This Post Continues A Series That Will Comprise The Entirety Of The Matthew Keys Sentencing Documents Filed By The Defense – Part 5
- THERE IS NO BASIS FOR AN ENHANCEMENT FOR AN “AGGRAVATING ROLE,” BECAUSE THE ACTIVITY DID NOT INVOLVE FIVE OR MORE PARTICIPANTS AND KEYS DID NOT EXERCISE MANAGERIAL OR SUPERVISORY CONTROL
The PSR recommends a three level enhancement on the basis that Keys “was a manager or supervisor of criminal activity involving five or more participants” under § 3B1.1(b). Its justification is that the “defendant obtained access into a chat room and communicated with at least five members/associates of Anonymous, whom he encouraged to deface the Los Angeles Times website.” (PSR at 8). This enhancement is improper because it includes numerous people who bear no criminal responsibility for the charged offenses, played no role in the conspiracy, and were not members of any conspiracy. This inclusion contradicts the Sentencing Guidelines. Moreover, Keys’s activity does not rise to the level of management or supervision. An enhancement for role would not result in a sentence that is sufficient but not greater than necessary. This is especially untethered to the Computer Fraud and Abuse Act (CFAA).
- The Charged Activity Did Not Involve Five or More Participants Under the Sentencing Guidelines, Because Mere Presence in a Chatroom Cannot Make Someone Bear Criminal Responsibility
To qualify as a “participant” for the purposes of this enhancement factor, it is not sufficient to have been in a chatroom where the “criminal activity” was discussed. The Commentary to the Sentencing Guidelines states that a “‘participant’ is a person who is criminally responsible for the commission of the offense…”, adding that “[a] person who is not criminally responsible for the offense…is not a participant.” §3B1.1, Commentary, Application Note 1.
Thus, the USSC has emphasized that participants are limited to those who are criminally responsible for the commission of the offense. See, e.g. United States v. Anderson, 942 F.2d 606, 616 (9th Cir. 1991) (“Based on this construction of the guideline, we have to conclude that the district court incorrectly applied § 3B1.1(c) so as to adjust Anderson’s offense level upward by two points on the assumption that the person with respect to whom he was a leader, organizer, supervisor or manager need not have been criminally responsible for the commission of the offense”); United States v. Ware, 577 F.3d 442, 453, 2009 BL 176479, 11 (2d Cir. 2009) (“the record does not indicate that they could be considered “participants” within the above Guidelines definition of that term, for we see no indication in the record that they would be criminally liable”). To be a participant, a party must not only have been aware of the objective, but must have knowingly offered their assistance.
However, the only person who contributed anything to the charged offenses was “sharpie,” the chatroom participant who accessed the system to “deface” the LA Times website, and who has otherwise not been identified, and “sabu,” who subsequently became a government informant. There were other usernames in the chatroom, but none of them had any active participation in accessing the Fox40’s Content Management System. Some of them did no more than make a glib comment, or express words of approval. There is little communication between AESCracked, the username attributed to Matthew Keys, and most of the other persons in the chatroom. None of the usernames in the chatroom have been identified, and there is no way of even knowing if they are separate individuals. It is insufficient that they appear to have cheered on the activity, because in order to be a participant one must have actively participated.
In order to find that “AESCracked” was the manager or supervisor of five or more participants, the PSR must determine that each of these usernames bore criminal responsibility for the charged offenses. This would be online equivalent of finding that each of ten persons in a room was responsible for crimes that only two or three of them discussed and planned, merely because they were in listening distance and they were presumed to be sympathetic to the true participants. SeeUnited States v. Mann 161 F.3d 840 867 (5th Cir. 1998) (“A finding that other persons ‘knew what was going on’ is not a finding that these persons were criminally responsible for commission of an offense.”). But at least in a physical world example, each person can be identified and their actual activities assessed. In a virtual chatroom, the “presence” itself cannot be counted as participation. In fact, it is not even known for sure how many usernames represent unique individuals. The enhancement factor could not possibly have been meant to sweep this broadly.
- Keys Did Not Supervise or Manage Participants in Criminal Activity
Moreover, there is no evidence that Matthew “supervised” or “managed” any individuals. See, e.g. United States v. Woods, 335 F.3d 993 (9th Cir. 2003) (finding that enhancer did not apply because defendant did not manage or supervise participants). In order for this enhancement factor to apply, the court must identify a participant over whom defendant exercised managerial or organizational control. See United States v. Helmy, 951 F.2d 988, 997 (9th Cir. 1991) (“Consistent with the purposes of Part B, we hold that in order for a defendant to receive an adjustment under § 3B1.1(b) for his role as a manager or supervisor, the defendant must have managed or supervised at least one other participant–that is, a person who was criminally responsible for the commission of the offense”). The adjustment does not apply to a defendant who “merely suggests committing the offense.” USSG §3B1.1, Commentary, Application Note 4.
As discussed above, most of the so-called “participants” in the offense conspiracy were merely usernames in a chatroom that did little more than comment on the ongoing discussion. AESCracked did not have any managerial control over them, and neither did Matthew. He did not know who they were, and did not interact directly with most of them. The only people with whom he discussed the activities were “sharpie” and, to a lesser extent, known hackers “sabu” and “kayla.” Only one of those individuals, based on the evidence, actually entered into the Content Management System. Matthew did not manage or control “sharpie” when the CMS was entered.
- The Activity was Not “Otherwise Extensive”
Although the PSR does not mention it, the Government may argue that, although there were fewer than five participants, the managerial control was “otherwise extensive” under § 3B1.1(b). However, this subcategory generally requires that there are multiple participants and that there is managerial and supervisorial control. As discussed above, neither of these is true. Most of the Courts of Appeals follow the test expressed by the Second Circuit in United States v. Carrozzella, 105 F.3d 796 (2d Cir. 1997), which held that “otherwise extensive” requires, at a minimum, “a showing that an activity is the functional equivalent of an activity involving five or more participants.” There is no functional equivalent to such an activity, where only one participant in the chatroom actively participated in the activity encouraged by AESCracked, the rest of the persons were merely commenting about it in a chatroom.
Thus, there is no basis for the three-point enhancement under § 3B1.1(b).
 See United States Sentencing Commission, Aggravating and Mitigating Role Adjusting Printer, available at http://www.ussc.gov/sites/default/files/pdf/training/primers/Primer_Role_Adjustment.pdf