Jaynes v. Com.

• Decision Date: 05 September 2006
• Docket Number: Record No. 1054-05-4.
• Citation: 634 S.E.2d 357,48 Va. App. 673
• Parties: Jeremy JAYNES v. COMMONWEALTH of Virginia.
• Court: Virginia Court of Appeals

634 S.E.2d 357

48 Va. App. 673

Jeremy JAYNES v. COMMONWEALTH of Virginia.

Record No. 1054-05-4.

Court of Appeals of Virginia, Alexandria.

September 5, 2006.

COPYRIGHT MATERIAL OMITTED

Thomas M. Wolf (John H. Craddock, Jr. Richmond; Joseph M. Rainsbury, Roanoke; David A. Oblon, Arlington; LeClair Ryan, P.C., Richmond; Albo & Oblon, L.L.P., Arlington, on briefs), for appellant.

William E. Thro, State Solicitor General (Judith Williams Jagdmann, Attorney General; Eric A. Gregory, Associate State Solicitor General; Courtney M. Malveaux, Associate State Solicitor General; D. Mathias Roussy, Associate State Solicitor General; William R. Sievers, Associate State Solicitor General; Richard B. Campbell, Deputy Attorney General; Lisa M. Hicks-Thomas, Senior Assistant Attorney General; Samuel E. Fishel, IV, Assistant Attorney General, on brief), for appellee.

Amicus Curiae: The Rutherford Institute (John W. Whitehead, Charlottesville; L. Ilaine Upton, on brief), for appellant.

Amicus Curiae: American Civil Liberties Union of Virginia, Inc. (Rebecca K. Glenberg, on brief), for appellant.

Amicus Curiae: United States Internet Service Provider Association (Jennifer C. Archie; Richard P. Bress; Courtney S. Schorr; Alexander Maltas; Latham & Watkins, on brief), Washington, DC, for appellee.

Present: HALEY, J., and BUMGARDNER and FITZPATRICK,^* Senior Judges.

JAMES W. HALEY, JR., Judge.

Jeremy Jaynes (appellant) appeals his conviction by jury of three of counts of violating Code § 18.2-152.3:1, the unsolicited bulk electronic mail provisions of the Virginia Computer Crimes Act ("VCCA"). He maintains that (1) the trial court lacked subject matter jurisdiction over this case; (2) the statute violates the First Amendment; (3) the statute violates the Dormant Commerce Clause; and (4) the statute is unconstitutionally vague. We find no merit to these claims and affirm.

I. THE STATUTE AND PROCEDURAL BACKGROUND

The VCCA, Code §§ 18.2-152.1 to 18.2-152.13, notably, is part of Chapter 5 of the Virginia Criminal Code, entitled "Crimes Against Property."

The sections of the VCCA here relevant read as follows:

§ 18.2-152.3:1.

A. Any person who:

1. Uses a computer or computer network with the intent to falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider of its subscribers;

* * * * * *

B. A person is guilty of a Class 6 felony if he commits a violation of subsection A and:

1. The volume of UBE transmitted exceeded 10,000 attempted recipients in any 24-hour period, 100,000 attempted recipients in any 30-day time period, or one million attempted recipients in any one-year time period ....

In a motion to dismiss before the trial; in a motion to strike after the prosecution rested; and in a renewed motion to strike after appellant rested his case, appellant objected that the court lacked jurisdiction and that the law was unconstitutional under the First Amendment; was unconstitutionally vague; and violates the Dormant Commerce Clause of the Constitution. The trial court denied each motion.¹ Following conviction and in accordance with the decision of the jury, the trial court sentenced appellant to nine years in prison. This appeal followed.

II. THE OPERATION OF ELECTRONIC-MAIL

The sending of e-mail is governed by Simple Mail Transfer Protocol ("SMTP"), a set of standards to facilitate the transfer of e-mail. SMTP specifies that a computer sending an e-mail must contain information identifying the sender, generally referred to as "hello domain" information, as well as certain recipient information. The hello domain, in turn, contains the internet protocol ("IP") address and domain name of the sending party. IP addresses are unique strings of numbers; each computer accessing the Internet is generally assigned one. For convenience and efficiency, IP addresses of many computers are given textual equivalents known as "domain names." For example, a search known as a "whois" search reveals that the domain name "www.aol.com" is owned by America Online, Inc. ("AOL"), which is located in Dulles, Virginia. Additional contact information is provided as well. The IP addresses of four servers associated with aol.com are also available because "www.aol.com" is the domain name associated with those IP numbers.

When e-mail is sent, the hello domain and sender information exist as part of the transmission information of the e-mail. E-mail servers and routers starting with the sender's Internet Service Provider ("ISP")² relay the message forward until it reaches the e-mail servers of the recipient's ISP, which then direct the e-mail to the intended recipient. These server interactions include the presentation of the sending e-mail's hello domain. Essentially, the sending computer identifies itself and presents the hello domain of the e-mail.

Each time the message passes through a different server, a record of that transaction is added to the routing information. Thus, using the e-mail's routing information, one can retrace the exact servers it went through to reach its destination, as if each post office or mail sorting facility added its own postmark to a letter. Furthermore, a server along this chain could choose to block the message from going further. The sender, however, has no way to control or predict the pathway his message will take to arrive at its destination. In fact, the message can be broken up and sent in pieces through multiple unique pathways. Despite this inherent unpredictability, the last server through which the message passes before reaching the recipient is his ISP's server, in this case, AOL's e-mail servers.

One major complaint of e-mail users is the volume of unsolicited bulk e-mail (often called "spam") they receive on a daily basis. To increase subscriber satisfaction and to protect their networks from computer viruses and other problems. ISPs employ a number of tactics to block spam from reaching users. One major tactic is to identify domain names or IP addresses that have sent unwanted e-mail in the past and to automatically prevent the delivery of any messages coming from those senders. Another related tactic is to identify senders of large numbers of messages to verify their legitimacy. Thus, an ISP can learn which companies sending high volumes of e-mail are potentially fraudulent or unwanted.

People sending spam ("spammers"), then, respond by masking their true identities to evade the protective measures. They create false routing information or transmission information, making messages appear as if they come from hundreds or thousands of different domain names and IP addresses. Thus, spammers can ensure that the ISP cannot detect and block every e-mail they send and can evade detection because the thousands of messages appear to come from hundreds of different sources.

III. FACTS

The facts in this case are generally undisputed.

Appellant used computers in his home in North Carolina to send over ten thousand e-mails, on each of three different days, to subscribers of AOL, an ISP that provides e-mail accounts as part of its service. That AOL's servers are located in Loudoun County, Virginia, is not challenged.

On July 16, 2003, appellant sent 12,197 pieces of unsolicited bulk e-mail with falsified routing and transmission information onto AOL's proprietary network. On July 19, he sent another 24,172 similarly falsified e-mails, and he followed on July 26 with an additional 19,104. Each message targeted an AOL subscriber. That the sender knew each proposed recipient was an AOL subscriber was clear because the e-mail addresses of all recipients ended in "@aol.com." The messages advertised one of three products: either a FedEx claims product, a stock picker, or a "history eraser." To purchase one of these products, potential buyers would "click" on a hyperlink within the e-mail which redirected them to a website. Notably, this redirection led to thousands of different websites, rather than a single one, to consummate the purchase.

Among those items seized during a search of appellant's home were compact discs (CDs) containing both user names and full e-mail addresses.³ The CDs contained at least 176 million full e-mail addresses and over 1.3 billion user names. Appellant also possessed a DVD containing not only AOL e-mail addresses, but also other personal and private account information for millions of AOL users. Finally, police collected multiple "zip discs" (another type of data storage device) containing 107 million AOL e-mail addresses. All of the AOL user names, e-mail addresses, and account information were stolen and illegally in appellant's possession.

In this case, appellant employed exactly those spammer tactics outlined in Part II, supra, of this opinion. He used thousands of different IP addresses and hello domains to send tens of thousands of e-mails and avoid detection by AOL's network. Each e-mail advertised a commercial product; none contained any content that was personal, political, religious, or otherwise non-commercial. To aid his deception, appellant registered numerous different domain names using false contact information through Network Solutions, whose offices are located in Virginia. The contracts between appellant and Network Solutions require that appellant provide accurate contact information, update contact information when it changes, and submit to jurisdiction in Virginia for resolution of any contract disputes between appellant and Network Solutions.

IV. JURISDICTION

Appellant contends that the trial court lacked jurisdiction because he could not control the pathways his messages took. Numerous servers and routers handled his messages before arriving at the recipient's mailbox. Since any one of these intervening servers could have blocked his e-mails or since he could not...