out that perhaps access was not unauthorized because an accused co-conspirator had a password and arguably “authorized access”… Too late! – Domingo Rivera

UNITED STATES OF AMERICA, Plaintiff – Appellee,
BRIAN MATTHEW RICH, Defendant – Appellant.

No. 14-4774


Submitted: June 30, 2015
July 29, 2015


Appeal from the United States District Court for the Western District of North Carolina, at Charlotte. Robert J. Conrad, Jr., District Judge. (3:12-cr-00369-RJC-3)

Before NIEMEYER, DUNCAN, and AGEE, Circuit Judges.

Affirmed by unpublished per curiam opinion.

Ross Hall Richardson, Executive Director, Joshua B. Carpenter, FEDERAL DEFENDERS OF WESTERN NORTH CAROLINA, INC., Asheville, North Carolina, for Appellant. Jill Westmoreland Rose, Acting United States Attorney, Anthony J. Enright, Assistant United States Attorney, Charlotte, North Carolina, for Appellee.

Unpublished opinions are not binding precedent in this circuit.

Page 2


Brian Matthew Rich appeals his conviction for conspiracy to violate the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 (2012). Pursuant to a conditional guilty plea, Rich challenges the district court’s denial of his motion to dismiss the indictment for failure to state an offense. We affirm.

“Where, as here, a district court’s denial of a motion to dismiss an indictment depends solely on a question of law, we review the district court’s ruling de novo.” United States v. Bridges, 741 F.3d 464, 467 (4th Cir. 2014). A federal indictment must contain the elements of the offense charged, fairly inform the defendant of the charge, and enable the defendant to plead double jeopardy as a defense to future prosecutions for the same offense. United States v. Resendiz-Ponce, 549 U.S. 102, 108 (2007); see Fed. R. Crim. P. 7©(1). Rich’s sole challenge to the indictment is that it failed to allege that the conspirators lacked authorization to access LendingTree’s network. With respect to this element, the indictment was required to allege that the conspirators agreed to either access a protected computer without authorization or exceed authorized access. See United States v. Moussaoui, 591 F.3d 263, 296 (4th Cir. 2010) (stating elements of conspiracy); 18 U.S.C. § 1030(a)(2)© (stating requirements of CFAA).

Page 3

Rich argues that the factual summary accompanying his plea agreement indicates that the conspirators accessed LendingTree’s network solely through administrator log-in credentials validly possessed by a coconspirator, and that such “password sharing” does not violate the CFAA. See WEC Carolina Energy Sols. LLP v. Miller, 687 F.3d 199, 206 (4th Cir. 2012) (holding CFAAcriminalizes obtaining or altering information individual lacked authorization to obtain or alter). We cannot consider this factual summary in reviewing the denial of a motion to dismiss, but must instead constrain our review “to the allegations contained in the indictment” United States v. Engle, 676 F.3d 405, 415 (4th Cir. 2012).*

We decline to reach Rich’s argument regarding the scope of the CFAA because even assuming, per arguendo, that Rich’s interpretation is correct, the indictment was sufficient to state an offense. The indictment alleges that the conspirators “accessed without authorization and exceeded authorized access to one or more LendingTree Network protected computers … through the use of compromised LendingTree administrator log-in

Page 4

credentials.” To the extent Rich argues that the indictment allows for the possibility that a coconspirator possessed valid log-in credentials, this possibility does not render the indictment deficient. The indictment clearly states that the access was “unauthorized” and that the log-in credentials used were “compromised.” Because we find that the indictment sufficiently alleges that the conspirators intended to access LendingTree’s network without authorization, we conclude that the district court did not err in denying Rich’s motion to dismiss.

We affirm the judgment of the district court. We dispense with oral argument because the facts and legal contentions are adequately presented in the materials before this court and argument would not aid the decisional process.