[00:00:01] Speaker 01:
Good morning, everyone.

[00:00:04] Speaker 01:
Welcome to this 11 a.m.

[00:00:08] Speaker 01:
session.

[00:00:08] Speaker 01:
We've got one case for submission.

[00:00:11] Speaker 01:
Welcome Judge Ana de Alva, who will be appearing by video, and Judge McEwen, and I will be presiding.

[00:00:21] Speaker 01:
The one case we have is number 23927, United States of America versus Sullivan.

[00:00:28] Speaker 01:
Mr. Mazer.

[00:00:34] Speaker 01:
Who's up first?

[00:00:36] Speaker 01:
OK, Mr. Cariello.

[00:00:38] Speaker 01:
Yes, thank you.

[00:00:46] Speaker 00:
May it please the court, Chris Cariello for defendant Joe Sullivan.

[00:00:50] Speaker 00:
I'd like to reserve five minutes of my time for rebuttal.

[00:00:54] Speaker 00:
This case is an unprecedented attempt to hold an individual criminally liable for the way a company handled and reported a cybersecurity incident, and both of the resulting convictions exceed the law's limits.

[00:01:07] Speaker 00:
On the obstruction of justice charge, the jury was never informed of two key limitations on section 1505, the nexus requirement and the duty requirement.

[00:01:16] Speaker 00:
These requirements together undermine the entire conviction and require reversal, but at a minimum,

[00:01:22] Speaker 00:
Each of these errors infects one of the government's core theories of guilt and require a new trial.

[00:01:28] Speaker 00:
And as for the misprision of felony charge, cases like this are exactly why that's such a maligned offense.

[00:01:34] Speaker 00:
The government accused Mr. Sullivan of concealing a crime under the Computer Fraud and Abuse Act, a notoriously unclear statute that had never been applied in these circumstances in history at the time.

[00:01:46] Speaker 00:
Neither of these convictions can stand.

[00:01:49] Speaker 00:
Your Honor, turning first to the obstruction charge and the nexus requirement, simply put, the jury convicted Mr. Sullivan of obstruction of justice without hearing about an element of the offense.

[00:02:00] Speaker 00:
The government now admits that Section 1505 carries a nexus requirement, but claims it's essentially this trivial limit implicit in the other elements.

[00:02:07] Speaker 00:
That is wrong, Your Honors.

[00:02:09] Speaker 00:
It's a freestanding objective requirement.

[00:02:11] Speaker 00:
Maranello, Arthur Anderson, and Aguilar are treated as a freestanding requirement.

[00:02:15] Speaker 00:
I'd urge this court to look at United States versus Lonech.

[00:02:18] Speaker 00:
That's this circuit's law adopting the nexus requirement or recognizing the application of the nexus requirement under 1512C.

[00:02:25] Speaker 01:
How is the nexus requirement different from the use of the preposition to obstruct the pending proceeding?

[00:02:32] Speaker 01:
What does it add?

[00:02:33] Speaker 00:
It adds essentially a proximate cause requirement.

[00:02:36] Speaker 00:
It demands this connection, this objective connection between conduct and a proceeding.

[00:02:41] Speaker 00:
So I was talking about the case of United States versus Lonich.

[00:02:44] Speaker 00:
In that case, when the court adopts or recognizes the nexus requirement in 1512C, the way that it analyzes it is as requiring one connection to two a proceeding, and that's separate from any intent requirement.

[00:02:58] Speaker 00:
If you go all the way back to Aguilar, I think that's very clear

[00:03:02] Speaker 00:
in the court's analysis there.

[00:03:03] Speaker 03:
So consider the facts.

[00:03:06] Speaker 03:
That's true, Your Honor.

[00:03:10] Speaker 00:
Aguilar is not discussing jury instructions.

[00:03:13] Speaker 00:
Arthur Anderson is.

[00:03:14] Speaker 00:
Another case that discusses Nexus jury instructions takes them very seriously and in fact vacates a conviction.

[00:03:20] Speaker 00:
is quatrone in the Second Circuit, which says 1505 carries a nexus requirement and then spends pages analyzing that requirement and how it needs to be charged to the jury.

[00:03:29] Speaker 03:
But I understand, I mean, from looking at the record, and correct me if I'm wrong, you didn't provide a definition of nexus, correct?

[00:03:38] Speaker 00:
Well, all we asked for is that the jury be charged on their the requirement of a nexus between conduct.

[00:03:43] Speaker 03:
So the answer is no, you didn't.

[00:03:45] Speaker 00:
We didn't.

[00:03:46] Speaker 00:
We didn't.

[00:03:46] Speaker 03:
You said you wanted the word nexus in there.

[00:03:49] Speaker 00:
That's correct.

[00:03:50] Speaker 00:
That's all we asked for.

[00:03:51] Speaker 00:
But that is a requirement.

[00:03:52] Speaker 00:
And again,

[00:03:53] Speaker 00:
I think the jury would gather from that exactly what United States versus Lanich defined the freestanding element as, a connection to a proceeding.

[00:04:03] Speaker 01:
Back to Aguilar.

[00:04:05] Speaker 01:
Again, the instruction already says a connection to a proceeding.

[00:04:11] Speaker 00:
For the intent requirement.

[00:04:12] Speaker 00:
There needs to be a corrupt intent to affect a proceeding, but under Aguilar, that is a separate requirement from the nexus requirement.

[00:04:21] Speaker 00:
The example Aguilar gives is really illuminating here.

[00:04:24] Speaker 00:
The example of two spouses and the husband has committed a crime, knows there is a pending investigation of that crime, and tells his wife a lie about where he was because he's thinking, well, in that pending investigation, they will interview me.

[00:04:38] Speaker 00:
The intent

[00:04:39] Speaker 00:
of the husband in that hypothetical is to affect the proceeding.

[00:04:43] Speaker 00:
That is exactly the purpose of telling his wife that.

[00:04:47] Speaker 00:
But what the court says is that conduct is too equivocal.

[00:04:49] Speaker 00:
It doesn't have that connection of natural and probable effect.

[00:04:53] Speaker 00:
And the key words there in Aguilar are might or might not.

[00:04:57] Speaker 00:
Those are the key causal words.

[00:05:00] Speaker 00:
And when you apply that standard to this case,

[00:05:03] Speaker 00:
The conduct that the government charged Mr. Sullivan with, so much of it took place while he's responding with his team to the 2016 security incident.

[00:05:13] Speaker 00:
So that's an ancillary context, far more ancillary than the FBI interview and Aguilar, and then all of the conduct

[00:05:22] Speaker 00:
Is it conceivable that maybe the cookie would crumble in a certain way that it prevents the FTC from learning about something?

[00:05:29] Speaker 00:
Perhaps it's conceivable, but it might not, because it depends on so many factors, and that attenuated chain of ifs, the fact that 30 people are aware of this incident, the CEO is aware of the incident, and none of them, none of them testified that they were told to lie to the FTC or to conceal anything from the FTC.

[00:05:47] Speaker 03:
Well, on the jury instruction point,

[00:05:49] Speaker 03:
It seems to me that, you know, you get the standard instruction, and then you also have this Bagot case, which seems to be on all fours with the situation here.

[00:06:01] Speaker 03:
And you didn't need to have the word nexus in there to comply with the Ninth Circuit law.

[00:06:12] Speaker 03:
So we're bound by Bagot or Bagot.

[00:06:17] Speaker 03:
And if you agree with that, where do we go?

[00:06:19] Speaker 03:
How do we adopt your position?

[00:06:22] Speaker 00:
Your Honor, we fully acknowledge that Begat forecloses our position.

[00:06:25] Speaker 00:
We're asking this panel to essentially overrule circuit precedent.

[00:06:28] Speaker 03:
And you know we can't do that, so it's probably more productive to move on.

[00:06:33] Speaker 03:
And I appreciate that your candor.

[00:06:37] Speaker 00:
Understood, Your Honor, and we do think the Court can do it because of Maranello, Arthur Anderson, and the Aguilar line of cases.

[00:06:44] Speaker 00:
But I fully acknowledge that this is a really high bar to overrule circuit precedent.

[00:06:48] Speaker 00:
I would just note, as I move on to my next point, how consequential the nexus requirement is on the facts of this case.

[00:06:55] Speaker 00:
a reasonable jury absolutely could have rejected the government's theory with a properly instructed nexus requirement.

[00:07:02] Speaker 00:
And there's bad law in the books that really ought to be examined at some stage of these proceedings.

[00:07:06] Speaker 00:
But moving on to our second round for- Council?

[00:07:09] Speaker 00:
Yes.

[00:07:10] Speaker 02:
Council, I'm sorry.

[00:07:10] Speaker 02:
This is Judge Dabba.

[00:07:11] Speaker 02:
I know I'm on video, so it's a little bit more difficult.

[00:07:14] Speaker 02:
I just need some clarification.

[00:07:16] Speaker 02:
Am I correct that Sullivan never informed Uber's general counsel about the breach?

[00:07:21] Speaker 00:
Yes, there was testimony in the record that Mr. Sullivan never affirmatively informed the general counsel.

[00:07:26] Speaker 00:
I would hasten to add

[00:07:28] Speaker 00:
there is no dispute that Mr. Sullivan informed the CEO of the company.

[00:07:32] Speaker 00:
And, Sal, you, who was the general counsel, testified it was the prerogative and the CEO was in position to inform the general counsel.

[00:07:40] Speaker 02:
But you are not.

[00:07:41] Speaker 02:
Okay, and now I just need some clarification on how that bug bounty program works.

[00:07:46] Speaker 02:
So, do you get to, you meaning your client, or Uber, get to decide, hey, the bug bounty program is working right now, so if anybody finds a really juicy

[00:07:58] Speaker 02:
issue with our computing system, we'll just use that to kind of not have to tell the FTC.

[00:08:07] Speaker 02:
Or is it, hey, the bug bounty program is working right now.

[00:08:09] Speaker 02:
You have a month, hackers, to find something and let us know about it.

[00:08:13] Speaker 00:
The way the bug bounty system works is it's a sort of blanket invitation.

[00:08:17] Speaker 00:
So at 1784, Rob Fletcher, who was on Mr. Sullivan's team, explains this.

[00:08:22] Speaker 00:
It's essentially an open invitation to, quote, anybody on the internet.

[00:08:26] Speaker 00:
And then the policy says to report any vulnerability that could affect Uber's users.

[00:08:31] Speaker 00:
So it's an open invitation, and it sets certain conditions.

[00:08:35] Speaker 00:
And what happened here, Uber had always understood.

[00:08:37] Speaker 00:
Rob Fletcher testified to this.

[00:08:38] Speaker 00:
Colin Green testified to this.

[00:08:40] Speaker 00:
The guidelines are flexible.

[00:08:42] Speaker 00:
It's Uber's system.

[00:08:43] Speaker 00:
It's Uber's program.

[00:08:44] Speaker 00:
And Uber is making decisions about what's in its interest and trying to align those interests with researchers in the real world who are discovering vulnerabilities.

[00:08:52] Speaker 00:
So that's essentially how the Bug Bounty program operates.

[00:08:55] Speaker 01:
But Mr. Cariello, it seemed like the hackers did more than accept Uber's invitation.

[00:09:00] Speaker 01:
When you speak of it as an invitation, there are terms on the invitation.

[00:09:03] Speaker 01:
They didn't accept the invitation.

[00:09:05] Speaker 01:
They did something different.

[00:09:07] Speaker 01:
And I guess my concern is, how are we supposed to distinguish this post-hack ratification theory from the cover-up that the government charged?

[00:09:19] Speaker 00:
Your honor, the answer is you don't need to do that, because all that's an issue here in this appeal is what Mr. Sullivan understood to be the reality, what Mr. Sullivan understood to be the case.

[00:09:31] Speaker 00:
So in this instance, they had a situation that they wanted to use their bug bounty program.

[00:09:37] Speaker 00:
There's no dispute that Uber wanted to use the bug bounty program.

[00:09:39] Speaker 01:
And this is a sufficiency evidence challenge on this.

[00:09:42] Speaker 00:
It is, but it's a high bar, because if we're talking about, I think we're talking, we've moved on to misprision of felony.

[00:09:48] Speaker 00:
Right.

[00:09:48] Speaker 00:
And when we're talking about the misprision challenge, what Chambrone has said, what Olson has said, is that it needs to be clear-cut, it needs to be full knowledge of criminal conduct.

[00:09:59] Speaker 00:
So there needs to be clear-cut knowledge of Mr. Sullivan's understanding.

[00:10:02] Speaker 00:
And so on this record, there's certainly not that level of understanding because you have several markers about what Uber understood to be its prerogative to authorize the researcher's conduct here.

[00:10:17] Speaker 00:
And these are undisputed facts in the record.

[00:10:19] Speaker 00:
First, Craig Clark, Uber in-house counsel who's responsible for cybersecurity, it's his job to evaluate the company's legal obligations with respect to cybersecurity, testifies that his view

[00:10:32] Speaker 00:
was that once you do a bug bounty agreement, for all intents and purposes, the access is authorized.

[00:10:38] Speaker 00:
That's the person in charge of advising the security team, testifies to precisely that understanding.

[00:10:44] Speaker 00:
Second, 11 witnesses at trial.

[00:10:47] Speaker 00:
were there at the time and were on the security team.

[00:10:50] Speaker 00:
The government could have asked every single one of them, do you disagree with Mr. Clark?

[00:10:54] Speaker 00:
Do you disagree with that legal advice that the security team was operating under?

[00:10:58] Speaker 00:
Did you think after the bug bounty, Glover and Miraker were unauthorized?

[00:11:01] Speaker 00:
Asked none of them, and not a single person who was there testified in this record.

[00:11:06] Speaker 00:
After the bug bounty, we thought that they were still unauthorized.

[00:11:09] Speaker 00:
No one.

[00:11:10] Speaker 00:
And third, Your Honors, in history, at the time, no one ever

[00:11:15] Speaker 00:
had been prosecuted after a bug bounty agreement, because presumably the understanding, at least the understanding on the security team was, you're authorized after that.

[00:11:26] Speaker 00:
So there's nothing in the real world where people are constantly getting in trouble after a bug bounty agreement.

[00:11:31] Speaker 00:
It had never happened.

[00:11:32] Speaker 03:
Right.

[00:11:32] Speaker 03:
But it seems to me that before the access, they didn't really qualify for this bug bounty program.

[00:11:43] Speaker 03:
what I want to say, retroactive pasting over.

[00:11:46] Speaker 03:
So that is what's troubling here.

[00:11:49] Speaker 00:
Your Honor, I understand that.

[00:11:50] Speaker 00:
And this goes to Judge Johnstone's question, I think, too, about the access initially going outside of the conditions.

[00:11:56] Speaker 00:
That is absolutely correct.

[00:11:57] Speaker 00:
These Glover and Meereker were outside of the conditions when they did this.

[00:12:02] Speaker 00:
They hadn't properly accepted the bug bounty conditions.

[00:12:05] Speaker 00:
However, this record is unmistakable.

[00:12:08] Speaker 00:
At 1788, 98, and 99, Rob Fletcher testifies the guidelines are flexible.

[00:12:14] Speaker 00:
Testifies if somebody violates the guidelines, it would not be out of the ordinary for Uber to modify those guidelines and treat it as a bug bounty.

[00:12:22] Speaker 00:
Colin Green, 3053 of the record.

[00:12:25] Speaker 00:
The rules exist in service of the Bug Bounty Program.

[00:12:29] Speaker 00:
Uber could treat it as a bug bounty if it wanted to.

[00:12:32] Speaker 00:
I hasten to add, when we're talking about Mr. Sullivan's understanding of the situation, his knowledge, the question is not whether they are correct.

[00:12:41] Speaker 00:
The question is whether they reasonably believed that.

[00:12:44] Speaker 00:
And the record is unmistakable that the security team reasonably believed that it was Uber's prerogative to modify its own guidelines and use a bug bounty.

[00:12:52] Speaker 00:
And once they've done so, the only question after that is what's the effect?

[00:12:57] Speaker 01:
Well, I guess what do you say to the, I believe the government makes the argument that 1030 has a time component, that the concern is when the hack occurs, is it authorized?

[00:13:11] Speaker 01:
And that a policy that would provide flexibility and later ratification of hacks basically guts the purpose of the statute.

[00:13:20] Speaker 00:
Your Honor, a few points there.

[00:13:21] Speaker 00:
First of all, nothing on the text of the statute carries this time component.

[00:13:24] Speaker 00:
In fact, I'd urge the court to look at

[00:13:27] Speaker 00:
Subparagraph one of 1030, right above subparagraph two that we're talking about, that subparagraph says anyone having access to a computer without authorization and doing something, that's what the government is getting at.

[00:13:41] Speaker 00:
Congress made a different choice in subparagraph two.

[00:13:43] Speaker 00:
It doesn't have that clear temporal limitation.

[00:13:46] Speaker 01:
But thereby obtains.

[00:13:48] Speaker 01:
There's no doubt, although this is part of the information that was suppressed,

[00:13:55] Speaker 01:
the hackers obtained data from the hack initially.

[00:14:01] Speaker 00:
That's correct.

[00:14:02] Speaker 01:
So why doesn't thereby do that work?

[00:14:04] Speaker 00:
Intentionally accesses a computer without authorization and thereby obtains... So, Your Honor, I don't want to push the point too far because that question is not what's before this court.

[00:14:13] Speaker 00:
What's before this court is whether it could reasonably be read the way Craig Clark, who is Uber in-house counsel in charge of this,

[00:14:21] Speaker 00:
read it the way that 11 people did not contradict, that it could be read to permit post access authorization.

[00:14:28] Speaker 00:
We think the better reading of the statute authorization is unlimited, but that's not the question here.

[00:14:34] Speaker 00:
The question is just whether that's a reasonable reading of the statute.

[00:14:38] Speaker 00:
Your Honor mentioned before the government's policy.

[00:14:40] Speaker 01:
Isn't it a question of whether, well, okay, but that's situated within the rational juror standard for a sufficiency challenge.

[00:14:48] Speaker 00:
The question is whether a reasonable juror could find that Mr. Sullivan had a clear-cut understanding that he was concealing criminality.

[00:14:55] Speaker 00:
And in a world where no one in history had ever been prosecuted for this, where the in-house counsel assigned to Mr. Sullivan's team is of the view that it wasn't criminal conduct after the bug bounty and not a single person testified otherwise that that was their view, you can't have that kind of certainty that Mr. Sullivan believed that.

[00:15:13] Speaker 00:
In fact, the opposite inference is far more powerful on this record.

[00:15:17] Speaker 03:
The government tries to rate... That seems to me to be the jury argument, and now we're

[00:15:24] Speaker 03:
post-conviction, and so that is the hill that you have to climb.

[00:15:29] Speaker 00:
Your Honor, I understand.

[00:15:32] Speaker 00:
I think the three factors that I've been emphasizing create unmistakable doubt.

[00:15:36] Speaker 00:
We cited the Martinez case for the proposition that when you have undisputed evidence that creates doubt, the government needs something that's more than weak and ambiguous, and weak and ambiguous is all they have here.

[00:15:46] Speaker 00:
But I do take Your Honor's point, and I will move on to the new trial ground.

[00:15:52] Speaker 00:
with your Honor's indulgence, which I'd like to spend just one minute on before I sit down.

[00:15:57] Speaker 01:
I don't think we've allowed you to get to the duty to disclose, so we'd appreciate it.

[00:16:03] Speaker 01:
I think we took you over to the knowledge point before you're finished with that.

[00:16:06] Speaker 00:
Absolutely.

[00:16:07] Speaker 00:
So I can turn back to omissions now first before doing the plea, if that's helpful.

[00:16:11] Speaker 00:
So the second ground on which this court can and should order at a minimum a new trial is that the court

[00:16:19] Speaker 00:
failed to instruct on a duty to disclose.

[00:16:21] Speaker 00:
And I think the first most important question before this court, as it comes to this court upon the briefing, is did the government submit an inaction-based theory, a freestanding inaction-based theory that would necessitate this duty instruction?

[00:16:35] Speaker 00:
It absolutely did.

[00:16:37] Speaker 00:
ER 33-74, the government says to the jury, a critical passage, the question, quote, presented to you is, quote, did the defendant do anything

[00:16:48] Speaker 00:
or, disjunctive, intentionally fail to do something because he didn't want the FTC to find out.

[00:16:55] Speaker 00:
That is the government saying at 3374, they say again at 3438, jury, if you reject our affirmative conduct theory, you can also convict based on inaction.

[00:17:06] Speaker 00:
That's why we asked for this instruction and United States versus Shields stands for the proposition that where the government submits that kind of inaction-based theory,

[00:17:15] Speaker 00:
And where there is a risk that a jury, a lay jury, won't understand this legal concept of the difference between a kind of criminal omission and bear in action, it's error to not give the instruction.

[00:17:27] Speaker 00:
And that's why we asked for the instruction.

[00:17:28] Speaker 03:
What about a conviction under 2B, Section 2B?

[00:17:32] Speaker 00:
Section 2B is what the government has argued is sort of the panacea for this omissions-based theory.

[00:17:38] Speaker 00:
To begin with, it would be quite extraordinary if what the government is saying about Section 2B were true, that there literally needs to be no duty at all of the defendant, can be a pure bystander and not say something.

[00:17:52] Speaker 00:
And as long as the bystander has a guilty mind and could have stopped someone else from committing a crime, then that individual is guilty.

[00:17:59] Speaker 03:
What's your best support for the fact that somehow 2B requires this duty to disclose?

[00:18:06] Speaker 00:
So I think the best support for that is the backdrop principle that we cited several times, that criminal conduct inherently requires either action or an omission absent of duty.

[00:18:17] Speaker 00:
But, Your Honor, I think there's an easier answer to the Section 2B theory and an easier reason that the jury could have and, in fact, we think would have had to reject it.

[00:18:25] Speaker 00:
And that's United States versus Singh.

[00:18:27] Speaker 00:
The fact pattern in United States versus Singh

[00:18:30] Speaker 00:
is you have the defendant, a political campaign, and the Federal Election Commission.

[00:18:34] Speaker 00:
And the theory there is a bit similar to this one.

[00:18:37] Speaker 00:
It's because the defendant didn't tell the political campaign something, the political campaign didn't tell the Federal Elections Commission.

[00:18:43] Speaker 00:
In the one instance in United States versus Singh where the defendant said to the political campaign, and this is all the defendant said,

[00:18:50] Speaker 00:
It's been taken care of, of the source of the funding.

[00:18:54] Speaker 00:
This court reversed the conviction on sufficiency grounds.

[00:18:59] Speaker 00:
It's been taken care of.

[00:19:00] Speaker 00:
In this record, the evidence that Mr. Sullivan informed Uber, informed the chief executive officer of Uber of the fact of the 2016 incident is overwhelming.

[00:19:12] Speaker 00:
At ER 514, at the outset of the matter, Mr. Sullivan sends Mr. Kalanick an email and says, this is going on.

[00:19:19] Speaker 00:
ER 515, I'd urge this court to look at that page of the record.

[00:19:23] Speaker 00:
Mr. Kalanick is not only aware of the situation, is managing the situation.

[00:19:27] Speaker 00:
This is the CEO of the company, is aware.

[00:19:30] Speaker 00:
And then at ER 539, the bookend, when the bug bounty agreement is signed, Mr. Sullivan sends it to his boss, the chief executive officer.

[00:19:38] Speaker 00:
That is so much more than the taken care of.

[00:19:40] Speaker 00:
that required reversal in the United States versus Singh.

[00:19:44] Speaker 00:
And so at an absolute minimum, a reasonable jury that is charged with either the Nexus instruction or charged with a duty to disclose instruction could have come out a different way.

[00:19:55] Speaker 00:
This is a harmless error standard.

[00:19:56] Speaker 00:
The government would have to show a harmless error beyond a reasonable doubt.

[00:19:59] Speaker 00:
And the Section 2B theory is nowhere near ironclad enough to supply that beyond a reasonable doubt.

[00:20:05] Speaker 01:
Mr. Cariello, do you want to reserve your remaining time?

[00:20:08] Speaker 00:
I will do so, thank you.

[00:20:09] Speaker 01:
Okay, thank you.

[00:20:20] Speaker 01:
Now, Mr. Mazur.

[00:20:28] Speaker 04:
Good morning, Your Honor, and may it please the Court.

[00:20:31] Speaker 04:
My name is Ross Mazur, and I represent the United States.

[00:20:36] Speaker 04:
It's undisputed that this case presents a flagrant example of obstruction of justice, and there is no merit to the defendant's argument that he wasn't the one responsible.

[00:20:47] Speaker 04:
Let me start with the nexus argument.

[00:20:49] Speaker 04:
The Nexus argument fails for two independent reasons.

[00:20:53] Speaker 04:
First, because the defense position is foreclosed by this court's decision in Begat, and second, because any error in not instructing on Nexus would have been harmless.

[00:21:05] Speaker 04:
Now, as to the foreclosure argument, you know... I think he's acknowledged that.

[00:21:13] Speaker 03:
Right, and... I don't know that you need to spend your time on it.

[00:21:16] Speaker 03:
I thought he was very candid about that.

[00:21:19] Speaker 04:
It is.

[00:21:19] Speaker 04:
I would only add that to the extent there's any plausible appeal to their argument.

[00:21:24] Speaker 03:
You're not getting the suggestion, apparently.

[00:21:27] Speaker 04:
It would have been put to rest by Fisher.

[00:21:29] Speaker 04:
Let me move on.

[00:21:33] Speaker 04:
So with the court's indulgence, I'll turn to the duty to disclose argument.

[00:21:40] Speaker 04:
And the text of 1505 and of 1515b

[00:21:45] Speaker 04:
which defines the term corruptly for purposes of 1505 defeats the defendant's argument.

[00:21:52] Speaker 04:
1505 requires an endeavor to obstruct justice, the term endeavor connoting act of conduct.

[00:22:02] Speaker 04:
And then 1515 defines the term corruptly to mean acting with an improper purpose such as

[00:22:09] Speaker 04:
by withholding or concealing information.

[00:22:12] Speaker 04:
So this is the unusual statute where Congress has actually enumerated actions that satisfy the obstruction provision.

[00:22:22] Speaker 04:
So by its nature, 1505 only applies to affirmative conduct.

[00:22:29] Speaker 04:
Congress has made that decision.

[00:22:33] Speaker 04:
Now the defense does argue that, you know, if that were the correct interpretation of 1505, then the statute would effectively be boundless.

[00:22:43] Speaker 04:
But that's just not true.

[00:22:47] Speaker 04:
An employee, for example, would have to know the information being sought by the proceeding, would have to know its significance, would have to know that it's being withheld,

[00:22:59] Speaker 04:
would have to share in the companies or the executives specific intent to obstruct the agency proceeding.

[00:23:08] Speaker 04:
And so it's, especially given that the very high level of mens rea, it's just not true that the government's reading a 1505.

[00:23:16] Speaker 02:
Council, this is Judge Salvo.

[00:23:18] Speaker 02:
I don't know if you can hear me.

[00:23:19] Speaker 02:
I apologize.

[00:23:20] Speaker 02:
I know with the video it's a little bit difficult.

[00:23:22] Speaker 02:
Can you tell me specifically what the government, what specific omissions the government thinks amounted to concealment?

[00:23:31] Speaker 04:
I'm sorry, Your Honor.

[00:23:32] Speaker 04:
Would you say that one more time?

[00:23:34] Speaker 02:
Absolutely.

[00:23:35] Speaker 02:
What are the specific omissions on behalf of Sullivan, omissions that Sullivan did, that you think amount to concealment?

[00:23:46] Speaker 04:
Well, I would resist the characterization that any of this is omissions.

[00:23:50] Speaker 04:
Like I said, I think 1505 and 1515 squarely define withholding and concealing information as affirmative acts of obstruction.

[00:24:01] Speaker 04:
But there was overwhelming evidence that the defendant, for over 10 months,

[00:24:08] Speaker 04:
falsified documents, authorized hush money, engineered a series of affirmative misstatements to the FTC.

[00:24:16] Speaker 04:
He lied during internal investigations and 10 days

[00:24:20] Speaker 04:
After he gave sworn testimony before the FTC, he learned that many of the representations he had made were false, including representations about the remedial measures Uber had taken to fix the problems that led to the 2014 data breach, the same data breach that occasioned the FTC investigation in the first place.

[00:24:41] Speaker 04:
And over the course of the next 10 months,

[00:24:44] Speaker 04:
The defendant did everything to silo information.

[00:24:47] Speaker 04:
He never informed the lawyers at the company who were responsible for handling the FTC investigation that there had been

[00:24:57] Speaker 04:
an unprecedented data breach.

[00:25:00] Speaker 04:
He never told the A team, that's at ER 2449.

[00:25:03] Speaker 04:
He never told the general counsel to whom he reported in his role as deputy general counsel, that's at ER 2399, 2402.

[00:25:12] Speaker 04:
He never told FAM, that's the chief technology officer, that's at

[00:25:16] Speaker 04:
15 to 17.

[00:25:17] Speaker 04:
He never told Candace Kelly, one of the in-house lawyers responsible for the FTC investigation.

[00:25:23] Speaker 04:
That's at ER 2688.

[00:25:24] Speaker 04:
He never told Sabrina Ross, another in-house lawyer responsible for the investigation.

[00:25:29] Speaker 04:
That's at ER 1904, 1909, and I could go on and on.

[00:25:34] Speaker 04:
Now, the defense...

[00:25:36] Speaker 04:
I'm sorry.

[00:25:37] Speaker 02:
I'm sorry.

[00:25:37] Speaker 02:
I need a follow-up question then because you mentioned he authorized hush money.

[00:25:42] Speaker 02:
Your friend on the other side talks about that as being just a payment for a bug bounty, which is a perfectly legal thing for Uber to do to try to get, you call them hackers, they call them investigators, but to get folks to be able to do work for them and be able to figure out if there's issues with their computer systems.

[00:26:03] Speaker 02:
At what point,

[00:26:04] Speaker 02:
Does it stop being bug bounty and start being unauthorized hush money?

[00:26:11] Speaker 04:
I think that presents some interesting issues, Judge Diabla.

[00:26:15] Speaker 04:
But none of the, you know, there may well be difficult line drawing questions about where bug bounty

[00:26:23] Speaker 04:
ends and where 1030 might begin, but none of those issues are even close to being presented in this case.

[00:26:31] Speaker 04:
Now, as defense counsel emphasized, it's true that the bug bounty program that Uber advertised to the public was flexible, but that flexibility came in at the front end.

[00:26:42] Speaker 04:
If you look at the terms of the program itself, it was written in a flexible way.

[00:26:46] Speaker 04:
We don't have to get to retroactive authorization, but the program did have a few

[00:26:51] Speaker 04:
limitations, a few categorical rules.

[00:26:55] Speaker 04:
And maybe the most striking was that the policy excluded using an AWS access key to download data.

[00:27:03] Speaker 04:
And there is no question that that is precisely what Marriachri and Glover, the two hackers, did in this case.

[00:27:10] Speaker 04:
They violated one of the few cardinal, non-flexible rules in Uber's bug bounty program.

[00:27:16] Speaker 04:
And so the fact that the program may be flexible within certain limits does not change the fact that this was not a bug bounty.

[00:27:23] Speaker 04:
And what's more is nobody at Uber, even the defendant, really thought this was a bug bounty.

[00:27:29] Speaker 04:
In order to use a bug bounty as a charade for covering up what happened here, the defendant had to reinvent Uber's entire policy, change it from a public bug bounty program to a private one, increase the maximum payment from $10,000 to $100,000, get Hacker One to waive the normal requirement of

[00:27:53] Speaker 04:
of insisting on a payee's tax information and just pay out the $100,000 and then have Uber investigators for the next several weeks track down the hackers because they hadn't identified them yet in order to get them to sign a new NDA which still contained false terms about what they had done.

[00:28:14] Speaker 04:
None of that resembles a bug bounty.

[00:28:17] Speaker 04:
Now, you know, in response to your question, Judge D'Alba, the government firmly believes

[00:28:22] Speaker 04:
that bug bounty programs are important, they're a useful tool to the tech community, and we think that by affirming the judgment in this case, you can actually uphold the integrity of actual bug bounties, which is not what happened here.

[00:28:38] Speaker 04:
Now the defense relies very heavily on testimony by Craig Clark, this is on page 2109 of the excerpts of record, that if something is a bug bounty, then it's not a reportable crime.

[00:28:50] Speaker 04:
I would urge the court to look at exactly that page and to look at Clark's testimony.

[00:28:56] Speaker 04:
What he said was that, first of all, he was talking about state notification laws, not the FTC.

[00:29:07] Speaker 04:
And he acknowledged in a separate piece of testimony that he had no idea what the implications were of a bug bounty for the FTC.

[00:29:14] Speaker 04:
He just didn't know.

[00:29:15] Speaker 04:
And that's at ER 2114 to 15.

[00:29:18] Speaker 04:
What he said also is that if there is an actual bug bounty, it's not reportable.

[00:29:26] Speaker 04:
He did not say that if something happens that Uber characterizes as a bug bounty, it's not reportable.

[00:29:32] Speaker 04:
But only if something actually falls within the bug bounty definition, it wouldn't be reportable by definition under state notification laws, not the FTC, which he had no idea about.

[00:29:44] Speaker 04:
The defense has mischaracterized Clark's testimony

[00:29:49] Speaker 03:
I want to go back on this duty to disclose, you argue it seems in the alternative we could just go to section 2B.

[00:29:58] Speaker 03:
Would you elaborate on that argument?

[00:30:02] Speaker 04:
Yeah, under 2B, the defendant can be liable for causing an act that would have been a crime if the actor had the requisite intent.

[00:30:10] Speaker 04:
And even if the defendant didn't personally submit false statements to the FTC, he certainly caused others at Uber to submit those statements.

[00:30:20] Speaker 04:
And as an alternative argument to our primary argument that detects the 1505 and 1506

[00:30:26] Speaker 04:
15 foreclosed the defendant's argument, the court could also affirm under 2B.

[00:30:34] Speaker 04:
The defense certainly hasn't cited anything to show that 2B would require a duty to disclose.

[00:30:42] Speaker 04:
It's also true that the court should reject the duty to disclose argument because any error would have been harmless.

[00:30:50] Speaker 04:
For one thing, the defendant had a duty to disclose.

[00:30:53] Speaker 04:
He was uniquely situated to understand what happened here.

[00:30:57] Speaker 04:
He was the chief security officer and deputy general counsel at Uber.

[00:31:01] Speaker 04:
He was responsible for responding to the hack and to the FTC investigation.

[00:31:07] Speaker 04:
Uber designated him as the sole person to sit before a sworn FTC deposition, at which he was deposed for six hours.

[00:31:17] Speaker 04:
Uber listed him on the responses to FTC interrogatories

[00:31:23] Speaker 04:
as the person who supervised the preparation of those interrogatories, and that is at ER 548.

[00:31:31] Speaker 04:
Candice Kelly, Sabrina Ross, consulted with the defendant on responses to every interrogatory.

[00:31:38] Speaker 04:
I'll give you a few citations.

[00:31:40] Speaker 04:
That's ER 1872, where Kelly refers to the defendant as her chief client in responding to the FTC investigation.

[00:31:50] Speaker 04:
or ER-1259, and essentially the defendants had a meeting after meeting where this was discussed.

[00:31:57] Speaker 04:
He signed off, authorized one submission to the FTC after another, and omitted the most crucial fact bearing on the FTC investigation, which was that 10 days after he gave sworn testimony, Uber experienced the largest data breach in company history,

[00:32:15] Speaker 04:
That data breach occurred in a manner almost identical to the breach in 2014, the breach that occasioned the FTC investigation in the first place.

[00:32:24] Speaker 04:
The data breach involved the personal information of over 50 million Uber users, and over the course of 10 months, the defendant, who was almost the only person at Uber, to have a monopoly on information about both the breach

[00:32:42] Speaker 04:
and the FTC investigation never informed the FTC.

[00:32:46] Speaker 04:
Now the defense argues that 30 other people at Uber were aware of what happened and in particular the CEO was aware.

[00:32:53] Speaker 04:
I don't know where they get those numbers.

[00:32:55] Speaker 04:
It is true that in the hours immediately following Uber learning of a potential security incident, the security team informed some of the executives at Uber

[00:33:08] Speaker 04:
that there was a potential incident.

[00:33:10] Speaker 04:
That's true.

[00:33:10] Speaker 04:
And I think that's where the 30 number comes from.

[00:33:13] Speaker 04:
But within a day or two of the breach, which is to say immediately after Sullivan learned of the scope of the breach and that data was downloaded,

[00:33:26] Speaker 04:
All of those people who had been initially notified that maybe something had happened, we're told that it was swept under the rug.

[00:33:34] Speaker 04:
We're told that this was a routine bug bounty and they didn't need to worry about it anymore.

[00:33:38] Speaker 04:
A great example is, I don't know how to pronounce her name, Bertuka, the head of communications.

[00:33:46] Speaker 04:
She tells this story at ER 2769 to 73.

[00:33:53] Speaker 04:
And as we say in our brief, most people, even those in the security group responsible for responding to the hack, were only peripherally aware of the FTC investigation.

[00:34:03] Speaker 04:
And I'll point you to the citations on pages 12 to 13 of the government's brief.

[00:34:21] Speaker 04:
Unless the court has any further questions, the government would ask you to affirm the judgment.

[00:34:27] Speaker 01:
Any other questions?

[00:34:29] Speaker 01:
No.

[00:34:29] Speaker 01:
Thank you, Mr. Mazur.

[00:34:30] Speaker 04:
Thank you.

[00:34:32] Speaker 01:
Mr. Cariola will give you two minutes.

[00:34:42] Speaker 00:
Thank you, Your Honor, so I'll try to hit as much as I can in that brief period.

[00:34:46] Speaker 00:
First of all, on the omissions point, the government says they're not relying on omissions six times.

[00:34:51] Speaker 00:
Mr. Mazur stood here and said, never told, never told, never told, never told, never told, never told, never told.

[00:34:56] Speaker 00:
At ER 3374, that's absolutely what they asked the jury to do.

[00:35:00] Speaker 00:
Now we're here and the government is saying, oh, well, it's harmless anyway.

[00:35:03] Speaker 00:
And they have all these arguments about Mr. Sullivan apparently owing a duty to the FTC.

[00:35:08] Speaker 00:
You will not find that in their answering brief.

[00:35:11] Speaker 00:
And in all events, as United States versus Shield says, if the government is going to argue there's a duty, that is at a minimum a jury question.

[00:35:19] Speaker 00:
A properly instructed jury should have heard about the duty to disclose, should have received that instruction.

[00:35:24] Speaker 00:
And under United States versus Yates, because that infects at least one of the government's theories, a new trial is required at a minimum.

[00:35:32] Speaker 00:
On the misprision count, first of all, the government has all of these arguments about how this isn't a real bug bounty.

[00:35:40] Speaker 00:
There is no bug bounty purity test, and everything the government said was just the government saying it.

[00:35:46] Speaker 00:
There were no citations to someone who said, here's the cardinal unbreakable rule.

[00:35:50] Speaker 00:
That's just the government saying that.

[00:35:52] Speaker 00:
There is no evidence that Uber could not modify, that there are some guidelines that are inviolable.

[00:35:57] Speaker 00:
They're Uber's guidelines, and Uber is the one that gets to decide whether it's going to modify them.

[00:36:03] Speaker 00:
The government also points out that Craig Clark, when he says after a bug bounty, the conduct is authorized, that that was a state law comment.

[00:36:12] Speaker 00:
Authorized means authorized, and it has the same effect under federal law as it would have under state law.

[00:36:18] Speaker 02:
Finally, your honor.

[00:36:19] Speaker 02:
I'm sorry, I did want to ask on that AWS key, where originally the bug bounty said,

[00:36:26] Speaker 02:
You can't you can't use information found that way.

[00:36:29] Speaker 02:
You're telling me it's OK for them to modify it after the fact.

[00:36:32] Speaker 02:
I mean, that does smell like a cover up.

[00:36:35] Speaker 00:
What I am saying is that it is Uber's bug bounty program and it is within Uber's prerogative to authorize it after the fact.

[00:36:41] Speaker 00:
They understood it that way.

[00:36:42] Speaker 00:
And that's why Mr. Sullivan did not have criminal intent.

[00:36:45] Speaker 00:
Your honor might believe or the jury or the government might believe this wasn't a great time to use a bug bounty program.

[00:36:52] Speaker 00:
But Uber understood itself to be doing that.

[00:36:55] Speaker 00:
And Uber understood, once it has done a bug bounty program, that authorizes the conduct.

[00:37:00] Speaker 00:
And that means Mr. Sullivan did not act criminally under the Misprision of Felony statute.

[00:37:07] Speaker 00:
Your Honor, if I may just for one minute address the plea issue, which I haven't been able to get to, even if Your Honors disagree on the sufficiency point on the misprision of felony charge, there was a plea agreement admitted in this case that was essentially the way the government tried to fill in the zero on the fact that no one had ever been prosecuted under these circumstances under the Bug Bounty Agreement.

[00:37:30] Speaker 00:
They wanted the jury to look at this plea agreement and say there is a definitive judicial record

[00:37:36] Speaker 00:
that says that even after the bug bounty agreement, this is felonious conduct.

[00:37:42] Speaker 00:
The problem and why it was so prejudicial is that was never litigated in Meereker's case.

[00:37:47] Speaker 00:
There was no incentive to do it.

[00:37:48] Speaker 00:
Mr. Sullivan had no opportunity to challenge it there.

[00:37:51] Speaker 00:
And so it came in here as evidence that Mr. Sullivan was aware of a felony, but it wasn't actually solid evidence of that to begin with.

[00:37:59] Speaker 00:
It wasn't probative for anything beyond what the government already had in the record.

[00:38:04] Speaker 00:
And because it was so prejudicial,

[00:38:06] Speaker 00:
As compared to that minimal probative value, it should have been excluded and it independently merits a new trial.

[00:38:13] Speaker 00:
Your Honor, we respectfully request that this Court reverse both of these convictions in this prosecution.

[00:38:20] Speaker 00:
But the least Mr. Sullivan deserves is a fair trial in an unprecedented case.

[00:38:25] Speaker 00:
He deserves a case where the jury hears about the legal constraints on the government's theories.

[00:38:31] Speaker 00:
And he deserves a case where he's tried, based on evidence offered against him, that he has the opportunity to contest and not someone else's untested plea agreement.

[00:38:42] Speaker 00:
So at a minimum, we respectfully request that this court vacate and order a new and fair trial.

[00:38:49] Speaker 00:
Thank you, Your Honors.

[00:38:50] Speaker 01:
Thank you, Mr. Cariello.

[00:38:51] Speaker 01:
Thanks to counsel for your arguments.

[00:38:53] Speaker 01:
And with that, we are in recess for the day.