US v. Robert Steele, No. 13-4567 (4th Cir. 2014)

Annotate this Case

Download PDF

UNPUBLISHED UNITED STATES COURT OF APPEALS FOR THE FOURTH CIRCUIT No. 13-4567 UNITED STATES OF AMERICA, Plaintiff – Appellee, v. ROBERT EDWIN STEELE, Defendant – Appellant. Appeal from the United States District Court for the Eastern District of Virginia, at Alexandria. Gerald Bruce Lee, District Judge. (1:12-cr-00515-GBL-1) Argued: September 19, 2014 Decided: December 24, 2014 Before DIAZ and THACKER, Circuit Judges, and Paul W. GRIMM, United States District Judge for the District of Maryland, sitting by designation. Affirmed by unpublished opinion. Judge Diaz wrote the opinion, in which Judge Thacker and Judge Grimm joined. ARGUED: Jonathan P. Sheldon, SHELDON, FLOOD & HAYWOOD, PLC, Fairfax, Virginia, for Appellant. Alexander T.H. Nguyen, OFFICE OF THE UNITED STATES ATTORNEY, Alexandria, Virginia, for Appellee. ON BRIEF: Dana J. Boente, Acting United States Attorney, OFFICE OF THE UNITED STATES ATTORNEY, Alexandria, Virginia, for Appellee. Unpublished opinions are not binding precedent in this circuit. DIAZ, Circuit Judge: Petitioner Robert Steele spent nine months secretly logging in to the email server of his former employer, gaining access to confidential and proprietary government contract bids. crimes under the information related to its As a result, Steele was convicted for Computer Fraud and Abuse Act. Steele now appeals his conviction, as well as his sentence of imprisonment and restitution. We reject Steele’s contentions of error and consequently affirm the judgment of the district court. I. In 2007, Platinum Solutions, Inc., hired Steele as its vice president for administrator. business His development duties gave him and access backup to the systems company’s server, which allowed him to monitor email accounts and employee passwords. Three years after Steele joined company was sold to SRA International, Inc. resigned and went to work for another Platinum, the Steele subsequently company, which--like Platinum and SRA--provided contract IT services to government defense agencies. During the next nine months, Steele continued to log in to SRA’s server via a “backdoor” account he had used while working for Platinum and SRA, and he proceeded to access and download documents and emails 2 related to SRA’s ongoing contract bids. The FBI later determined that Steele had accessed the server almost 80,000 times. A grand jury indicted Steele on two counts of wire fraud under 18 U.S.C. §§ 1343 and 1349, and fourteen counts of unauthorized access of a protected computer under the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. 1 The district court granted a judgment of acquittal on the wire fraud charges pursuant to Rule 29 of the Federal Rules of Criminal Procedure, but a jury convicted Steele on all of the CFAA charges, consisting of two misdemeanor and twelve felony counts. received less a prison than the sentence totaling recommendations under Guidelines Manual (“U.S.S.G.”). ordered him to pay $50,000 48 months, the Steele significantly U.S. Sentencing In addition, the district court in fines, $1,200 in fees, and $335,977.68 in restitution. II. Steele presents four major arguments on appeal. He first contends that the evidence was insufficient to convict him of accessing a protected computer “without authorization.” He further contends that his conviction should be reversed because 1 A “protected computer” includes one “used in or affecting interstate or foreign commerce.” § 1030(e)(2). 3 the district court’s jury instructions constructively amended the indictment by referring to the separate crime of accessing a computer in “excess of authorization.” Moreover, he asserts that the enhancement of his charges to felonies under 18 U.S.C. § 1030(c)(2)(B)(ii) constitutional Steele violated prohibition challenges his his due against prison process double sentence rights and jeopardy. and the the Finally, order to pay restitution based on the district court’s failure to properly apply the U.S.S.G. and restitution statute. We address each argument in turn. A. Steele first contends that the evidence is insufficient to support his convictions for accessing “without authorization” under the CFAA. a protected computer In considering this claim, we view the evidence in the light most favorable to the government, evidence and that we a must affirm reasonable the finder convictions of fact if could there “is accept as adequate and sufficient to support a conclusion of a defendant’s guilt beyond a reasonable doubt.” United States v. Pasquantino, 336 F.3d 321, 332 (4th Cir. 2003) (en banc) (quoting United States v. Burgos, 94 F.3d 849, 862 (4th Cir. 1996) (en banc)). Because it was reasonable for the jury to conclude that Steele acted “without authorization” when server, we affirm Steele’s convictions. accessing 4 SRA’s computer The CFAA individuals imposes who § 1030(a)(2)(C), accessing a criminal unlawfully under protected access which computer Steele with civil penalties computers. Steele was “without “exce[ss of] authorized access.” charged and on Specifically, indicted, prohibits authorization” or in Notably, the indictment itself violating only the first prong of this section. Steele primarily relies on our opinion in WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012), to argue that because SRA did not change his access password when he resigned, Steele’s post-employment access, though “ethically dubious” was not “without authorization” as contemplated by the statute. We cannot agree. WEC Carolina contributes to a dialogue among the circuit courts on the reach of § 1030(a)(2). The broad view holds that when employees access computer information with the intent to harm their employer, their authorization to access that information terminates, and they are therefore acting “without authorization” under § 1030(a)(2). See Int’l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 420–21 (7th Cir. 2006). narrower construction, § 1030(a)(2) applies adopted to by employees WEC who Carolina, unlawfully holds The that access a protected computer, but not to the improper use of information lawfully accessed. See WEC Carolina, 687 F.3d at 203-04 (citing 5 United States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012) (en banc)). Importantly, authorized to this access split their focuses on employer’s employees computers who but information they retrieve for an improper purpose. are use the Steele’s case is distinguishable for one obvious reason: he was not an employee of SRA at the time the indictment alleges he improperly accessed the company’s server. In WEC Carolina, authorization did not hinge on employment status because that issue was not in dispute. Here, by contrast, the fact that Steele no longer worked for SRA when he accessed its server logically suggests that the authorization longer existed. he enjoyed during his employment no See, e.g., LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1136 (9th Cir. 2009) (“There is no dispute that if Brekka accessed LVRC’s information . . . after he left the company . . . , Brekka would have accessed a protected computer ‘without authorization’ for purposes of the CFAA.”); Restatement (Third) of Agency § 3.09 (2006) (Actual authority terminates “upon the occurrence of circumstances on the basis of which the agent should reasonably conclude” that authority is revoked.). Common sense aside, the evidence provides ample support for the jury’s verdict. company issued information, laptop, SRA took steps to revoke Steele’s access to including denying him collecting physical 6 access Steele’s to the companycompany’s offices, and generally terminating his main system access. Steele himself terminated any recognized authority that he his had resignation to access And effectively SRA’s server, promising in his resignation letter that he would not attempt to access the system thereafter. Just because SRA neglected to change a password on Steele’s backdoor account does not mean SRA intended for Steele to have continued access to its information. Because Steele clearly acted “without authorization” under the plain meaning of § 1030(a)(2), the evidence is sufficient to affirm his convictions. B. The government charged Steele with “intentionally accessing a computer without authorization.” The indictment did not, however, purport to charge Steele under the alternative crime in § 1030(a)(2): exceeding authorized access. Nevertheless, when instructing twice the jury, the district court stated that Steele had been charged with “intentionally accessing a computer without authorization and in excess of authorization . . . .” J.A. 781–83 (emphasis added). Steele urges that these erroneous instructions constructive constituted a indictment requiring reversal. amendment of the We disagree. A constructive amendment (or fatal variance) occurs when the court “broadens the possible bases for conviction beyond those presented by the grand jury.” 7 United States v. Foster, 507 F.3d 233, 242 (4th Cir. 2007) (quoting United States v. Floresca, 38 F.3d 706, 710 (4th Cir. 1994) (en banc)). It is distinguishable from a non-fatal variance, which occurs when the facts proven at trial differ in some nonessential way from the facts alleged in the indictment, or when the court fails to instruct the offense. See Floresca, 38 F.3d at 709–10. We jury review de on an novo essential the question element of of whether court constructively amended the indictment. the the requires precedent, reversal, preserve the error. the finding even of where--as a Under this constructive here--a district United States v. Allmendinger, 706 F.3d 330, 339 (4th Cir. 2013). circuit’s charged defendant amendment fails to See Floresca, 38 F.3d at 714. Steele contends that the district court’s references to the “exceeds authorization” constructive amendment language because of they § 1030(a)(2) provide unindicted basis for the jury to convict him. an amount to a additional, While it may be true that instructing the jury on the elements of an “exceeds authorization” charge or explicitly changing the indictment to reflect this charge could constitute a constructive amendment, the district court’s two references to “exceeding authorization” do not rise to this level. Indeed, our cases hold that a variance or misstatement is not fatal if the indictment, evidence, and jury instructions as 8 a whole support conviction on the crime charged. See, e.g., United Cir. States (finding that v. Lentz, the 524 F.3d “indictment, 501, 514 evidence, (4th 2008) instructions, and arguments . . . viewed in their totality” made “implausible” the claim that the court’s supplemental instruction amounted to a constructive amendment); United States v. Velez, 27 F. App’x 179, 181 (4th Cir. 2001) (per curiam) (concluding that because the court made clear that the defendant was “not on trial for any act . . . not alleged in the indictment” and “sent a copy of the indictment and a verdict form to the jury room,” a misstatement by the court while reading the instructions did not amount to a constructive amendment). In this case, the district court’s references to “in excess of authorization” occurred in the context of the court’s instructions regarding the statutory felony enhancements: Counts 3 through 16 charge Mr. Robert Edwin Steele with intentionally accessing a computer without authorization and in excess of authorization and that the value of the information obtained exceeded $5,000. . . . Counts 3 through 16 charge[] the defendant, Mr. Robert Edwin Steele, with intentionally accessing a computer without authorization and in excess of authorization and that the offense was committed in furtherance of a criminal and tortious act in violation of . . . the laws of the Commonwealth of Virginia . . . . 9 J.A. 781–83 (emphasis added). The court thereafter instructed the jury on how it should calculate the value of the information obtained and on the elements of the Virginia statute that supported the felony enhancements. grand larceny Nowhere did the court, as Steele contends, expressly tell the jury that it could find Steele guilty if it found he had acted “in excess of his authorization.” We note that the parties took pains to ensure that the district court’s written instructions did not contain the “exceeds authorization” language, and the court expressly struck that language from the instructions. indictment to language. In addition, the court’s recitation of the elements included the only the authorization.” to consider decision and jury, charge without of the The court also read the “exceeds accessing a authorization” computer “without Moreover, the court told the jury that it was the instructions that Steele charged in the indictment. was “as a whole” in reaching its not on trial for any not act Finally, the jury received a copy of the indictment and the verdict forms based on the indictment. Given that the bulk of the district court’s instructions to the jury correctly referred to the charge as accessing a computer “without authorization,” we conclude that the court’s two isolated references to accessing a computer “in excess” of authorization did not constitute a constructive amendment. 10 C. Next, Steele asserts § 1030(c)(2)(B)(iii) accessing a are protected that his felony constitutionally computer without misdemeanor offense under the CFAA. convictions flawed. under Typically, authorization is a The statute does, however, provide three ways through which the offense may be enhanced to a felony: (1) committing the offense for “commercial advantage or private financial gain”; (2) committing the offense “in furtherance of any criminal or tortious act in violation of” state or federal law; or (3) if “the value of the information obtained exceeds Accordingly, the $5,000.” 18 indictment U.S.C. charged § 1030(c)(2)(B) Steele not (2012). only with accessing a protected computer without authorization but also with doing so on the basis of these three felony enhancements, including in furtherance of Virginia’s grand larceny statute, Va. Code Ann. section 18.2-95. Steele first argues that the Virginia statute and the CFAA provision are proved using the same criminal conduct. According to Steele, because the two offenses merge, the government was barred by double jeopardy principles from enhancing what would have been a misdemeanor into a felony conviction. Second, Steele argues that he could not be convicted of grand larceny under the Virginia statute because “intangibles” such as computer data cannot be the subject of common law larceny under 11 Virginia law. Consequently, enhancing his offenses to felonies on this basis violates his due process rights. Because Steele did not preserve these objections to his convictions, we review them for plain error. See United States v. Hastings, 134 F.3d 235, 239 (4th Cir. 1998) (citing United States v. Olano, 507 U.S. 725, 731–32 (1993)). no error, plain or otherwise, occurred. As we explain, Steele’s arguments cannot upend common sense conclusions that the Virginia statute does not present a merger problem, nor that Steele could be convicted under the statute. 1. Steele relies heavily on our decision in United States v. Cioni, 649 F.3d 276 jeopardy argument. (4th Cir. 2011), to support his double That case involved the defendant’s unlawful accessing of email accounts and her subsequent viewing of emails contained in those consequently convicted authorization conviction accounts. (in was of to at accessing violation enhanced Id. a of 279–81. a Cioni computer § 1030(a)(2)(C)), felony on the theory was without and her that her conduct was “in furtherance of” obtaining unauthorized access to communications in electronic storage (a violation of 18 U.S.C. § 2701(a)). Cioni government Id. at 281. challenged used the her same convictions conduct--her 12 by arguing unlawful that the accessing and viewing of email accounts--to support both the underlying violation of § 1030(a)(2)(C) and the felony enhancement under § 2701(a). Id. We agreed, holding that such an “overlap” creates a “merger problem, tantamount to double jeopardy.” Id. at 282–83 (quoting United States v. Santos, 553 U.S. 507, 527 (2008) (Stevens, J., concurring in the judgment) (internal quotation marks omitted)). Steele protected likewise computers § 1030(a)(2)(C) and contends that improperly the § 1030(a)(2)(C) accompanying observe data; Cir. reprinted felony a that the of accessing violation enhancement of under Primarily, proof defendant asportation . . . need read not or be See United States v. Batti, 631 F.3d 371, 377 2011) in both We disagree. only “[a]ctual proved . . . .” (6th requires conduct supported Va. Code Ann. section 18.2-95. of his (quoting 1986 S. Rep. U.S.C.C.A.N. No. 2479, 99-432, 2484). 6–7 The (1986), Virginia statute, on the other hand, criminalizes grand larceny, which by definition requires proof of an actual taking. Commonwealth, 35 S.E.2d 763, 764 (Va. See Dunlavey v. 1945); Welch v. Commonwealth, 425 S.E.2d 101, 104 (Va. Ct. App. 1992). In this case, Special Agent Etienne, who investigated Steele’s conduct, testified that the FBI recovered evidence that Steele not only accessed emails and bid documents but actively downloaded them and saved them to multiple hard drives connected 13 to his personal computer. J.A. 700–02 (describing Steele’s organized and purposeful method for saving documents in labeled file folders on his hard drive). In addition, the government provided the jury with a summary chart of the charges against Steele, listing specific documents supporting those charges, the value associated with those documents, and the location where J.A. 1069. 2 they were found on Steele’s computer hard drives. Through this Steele’s evidence, conduct protected the included information but government not also was simply able to reading or downloading show that observing (“taking”) that information. In sum, because the government used different conduct to prove the two offenses, Steele’s 2 felony convictions for The documents listed under Counts 7, 8, 11, 12, and 13 of the summary chart have no corresponding hard drive location, presumably because the government could not establish that Steele actually downloaded those documents. However, the district court instructed the jury that it could also find Steele guilty of a felony if (1) he accessed the computer data for “commercial advantage or private financial gain” or (2) “the value of the information obtained exceed[ed] $5,000.” The jury considered substantial evidence that both additional felony enhancements existed. J.A. 551–55 (testimony of Agent Etienne describing Steele’s access and downloads of documents related to bids for which his new company competed with his old); J.A. 993– 1018 (charts showing development costs of the information accessed by Steele); J.A. 1069 (summary chart estimating proprietary value of the information accessed and downloaded by Steele). This evidence fully supported the jury’s felony verdicts on Counts 7, 8, 11, 12, and 13. 14 violating the CFAA do not raise the double jeopardy concerns implicated by Cioni. 2. Steele S.E.2d 77 similarly (Va. Ct. relies App. on Carter 2009), to v. contend Commonwealth, that his 682 felony convictions under the CFAA violate his due process rights. In Carter, the defendant was convicted of stealing paint from a retail store. On appeal, he argued that the evidence was insufficient to convict him of larceny because he never intended to keep the paint, but rather sought to return it for a cash refund. 682 S.E.2d argument, but contention that it the at 79–81. also value The rejected of court the the paint rejected government’s could be Carter's separate subject to larceny, noting that “an intangible cannot be the subject of larceny.” Id. at 81 & n.7 (internal quotation marks omitted). Steele argues that, likewise, computer data--as an intangible-is not subject to larceny, and therefore he could not be convicted under the Virginia statute. We reject this contention. Virginia law expressly provides that, For the purposes of § 18.2-95 . . ., personal property subject to . . . larceny . . . shall include: 1. Computers and computer networks; 15 2. Financial instruments, computer data, programs, computer software and all other property regardless of whether they are: computer personal a. Tangible or intangible . . . . Va. Code Ann. § 18.2-152.8 (West 2011) (emphasis added). this section, intangible computer data may be Under subject to larceny, even common law larceny, as codified by section 18.295. Moreover, we find Carter distinguishable. theft of an considered amorphous concept an intangible than “intangible” in that it is like computer Not only is value more data (which electronic), there is properly is only also no Virginia statute that expressly includes “value” in the type of property Steele subject could to have larceny. been Accordingly, convicted under we the conclude Virginia that grand larceny statute for accessing and downloading the proprietary information of his former employer. D. Lastly, we reject Steele’s contentions that the government erred in calculating both his sentence under the U.S.S.G. and the amount of restitution required under the Mandatory Victims Restitution Act of 1996 (“MVRA”), 18 U.S.C. § 3663A. We review both sentencing and restitution judgments under a deferential abuse of discretion standard. Gall v. United States, 552 U.S. 16 38, 41 (2007); United States v. Harvey, 532 F.3d 326, 339 (4th Cir. 2008). The district presentence court accepted the report that investigation recommendation of Steele’s offense base the level be increased by 18 points under U.S.S.G. § 2B1.1(b)(1) because his theft caused more than $2,500,000 in loss. The court arrived at the loss estimate ($3,048,769.55) by looking at the costs incurred by SRA to prepare the documents accessed by Steele relating to specific government contracts for which his new company competed with his old. Steele argues that, in increasing his offense level to account for intended loss, the government failed to show that Steele had the subjective intent to cause the amount of loss calculated. Our precedent is clear that when calculating loss under § 2B1.1(b)(1), intended loss (rather than actual loss) is the appropriate measure. See United States v. Miller, 316 F.3d 495, 499 (4th Cir. 2003). Although Steele testified that he did not have the subjective intent to cause his former employer loss, the district court did not accept his explanation. any J.A. 1101 (Steele’s explanation was “farfetched.”); J.A. 1118 (“Well, I just don’t buy it.”); J.A. 1120 (“[Y]ou say, ‘I just had [this information] on my computer. buy that either.”). I did nothing with it.’ I don’t Because the court accounted for Steele’s subjective intent when determining his sentence, its conclusion 17 was not in error. See United States v. Cloud, 680 F.3d 396, 409 n.7 (4th Cir. 2012) (finding that the court’s rejection of the defendant’s argument that there was no intended loss “adequately accounted for [his] subjective intent”). We are also satisfied that the district court imposed a reasonable amount in restitution. Under the MVRA, a court must award restitution where the defendant is convicted of an offense against property and the victim U.S.C. § 3663A(c)(1) (2012). victim’s “expenses suffers pecuniary loss. 18 Restitution must include both the incurred during participation in the investigation or prosecution of the offense” and the value of any stolen property (if return of the property “is impossible, impracticable, or inadequate”). § 3663A(b)(1)(B), (b)(4). The district court awarded $228,400 in restitution for the amount spent prosecution by of SRA the to assist offenses. in the Further, investigation the court and awarded $91,462.80, as a fractional component of the development costs of the stolen proprietary information. Finally, the court awarded $16,114.88 in legal fees, for a total restitution award of $335,977.68. Steele contests the district court’s restitution order on two grounds: first, that no evidence supported the $228,400 amount, and second, that the court erred in its calculation of SRA’s actual loss. We disagree on both counts. 18 First, the district court concluded that the $228,400 amount was reasonable given that 11 SRA employees spent over 1,083 hours assisting the prosecuting the offenses. $75,330 that the authorities in investigating and Although this number differs from the government proffered at trial for the time spent by those same 11 employees, the increase is understandable in light of the additional time required to testify and help prepare for the trial. Second, the $91,462.80 actual loss amount reflects the district court’s decision to award SRA only 3% of its estimated cost of preparing the bid documents that Steele accessed. MVRA requires actual loss. restitution to be based on See Harvey, 532 F.3d at 339. the victim’s The total While it is unclear why the district court chose to award SRA only a fraction of its total loss, any Steele’s favor. error in the court’s calculation inured in Accordingly, we decline to disturb the district court’s restitution award. III. For the reasons given, we affirm the district court’s judgment. AFFIRMED 19

Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.