Opinion
290 MDA 2022 291 MDA 2022 J-A27025-22
03-31-2023
COMMONWEALTH OF PENNSYLVANIA Appellant v. ERIC BRADLEY DERR COMMONWEALTH OF PENNSYLVANIA Appellant v. ERIC BRADLEY DERR
Appeal from the Order Entered January 11, 2022 In the Court of Common Pleas of Lycoming County Criminal Division at No(s): CP-41-CR-0000222-2021, CP-41-CR-0000507-2021
BEFORE: DUBOW, J., McLAUGHLIN, J., and COLINS, J. [*]
OPINION
McLAUGHLIN, J.
The Commonwealth of Pennsylvania appeals from the order granting Eric Bradley Derr's pretrial petition for a writ of habeas corpus. The Commonwealth argues the court erred in determining it had not presented a prima facie case that Derr had committed Unlawful Use of a Computer and Other Computer Crimes ("Unlawful Use of a Computer"). See 18 Pa.C.S.A. § 7611(a)(2). We reverse.
In December 2020, the Commonwealth filed a complaint charging Derr with several crimes, including Unsworn Falsification to Authorities, Tampering with Public Records, Obstruction of the Administration of Law, and multiple counts of Unlawful Use of a Computer. The latter charges were under subsection (a)(1) of the Unlawful Use of a Computer statute. That subsection provides that a person commits an offense when the person "accesses or exceeds authorization to access" a computer, computer system, computer network, computer database, or certain other things, "with the intent to interrupt the normal functioning of a person or to devise or execute any scheme or artifice to defraud or deceive or control property or services by means of false or fraudulent pretenses, representations or promises[.]" 18 Pa.C.S.A. § 7611(a)(1).
See 18 Pa.C.S.A. §§ 4904(a), 4911(a)(1), 5101, and 7611(a)(1), respectively. The Commonwealth also charged Derr with Hindering Apprehension or Prosecution, Official Oppression, and Criminal Coercion, but later withdrew those charges. See 18 Pa.C.S.A. §§ 5105(a)(3), 5301(1), and 2906(a)(4), respectively.
The complaint alleged that Derr, a police officer for the Williamsport Police Department, had become romantically involved with a woman he encountered during a drug arrest. Criminal Complaint, Docket No. CP-41-CR-0000222-2021, 12/15/20, at 6. Derr thereafter assisted the woman, and her "drug associate," to avoid encounters with the police and evade criminal prosecution. Id. Derr "r[a]n her license [and] registration" to "check to see if she had any warrants and whether she still had a license." Id. After the relationship ended, Derr continued to "run" the men she dated. Id.
The complaint further alleged that Derr had investigated another woman for a summary retail theft offense, but did not file charges against her, despite telling the store that he would. Id. at 7. Derr obtained oral sex from the woman in exchange for resolving the case without prosecution. He also falsely wrote in the police report that the stolen items had been recovered. Id. at 78. Derr later responded to an emergency call to the woman's home when she overdosed, and she claims he took a bag of heroin from her during the incident. Id. at 8.
According to the complaint, the investigation into Derr uncovered that Derr had used his access to the Pennsylvania Justice Network ("JNET") for personal reasons, which violated the user agreement and was prohibited by the Williamsport Police Department. Id. at 9. The complaint alleged that, "between 6/14/2015 and 12/11/2019, Derr ran a total of 93 illegitimate JNET checks on 28 different women." Id.
Following a preliminary hearing, the Magisterial District Court dismissed the Unlawful Use of a Computer charges. The court found that the Commonwealth had not presented prima facie evidence that Derr had violated subsection (a)(1) of the Unlawful Use of a Computer statute. The court bound the remaining charges for trial and assigned them a Common Pleas docket number (the "Unsworn Falsification docket").
The Commonwealth refiled the Unlawful Use of a Computer charges -28 counts - this time under subsection (a)(2). That subsection states that a person commits an offense when the person "intentionally and without authorization accesses or exceeds authorization to access, alters, interferes with the operation of, damages or destroys" any of several enumerated things, including a computer, computer system, computer network, or computer database. 18 Pa.C.S.A. § 7611(a)(2). The court issued a scheduling order regarding the refiled charges, stating, "If the charges are bound over for court[,] they shall be consolidated with the [charges previously bound over for trial]." Order, Unsworn Falsification docket, 4/1/21, at 1.
The new complaint repeated the allegations from the first complaint that Derr had used JNET for illegitimate reasons 93 times, including on the woman who had been part of the drug arrest and the woman who had committed retail theft. See Criminal Complaint, Docket No. CP-41-CR-0000507-2021, 2/25/21, at 4-5. The complaint also detailed that Derr had used the JNET system to run illegitimate checks on several other women, including a coworker, a coworker's wife, and a county employee. Id. at 5. The complaint further alleged that another officer reported that when he was a student intern and riding in the police car with Derr, Derr would look up women on JNET to ask the student if he thought the women were "hot." Id. at 6.
At a preliminary hearing, Captain William Bolt testified that JNET "is the system utilized to hold special information to include PennDOT records, wants and warrants, and other electronic personally identifiable information on persons who live within and outside of the Commonwealth of Pennsylvania." N.T., 4/15/21, at 11. He stated that JNET is for law enforcement personnel and not accessible by the general public. Id. To gain access to JNET, a law enforcement officer must attend training and complete a certification exam, and Derr completed the certification process. Id. at 11-12, 13. As part of the process, personnel must agree to the JNET user agreement. Id. at 13.
Officer Bolt explained that users must also agree to the JNET terms of use every time they access JNET. The terms of use include "how it should be utilized, when it can be utilized[.]" Id. at 12. He further testified that JNET is "for criminal investigation purposes only or for other official purposes. It is not to be used for personal use[.]" Id.; see also id. at 21. He said that law enforcement personnel are "specifically told" during the certification training that the ban on personal use means "not to look up your personal information, your spouse, friends, et cetera," unless there is a criminal investigative purpose. Id. at 12-13.
The Commonwealth introduced into evidence copies of JNET user agreements dated 2013, 2014, 2016, and 2019, all of which contained language prohibiting use for non-official purposes. See id. at 14-16, 48. The 2013 agreement states that "JNET data shall not be used for personal use under any circumstances. Personal use is defined as querying or viewing records that are not relevant to your criminal justice or official purposes." Id. at 14-15. The 2014 agreement contains a similar prohibition: "[B]y accessing and using JNET, you shall . . . not use JNET for personal or non-criminal justice purposes." Id. at 15.
The 2016 user agreement also contained such a ban: "[B]y accessing and using JNET, you agree to . . . not use any JNET resource for personal, non-criminal justice or non-governmental purposes. Personal use is defined as querying or viewing records that are not relevant to a criminal justice or official government purpose, including your own." Id. at 16. Likewise, the 2019 agreement provides:
[B]y accessing and using JNET, you agree to . . . not use any JNET resource or application or data provider content for personal or non-governmental purposes. Personal use is defined as querying or viewing data provider content that is not relevant to a criminal justice or official governmental purpose, including your own records.Id. at 16-17. The agreements advised Derr that a violation could result in sanctions, including criminal prosecution. Id. at 46-47. The magisterial district judge bound the charges for trial and docketed them in Common Pleas Court (the "Unlawful Use of a Computer docket").
In Common Pleas Court, the Commonwealth filed a notice of joinder for the two cases. Derr did not assert any objection to the notice or move for severance. Each docket thereafter listed the number of the other docket as a "joined" case. See Unlawful Use of a Computer docket, Printed 3/24/22, at 1, Related Cases; Unsworn Falsification docket, Printed 3/24/22, at 1, Related Cases.
Derr then filed an omnibus pretrial motion that included a petition for a writ of habeas corpus. Derr argued the Commonwealth had failed to present a prima facie case that he had violated the Unlawful Use of a Computer statute, subsection (a)(2). He later filed a supplement to the petition in which he argued the charges were contrary to the United States Supreme Court's holding in Van Buren v. United States, 141 S.Ct. 1648 (2021). After argument, the court granted the petition and dismissed the Unlawful Use of a Computer charges. Relying on Van Buren, the court concluded that while Derr had violated the rules of use for JNET, he had not exceeded his authorization to access JNET. The court also opined as follows:
Derr also sought a writ of habeas corpus on the Unsworn Falsification docket. The court denied the request.
If the "exceeds authorized access" clause criminalizes every violation of a computer-use policy, then millions of otherwise lawabiding citizens are criminals. Take the workplace. Employers commonly state that computers and electronic devices can be used only for business purposes. So on the Commonwealth's reading of the statute, an employee who sends a personal email or reads the news using her work computer has violated the statute. We find it hard to believe that the legislature intended to make a felony out of performing internet-based Christmas shopping on an employee's lunch hour. In that regard the employee had access to the Internet but was violating a company policy.
Memorandum and Order, 1/11/22, at 4 (unpaginated).
The order dismissing the Unlawful Use of a Computer charges did not reference, and was not docketed at, the Unsworn Falsification docket, despite the two cases having been joined. Nonetheless, the Commonwealth filed a notice of appeal from the order at each docket. Each notice of appeal included a Pa.R.A.P. 311(d) certification that the order would terminate or substantially handicap the Commonwealth's ability to prosecute the cases because "these two dockets arise in part from the same criminal episode" and "the Commonwealth may be precluded from proceeding on the dismissed charges by Double Jeopardy and/or Rule 110." Notice of Appeal, Unsworn Falsification docket, 1/31/22, at 1; Notice of Appeal, Unlawful Use of a Computer docket, 1/31/22, at 1.
See also Pa.R.A.P. 311(d) ("the Commonwealth may take an appeal as of right from an order that does not end the entire case where the Commonwealth certifies in the notice of appeal that the order will terminate or substantially handicap the prosecution").
This Court, per curiam, issued a Rule to Show Cause why we should not quash the appeal relating to the Unsworn Falsification docket, as it is from an order that is not entered on that docket. This Court later discharged the Rule and referred the issue to the instant panel.
The Commonwealth raises the following issues:
A. Should the appeal docketed at 290 MDA 2022 be quashed as taken from a purported order that is not entered upon the appropriate docket of the lower court insofar as the two criminal dockets had been properly joined by the Commonwealth pursuant to Pa.R.Crim.P. 582, arose in part from the same criminal episode, and the Commonwealth has no authority over how the Lycoming County Clerk of Courts dockets filings on joined cases?
B. Did the trial court err in granting [Derr]'s writ of habeas corpus and dismissing all counts of unlawful use of a computer, 18 Pa.C.S. § 7611(A)(2), where the court incorrectly concluded that Van Buren v. United States, 141 S.Ct. 1648 (U.S. 2021), governed the interpretation of "exceeding authorization" as used
in § 7611(A)(2), and that [Derr] could not be guilty of that offense insofar as he had authority to access the JNET database, regardless of whether his purpose or motive in accessing JNET exceeded his authorization?
Commonwealth's Br. at 4 (suggested answers omitted, italics added).
I. The Appeal at the Unsworn Falsification Docket
The Commonwealth argues that we should not quash the appeal at the Unsworn Falsification docket even though the order under appeal was not entered on that docket, does not reference that docket number, and does not directly pertain to those charges. The Commonwealth asserts that if we quash the appeal, it would be forced to go to trial on the charges at the Unsworn Falsification docket to avoid dismissal of those charges pursuant to the speedy trial rule. See Pa.R.Crim.P. 600. However, the Commonwealth argues, if it proceeds to trial at that docket, and in this appeal we reverse the grant of habeas corpus as to the Unlawful Use of a Computer charges, the compulsory joinder rule will preclude it from trying the Unlawful Use of a Computer charges because those charges arose out of the same criminal episode as the Unsworn Falsification charges. See 18 Pa.C.S.A. § 110(1)(ii) (barring second trial for "any offense based on the same conduct or arising from the same criminal episode").
Derr counters that we should quash the appeal at the Unsworn Falsification docket. He contends that the charges in the two dockets did not arise out of the same criminal episode because "each of the charges relate to different dates as well as different activities." Derr's Br. at 2.
We will not quash. Rule of Criminal Procedure 582 allows the Commonwealth to join offenses that are based on the "same act or transaction." Pa.R.Crim.P. 582(A)(1)(b). The Rule provides that "[n]otice that offenses . . . charged in separate indictments or informations will be tried together shall be in writing and filed with the clerk of courts." Pa.R.Crim.P. 582(B)(1). Rule 582 is based on the compulsory joinder rule, which provides that "if all offenses arising from the same criminal episode or transaction are not tried together, subsequent prosecution on any such offense not already tried may be barred." Id., cmt. (citing 18 Pa.C.S. §§ 109-110). Charges involve a single criminal episode if there is a temporal relationship between the charges and there is a logical relationship between the offenses such that, if the charges are tried separately, there will occur a substantial duplication of either factual or legal issues. Commonwealth v. Brown, 212 A.3d 1076, 1083 (Pa.Super. 2019).
We may consult the explanatory comments of the committee that worked on a rule. Commonwealth v. Lockridge, 810 A.2d 1191, 1195 (Pa. 2002).
Rule 582's notice of joinder provision thus works in tandem with the compulsory joinder rule and enables the Commonwealth to avoid the difficulty it has encountered here. In the present circumstances, if we quash, the Commonwealth likely will face the very difficulty Rule 582 permitted it to avoid by joining the cases. Furthermore, joinder was proper. The Unlawful Use of a Computer charges are temporally and logically linked to the other charges, as described above, and joinder thus prevented substantial duplication of at least factual issues. Although the order on appeal was not entered on the Unsworn Falsification docket, it was entered on the Unlawful Use docket, and given the propriety of the joinder, we consider the order to have been entered on the appropriate docket. See Pa.R.A.P. 301(a)(1). We decline to quash.
II. Unlawful Use of a Computer
The Commonwealth argues the trial court erred in dismissing the charges for Unlawful Use of a Computer. It points out that under the predecessor statute, this Court affirmed a conviction for an officer's unauthorized use of police computer equipment. It emphasizes that we did so even though the predecessor statute only barred "intentionally and without authorization" accessing a computer, computer system, etc., and not "exceed[ing] authorization." See Commonwealth's Br. at 26-28 (citing Commonwealth v. McFadden, 850 A.2d 1290 (Pa.Super. 2004)). The Commonwealth further argues that the United States Supreme Court's decision in Van Buren is not controlling, because in that case, the Supreme Court was construing a federal statute and the Court's holding turned on that statute's unique definition of "exceeds authorized access," which it maintains is not present in the subject statute. Id. at 28-30 (citing Van Buren, 141 S.Ct. at 1655-57).
The Commonwealth also contests the trial court's policy rationale. The Commonwealth stresses that policy concerns cannot supplant the plain meaning of the statute's text. It also contends that charges for using a work computer for shopping, such as the trial court described, would be dismissed as de minimis infractions, if they were even charged. It contrasts such infractions with the instant facts, which it characterizes as a gross abuse of power.
Derr responds that because Van Buren turned on similar statutory language and facts, the trial court did not err in following it. According to Derr, as the Van Buren Court concluded, the statutory words "exceeds authorization to access" "do not cover improper motives for obtaining information that otherwise would be available to" the person. Derr's Br. at 7. He contends that he was authorized to access all the information in JNET, and therefore did not exceed his authorization when he accessed the information at issue, albeit for personal reasons. He also argues that McFadden, which considered only whether an officer acted "without authorization" in accessing a computer, should not influence our interpretation of whether he "exceed[ed] authorization to access" JNET.
We review a decision to grant a pretrial petition for a writ of habeas corpus by examining the evidence and reasonable inferences derived therefrom in a light most favorable to the Commonwealth. See Commonwealth v. Dantzler, 135 A.3d 1109, 1111-12 (Pa.Super. 2016). We then ask whether the Commonwealth presented at the preliminary hearing a prima facie case of the crime charged. See id. at 1112. "A prima facie case exists when the Commonwealth produces evidence of each of the material elements of the crime charged and establishes probable cause to warrant the belief that the accused committed the offense." Commonwealth v. Karetny, 880 A.2d 505, 514 (Pa. 2005). Whether the Commonwealth has presented a prima facie case is a question of law. Dantzler, 135 A.3d at 1112. Statutory interpretation is also a question of law. Commonwealth v. Gamby, 283 A.3d 298, 304 (Pa. 2022). Our scope of review is therefore plenary, and our standard of review is de novo. Id.
This issue calls on us to engage in statutory construction. We therefore follow the instructions of the Statutory Construction Act. See 1 Pa.C.S.A. §§ 1501-1991; Gamby, 283 A.3d at 306. The Act directs us that "[w]hen the words of a statute are clear and free from all ambiguity, the letter of it is not to be disregarded under the pretext of pursuing its spirit." 1 Pa.C.S.A. § 1921(b). Thus, "when the terms of a statute are clear and unambiguous, they will be given effect consistent with their plain and common meaning." Gamby, 283 A.3d at 306 (citing 1 Pa.C.S.A. § 1921(b)); Commonwealth v. Kelley, 801 A.2d 551, 554 (Pa. 2002)).
If, on the other hand, the statutory language is not explicit, we follow the instructions of the Statutory Construction Act to ascertain the General Assembly's intent. We do so by considering the factors listed in Section 1921(c), which include such matters as "[t]he object to be attained" and "[t]he consequences of a particular interpretation." See 1 Pa.C.S.A. § 1921(c). Similarly, the Crimes Code instructs that its provisions "shall be construed according to the fair import of their terms." 18 Pa.C.S.A. § 105. Only "when the language is susceptible of differing constructions" shall a statute "be interpreted to further the general purposes stated in this title and the special purposes of the particular provision involved." Id.
To discern the meaning of statutory language, or whether any ambiguity exists, we construe the statutory words and phrases "according to the rules of grammar and according to their common and approved usage." 1 Pa.C.S.A. § 1903. We may consult dictionary definitions. Gamby, 283 A.3d at 307. We must also view the words in context. Id. at 306 (citing 1 Pa.C.S.A. § 1903); 308 (citing In re J.W.B., 232 A.3d 689, 699 (Pa. 2020)).
The Commonwealth charged Derr with violating subsection (a)(2) of Unlawful Use of a Computer. That provision states, A person commits the offense of unlawful use of a computer if he: ...
(2) intentionally and without authorization accesses or exceeds authorization to access, alters, interferes with the operation of, damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof[.]18 Pa.C.S.A. § 7611(a)(2).
Here, the Commonwealth alleged that when Derr looked up information in JNET for personal reasons, he exceeded his authorization to access that computer system. Our task, therefore, is to determine whether the terms "exceeds authorization to access . . . any . . . computer [or] computer system . . . or any part thereof" apply to the charged conduct in light of the above principles of statutory construction.
The parties do not dispute that JNET qualifies as "a computer system, computer network, computer software, computer program, [or] computer database[.]" 18 Pa.C.S.A. § 7611(a)(2). For purposes of this opinion, we will refer to it as a "system," as that is how it was referred to at the preliminary hearing.
The trial court followed Van Buren, which the Commonwealth maintains was erroneous. There, the defendant was a law enforcement officer who had used the computer in his patrol car to obtain information from a law enforcement database for personal reasons. He was charged with violating the federal Computer Fraud and Abuse Act of 1986 ("CFAA"). That act imposes criminal liability when a person "intentionally accesses a computer without authorization or exceeds authorized access" and obtains information. 18 U.S.C. § 1030(a)(2).
The United States Supreme Court concluded that the defendant's acts did not fall within the CFAA's parameters. It observed the CFAA explicitly defines "exceeds authorized access" as "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter." See 18 U.S.C. § 1030(e)(6). The Court noted that the parties agreed that Van Buren had "access[ed] a computer with authorization" and had "obtain[ed]" information in the computer. Van Buren 141 S.Ct. at 1654. The issue was whether he was "entitled so to obtain" the information. Id. The Court concluded that he was. Referring to dictionary definitions, it found that the word "so" referred to "the previously stated 'manner or circumstance' in the text" of the statute. Id. at 1655. The Court thus found that the CFAA was limited to cases in which a person obtains information "from particular areas in the computer-such as files, folders, or databases-to which their computer access does not extend." Id. at 1652.
Derr does not contend that the Unlawful Use of a Computer statute is ambiguous. Rather, he argues that the plain language of the statute does not encompass the allegations against him, for the reasons set forth in Van Buren.
The reliance on Van Buren is misplaced. Not only was the Court engaging in statutory construction of a federal statute, but the CFAA also differs from Pennsylvania's Unlawful Use of a Computer statute in an important way. Key to the Van Buren Court's decision was the statutory definition of "exceeds authorized access" and its use of the phrase "is not entitled so to obtain." However, the Unlawful Use of a Computer statute does not employ a definition of the phrase "exceeds authorized access" or anywhere use "is not entitled so to obtain."
The General Assembly has given us a definition of "access" that applies to this statute. "Access," for present purposes, means, "To intercept, instruct, communicate with, store data in, retrieve data from or otherwise make use of any resources of a computer, computer system, computer network or database." 18 Pa.C.S.A. § 7601.
However, there is no statutory definition of "exceeds" and "authorized." We therefore turn to their plain, ordinary meaning. According to Merriam-Webster, to "exceed" means "to be greater than or superior to," "to go beyond a limit set by," or "to extend outside of." "Authorization" is defined by Black's Law Dictionary as "[o]fficial permission to do something; sanction or warrant," or "[t]he official document granting such permission." The synthesized common meaning of the phrase "exceeds authorization" is therefore, "goes beyond the limit of official permission."
EXCEED, Merriam-Webster Dictionary, https://www.merriam-webster.com /dictionary/exceed (last accessed 2/15/23).
AUTHORIZATION, Black's Law Dictionary (11th ed. 2019).
Combining these definitions, it is apparent that the "exceeds authorization to access" language of subsection (a)(2) of Unlawful Use of a Computer prohibits a person from going beyond the limit of their official permission to "access" (as statutorily defined) a computer, computer system, computer network, computer database, etc., or any part thereof. This includes surpassing limitations on permitted purposes for retrieving data. Here, the Commonwealth presented evidence that Derr's official permission to retrieve data from JNET was limited to use for official police purposes, but that he retrieved data from JNET for personal reasons. This constitutes prima facie evidence that Derr went beyond the limit of his official permission to retrieve data from the JNET computer system, and therefore committed the crime of Unlawful Use of a Computer under subsection (a)(2).
We find Derr's argument that he did not exceed his authorization to access JNET because he had permission to access all information contained within that system unconvincing. His permission was not unfettered. There was a limit. Derr's authorization to use JNET stopped where official police work ended, and personal use began. The plain language of the statute resolves this issue.
Indeed, even though the previous version of the statute did not explicitly prohibit "exceed[ing] authorization to access" a computer, and only barred "intentionally and without authorization access[ing]" a computer, we had no trouble finding that the statute encompassed the type of behavior we deal with here. See McFadden, 850 A.2d at 1293 (quoting 18 Pa.C.S.A. § 3933(a)(2), repealed eff. February 14, 2003). In McFadden, we held there was sufficient evidence to support a conviction under the previous statute where a police officer sent a bogus message through the computer in her patrol car. Id. at 1292. We held that because the officer was not permitted to use the computer for reasons other than official police business, and she had "accessed" that system "without authorization." Id. at 1293. As the current statute includes this same language - "intentionally and without authorization accesses" - under McFadden, we would find the Commonwealth here set forth a prima facie case, even without the added "exceeds authorization" language.
Notably, the previous statute was repealed and replaced at the same time the Crimes Code was amended to provide a statutory definition for the word "access" in relation to computer crimes. See 18 Pa.C.S.A. § 7601, eff. Feb. 14, 2003.
Because we find the text of the statute "clear and free from all ambiguity," we will not entertain the policy concerns considered by the trial court. 1 Pa.C.S.A. § 1921(b). The Commonwealth presented prima facie evidence that Derr exceeded his authorization to access JNET. The trial court therefore erred in dismissing the Unlawful Use of a Computer charges.
Order reversed.
Judgment Entered.
[*] Retired Senior Judge assigned to the Superior Court.