STATE OF OREGON, Respondent on Review, v. RAJI AFIFE AZAR, Petitioner
CC 18CR28295; CA A170612; SC S069578
IN THE SUPREME COURT OF THE STATE OF OREGON
April 11, 2024
372 Or 163 (2024)
DeHOOG, J.
On review from the Court of Appeals. Argued and submitted March 3, 2023.
Zachary Lovett Mazer, Deputy Public Defender, Office of Public Defense Services, Salem, argued the cause and filed the briefs for petitioner on review. Also on the briefs was Ernest G. Lannet, Chief Defender, Criminal Appellate Section.
Joanna Hershey, Senior Assistant Attorney General, Salem, argued the cause and filed the brief for respondent on review. Also on the brief were Ellen F. Rosenblum, Attorney General, and Benjamin Gutman, Solicitor General.
Before Flynn, Chief Justice, and Duncan, Garrett, DeHoog, Bushong and Masih, Justices, and Balmer, Senior Judge, Justice pro tempore.**
DeHOOG, J.
The decision of the Court of Appeals is reversed in part. The judgment of the circuit court is reversed in part, and the case is remanded to the circuit court for further proceedings.
Bushong, J., dissented and filed an opinion, in which Garrett, J., and Balmer, S.J., joined.
* Appeal from Multnomah County Circuit Court, Kenneth R. Walker, Judge. 318 Or App 724, 509 P3d 668 (2022).
** James, J., did not participate in the consideration or decision of this case. Baldwin, Senior Judge, Justice pro tempore, participated in oral argument, but did not participate in the consideration or decision of this case.
DeHOOG, J.
Under the Oregon Criminal Code, a person commits the offense of “computer crime” if, in relevant part, the person accesses or uses (or attempts to access or use) a computer, computer system, or computer network for the purpose of committing theft.
The Court of Appeals, in a divided opinion, concluded that such conduct constitutes computer crime, and it upheld the trial court‘s denial of defendant‘s motion for judgment of acquittal as to the relevant charges
(computer),3 nor depends on computer technology as the means of gaining access to the thing that the person seeks to unlawfully obtain. Here, the conduct with which the state charged defendant involved the theft of merchandise that bore no relationship to eBay‘s or anyone else‘s protected interests in computers, their contents, or rights held in digital form, and defendant was not dependent on computer technology to gain access to something he sought to steal. Thus, we conclude that the trial court erred in denying defendant‘s motion for judgment of acquittal and, accordingly, reverse, in part, the decision of the Court of Appeals.4
I. BACKGROUND
A. Facts
When reviewing the denial of a motion for judgment of acquittal, “we view the evidence in the light most favorable to the state to determine whether any rational trier of fact could have found the essential elements of the crime beyond a reasonable doubt.” State v. Hubbell, 371 Or 340, 343, 537 P3d 503 (2023). The Court of Appeals opinion sets forth the relevant facts—which are undisputed—in some detail. Azar, 318 Or App at 727-28. In brief, eBay is an internet site on which individuals can post items for sale either through an online auction or at fixed, “buy-it-now” prices. The eBay website processes purchasers’ payments using—among other services—PayPal, an online payment platform. Sellers can then transfer funds received via PayPal into their own bank accounts.
As part of an investigation into a series of thefts from several retail stores, undercover investigators sold defendant various items of merchandise, falsely telling him that the items had been stolen. Law enforcement officers were then able to track the “stolen” merchandise by purchasing items from an eBay account associated with defendant and confirming that those items were the ones that they had sold to defendant. Police later arrested defendant, who admitted that he had used his sister‘s eBay account to sell stolen property. Defendant further admitted that he had obtained the sales proceeds by transferring the funds from his sister‘s PayPal account into his own PayPal account, and from there into his bank account.
B. Procedural History
As a result of that conduct, the state charged defendant with, in relevant part, three counts of “computer crime,”
motion, and a nonunanimous jury convicted defendant of those counts.
Defendant appealed, reprising his arguments from the trial court. The Court of Appeals reversed and remanded defendant‘s nonunanimous convictions for a new trial, but it otherwise affirmed. Azar, 318 Or App at 726. In a split decision, the majority held that “a person violates [
Judge Pagan disagreed. He reasoned that the legislative history of
crime statute as somewhat “analogous to burglary—that is, accessing a place a person is not allowed to be with the intention of committing a crime in that place.” Id. at 740 (emphasis in original). Judge Pagan further reasoned that, due to the ubiquitous nature of computer technology in modern society, the majority‘s understanding of the statute would encompass far more conduct than the legislature could have anticipated and would elevate any number of minor offenses to Class C felonies, which could not, in his view, have been what the legislature intended. Id. at 743.
Defendant sought review in this court, which we allowed.
II. DISCUSSION
Defendant argues on review that, as relevant here, computer crime under
A. The Text and Context of ORS 164.377(2)(c)
“When, as here, a trial court denies a defendant‘s motion for judgment of acquittal based on an interpretation of a statute, we review the denial for errors of law.” State v. Haley, 371 Or 108, 112, 531 P3d 142 (2023). The specific statutory question in defendant‘s case is whether
that question under the framework set out in State v. Gaines, 346 Or 160, 206 P3d 1042 (2009). Our goal is to determine the intent of the legislature that enacted that provision. Id. at 171. In making that determination, we consider the disputed statutory text in context, together with any available legislative history that we find helpful. Id. at 172. If a statute‘s intended meaning remains unclear to us following our examination of its text, context, and legislative history, we may turn to general maxims of statutory interpretation for additional guidance. See, e.g., Chaimov v. Dept. of Admin. Services, 370 Or 382, 398 n 7, 520 P3d 406 (2022) (noting limited circumstances in which it may be appropriate for courts to consider general maxims of statutory interpretation).
In this case, the state charged defendant with computer crime based on his alleged violation of
“Any person commits computer crime who knowingly accesses, attempts to access or uses, or attempts to use, any computer, computer system, computer network or any part thereof for the purpose of:
“*****
“(c) Committing theft, including, but not limited to, theft of proprietary information or theft of an intimate image.”7
The disputed text here is “accesses * * * or uses * * * any computer * * * for the purpose of * * * [c]ommitting theft.” On its face, that language is quite broad and can plausibly be understood to capture utilizing eBay to facilitate theft as defined by Oregon law, including theft by receiving under
accessing a computer in the course of committing a theft not constitute use or access for the purpose of committing theft? As noted, the Court of Appeals effectively concluded that a person lacks that purpose when their use or accessing of a computer is merely “incidental,” and not the “direct, necessary means” of committing the theft. See Azar, 318 Or App at 737. As the following indicates, our ultimate conclusion in this case aligns with the implicit reasoning of the Court of Appeals—as well as that of the dissenting opinion in this court—which we understand to be that, despite the facially broad language of
And, if all that
That qualifying language in
that objective is sufficient to render a “use” of a computer “computer crime” or, if not, what else the state must prove to establish a violation of
“Committing,” in turn, means, as pertinent here, to engage in specific conduct that the law makes punishable as a crime. See Black‘s Law Dictionary 248, 334 (5th ed 1979) (defining “commit” as “[t]o perpetrate * * * a crime” and “crime” as a “positive or negative
That brings us, finally, to the term “theft,” which raises one of the parties’ central disputes in this case: whether “theft,” as used in
We begin by observing, as defendant emphasizes, that
The state responds that the legislature had no need to define “theft” for purposes of the computer crime statute, because that term already had a well-defined legal meaning in Oregon when it enacted that law: the meaning found in
because that would violate our duty under
We conclude that “theft” as used in
In our view, nothing suggests a contrary intention. Defendant contends otherwise. He offers various contextual clues that he asserts support the view that “theft” in
We are not persuaded. It is true that, in addition to prohibiting using or accessing a computer for purposes of committing theft,
“Any person commits computer crime who knowingly accesses, attempts to access or uses, or attempts to use, any computer, computer system, computer network or any part thereof for the purpose of:
“(a) Devising or executing any scheme or artifice to defraud; [or]
“(b) Obtaining money, property or services by means of false or fraudulent pretenses, representations or promises[.]”
And, as defendant points out, both
reason to separately define computer crime to include the conduct proscribed by
We acknowledge that, as defendant observes, there would appear to be considerable overlap between the conduct that paragraphs (2)(a) and (b) proscribe and the conduct that paragraph (2)(c) encompasses if, as the state argues, “theft” in paragraph (2)(c) wholly incorporates
In sum, the text and context of
concluded, “the person‘s use or access[ing] of a computer is the direct, necessary means by which the person accomplishes” a theft? See Azar, 318 Or App at 737.12 Or did the legislature intend some different scope when it enacted the computer crime statute? Because our assessment of the text and context of
B. The Legislative History of ORS 164.377
This court recognized in Nascimento, 360 Or at 42, that the legislature‘s primary concern in adopting the computer crime provisions of HB 2795 was computer “hacking“—the unauthorized use or accessing of computers or the data they contained. Defendant relies on that point to support his argument that we should narrowly construe what it means to “use” or “access” a computer system for purposes of committing theft. Although the state agrees that the primary concern of the legislature that established the offense of computer crime was hacking, it attaches less significance to that point than
when it passed HB 2795. See Nascimento, 360 Or at 44 (noting that the “legislature may and often does choose broader language that applies to a wider range of circumstances than the precise problem that triggered legislative attention” (Internal quotation marks omitted.)).
Having reviewed the legislative history of the computer crime statute, we conclude that it does not support as expansive an application of
Sterling Gibson, a security officer for General Telephone, testified that the purpose of the amendment was to “prevent people from calling into someone‘s computer” and manipulating a business‘s data. Id. When Chairperson Springer asked whether the existing theft of services statute already criminalized the conduct described in the amendment, Gibson responded that “a lot of times it may not be theft[.]” Id. He continued that, even though “it may be construed as theft, * * * the actual act was the manipulation, or changing of documents” that are “vital” to an organization‘s survival. Id. He further explained that that conduct “isn‘t theft, that‘s manipulation” and later reiterated that “we‘re not necessarily dealing with the theft of something, [we‘re dealing with] manipulation.” Id. Gibson said that, in his experience, when law enforcement sought to prosecute acts of computer hacking, they had found the theft of services statutes “too broad” and “not useable.” Id.
Echoing Gibson‘s testimony, Legislative Counsel Leslie Hammond later explained to the full House Committee
on Judiciary that HB 2795 was intended to address “the idea of people who use their computers or instruments to get access to computer systems or networks and then gain by using the information or program that belongs to someone else.” Tape Recording, House Committee on Judiciary, HB 2795, May 13, 1985, Tape 613, Side A; see also id. (explaining that the bill makes “it a crime for people to access a computer system to which they don‘t belong or to destroy or damage the property“). Hammond also prepared a staff summary for the committee explaining that the bill was intended to address the problem of people “using computers to break into computer systems to steal information or programming.” Staff Measure Summary, House Committee on Judiciary, HB 2795 (1985). The bill passed the committee without further discussion. Tape Recording, House Committee on Judiciary, HB 2795, May 13, 1985, Tape 613, Side A.
That legislative history readily supports what is undisputed here: HB 2795‘s proponents were most concerned with the sort of conduct criminalized by subsections (3) and (4) of
instruments to get access to computer systems or networks” and “using the information or program that belongs to someone else,” Tape Recording, House Committee on Judiciary, HB 2795, May 13, 1985, Tape 613, Side A; (3) proponents’ accounts of electronically stored business data being manipulated or altered; and (4) the fact that HB 2795‘s original objective was to address those who were surreptitiously acquiring cable television services—an electronically distributed commodity—for free. We turn next to what that limitation is; that is, what qualifies as “use” or “access“?
C. What qualifies as “use” or “access” under ORS 164.377(2)(c) ?
As we have just discussed, the legislative history suggests that the legislature that enacted
Court of Appeals seems to have been persuaded by other considerations—that not every act of using or accessing a computer in the course of engaging in theft qualifies as use or access “for the purpose of * * * [c]ommitting theft.”
Before determining which acts do qualify, we first note that we disagree with the Court of Appeals’ test, which we understand to be that the person‘s use or accessing of a computer must be the “direct, necessary means” by which the person committed a theft and that the use or access must be more than “incidental.” Azar, 318 Or App at 738. For one thing, that test does not adequately reflect the purpose for which the legislature enacted the computer crime statute, as reflected in its legislative history. And for another, the Court of Appeals’ test is, in our view, unworkable. That is, “direct [and] necessary” is susceptible to myriad meanings, and nothing in the Court of Appeals’ decision explains which meaning applies.14
Relatedly, the Court of Appeals’ requirement that a person‘s use or access of a computer be more than
“incidental” does not improve matters. There is no way to anticipate when a particular prosecutor, jury, or court will view one or another use of computer technology as merely “incidental.” We therefore do not share the Court of Appeals’ optimism that its test is sufficient to “allow a person of ordinary intelligence to understand the scope of what is prohibited” so as to alleviate defendant‘s vagueness concerns.15 See Azar, 318 Or App at 738. Thus, although we agree with the Court of Appeals that it is appropriate to articulate the intended scope of
We, therefore, describe the scope of
of accessing the thing that the person seeks to unlawfully obtain.
D. ORS 164.377(2)(c) does not apply to defendant‘s conduct.
Turning to the application of that standard to this case, we emphasize that, despite the limits that our construction may impose on the computer crime statute,
In this case, defendant does not dispute that his conduct in selling purportedly stolen property on eBay constituted theft by receiving. That conduct, however, did not interfere with any interest that eBay or anyone else had in a computer, computer system, or computer network, or in any electronic contents thereof. Nor did defendant use eBay or any other computer technology to gain access to property that he sought to unlawfully obtain—to the extent that anyone actually accessed the purportedly stolen merchandise at issue in this case, it is apparent that they did so by physically entering the retail locations where such items were sold. Under those circumstances, defendant‘s conduct cannot have constituted computer crime.16
III. CONCLUSION
We conclude that a person does not violate
The decision of the Court of Appeals is reversed in part. The judgment of the circuit court is reversed in part, and the case is remanded to the circuit court for further proceedings.
BUSHONG, J., dissenting.
Defendant used a computer to sell stolen merchandise on eBay, obtaining money from those sales through PayPal accounts that he accessed using a computer.1 The majority opinion concludes that defendant‘s use of a computer to commit those crimes does not constitute “computer crime” in violation of
history suggests “a more limited understanding”
As the majority opinion points out, a person commits computer crime in violation of
That interpretation finds no support in the text or context of the statute, and the majority opinion does not suggest that it does. Instead, the majority opinion relies on the legislative history to support its narrow interpretation of the statutory text. But that interpretation conflicts with the plain meaning of the text, and we have long recognized that “there is no more persuasive evidence of the intent of the legislature than the words by which the legislature undertook to give expression to its wishes.” State v. Gaines, 346 Or 160, 171, 206 P3d 1042 (2009) (internal quotations marks omitted).
The words used here—to “access” and “use“—a computer to commit theft are not limited by any words suggesting that the “rights” a person may have obtained or
interfered with when the person used or accessed a computer must be “in or located on” a computer to constitute computer crime. Nor are there any words limiting the reach of the statute to using computer technology “as a means of accessing the thing that the person seeks unlawfully to obtain.” Instead, paragraph (1)(a) of the computer crime statute broadly defines “access” to mean “to instruct, communicate with, store data in, retrieve data from or otherwise make use of any resources of a computer, computer system or computer network.”
The majority opinion‘s interpretation also overlooks the fact that subsection (2) of the computer crime statute expressly states what the purpose of using or accessing a computer must be for the conduct to be considered computer crime. That provision states that a person commits computer crime when the person knowingly uses or accesses a computer “for the purpose of” (among other things) “[c]ommitting theft.”
Moreover, although the legislative discussions leading to the enactment of the statute focused primarily on the problem of “computer hacking,” as the majority opinion points out, the legislature ultimately adopted a statute that broadly covers conduct beyond “hacking.” That commonly occurs during the legislative process. See, e.g., State v. Nascimento, 360 Or 28, 44, 379 P3d 484 (2016) (recognizing that the legislature “‘may and often does choose broader language that applies
48, 55, 149 P3d 131 (2006) (“[T]he statutory text shows that, even if the legislature had a particular problem in mind, it chose to use a broader solution.“). That does not mean that we must interpret the statute “in the broadest sense that the text might permit.” Nascimento, 360 Or at 44. Rather, “‘legislative history would be a basis on which we appropriately may construe the text more narrowly‘” if that history “‘reveals that the legislature had a narrower understanding of the term in mind, and if that narrower meaning is consistent with the text, even if not compelled by it[.]‘” Id. (quoting State v. Walker, 356 Or 4, 17, 333 P3d 316 (2014)).
Here, the words used in the computer crime statute—“access” and “use“—broadly apply to a wider range of circumstances than the hacking problem that triggered the legislative enactment in 1985. As explained above, the “narrower meaning” adopted by the majority opinion is inconsistent with the text enacted by the legislature, and as explained below, there is no evidence in the legislative history that the legislature had a narrower understanding of those terms in mind when it included that text in the computer crime statute. In fact, if the legislature were to reconsider the computer crime statute in 2024 and wanted to be certain that the statute covered this type of conduct—using a computer to access eBay to sell stolen goods for payments processed through PayPal—it would not need to amend the statute at all. The words in the existing statute—“using” or “accessing” a computer, computer system, or computer network to commit theft (including theft by receiving)—work just fine to encompass that conduct.
The legislative history confirms that the legislature did not have a narrower meaning in mind when it defined computer crime to include any use or access of a computer to commit theft. The widespread use of computer technology was in its early stages when the bill that became
an age where we utilize computers more and more[.]” Tape Recording, Senate Committee on Justice, SB 439, Mar 25, 1981, Tape 83, Side B (statement of Sen Ted Kulongoski). Two years later, one witness told the Senate Committee on Judiciary that they were “living during a period of history which has seen an incredible explosion of technological advances,” and that “[e]very indicator predicts the 1980s to be a decade of overwhelming technological change, probably exceeding in impact all the years preceding them. In all likelihood, in the next very few years ‘a computer in every home’ will become a reality.” Testimony, Senate Committee on Judiciary, SB 149, Feb 23, 1983, Ex A (statement of Terry Hippenhammer). That witness further explained that colleges and universities across the country were considering requiring all students to own a microcomputer and he broadly described the “potential abuse” that could occur. Id. Another witness described computer crime as “the crime of the future that is rapidly becoming the crime of the present.” Testimony, Senate Committee on Judiciary, SB 149, Feb 23, 1983, Ex B (statement of Jim Mattis).
Thus, by the time the computer crime legislation passed in 1985, the legislature was aware that its understanding of how computers could be “used” or “accessed” to commit crimes was limited and that the technology was changing rapidly. Instead of enacting a law that narrowly addressed “hacking” and related problems that were brought to the legislature‘s attention at the time, the legislature chose to broadly define “computer crime” to include “using” or “accessing” a computer for the purpose of committing theft, regardless of how the computer was used to commit the theft, the nature of the information or property rights obtained or affected by a wrongdoer‘s use or access of a computer, or the wrongdoer‘s ability to “otherwise access” the property without using a computer.
That broad wording does not mean that the legislature necessarily intended “computer
example—that it is unlikely that the legislature would have considered them to rise to the level of “computer crime.” But where a defendant‘s use of a computer is integral to the operation of a criminal enterprise—the Court of Appeals described defendant‘s use of a computer in this case as “the principal mechanism for his extensive fencing operation,” State v. Azar, 318 Or App 724, 738, 508 P3d 668 (2022)—I would conclude that the conduct is covered by the computer crime statute.3
That conclusion is consistent with a common-sense understanding of what it means to “access” or “use” a computer for the purpose of committing a crime. The defendant in this case built a criminal enterprise centered on using a computer to access eBay and PayPal to facilitate his illegal fencing operation. The eBay website allowed defendant to market stolen goods to millions of internet users, something he could not have done without the website and a computer to access it. The PayPal platform allowed defendant to receive payments for those stolen goods without risk, something he could not have done without that internet platform.4 And given the scope of defendant‘s fencing operation, using eBay and PayPal instead of selling stolen goods in person may have reduced the risk of attracting the attention of neighbors and law enforcement.
Under the majority opinion‘s test, using a computer “as a means of accessing the thing that the person seeks unlawfully to obtain” would be a computer crime covered by the statute. 372 Or at 183-84. Thus, under that test, using a computer to obtain stolen goods as part of an illegal fencing operation would be a computer crime but using a computer to sell stolen goods as part of the same criminal enterprise
would not be a computer crime. The majority opinion cites no evidence in the statutory text, context, or legislative history for such a distinction, nor does it offer any good reason why the legislature would intend to criminalize as computer crime using a computer to obtain stolen goods but not to sell them.
Defendant‘s use of a computer to conduct an illegal fencing operation—which is theft by receiving under Oregon law—falls squarely within the conduct that is prohibited by the computer crime statute. The majority opinion‘s contrary conclusion based on its narrow interpretation of the statute is, in my view, wrong. Accordingly, I respectfully dissent.
Garrett, J., and Balmer, S.J., join in this dissenting opinion.
