United States v. Hatala, No. 13-613-cr (2d Cir. Jan. 15, 2014) (Calabresi, Raggi, and Droney) (summary order), available here
Convicted of fraud in connection with identification information, see 18 U.S.C. § 1028(a)(7), Hatala was sentenced to 30 months in prison. This summary order affirms the sentence as procedurally and substantively reasonable.
First, the district court properly applied a two-level enhancement for using "sophisticated means" to commit the fraud. The court found that Hatala used a sophisticated program and hacking technique to commit his crime, stole hundreds of thousands of usernames and password combinations, and deployed his extensive knowledge of computer programming and database systems to bypass professionally-designed security systems. Accordingly, the "sophisticated means" enhancement was proper.
Second, the district court did not improperly "double count" by applying both the "sophisticated means" enhancement and other enhancements for loss and use of an access device. "Although loss amount and the use of sophisticated means are often linked, they 'aim at different harms.'" Thus, no impermissible double counting took place.
Third, the government was not judicially estopped from encouraging the district court to apply the sophisticated means enhancement. Assuming estoppel applies to the government in criminal cases, no estoppel was warranted because the government did not seek the enhancement, but only responded to an inquiry about the enhancement by providing relevant factual history.
Finally, given all the factors, the 30-month sentence was not substantively unreasonable.