Author: Allison Pedrazzi Helfrich
The grand jury for the Eastern District of Tennessee charged David Kernell, also known by the nicknames "rubico" and "rubico10," with "intentionally and without authorization" accessing a protected computer by means of an interstate communication, and of thereby obtaining information. Allegedly, Kernell gained unauthorized access to the e-mail account firstname.lastname@example.org (belonging to Alaska Governor Sarah Palin), changed the password to the account, made screenshots of personal information found in the account, and posted the new password and screenshots to a public website. He was charged pursuant to 18 U.S.C. § 2701 (the Stored Communications Act) and 18 U.S.C. §1030(a)(2) (the Computer Fraud and Abuse Act), which applies specifically to financial records, information from a government department or agency, or information from any protected computer if the conduct involved an interstate or foreign communication, in furtherance of the commission of a criminal act.
While the case is receiving a large amount of attention because of its relationship to Governor Palin, it appears that Kernell is not being charged under the governmental part of the provision, as the e-mail account was technically personal and not work-related. Kernell is a resident of Knoxville, Tennessee, and Yahoo! e-mail computers and servers are located in California; thus the government brought charges under the interstate communications provision of 18 U.S.C. §1030(a)(2). 18 U.S.C. § 2701 also prohibits both obtaining information and preventing authorized access to this information, both of which may have been violated by resetting the password.
Kernell purportedly used Yahoo’s password-recovery tools to gain access to the account by researching and correctly answering a series of personal security questions. After the password was posted to a public website, the indictment alleges that at least one other person successfully was able to access Governor Palin’s email account. According to news reports, one person who subsequently accessed the account was a "white knight," a Good Samaritan who changed the password again and sent the new password to a friend of Sarah Palin’s, thereby securing the account.
Some commentators have suggested that this case may provide a catalyst for changes in laws or practices aimed at providing additional protection against the type of personal privacy violation at issue here. For example, Colorado law professor Paul Ohm suggested in Harvard’s JOLT blog that this case will be a watershed event leading to new privacy protection legislation.
According to a statement by Wade Davies, Kernell’s attorney, on October 8th, the morning after the indictment, Kernell surrendered voluntarily. He entered a plea of "not guilty" on October 9th, and the court ordered his release. A trial is set for December 16th, after the general election. Kernell is the son of Mike Kernell, chairman of Tennessee’s House Government Operations Committee.