Last week US District Court Judge Lynn Hughes handed down a 46 month prison sentence to former Major League Baseball St. Louis Cardinals director of scouting Christopher Correa for illegally hacking into the scouting records of the Houston Astros. He also must pay $279,000 in restitution.
According to court documents, Correa’s federal crimes took place in 2013 and 2014. At that time, he hacked into confidential information that was found in the online scouting databases of the Astros.
For instance, he studied the Astros’ weekly digest pages, in which he identified the team’s draft prospects and how its scouts were evaluating those players. He also read about how the Astros staff was ranking pitchers and hitters.
Further, he illegally hacked the Astros’ email system to enter what is called Ground Control, which is the private online database for the Astros.
In a plea deal with federal prosecutors, Corea admitted that he used illegal, sophisticated hacking technology to break into the systems and also to mask who and where he was.
The general manager for the Astros, Jeff Luhnow worked in the past for the Cardinals and is believed to be the link in Correa’s federal crimes. It is suspected that Correa used the credentials that Luhnow used when he worked for the Cardinals in the past.
Some insiders think that Correa’s nearly four year sentence is harsh, especially when it is considered in light of the sentences that others have gotten in high profile cases recently. For example, Stanford University swimmer Brock Turner received six months in jail for sexually assaulting an unconscious 22 year old woman. Some think that it is unusual and even shocking that Turner could get just six months for a sexual crime while Correa gets nearly four years for a white collar crime.
However, others say that it is necessary to look at the specific laws that were broken in each case. The sentence for the swimmer might seem light at first glance, but it is based upon the state laws of California as they stand today.
In Correa’s case, he broke the federal Computer Fraud and Abuse Act, or CFAA. This law outlaws unauthorized access into the computer of another business with the intent to steal data. The CFAA is a very serious law and those who break it are guilty of a major federal crime. First time offenders may get up to five years in federal prison.
The CFAA first became controversial in 2013, when an Internet activist named Aaron Swartz killed himself after he allegedly downloaded academic articles illegally. He was charged with 11 counts for violating this law and also faced decades in prison.
The sentence that Correa got was actually a lot less than he could have gotten. Each of the five counts we was charged with carried a sentence of five years, so he could have gotten 25 years. He was a first time offender and he accepted responsibility for what he did, so we would not get the maximum sentence.
Further, 46 months also is consistent with federal sentencing guidelines as of 2016. Court documents state that he caused $1.7 million in damages, so the guidelines find that he should get a sentence from 36-48 months. He could also serve less than 46 months if he behaves well while in federal prison. Correa may be able to leave prison after serving only 39 months.
It is not likely that Correa will appeal; he has pleaded guilty and admitted to illegally accessing the computers of the Astros so he would not be able to appeal now even if he wanted to.
According to US Attorney Ken Magidson, he is pleased with the sentence. He noted that what Correa did is a serious federal crime and involves both computer crime and cybercrime. Also, he stated that all attorneys in the US Attorney’s office look at all computer crimes that try to gain an unfair advantage to be very serious in nature.
After this sentence, now Major League Baseball has to decide if it is going to sanction the Cardinals for Correa’s crimes. The MLB commissioner also will need to consider that Correa actually broke into the Astros systems far more than the 5 times he was charged with; he actually accessed the system illegally 60 times.
About Computer and Internet Crimes
Federal computer and Internet fraud laws are designed to protect both people and entities from having assets, personal property and personal data stolen by people online. There are many types of online fraud and cybercrime that can be prosecuted by federal prosecutors.
For example, a person can be charged with intentionally accessing a computer system without prior authorization in order to obtain any sort of private information from that computer. That is similar to what Correa was charged with in the above case.