United States v. Valle, 807 F.3d 508

Gilberto Valle, an NYPD officer with no violent history, participated in an online fetish community and exchanged numerous graphic chats about kidnapping, torturing, and cannibalizing women, including some he knew.
Valle was indicted on two counts: (1) conspiracy to kidnap several named women based on online chats with purported co‑conspirators; and (2) violating the CFAA, 18 U.S.C. § 1030(a)(2)(B), by querying a federal law‑enforcement database (NCIC) about Maureen Hartigan for a non‑law‑enforcement purpose.
At trial the government emphasized a subset of chats as showing “real” criminal planning, while treating many others as admitted “fantasy” role‑play; agents and prosecutors had pre‑classified messages into those two groups during the investigation.
The district court granted Valle’s Rule 29 acquittal on the conspiracy charge (finding the “real” chats indistinguishable from fantasy role‑play and remaining evidence insufficient) but denied acquittal on the CFAA charge; a jury had convicted Valle on both counts and he was sentenced to 12 months (mostly time served).
On appeal the Second Circuit (Parker, J. lead opinion) affirmed the acquittal on conspiracy (insufficient evidence to prove specific intent or a genuine agreement beyond reasonable doubt) and reversed the CFAA conviction—holding §1030(e)(6) ambiguous between a purpose‑based and a file‑based reading and applying the rule of lenity to adopt the narrower construction.

Issue	Plaintiff's Argument	Defendant's Argument	Held
Sufficiency of evidence for conspiracy to kidnap	Chats and supporting conduct (searches, surveillance, meetings) show Valle knowingly joined a real kidnapping conspiracy	Chats were fantasy role‑play; conduct explained innocently; prosecution cannot distinguish real chats from fantasy	Affirmed acquittal: evidence insufficient to prove specific intent or a genuine bilateral agreement beyond a reasonable doubt
Meaning of “exceeds authorized access” in CFAA §1030(e)(6)	Authorization is purpose‑limited; using access for a non‑official purpose “exceeds” authorization	“Exceeds authorized access” means accessing files or data one is not entitled to access; improper purpose alone is not covered	Reversed conviction: statute ambiguous between purpose‑based and file‑based readings; rule of lenity requires narrower (file‑based) construction

Jacobson v. United States, 503 U.S. 540 (1992) (protects private inclinations and requires proof of criminal intent)
Stanley v. Georgia, 394 U.S. 557 (1969) (thoughts and fantasies are generally beyond government punishment)
United States v. Curtin, 489 F.3d 935 (9th Cir. 2007) (fantasy v. intent distinction; fantasy is weak evidence of intent)
United States v. Nosal, 676 F.3d 854 (9th Cir. en banc 2012) (adopts file‑based reading of “exceeds authorized access” and warns against criminalizing commonplace policy violations)
WEC Carolina Energy Sols., LLC v. Miller, 687 F.3d 199 (4th Cir. 2012) (adopts narrower construction; cautions about sweeping criminal liability)
United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010) (adopts purpose‑based reading; employee accessed databases for nonofficial reasons)
United States v. John, 597 F.3d 263 (5th Cir. 2010) (adopts purpose‑based reading where employee misused access contrary to employer policy)
United States v. Morris, 928 F.2d 504 (2d Cir. 1991) (discusses ordinary meaning of “authorization” in CFAA context)
United States v. Kozminski, 487 U.S. 931 (1988) (rejects overbroad criminal statutes that would reach ordinary conduct)