Government's Response in Opposition to Motion to Dismiss

UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF WASHINGTON
AT SEATTLE

UNITED STATES OF AMERICA,
Plaintiff,

v.

ROBERT ALAN SOLOWAY, and
NEWPORT INTERNET MARKETING,
Defendants.

GOVERNMENT’S RESPONSE IN OPPOSITION TO MOTION TO DISMISS AGGRAVATED IDENTITY THEFT COUNTS

The United States of America, by and through Jeffrey C. Sullivan, United States Attorney for the Western District of Washington, and Kathryn A. Warma, Assistant United States Attorney for said District, files this Response in Opposition to the Defendant’s Motion to Dismiss Counts 19 - 25 of the Second Superseding Indictment.

I. Introduction

Defendant Robert Soloway (“Soloway”) argues in his Motion to Dismiss that the seven counts of Aggravated Identity Theft charged against him should be dismissed outright because: 1) the defendant’s conduct “was not aggravated in the sense that it was not the type of conduct for which the statute intended enhanced penalties to apply,” and 2) the identity theft conduct charged in counts 19-25 “is already covered” in Count 18 (alleging Fraud in Connection with Electronic Mail, in violation of 18 U.S.C. §1037(a)(3)). Motion to Dismiss, at pp. 4, 7. As will be demonstrated below, defendant’s assertions are meritless. The motion relying upon them should be denied.

-2-
II. The Statute
The “Aggravated Identity Theft” statute provides, in pertinent part:
§ 1028A. Aggravated identity theft
(a) Offenses.-
(1) In general. - Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years.
. . . .
(c) Definition. - For purposes of this section, the term “ felony violation enumerated in subsection (c)” means any offense that is a felony violation of -
. . .
(4) any provision contained in this chapter (relating to fraud and false statements), other than this section or section 1028(a)(7);
(5) any provision contained in chapter 63 (relating to mail, bank, and wire fraud). . .

[1 Section 1037 is contained in the “chapter” (Chapter 47, Title 18, United States Code) referenced in subsection (c)(4).]

The statute thus clearly provides that a perpetrator of any number of federal felonies - specifically including §1037, (“fraud in connection with electronic mail,” 1) as well as mail and wire fraud - is criminally responsible for the additional crime of aggravated identity theft if, “during and in relation to” those other crimes, he or she also “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person.”

The term “means of identification” is in turn defined for purposes of 18 U.S.C. §1028A, in 18 U.S.C. §1028(d)(7) as, “any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual . . .” The statute goes on to identify, by way of example and not of limitation, an expansive list of possible identifiers that includes, inter alia: name, “unique electronic identification number, address, or routing code,” and “ telecommunication identifying information.”

III. Argument

A. Soloway Knowingly, Willfully, and Repeatedly Engaged in Egregious Acts of Identity Theft that Fall Squarely within the Terms of the Aggravated Identity Theft Statute

-3-
From November 2003, until his arrest in May of 2007,2 Robert Soloway devised and executed a multi-faceted criminal scheme that generated over a $1,000,000 in proceeds. The scheme can be summarized as follows:

[2 Evidence exists to show that Soloway had run the same scheme, likely for years, in California and Oregon before moving to Washington in 2003.

Soloway created and published a series of Internet websites on which he touted his “low cost,” but purported high return “distribution email” advertising product and service; i.e., Soloway was offering to sell a software product that would enable the customer to send out their own high volume e-mail ads, or to send out “distribution email” ads on behalf of the customer. Soloway, however, made numerous material false and fraudulent representations on these various websites - most notably including the purported “opt-in” character of the e-mail addresses used in the “distribution email” product and service, but also regarding the availability of customer support and payment of “ full 100%” refunds, “no questions asked,” to product customers.3

[3 Because Soloway executed his scheme to defraud by way of interstate wire communications (in publishing the websites) and by sending materials (the “product” he promoted and sold) through the mails and commercial interstate carriers, he has been charged with both wire and mail fraud (Counts 1-16, Second Superseding Indictment).]

Soloway promoted and advertised his websites - and thus his scheme - by indiscriminately blasting the Internet and e-mail users world-wide with hundreds of millions - likely even billions - of “spammed” e-mail commercial messages. These spammed messages were transmitted in violation of two separate subsections of the “CANSPAM Act,” as codified at 18 U.S.C. §1037, because Soloway routinely used “proxy” computers to relay his spam, (§1037(a)(2)), and also routinely materially falsified header information (§1037(a)(3)). As the Court will hear at trial, these two techniques are common “spammer” tools which, if used in combination, effectively mask the two primary and most obvious means of identifying the source of a spammed e-mail message.4

[4 The use of “proxy” relays to transmit e-mail conceals the identifying Internet Protocol (“IP”) address of the true originating computer, and the falsification of the “from” field in headers conceals the text-based name of the message “sender”.]

-4-
Soloway went beyond these “basic” spammer ruses, however, by choosing to engage in substantially more aggressive tactics involving the theft and unauthorized use of e-mail addresses and domain names that had been purchased and were owned by actual people, who were individually identifiable therefrom. As explained more fully below, and as will be proved at trial, these individuals suffered harm financially, as well as to their names and reputations, as a direct result of Soloway’s knowing, intentional, and repeated theft of their identities in furtherance of his mail and wire fraud scheme, and in relation to his felony “CANSPAM” Act violations.

“Spamming 101"

In order to best understand the significance of Soloway’s identity theft crimes, it is useful first to review some spamming “ basics.”5

[5 The government will present an expert witness at trial who will provide testimony on these and other aspects of “spam,” including what it is, how it’s distributed, how spammers profit, and the damages it causes and financial costs it creates for everyone who uses the Internet, but particularly for small Internet businesses and Internet Service Providers (“ISPs” ). See also: Fighting Spam for Dummies, J. Levine, M. Levine Young, and R. Everett-Church, Wiley Publishing, 2004; and Canning Spam, J. Poteet, Sams Publishing, 2004]

Unlike telemarketers or junk mailers, spammers can almost instantaneously6 “blast” their commercial advertisements at a barely perceptible financial cost to virtually hundreds of millions of recipients, world-wide. Also, unlike telemarketers or junk mailers, the costs of doing so do not measurably increase with an increase in the volume of the target audience. Consequently, spammers routinely seek to maximize their “mailing lists,” based on the assumption that the chances of a financial return (often from the “sale” of something fraudulent) will increase proportionately with the size of the receiving audience. The spammers themselves typically incur no additional costs for spamming ever more addresses - even if many of the e-mail addresses are bogus or invalid and therefore “bounce back” when they can not be delivered as addressed. Creating ever larger e-mail address lists (either for their own use or for sale,) is therefore a constant goal of spammers.

[6 Indeed, the speed and immediacy of spam has made it a favored technique for natural disaster and “catastrophe” fraud.]

-5-
One method of creating and “bulking up” e-mail address lists is through “dictionary attacks.” This typically involves the use of a computer program to generate long lists of possible names that are then appended to a known - or even a similarly generated - domain name. For example, a series of generated names (Alice, Ann, Amy), could be attached with the “@” symbol to the domain name: “usdoj.gov.” Spammed messages could then be blasted to every one of those computer generated email addresses in the hope that one or more would by chance be valid. An example of a “dictionary attack” list is appended as Attachment A.7

[7 This particular list was contained on one of the “product” CDs that was advertised and sold by Soloway from his website. Although Soloway represented (fraudulently) that the product he sold contained valid and “opt-in” e-mail addresses, the (defense contracting company) that owns the domain name, “amiinter.com” has confirmed that these 400 email addresses built on the domain name “amiinter.com” are neither valid nor “opt-in.”]

Another method of obtaining e-mail addresses and domain names is through “address harvesting.” Address harvesting has also become “ automated” with the use of computer programs designed to “ crawl” the Internet, visit websites and databases that might contain e-mail addresses or domain names, and compile those for the “harvester.” Address harvesting has the advantage of yielding lists of addresses and domain names that may well be valid, insofar as they were surreptitiously stolen, without permission, from active website or databases. The existence of these harvested addresses or domain names does not, however, in any way signify permission by the owners of the same to be included on spam address lists for which they have never, in any sense, “opted in.” Evidence will be presented at trial to prove that Soloway was using “harvested addresses,” in addition to “dictionary attacks” for his illegal spam.

Regardless of whether a spammer gets address lists from dictionary attacks, address harvesting, or (as in Soloway’s case), from a combination of both, the addresses on those lists need only be inserted (again, via an automated program) into the “ to” field in a spam “header” in order to blast the spam messages off, in bulk, to those separate addresses. In order to conceal his/her identity as the “sender,” the spammer can then manipulate or forge the “from” field in the header either to contain a
-6-
false, fabricated, or non-existent name, or even to be blank. Spammers can, and most often also “rotate” a variety of false and fabricated names in the “from” header, as they continue to blast out repeated multiple versions of the same spam message - again, in an attempt to maximize the number of spam messages they send and hope will be received, without regard to the desires of, or impact on the target audience.

Anti-Spam Measures

Spam is universally regarded within the Internet community as a costly, invasive and deleterious “scourge.” It is commonly estimated that spam usurps 80% or more of Internet “bandwidth,” and costs Internet users billions of dollars annually. Some of those costs are spread among the universe of all Internet users; others are suffered in particular by ISPs and by small Internet-based businesses. Spam is also recognized as the “delivery mechanism” for pernicious fraud and “phishing” schemes, pornography, and a host of “malware” that includes viruses, worms, trojans, and spyware. The economic and societal costs of spam have driven law-making bodies world-wide to enact both civil and criminal “anti-spam” statutes. Reputable ISPs have uniformly adopted rigorous anti-spam policies that are incorporated into their terms of service. Subscribers who are identified to have violated an ISP’s anti-spam policies can and often have their accounts terminated, thereby ending their ability either to send or receive e-mail from that address. Anti-spam products and services have also been developed and made commercially available. These include a variety of “spam filtering” products and services, as well as “spam blacklists.”

Simply stated, spam filtering is designed to keep spam out of systems, networks and “in-boxes.” Filtering can be done with a variety of technical approaches and systems, and with a varying range of efficacy, and cost. None among these products or services is “perfect,” however. No filtering can stop all spam, and some can even result in “ false positives,” which means that legitimate e-mails, too, will be blocked.

Spam “blacklists” are developed by a variety of online organizations (some nonprofit, some commercial), based on data compiled from Internet traffic that is identified
-7-
as spam or spam-related. The blacklists are then used in conjunction with filtering products and services to exclude spam with those identifiers, and by ISPs to terminate accounts identified on the blacklists or to block incoming traffic from those accounts.

Soloway’s Knowing, Willful, and Repeated Acts of Identity Theft in Furtherance of Wire Fraud and CANSPAM Act Violations

Evidence at trial will establish that Soloway was keenly aware of anti-spam measures including filtering, and ISP anti-spam policies. Indeed, his repeated, knowing and willful use of legitimate e-mail addresses and domain names, including those paid for and belonging to identifiable individuals, without their permission and against their expressed will, was a tactic that he intentionally embraced and exploited, in the words of his own counsel, precisely “to circumvent . . . spam filter[s].”8 This particular tactic enables the spam sender to thwart spam filters because the e-mail recipient can not filter based on his/her own e-mail address - as to do so would effectively preclude any e-mail addressed to the recipient, from being received by the recipient.9 It is thus a means to force the owner of any given e-mail address either to continue receiving the spam, in perpetuity and in whatever volume it arrives - or to surrender that e-mail address or domain name. Surrendering an established e-mail address or domain name can be financially devastating to a small business that has built its reputation on it from its inception.

[8 Motion to Dismiss, at p. 2, line 18.

9 Some advanced filtering products or services can possibly defeat this tactic by relying on “scores” or factors independent of the “from” information. These products or services, however, are not necessarily available - or within the financial or technological reach - of all Internet users.]

Soloway thus proved himself a savy and aggressive spammer who deliberately tailored his spamming techniques to defeat protections put in place to defeat spamming, and who was absolutely indifferent to the consequences of his actions to his innocent victims. Soloway also was aware - but resolutely indifferent to - the fact that many of these victims often suffered yet again - when they were blacklisted as a result of his spamming activity because their legitimate and individually identifiable e-mail
-8-
addresses and domain names had been identified with spam that he - not them - had sent, and was responsible for.

All of the aggravated identity theft counts charged in this case involve victims whose experiences with Soloway shared common traits. 10 Most of the individuals (identified by their initials for purposes of the Indictment) began receiving spammed email messages, sometime during the period from 2005 until 2007, that contained advertisements for, and a link to Soloway’s (fraudulent) websites. As is typically the case with spam, these spammed messages came over, and over. And to the horror of each of these individuals, the messages included a header that identified the recipients themselves as the “sender” of spam that advertised a company they had never heard of and had nothing to do with. None of the recipients had “opted-in” to receive any such spammed advertisements, and none wished to be associated in any way with a company responsible for spam. Most of these individuals contacted Soloway repeatedly, and requested that he stop using their e-mail addresses and domain names in spam. Soloway ignored these requests, and continued to spam, using the e-mail addresses and domain names owned by these victim individuals, despite their voiced objections. In some cases the spam even increased. Several of these victims will testify further that they received either “bounce backs” to their addresses, indicating that Soloway had forged their addresses into the “from” header into spam he had sent to third parties, or complaints directly from third parties who blamed them for spam. And finally, several of these victims will testify that they subsequently were blacklisted by one or more ISPs or filtering services, because the e-mail address or domain name they owned - and that had been used by Soloway without their authority - had become identified as having an association with spam. Their individual reputations, and those of their businesses were compromised; they lost customers and the ability to do business on-line.

[10 The victims associated with counts 19 - 26 are but a representative sample of many more who were identified during the investigation as suffering like experiences.]

-9-
By way of illustration, additional details regarding two of these individual victims are
as follows:

Count 19: R.M. will testify that he had registered and purchased a domain name that consisted of his combined first and last name, followed by “.net” . Beginning in March of 2005, his wife (with a different name and who used an entirely different email account, ) began receiving spammed advertisements from several different companies. R.M’s wife had not opted-in to receive any such spammed advertisements. The header of these spams identified the “ sender” with one of a variation of names “at” the domain name owned and registered to R.M. R.M. had no association with any of these companies, nor had he authorized any one to use his personal, individually identifiable name for spamming. R.M. contacted two of these companies, and was told they had each hired Soloway, relying on his representations that he would send “broadcast emails” to “opt-in” e-mail lists on their behalf. Both companies complained that Soloway had defrauded them, and was instead spamming advertisements for their company to recipients who were not opt-in, and from whom they had received complaints. R.M. did some investigatory work of his own, and located a phone number for Soloway. He called the number to complain about the unauthorized use of his individually identifiable domain name - a domain name he had purchased and registered. The person answering the telephone hung up on him. R.M. called again and asked to speak to the owner or manager. The person answering the phone hung up on him again. 11 Spam with R.M. ’s individually identifiable domain name continued, causing R.M. to file a complaint with the FBI.

[11 Numerous victims have reported that Soloway - who was the sole owner/operator and employee of his company - routinely hung up if they telephoned to object or complain. Soloway would stay on the phone if the customer was placing an order for service or product.]

Count 20: T.C. will testify that in September, 2005, he began receiving spam at several domain names and e-mail addresses that he owned, including an “individually identifiable” e-mail address that consisted of his first and last name, at
-10-
“universalbyte.com”. The spam advertised, and contained links to Soloway’s websites. T.C. had never opted in to receive this spam, and was distressed to see that the headers were forged in a way to make it appear as though the spam had been sent by him, from his own e-mail addresses and domain names. T.C. received up to 200 such spams daily. T.C. also received “bounce backs” to his addresses and domain names, indicating to him that spam with his addresses forged into “from” header fields had been transmitted to others. T.C. used the “unsubscribe” tool on Soloway’s website, and also sent e-mail to the administrative contact identified in a WHOIS lookup of Soloway’s website to demand that the spam using his addresses be stopped. The spam from Soloway with T.C. ’s individually identifiable e-mail address forged into header “ from” fields continued. T.C. was forced to close his main e-mail address, which had been his primary work e-mail address. Domains owned by T.C. , the names of which Soloway had forged into “ from” headers in spam, were also blacklisted by AOL and Hotmail, forcing him to give up ownership of those domain names, as well.

The e-mail addresses and domain names of R.M, T.C. , and all of the other victims named in the aggravated identity theft counts either consist of, or contain their own individual names, or consist of a company name that is unique and either “alone, or in conjunction with . . . other information,” identifies a specific individual. They are thus “means of identification,” as that term is defined for purposes of 18 U.S.C. §1028A. They were “knowingly transferred, possessed or used” by Soloway, “without lawful authority” - forged by Soloway in the headers of spammed messages that were intended to further his wire/mail fraud scheme, and that were sent in violation of two separate provisions of 18 U. S.C. §1037. The victims themselves contacted Soloway to object and to direct him to stop the identity theft, thereby confirming the fact (and his
-11-
knowledge) that the identities he had stolen belonged to “actual people” who did, in fact, object to their theft and unauthorized use.12

[12 As noted by the Defense in their Motion to Dismiss, there is a split among courts as to the mens rea requirement of 18 U.S.C. §1028A, with this Court holding in United States v. Beachem, 399 F. Supp. 2d 1156, 1158 (U.S.D.C. W.D. WA. 2005) that “knowingly, ” as used in §1028A applies to “another person. ” That standard is met in this case, because Soloway was repeatedly notified by the identity theft victims themselves that he was using their identities without their authority, and must stop doing so. Soloway brazenly continued to use their stolen individually identifiable e-mail addresses and domain names even after these objections were made.]

Soloway’s knowing, intentional and repeated egregious acts of identity theft fall squarely within the terms of the Aggravated Identity Theft statue. To the extent that any factual disputes over these violations exist, they properly should be resolved by the jury at trial. United States v. Beachem, supra, at 1158.

B. The Egregious Acts of Identity Theft Committed Repeatedly by Soloway and NIM Constitute Offenses Separate and Distinct From What is Needed to Charge Violations of 18 U.S.C. § 1037(a)(3)

While not characterized as such, defendant’s argument that the aggravated identity counts are “covered” by the §1037(a)(3) count is essentially one that these counts are multiplicitous. An indictment is multiplicitous if “it charges multiple counts for a single offense, producing two penalties for one crime and thus raising double jeopardy questions.” United States v. Stewart, 420 F.3d 1007, 1012 (9th Cir. 2005). Counts within an indictment are not, however, multiplicitous if “ each separately violated statutory provision requires proof of an additional fact which the other does not.” Id.

[T]he test to be applied to determine whether there are two offenses or only one, is whether each provision requires proof of a fact which the other does not . . . A single act may be an offense against two statutes; and if each statute requires proof of an additional fact which the other does not, an acquittal or conviction under either statute does not exempt the defendant from prosecution and punishment under the other.

Blockburger v. United States, 284 U. S. 299, 404 (1932). “Congress has the power to establish that a single act constitutes more than one offense, at least as long as each offense requires proof of a fact the other does not.” United States v. Stearns, 550 F.2d 1167, 1172 (9th Cir. 1977); See also: United States v. Rude, 88 F.3d 1538 (9th Cir.
-12-
1996), (indictment using same wire transfers as basis for wire fraud and money laundering is not multiplicitous).

The crimes defined in sections 1028A(a)(1) and 1037(a)(3) of Title 18 are distinct offenses, requiring proof of different facts for conviction. Conviction under §1037(a)(3) requires proof that: 1) in, or affecting interstate commerce, 2) the defendant materially falsified header information, 3) in “multiple” commercial e-mail messages, and 4) that defendant intentionally initiated the transmission of those messages. Conviction under §1028A(a)(1) requires proof that: 1) during or in relation to one of the enumerated felonies, 2) the defendant knowingly transferred, possessed or used, without lawful authority, 3) a means of identification of another person. Proof of one of these offenses does not satisfy proof of the elements of the other.

They are not multiplicitous.

IV. Conclusion

Whereas a prosecutor “plays a strictly advisory role in sentencing decisions. . . [he or she] retains almost absolute discretion in charging decisions.” In re Morgan, 506 F.3d 705, 711 (9th Cir. 2007). “In our system, so long as the prosecutor has probable cause to believe that the accused committed an offense defined by statute, the decision whether or not to prosecute, and what charge to file . . . generally rests entirely in his discretion.” Bordenkircher v. Hayes, 434 U. S. 357 (1978).

Evidence well beyond the probable cause - even beyond the reasonable doubt - level, exists to support the §1037(a)(3), as well as the separate and distinct §1028A(a)(1) charges in this case. Defendant’s Motion to Dismiss Counts 19 - 25 should be denied.

DATED this 14th day of February, 2008.

Respectfully submitted,

JEFFREY C. SULLIVAN
United States Attorney

/s/ Kathryn A. Warma
Assistant U.S. Attorney

Reply to Governments Opposition To Motion To Dismiss

IN THE UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF WASHINGTON
AT SEATTLE

UNITED STATES OF AMERICA,
Plaintiff,

v.

ROBERT ALAN SOLOWAY,
Defendant.

REPLY MEMORANDUM IN SUPPORT OF MOTION TO DISMISS COUNTS 19-25 OF THE SECOND SUPERSEDING INDICTMENT

The government largely responds to defendant's motion to dismiss Counts 19 through 25 by giving a general dissertation on spamming ("Spamming 101"). However, what the government has scrupulously avoided mentioning is that spamming is not unlawful. The CAN-SPAM Act of 2003 ("Controlling the Assault of Non-Solicited Pornography and Marketing Act"), which became effective January 1, 2004, established requirements regulating--but not banning--unsolicited bulk commercial electronic email (commonly known as spam). In its continuing effort to demonize Mr. Soloway, the government describes numerous malevolent spamming practices ("pernicious fraud and 'phishing' schemes, pornography, and a host of 'malware' that includes viruses, worms, trojans, and spyware" and "natural disaster and catastrophe fraud"), even though it knows that it lacks any evidence that Mr. Soloway was engaged in such activities.

-2-
Whether Mr. Soloway violated the CAN-SPAM Act is not the subject of this motion. What is the subject of this motion is whether or not Mr. Soloway committed aggravated identity theft. For the reasons set forth in the underlying motion, as well for the reasons hereinbelow set forth, it is clear that Mr. Soloway did not engage in aggravated identity theft to which that statute was intended to apply.

II.
ARGUMENT.

A. FORGING A HEADER IN AN EMAIL DOES NOT CONSTITUTE AGGRAVATED IDENTITY THEFT.

Mr. Soloway does not dispute that he sent bulk unsolicited emails that contained forged headers. That conduct, if it involved commercial email, is arguably prohibited by 18 U.S.C. §1037.' Mr. Soloway used a macro option in a lawful email sending software program that automatically replaced his email address in the header with the email address of the intended recipient of the email. A copy of the macro option is attached hereto as Exhibit A. Each email in which a recipient's email address was placed in both the "To" and the "From" portion of the header was unique, and only one email with this unique combination was transmitted to the recipient by Mr. Soloway. Despite repeated, but unsupported, claims by the government, Mr. Soloway did not send emails to third parties using anyone else's email address in the header. The macro option used by Mr. Soloway (See Exhibit A) was not capable of inserting an email address other than that of the recipient's email address in the "From" header.

[1 The CAN-SPAM Act, and 18 U.S.C. §1037 apply only to commercial electronic email.]

Nevertheless, we concede that this motion may not be ripe for determination due to the government's as yet unsupported claim to have evidence that Mr. Soloway did more
-3-
than simply substitute the recipient's email address for his email address in a header. The government has been long on rhetoric and short on evidence in advancing this claim. With the exception of Count 19, the government has not produced to the defense in discovery a single email which it claims was sent by Mr. Soloway to a third party using someone else's email address (someone other than the recipient) in the "From" portion of the header. If Mr. Soloway was sending out millions of such emails as the government alleges, surely there would be some evidence to support its claims of forged headers in emails to third parties. Yet, with the exception of count 19, the government has failed to produce even a single copy of such an email. The reason for the failure of production is clear: no such emails were transmitted by Mr. Soloway.

Count 19 refers to an individual identified by the initials R.M. The government has produced copies of three emails that appear to have been sent to R.M.'s wife which identify some form of R.M.'s domain name in the header as being the sender of the emails to his wife.' However, if Mr. Soloway was using R.M.'s domain name to send spam email to third parties, R.M. should have received hundreds or even thousands of "bounce backs" of emails that could not be delivered due to invalid email addresses. The government has produced no evidence of such bounce backs.

[2 Defendant believes that this occurred not as a result of anything intended by him, but rather as a result of some forwarding program between R.M's email and his wife's email. Both email domains were set up at the same time through the same ISP. The chances of this having occurred coincidentally are astronomical.]

The government does claim that T.C., who is identified in Count 20, received "bounce backs to his addresses and domain names, indicating to him that spam with his addresses forged in the 'from' header fields had been transmitted to others." However,
-4-
the government has not provided the defense with so much as a single copy of a bounce back message. T.C., like all of the people identified in the indictment, and like most people who have email addresses, received spam from more than one source. Lists of email addresses are routinely bought, sold, and traded over the internet, so if a person received spam from one source, it is likely that they also received spam from other sources as well. Thus, it is not enough for the government to proceed as though all spam on the internet came from Mr. Soloway. They must produce independent evidence to support each count of the indictment.

Although we acknowledge that the Court may not be able to resolve this motion at this time because of the government's claimed evidence of Mr. Soloway sending emails to third parties with forged headers, we believe that the Court can make an advisory ruling as to whether the narrow act of substituting a recipient's email address for Mr. Soloway's address in the header of an email constitutes aggravated identity theft pursuant to 18 U.S.C. §1028A. Such a ruling could help the parties determine whether a disposition short of trial in this case is possible.

B.
18 U.S.C. §1037(a)(3) PROSCRIBES DEFENDANT'S CONDUCT.

Under the government's theory, almost any violation of 18 U.S.C. §1037(a)(3) also constitutes aggravated identity theft. That is clearly not what Congress intended by the aggravated identity theft statute. The alleged "use" of someone's identity by inserting a person's email address in the "from" header of an email that is sent to the very same person is far too tenuous to come within the grasp of 18 U.S.C. §1028A. That statute was clearly intended to punish a person who uses another person's identity directly in connection with some fraudulent scheme (e.g., to open bank accounts, obtain loans or
-5-
credit, obtain employment, etc.). The only thing that occurred in this case as a result of the forged header was that an email may have avoided a spam filter. Surely, that is not what Congress had in mind when enacting 18 U.S.C. §1028A. Indeed, the legislative history makes it absolutely clear that this was not the kind of conduct intended to be subject to the severe enhanced penalties for "aggravated" "identity" "theft."

The government's response to the argument that Mr. Soloway's conduct is already covered by 18 U.S.C. §1037(a)(3) is typical. The government claims that it can charge Mr. Soloway's conduct under both statutes, not because it is the right thing to do, but rather because it has the unchecked power to do so. We disagree. If the statute is not broad enough to encompass the conduct alleged, then no amount of power will support such a charging decision.

Accordingly, we respectfully request the Court to find that merely substituting the recipient's email address for the sender's email address in the header of an email does not constitute aggravated identity theft in violation of 18 U.S.C. §1028A.

DATED this 19th day of February, 2008.

RICHARD J. TROBERMAN, P.S.

Richard J. Troberman
Attorney or Defendant
Robert Alan Soloway

ORDER on MOTION to Dismiss Counts 19-25

I'm catching up with a bit of backlog here. Soloway has pled guilty to three counts (the plea agreement will be posted in a little while). In some press accounts, Soloway's attorney said that the lack of any identity theft counts in the plea agreement meant that the case "turned out to be very different from was originally charged."

I think that's just spin. The denial of this motion, in my opinion, pushed this plea.

===============================
UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF WASHINGTON
AT SEATTLE

UNITED STATES OF AMERICA,
Plaintiff,

v.

ROBERT ALAN SOLOWAY,
Defendant.

ORDER DENYING DEFENDANT’S MOTION TO DISMISS COUNTS 19 THROUGH 25 OF THE SECOND SUPERSEDING INDICTMENT

This matter comes before the Court on Defendant’s motion to dismiss counts 19 through 25 of the second superseding indictment. (Dkt. No. 62.) Having reviewed the motion, the Government’s response (Dkt. No. 64), Defendant’s reply (Dkt. No. 66), and all materials submitted in support thereof, the Court DENIES the motion for the reasons set forth below.

Background

On January 3, 2008, the government entered a second superseding indictment against Mr. Soloway that includes charges of mail fraud, wire fraud, fraud in connection with electronic mail, aggravated identity theft, willful failure to file income tax, and money laundering. Mr. Soloway brings this motion to dismiss the seven counts of aggravated identity theft under Fed. R. Crim. Pro. 12(b)(2). Rule 12(b)(2) states that “[a] party may raise by pretrial motion any defense, objection, or request that the court can determine without a trial of the general issue.”

-2-
Analysis

A district court may dismiss an indictment on a pretrial motion for insufficient evidence only when undisputed facts show that the Government cannot support the indictment. See U. S. v. Phillips, 367 F.3d 846, 855 fn.25 (9th Cir. 2004) (citing U. S. v. Hall, 20 F.3d 1084, 1087 (10th Cir. 1994)). Such dismissal “is equivalent to a determination that as a matter of law, the government is incapable of proving its case beyond a reasonable doubt.” U. S. v. Weiss, 469 F. Supp. 2d 941, 948-949 (D. Colo. 2007) (internal citation and quotation marks omitted). Pre-trial dismissal is not warranted if the Government could conceivably produce evidence at trial supporting the indictment.

Mr. Soloway first argues that the conduct alleged does not constitute aggravated identity theft under 18 U.S.C. §1028A. However, the Government claims that it will present evidence showing that Mr. Soloway sent bulk emails to third parties that contained another person’s email address in the “From” header. Mr. Soloway contests the existence of such evidence. Because the relevant facts are disputed, the issue of whether Mr. Soloway’s alleged conduct constitutes aggravated identity theft cannot be decided as a matter of law. Further, the Court declines to offer an advisory ruling on whether the act of substituting a recipient’s email address for the sender’s address in the header of an email constitutes aggravated identity theft.

Mr. Soloway’s second argument, that the alleged conduct supporting the counts of aggravated identity theft is “already covered” by the count of fraud in connection with electronic mail, is imprecise and disregards established law. The same conduct can be used to support multiple offenses as long as each offense requires proof of a fact that the other does not. Blockburger v. United States, 284 U.S. 299, 303 (1932). The crimes of aggravated identity theft and fraud in connection with electronic mail, defined in 18 U.S.C. §1028A(a)(1) and 18 U.S.C. §1037(a)(3), are not multiplicitous because each requires that the Government prove distinct elements.

-3-
Conclusion

The Court DENIES Mr. Soloway’s motion to dismiss counts 19 through 25 on the ground of insufficient evidence because the parties are in dispute about the facts to be presented at trial. The Court also DENIES Mr. Soloway’s motion to dismiss counts 19 through 25 on the ground that those counts are multiplicitous with count 18 because each offense requires proof of distinct elements.

The clerk is directed to send copies of this order to all counsel of record.

Date: March 6, 2008

/s/
Marsha J. Pechman
U.S. District Judge