In a statement released Wednesday afternoon, St. Louis Cardinals chairman Bill DeWitt Jr. and General Manager John Mozeliak relayed an internal inquiry had begun months ago to identify any employee that may have engaged in anything inappropriate regarding the hacking of the Houston Astros database.
Who is responsible–both for the initial action and perhaps following reactions, remains unanswered. And while Major League Baseball has a constitution which allows Commissioner Rob Manfred the ability to hand down discipline on the matter, the bigger issue will likely be the federal issues of having the F.B.I. and Justice Department involved.
“You have to speculate a little bit here about what they’re investigating, but it would seem to come under what they commonly refer to as the Computer Fraud and Abuse Act,” said Paul D’Agrosa, a lead select attorney for Federal District Court of Wolff and D’Agrosa in St. Louis. “That statute would probably apply here–either to an individual or even if they believe multiple people were involved in the hacking, a conspiracy to commit the crime.”
The CFAA was originally passed in 1984 and has since been updated with at least seven amendments. Prison time is among the possible punishments.
“The maximum penalty is five years per violation,” said D’Agrosa. “There are misdemeanors that could also apply, which have a maximum penalty of a year. Of course, in addition to imprisonment there are fines, there’s also forfeiture provisions, and there’s a provision which allows for the Justice Department or a private party to actually file a lawsuit to recoup damages.
“I think there’s a big question here–how was Houston damaged? How was the ball club damaged, how were people’s reputations damaged? And this could be a very expensive proposition for anybody accused of these crimes or accessing the computer. The five year maximum may come into play if you can prove that they caused damage to an individual or in the case of ball club, like Houston, somehow damaged them financially.”
Even if there was not physical damage performed to the Houston Astros data base or information, D’Agrosa explained damage could still be defined broadly as damage to reputation, impairing the integrity of their data, their program or system, or any information in their system.
“If Houston had this data program they were using to evaluate players, to recruit players, to formulate contracts and that system itself was damaged in someway because the program or the data was revealed publically and they had to start over, for example, that could be considered damage,” he said.
The information was posted on Anonbin last year appears to be hard evidence of the violation of accessing a protected computer.
“A protected computer is defined very broadly,” shared D’Grosa. “It’s any computer that affects interstate commerce. A computer that for example has access to the internet, and that seems to be clear here, as well.”
So how far up the chain of command could this affect the St. Louis Cardinals? If a high-ranking official became aware of the situation and instructed the hacking to stop, would they also be held accountable in the prosecution sense?
“If you have knowledge that it’s happening and you have some responsibility for it happening, meaning you’re complicit in it happening, it can go as high up as the top,” explained D’Agrosa. “In a conspiracy allegation, which is a very broad allegation, in federal prosecutions you see it very often–but you have to show that somebody reached an agreement or understanding that this crime was going to occur and they participated in it. So just knowing after the fact that it occurred, I don’t think that person has been exposed or is exposed to prosecution. But having knowledge of it before it happened and being complicit in it happening, absolutely, you could be subject to prosecution.”
Which puts us back to the situation of who did it, who else knew about it, when did they know about it, and how did they respond.
photo credit: David J. Phillip, Scott Rovak-USA TODAY Sports