"Click Fraud" Acquittal

CFAA Court Victory

In a closely watched “trial, Italian citizen Fabio Gasperini was charged with violating the Computer Fraud and Abuse Act, or CFAA. Computer experts claimed it was the first so-called “click fraud” trial to proceed to trial and would test the U.S. government’s ability to link individuals to complex cyber crimes.

The CFAA is an overly-broad law passed in 1986 before personal computers and smart devices were omnipresent in all aspects of our lives. The law affords law enforcement extremely wide latitude to prosecute virtually any computer-related activity, including violations of Terms of Service agreements that we all click on daily. Each offense can bring up to 20 years in prison, and when multiple counts are charged individuals can face decades behind bars.

In a surprise decision, Simone Bertollini became the first known attorney to prevail against CFAA charges. A federal jury in the Eastern District of New York acquitted his 34-year-old client of several felony counts of wire fraud, computer intrusion and money laundering for which he faced 70 years in prison. He was convicted on only one count of computer intrusion, a misdemeanor, which was appealed. Bertollini disputed prosecutors’ version of events and noted that none of the expert witnesses had ever seen the botnet that Gasperini allegedly used. He also questioned how he could be charged with conspiracy when no conspirators were named or charged. Cross Examination Transcript

In the two weeks of trial, prosecutors called over 20 witnesses and cybersecurity experts, including the Director of the Internet Storm Center. They tried to prove that Gasperini created and controlled 150,000 computers globally to run an auto-click scheme defrauding online advertisers.

At trial, Bertollini challenged testimony from government expert witnesses, advertising executives, FBI investigators and business owners. Much of the evidence consisted of emails sent and received by Gasperini. Before trial, Bertollini sought to suppress the emails, arguing that they were seized through to an extraterritorial application of the Storage Communication Act (SCA). The U.S. Court of Appeals for the Second Circuit decided in 2016 in a case involving Microsoft, that the SCA doesn’t apply outside the U.S.

Bertollini also argued that screenshots from the so-called archives the WayBack Machine cannot be used against a defendant in a criminal case. He disputed the state’s narrative of events saying it presented unrelated theories and no substantial evidence. He pointed out that none of the testifying experts had seen the botnet, that evidence was all circumstantial, and never led back to his client. Given that there were no co-defendants charged he questioned the conspiracy charge.

The case is USA v. Gasperini, case number 1:16-cr-00441, in the U.S. District Court for the Eastern District of New York.