The opinion of the court was delivered by: Wigenton, District Judge.
Before the Court is Defendant Andrew Auernheimer's ("Defendant" or Auernheimer") Motion to Dismiss the Superseding Indictment ("Motion"). The United States of America ("Government") opposed the Motion. For the reasons stated below, the Court DENIES Defendant's Motion.
FACTUAL AND PROCEDURAL HISTORY
Although the Court assumes the parties' familiarity with the allegations and procedural history in the case, the Court will briefly review the facts relevant to the present Motion. In June 2010, Defendant and former co-defendant, Daniel Spitler ("Spitler"), created a computer program, the "Account Slurper" ("Program"), designed to exploit AT&T's automated feature which linked iPad 3G users' e-mail addresses to their unique iPad 3G Integrated Circuit Card Identifiers ("ICC-ID"). (Superseding Indictment, Count 1, ¶¶ 7-8.) Specifically, the Program "was designed to mimic the behavior of an iPad 3G so that AT&T's servers were fooled into believing that they were communicating with an actual iPad 3G and wrongly granted the [Program] access to AT&T's servers." (Id. at Count 1, ¶ 8a.) Between June 5, 2010 and June 9, 2010, Defendant and Spitler's Program gained unauthorized access to AT&T's servers and obtained approximately 120,000 ICC-ID/e-mail address pairings from iPad 3G customers, including thousands of customers in New Jersey. (Id. at Count 1, ¶¶ 9, 27d.) Subsequently, Defendant and Spitler disclosed the stolen ICC-ID/e-mail address pairings to Gawker, an Internet magazine, and sent e-mails to members of various news organizations offering "to describe the method of theft in more detail." (Id. at Count 1, ¶¶ 11, 12, 24 & n.4, 27c.)
On August 16, 2012, a federal grand jury sitting in Newark, New Jersey returned a two-count Superseding Indictment against Defendant. Count One charged that, from June 2, 2010 through June 15, 2010, Defendant conspired to access a computer without authorization or exceeded authorized access, and thereby obtained information from a protected computer, in furtherance of a criminal act in violation of N.J.S.A. 2C:20-31(a), contrary to the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. §§ 1030(a)(2)(C) and 1030(c)(2)(B)(ii), in violation of 18 U.S.C. § 371. Count Two charged that, from June 2, 2010 through June 15, 2010, Defendant knowingly transferred, possessed, and used, without lawful authority, means of identification of other persons, including New Jersey residents, in connection with unlawful activity, specifically, the unlawful accessing of AT&T's servers contrary to 18 U.S.C. § 1030(a)(2)(C), in violation of 18 U.S.C. §§ 1028(a)(7) and section 2.
An indictment, if valid on its face and returned by a legally constituted and unbiased grand jury, "is enough to call for trial of the charge on the merits." United States v. Vitillo, 490 F.3d 314, 320 (3d Cir. 2007) (quoting Costello v. United States, 350 U.S. 359, 363 (1956)). "An indictment is generally deemed sufficient if it: [ ] (1) contains the elements of the offense intended to be charged, (2) sufficiently apprises the defendant of what he must be prepared to meet, and (3) allows the defendant to show with accuracy to what extent he may plead a former acquittal or conviction in the event of a subsequent prosecution." Id. (quoting United States v. Rankin, 870 F.2d 109, 112 (3d Cir. 1989)) (internal quotation marks omitted).
"Federal Rule of Criminal Procedure 12(b)(3)(B) allows a district court to review the sufficiency of the government's pleadings to . . . ensure that legally deficient charges do not go to a jury." United States v. Huet, 665 F.3d 588, 595 (3d Cir. 2012) cert. denied, No. 11-10312, 2012 WL 1716258 (Oct. 9, 2012) (quoting United States v. Bergrin, 650 F.3d 257, 268 (3d Cir. 2011)) (internal quotation marks omitted); see United States v. DeLaurentis, 230 F.3d 659, 661 (3d Cir. 2000) ("Federal Rule of Criminal Procedure [12(b)(3)(B)] authorizes dismissal of an indictment if its allegations do not suffice to charge an offense.") Although the Government is not obligated to bring forward its entire case in the indictment, "if the specific facts" alleged "fall beyond the scope of the relevant criminal statute, as a matter of statutory interpretation," then the indictment fails to state an offense. Huet, 665 F.3d at 595 (quoting United States v. Panarella, 277 F.3d 678, 685 (3d Cir. 2002)). "Evidentiary questions-such as credibility determinations and the weighing of proof-should not be determined at this stage." Bergrin, 650 F.3d at 265 (quoting United States v. Gallagher, 602 F.2d 1139, 1142 (3d Cir. 1979)) (internal quotation marks omitted). Accordingly, "a district court's review of the facts set forth in the indictment is limited to determining whether, assuming all of those facts as true, a jury could find that the defendant committed the offense for which he was charged." Huet, 665 F.3d at 595-96. DISCUSSION
Defendant moves to dismiss the Superseding Indictment based on five arguments: (1) the CFAA is void for vagueness; (2) Count One poses a merger problem resulting in double jeopardy; (3) the District of New Jersey is not a proper venue for this action; (4) Count Two is improperly pled because under 18 U.S.C. § 1028(a)(7), the offense cannot be "in connection with" a past crime; and (5) Count Two violates the First Amendment. For the reasons stated below, Defendant's Motion is denied. Each argument is addressed in detail below.
I.Count One: CFAA is Void for Vagueness Under the Fifth Amendment's Due Process Clause
A CFAA offense pursuant to 18 U.S.C. § 1030(a)(2)(C) occurs when an individual "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer[.]" Defendant argues that the CFAA is unconstitutionally vague as applied because it does not provide notice that the charged conduct was illegal. Specifically, Defendant contends that "[t]he CFAA provides no definition as to what constitutes unauthorized access to a protected computer, and the courts are conflicted as to what unauthorized access means." (Def. Br. 4.)
Although Defendant is correct that the statute does not define "without authorization," following a well-established canon of statutory construction, several courts have construed this phrase based on its ordinary, dictionary definition. See Perrin v. United States, 444 U.S. 37, 42 (1979). For instance, in WEC Carolina Energy Solutions LLC v. Miller, the Fourth Circuit concluded that in the context of a CFAA violation, "based on the 'ordinary, contemporary, common meaning,' of 'authorization,'. . . [an individual] accesses a computer 'without authorization' when he gains admission to a computer without approval." 687 F.3d 199, 204 (4th Cir. 2012) (citations omitted). Similarly, the Sixth Circuit stated in Pulte Homes, Inc. v. Laborers' Int'l Union of N. Am. that because "Congress left the interpretation of 'without authorization' to the courts, we again start with ordinary usage. The plain meaning of 'authorization' is '[t]he conferment of legality; . . . sanction.' Commonly understood, then, a defendant who accesses a computer 'without authorization' does so without sanction or permission." 648 F.3d 295, 303-04 (6th Cir. 2011) (citing 1 Oxford English Dictionary 798 (2d ed. 1989)). Lastly, in examining the CFAA statute in LVRC Holdings LLC v. Brekka, the Ninth Circuit applied "the "ordinary, contemporary, common meaning" of "without authorization." 581 F.3d 1127, 1133 (9th Cir. 2009) (concluding that based on the plain meaning of the terms, individual did not act "without authorization").
Additionally, "[i]t is well established that vagueness challenges to statutes which do not involve First Amendment freedoms must be examined in light of the facts of the case at hand." United States v. Moyer, 674 F.3d 192, 211 (3d Cir. 2012) (quoting United States v. Mazurie, 419 U.S. 544, 550 (1975)). "In criminal cases, because vagueness attacks are based on lack of notice, they may be overcome in any specific case where reasonable persons would know their conduct puts [them] at risk of punishment under the statute." Id. (internal quotation and citation omitted) (alteration in original). Defendant's vagueness challenge involves the CFAA and not First Amendment freedoms; thus, the Court will conduct its analysis "in light of the facts of the case at hand." See id.
Based on the circumstances in this case, this Court is satisfied that the CFAA is not unconstitutionally vague and that "reasonable persons would know their conduct puts [them] at risk of punishment under the statute." See Moyer, 647 F.3d at 211. The Superseding Indictment specifically alleges that Defendant gained unauthorized access to AT&T servers, stole 120,000 ICC-ID email address pairings, and committed the theft without authorization. (Superseding Indictment, Count 1, ¶¶ 9-10, 27d.) In his own words, Defendant even offered to provide the press with details of his "method of theft." (Id. at Count 1, ¶ 24.) The Superseding Indictment sufficiently alleges the elements of unauthorized access and sufficiently alleges conduct demonstrating Defendant's knowledge and intent to gain unauthorized access. For the purpose of Defendant's ...