U.S. v. Schaffer

• Citation: 586 F.3d 414
• Decision Date: 12 November 2009
• Docket Number: No. 09-3053.,09-3053.
• Parties: UNITED STATES of America, Plaintiff-Appellee, v. Gabriel SCHAFFER, Defendant-Appellant.
• Court: United States Courts of Appeals. United States Court of Appeals (6th Circuit)

586 F.3d 414

UNITED STATES of America, Plaintiff-Appellee, v. Gabriel SCHAFFER, Defendant-Appellant.

No. 09-3053.

United States Court of Appeals, Sixth Circuit.

Argued: July 29, 2009.

Decided and Filed: November 12, 2009.

ARGUED: Richard G. Lillie, Lillie & Holderman, Cleveland, Ohio, for Appellant. Daniel R. Ranke, Assistant United States Attorney, Cleveland, Ohio, for Appellee. ON BRIEF: Richard G. Lillie, Gretchen A. Holderman, Lillie & Holderman, Cleveland, Ohio, for Appellant. Daniel R. Ranke, Assistant United States Attorney, Cleveland, Ohio, for Appellee.

Before: BATCHELDER, Chief Judge; DAUGHTREY, Circuit Judge; VAN TATENHOVE, District Judge.^*

OPINION

VAN TATENHOVE, District Judge.

A grand jury charged Gabriel Schaffer with conspiracy to commit computer fraud and to transport stolen property interstate. Upon Schaffer's motion, the district court dismissed the count charging interstate transportation of stolen property but denied that motion in all other respects. Schaffer then entered a conditional guilty plea, admitting that he conspired to commit computer fraud. On appeal, Schaffer contends that the indictment should be dismissed due to the omission of essential elements, violation of the statute of limitations, pre-indictment delay, and entrapment as a matter of law. Because the district court correctly rejected each of these arguments, we AFFIRM.

I.

Gabriel Schaffer and his co-defendant Dana Arvidson fell victim to a government sting operation in which they conspired to obtain military secrets and laser missile technology from what they believed was a Department of Defense ("DOD") contractor. The relevant events began on July 31, 2002, when an undercover FBI agent ("UC1") met Arvidson at a hotel in Independence, Ohio, and advised him that he wanted to outsource wireless computer security services to a local Cleveland company. During that meeting, Arvidson indicated that he was the sole owner of SecureNet and had developed proprietary technology which allowed him to intercept wireless computer network traffic from a greater range. Arvidson stated that he had intercepted communications from approximately 500 wireless computer networks in Cleveland, including sensitive information and passwords for employee accounts. He further claimed that he could "spoof" MAC (media access control) addresses, obtain access to computer networks via a WAP (wireless application protocol), and "break" the encryption used to protect the privacy of communications on wireless computer networks.

On October 10, UC1 and Arvidson met in Cleveland. During this meeting, UC1 told Arvidson that he knew an individual in Chicago who was interested in locating someone with expertise in wireless computer networks to obtain information from a DOD contractor. Later that month, Arvidson advised UC1 that "we have developed some new technology that allows us to be more under the radar," and explained that he could now intercept communications "passively" from a significant distance. Arvidson indicated that he was still interested in the "side project."

During the next meeting, on December 3, after Arvidson reiterated his interest in the "side project," UC1 told Arvidson that the target was in Texas and UC1 wanted to "bring up a couple of things . . . to give you (Arvidson) a chance to back out." UC1 then told Arvidson that the target information was "laser missile technology type stuff . . . anything you intercept out of the air . . . is probably going to be illegal . . . it's gonna be a problem if we were to get caught." Arvidson replied, "I'm looking at this as a security audit just like any other security audit . . . capturing data . . . I don't really want to know a whole ton about what I'm capturing . . . I'll be happy to do the job, just as we would any other job." UC1 told Arvidson, "I know you developed a way that can't be traced with this passive technique but if for some reason it did get traced, people can get in trouble. I just want you to know that." Arvidson replied, "Absolutely, well that's the risk premium . . . I'm with you 100 percent."

The next day, Arvidson called UC1 and asked him numerous questions about the location of the target computer system. UC1 gave Arvidson some specifics regarding the company's location and advised that an employee of the target company logged onto the network every night through a wireless access point using his user ID and password. He further explained that there was no guarantee the employee would actually upload files. Arvidson advised UC1 that his first step would be to "go in and decrypt it" and that if he would be "actively infiltrating with the person's password, that changes my risk level." Arvidson stated that if "I do it passively the risk level is, I mean it's high but it's relatively low, if I actually go in and compromise something, I'm still willing to do it but my price is going to be higher." About a month later, Arvidson sent UC1 an email with a list of technical questions about the DOD contractor's computer network.

On February 12, 2003, UC1 and another undercover FBI agent ("UC2") met with Arvidson and Schaffer at a Cleveland hotel. UC2 made it clear that his client was interested in "stealing military secrets and laser missile technology" from a "DOD contractor in El Paso, TX." During this meeting, Schaffer used a notebook computer to demonstrate how their equipment could intercept wireless computer network traffic. Arvidson and Schaffer then detailed how they could similarly intercept wireless computer network traffic from the DOD contractor, including an employee's login user ID and password. They further explained that after intercepting this information, they would log into the DOD contractor's computer network using the intercepted user ID and password, imitate that employee's physical computer system so they could not be traced, locate the target information, and download it to their computer.

Arvidson told UC2 that they wanted "25" up front for both him and Schaffer, and "50" after completion of the theft. UC2 indicated that he would need a sample of the stolen information to show his client in Chicago. If his client was happy with the stolen information, UC2 would travel to Cleveland and pay the total fee in exchange for all the stolen data. In the event they were unable to acquire the target information in El Paso, UC2 said that he would pay them an hourly rate of $150 per hour for their time. UC2 would also pay for their airfare to and lodging in El Paso. Arvidson and Schaffer agreed.

The trip to El Paso was planned for the last week of February. UC2 told Arvidson and Schaffer that he would mail the plane tickets to Arvidson. Arvidson provided UC2 with a business card that depicted an address for his other Cleveland business, then Schaffer wrote "Gabe Schaffer" on the back of Arvidson's business card.

During a telephone call with Arvidson on February 18, UC1 clarified that Arvidson's fee for the theft, if successful, would be $100,000. One week later, UC2, Arvidson, and Schaffer met in an El Paso, Texas, hotel room which had line-of-sight access to the purported DOD contractor's office. Arvidson and Schaffer connected three antennas to their notebook computer in their attempt to locate the DOD contractor's wireless computer network. After they located the wireless network, Arvidson and Schaffer immediately began intercepting network communications, including the user ID and password of a purported DOD contractor employee. Once the purported employee logged off, Arvidson and Schaffer used the intercepted user ID and password to log onto the purported contractor's network. Arvidson and Schaffer also "spoofed" the purported employee's physical computer system so that their notebook computer would appear to be the employee's computer.

Arvidson and Schaffer downloaded over 6,000 electronic files from two different computer systems on the purported DOD contractor's computer network. Arvidson explained to UC2 that the data on one computer system was contained in sub-directories of a main directory called "proprietary." Arvidson and Schaffer advised that those sub-directories had names like "air force," "army," "navy," "wmsr," and "marketing-data." They also advised that the data stolen from the other computer system was contained in a directory called "000 Sensitive."

Upon completion of the theft, Arvidson and Schaffer copied the stolen data from their notebook computer to an external hard drive, which they encrypted. Arvidson and Schaffer told UC2 that they did not want to get caught with the information, so they gave the external hard drive to UC2. They told UC2 that they would provide the "pass-key" to decrypt the external hard drive when they received the $100,000 payment. Arvidson indicated that he would provide UC2 with a CD-ROM disk containing the pass-key needed to decrypt the external hard drive at their next meeting.

Between March 3 and 13, 2003, UC2 and Arvidson corresponded via email and arranged a meeting wherein Arvidson would provide the decryption key in exchange for $100,000. On March 19, UC1, UC2, Arvidson, and Schaffer met at a Cleveland hotel to exchange $100,000 for the decryption key to the external hard drive. UC2 brought the external hard drive and tendered the $100,000. Schaffer wrote a list of instructions for decrypting the external hard drive. Arvidson provided UC2 with a CD-ROM to be used in conjunction with Schaffer's instructions for decrypting the hard drive and demonstrated the decryption process.

Almost five years later, on February 27, 2008, a grand jury indicted Schaffer and Arvidson. After requesting and obtaining a continuance of the trial date, Schaffer filed several pre-trial motions including a motion for a bill of particulars and a motion to dismiss. He sought dismissal of the indictment based upon pre-indictment delay, statute of limitations, and entrapment. The district court granted part of...