COURT OF APPEALS OF VIRGINIA
Present: Chief Judge Huff, Judges Decker and AtLee
PUBLISHED
Argued at Chesapeake, Virginia
CRYSTAL GAIL RAMSEY
OPINION BY
v. Record No. 0123-15-1 CHIEF JUDGE GLEN A. HUFF
DECEMBER 29, 2015
COMMONWEALTH OF VIRGINIA
FROM THE CIRCUIT COURT OF THE CITY OF NORFOLK
Everett A. Martin, Jr., Judge
Adam M. Carroll (Wolcott Rivers Gates, on briefs), for appellant.
John W. Blanton, Assistant Attorney General (Mark R. Herring,
Attorney General, on brief), for appellee.
Crystal Gail Ramsey (“appellant”) appeals her thirteen misdemeanor convictions of
computer invasion of privacy, in violation of Code § 18.2-152.5. Following a bench trial in the
Circuit Court of the City of Norfolk (“trial court”), appellant was sentenced to 210 days in the
Norfolk City jail, with 180 days suspended. On appeal, appellant contends that “[t]he trial court
erred in finding sufficient evidence, specifically that [appellant] intentionally examined
identifying information of another person without authority through the use of a computer
network, in violation of [Code] § 18.2-152.5.” For the following reasons, this Court affirms
appellant’s convictions.
I. BACKGROUND
On appeal, “we consider the evidence and all reasonable inferences flowing from that
evidence in the light most favorable to the Commonwealth, the prevailing party at trial.”
Williams v. Commonwealth, 49 Va. App. 439, 442, 642 S.E.2d 295, 296 (2007) (en banc)
(quoting Jackson v. Commonwealth, 267 Va. 666, 672, 594 S.E.2d 595, 598 (2004)). So viewed,
the evidence is as follows.
Between August 1, 2012 and April 1, 2013, appellant, a state trooper with the Virginia
Department of State Police, ran inquiries on fifteen individuals1 using the Virginia Criminal
Information Network (“VCIN”). Some individuals, such as appellant’s girlfriend, Sara Jensen
(“Jensen”), specifically asked appellant to run inquiries on their criminal history or personal
information through VCIN. Several other inquiries that were run on other individuals were run
on appellant’s own initiation. Appellant admitted to the investigating officer, Master Trooper
Eric Bruno (“Bruno”), that the inquiries were not run for any criminal justice purpose.
In her position as a state trooper, appellant had been granted access to VCIN, which
allowed her to access DMV information, “wanted person” information, and driving records. To
access someone’s criminal history, appellant had to make inquiries through a dispatcher who,
after appellant gave the purpose for her request, would then forward her the information. The
dispatcher would not verify the validity of the request but would assume the request was made
for a proper purpose. Such was the case for one victim, Michael Evans (“Evans”), who was
Jensen’s supervisor at the time appellant made inquiry into his criminal history. To obtain
criminal history information on Evans, appellant requested dispatch to forward her Evans’s
criminal history for use in a “firearms case,” even though Evans had neither owned a firearm nor
applied or otherwise sought to acquire one. Appellant had never met Evans and had not opened
an investigation file on him.
Dispatcher Senior Tina Wilson (“Wilson”) testified that she trained appellant on the use
of VCIN. Wilson confirmed that each time a VCIN inquiry is made, the user will see a message
1
Each of these inquiries served as the basis for a separate charge. The trial court
dismissed two of these charges because one individual was deceased and there was insufficient
evidence of the existence of another individual.
-2-
that states “information obtained from VCIN may be used for criminal justice purposes only.”
Additionally, on the VCIN recertification test, which appellant took, question 7 states:
“True/False: DMV information obtained through VCIN can only be used for criminal justice
purposes.” Wilson testified further that she instructs everyone she trains that not even a person
with the highest level of access is permitted to use VCIN to run inquiries on themselves or
another person for non-criminal justice purposes. Bruno also confirmed that “[s]tate troopers are
only to use VCIN for law enforcement purposes, not to learn things about their neighbors,” or
other non-criminal justice purposes.
For running these inquiries without a criminal justice purpose, appellant was charged
with violating Code § 18.2-152.5. During trial, appellant moved to strike on the ground that the
evidence was insufficient to show she did not have authority to access the information.
Specifically, appellant argued that no manual defining the scope of authority had been submitted
into evidence and that the VCIN warning and recertification test only restrict the use of
information obtained from VCIN.
Following a bench trial, the trial court found appellant guilty of thirteen counts of
misdemeanor computer invasion of privacy. Specifically, the trial court concluded that appellant
“had no authority to examine [the] identifying information” of the thirteen individuals she ran
inquiries on and, therefore, was in violation of Code § 18.2-152.5. This appeal followed.
II. STANDARD OF REVIEW
When considering on appeal the sufficiency of the evidence presented below, we
“presume the judgment of the trial court to be correct” and reverse only if the trial court’s
decision is “plainly wrong or without evidence to support it.” Davis v. Commonwealth, 39
Va. App. 96, 99, 570 S.E.2d 875, 876-77 (2002) (citations omitted). We do not “substitute our
judgment for that of the trier of fact.” Wactor v. Commonwealth, 38 Va. App. 375, 380, 564
-3-
S.E.2d 160, 162 (2002). Rather, “the relevant question is whether, after viewing the evidence in
the light most favorable to the prosecution, any rational trier of fact could have found the
essential elements of the crime beyond a reasonable doubt.” Jackson v. Virginia, 443 U.S. 307,
319 (1979). In doing so, this Court “gives full play to the responsibility of the trier of fact fairly
to resolve conflicts in the testimony, to weigh the evidence, and to draw reasonable inferences
from basic facts to ultimate facts.” Id. In addition, any matters of statutory interpretation are
reviewed de novo on appeal. Scott v. Commonwealth, 58 Va. App. 35, 48, 707 S.E.2d 17, 24
(2011).
III. ANALYSIS
On appeal, appellant contends that the trial court erred in ruling that the evidence was
sufficient to find that she was without authority to use VCIN to examine the personal and
criminal history information of others. Appellant argues that she had the authority to access
VCIN for any purpose and that the only evidence of any limitation to this authority was the
VCIN warning and the question on the recertification test, which only restricted her use of the
information obtained from VCIN.
Under Code § 18.2-152.5(A),
[a] person is guilty of the crime of computer invasion of privacy
when he uses a computer or computer network and intentionally
examines without authority any employment, salary, credit or any
other financial or identifying information, as defined in clauses
(iii) through (xiii) of subsection C of § 18.2-186.3, relating to any
other person.
(Emphasis added). For the purposes of Code § 18.2-152.5(A), an offender acts “‘without
authority’ when he knows or reasonably should know that he has no right, agreement, or
permission or acts in a manner knowingly exceeding such right, agreement, or permission.”
Code § 18.2-152.2. “Examination” is further defined as reviewing the identifying information of
-4-
another “after the time at which the offender knows or should know that he is without authority
to view the information displayed.” Code § 18.2-152.5(A). In summary, to be convicted under
this section the evidence must establish that the offender viewed identifying information of
another “when he knows or reasonably should know” he is without right, agreement, or
permission to do so or “act[ing] in a manner knowingly exceeding such right, agreement, or
permission.” Code §§ 18.2-152.2, 18.2-152.5; see also Plasters v. Commonwealth, No.
1870-99-3, 2000 Va. App. LEXIS 473, at *3 (Va. Ct. App. June 27, 2000) (“The evidence must
establish the offender viewed the information after she knew or should have known she was
unauthorized to do so.”).
The only Virginia appellate case concerning violations of Code § 18.2-152.5 is the
unpublished decision in Plasters, 2000 Va. App. LEXIS 473. In Plasters, this Court upheld the
appellant’s conviction, concluding that the evidence was sufficient to find that the appellant, a
police dispatcher, knew she only had authority to access VCIN for criminal justice purposes. Id.
at *3. Significantly, this Court found that it is the unauthorized use of a computer or computer
network to access data that constitutes a violation of Code § 18.2-152.5, without regard to
whether the information is subsequently used. Id. at *5-6. In deciding that the appellant “knew
or should have known” that she had exceeded the scope of her authority, this Court found the
evidence was sufficient considering she knew she could not access criminal history information,
which was included in some of the inquiries she made, and considering the warning statement
that displayed every time she accessed VCIN. Id. at *4-5. This Court reasoned that the appellant
lacked the authority to view the information on VCIN for non-criminal justice reasons given that
“[h]er duties as dispatcher provided no separate reason to need or use the data” obtained and the
warning that appeared each time she used VCIN stated “any ‘information obtained from VCIN
-5-
may be used for criminal justice purposes only.’” Id. at *5-6. We find the reasoning of Plasters
to be persuasive.
The same year the General Assembly adopted Code § 18.2-152.2, Congress enacted
similar legislation, viz., the Computer Fraud and Abuse Act. 18 U.S.C. § 1030; see LVRC
Holdings LLC v. Brekka, 581 F.3d 1127, 1130 (9th Cir. 2009). In pertinent part, the federal act
is similar to Virginia’s proscription. The federal act makes it a crime to obtain information by
computer “without authorization or exceed[ing] authorized access.” 18 U.S.C. § 1030(a)(2),
(e)(6). In United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010), the Eleventh Circuit
affirmed the conviction of an employee of the Social Security Administration who accessed the
personal records of seventeen individuals using the Administration’s databases “for nonbusiness
reasons.” Id. at 1260. In his defense, the employee claimed that he did not violate 18 U.S.C.
§ 1030 because he only accessed the information through databases “he was authorized to use”
as an employee of the Administration. Id. at 1263. The court rejected the employee’s argument
as “ignor[ing] both the law and the record.” Id. The court found that evidence of the mandatory
training sessions, posted notices, and a daily computer screen banner notice established that the
Administration’s policy was to permit use of its databases “only when done for business
reasons.” Id. at 1260, 1263. The employee’s access of personal information for any reason
unrelated to his duties as an employee of the Administration was, therefore, in violation of the
plain language of the act. Id. at 1263. This ruling was not altered by the employee’s argument
that he was accessing the information as part of a “whistle-blowing operation” and that “he did
not use the information to further another crime or to gain financially.” Id. at 1260, 1262.
Affirming the employee’s conviction, the court explained “the misdemeanor penalty provision of
the Act . . . does not contain any language regarding purposes for committing the offense.” Id. at
1264. Therefore, the “use of information is irrelevant if [the employee] obtained the information
-6-
without authorization or as a result of exceeding authorized access.” Id. at 1264 (emphasis
added). “[The employee] exceeded his authorized access and the Act does not require proof that
[he] used the information to further another crime or to gain financially.” Id. at 1260.
Code § 18.2-152.5 similarly provides that “the crime of computer invasion of privacy [is
committed] when [a person] uses a computer or computer network and intentionally examines
without authority any . . . information . . . relating to any other person.” (Emphasis added). The
use to which the information may be put is not relevant. Appellant argues that the only evidence
of any limitation on her authority was the warning on the VCIN network and the question on her
recertification test but this argument ignores the testimony of both Wilson and Bruno who
confirmed that troopers are instructed during training that they are only to use VCIN for law
enforcement purposes. Appellant concedes that her “authority” to access VCIN stems from her
employment as a state trooper and to maintain this access she had to be re-certified. Wilson
testified that during such re-certification appellant was informed that one is not even permitted to
run his own information or that of family members through the system. Furthermore, the
language in the recertification test and the warning message from the network itself served as a
reminder of the department’s policy that VCIN was to be used for “criminal justice purposes”
only. Moreover, appellant understood this “criminal justice purpose” limitation on her authority
to access VCIN as evidenced by her use of a fictitious “firearms investigation” to gain access to
the criminal history of Evans. Therefore, the evidence is sufficient to find appellant was without
authority to examine the information on VCIN for non-criminal justice purposes.
-7-
IV. CONCLUSION
For the foregoing reasons, this Court affirms the ruling of the trial court and finds the
evidence was sufficient to find appellant was acting “without authority” when she used VCIN for
non-criminal justice purposes, in violation of Code § 18.2-152.5.
Affirmed.
-8-