Call us today: 646-820-0224

CFAA – Computer Fraud and Abuse Act

Computer Crime

The Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. 1030, criminalizes a number of activities involving computers.  The CFAA also provides for civil remedies.  Computer crime continues to occupy the front page of the news as hacking, corporate espionage and employee crimes increase in frequency and severity.  Computer crimes can cause serious potential harm and the U.S. Department of Justice has turned its focus on these types of offenses.  In the last couple of years the DOJ has created and expanded the computer crime division in Washington D.C. and many local U.S. Attorney’s offices have create computer crime teams.  As a result, more of these crimes will be discovered and prosecuted.

The white collar criminal defense attorneys at The Henry Law Firm PLLC have significant experience representing individuals and corporations facing Computer Fraud and Abuse Act crimes. We have developed a highly organized team of litigators and experts who have experience representing some of the most high profile computer crime cases in the United States. CFAA cases can carry severe jail sentences, can lead to significant monetary penalties, and are prosecuted domestically and abroad.  In many instances international extradition is sought to bring suspected individuals to the United States for prosecution.  In many instances, Computer Fraud and Abuse Act cases are charged along with bank fraud, wire fraud, identity theft and other federal crimes.

Seven Categories of CFAA Crimes

18 U.S.C. 1030 defines seven categories of prohibited conduct:

18 U.S.C. § 1030(a)(1): Computer Espionage
18 U.S.C. § 1030(a)(2): Unauthorized Access and Obtaining Information
18 U.S.C. § 1030(a)(3): Computer trespassing in a government computer
18 U.S.C. § 1030(a)(4): Committing fraud with computer
18 U.S.C. § 1030(a)(5): Damaging a protected computer (including viruses, worms)
18 U.S.C. § 1030(a)(6): Trafficking in passwords of a government or commerce computer
18 U.S.C. § 1030(a)(7): Threatening to damage a protected computer

The breadth of the statute is significant and Congress continues to discuss adding enforcement provisions to the statute.  As it stands, the statute has been amended multiple times including 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.  There is an ongoing debate about the viability of the current statute, and multiple arguments exist regarding the definition of certain aspect of the statute.  Those arguments generally focus on constitutional vagueness and an inability by courts to interpret the statute on a consistent basis.

18 U.S.C. § 1030(a)(1): Computer Espionage

Subsection (a)(1) defines the crime of computer espionage and includes significant language from the Espionage Act of 1917, but also covers information related to “Foreign Relations”, not simply “National Defense” like the Espionage Act.  The Department of Justice recognizes that this offense subsection is rarely used, and that prosecution under this subsection requires the prior approval of the National Security Division of the Department of Justice, through the Counterespionage Section.  A violation of this subsection is punishable by up to 10 years in prison, or 20 years in prison for a second conviction.

In order to convict someone of this subsection, the government must prove the following:

  1. Knowingly access computer without or in excess of authorization
  2. obtain national security information
  3. reason to believe the information could injure the U.S. or bene t a foreign nation
  4. willful communication, delivery, transmission (or attempt)ORwillful retention of the information

National security information is defined as information, “that has been determined by the United States Government pursuant to an Executive Order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as de ned in paragraph y. of section 11 of the Atomic Energy Act of 1954.”  Very often the information defined is classified information belonging to the Department of Defense or Department of Energy.  But, the government must also prove that the information obtained could injure the United States or benefit a foreign nation.

The government’s ability to show that once the information was obtained it was willfully transmitted can depend on if it can be shown that:

[T]he defendant did any of the following: (a) communicated, delivered, or transmitted national security information, or caused it to be communicated, delivered, or transmitted, to any person not entitled to receive it; (b) attempted to communicate, deliver, or transmit national security information, or attempted to cause it to be communicated, delivered, or transmitted to any person not entitled to receive it; or (c) willfully retained national security information and failed to deliver it to an o cer or employee of the United States who is entitled to receive it in the course of their official duties.

Section 808 of the USA PATRIOT Act added section 1030(a)(1) to the list of crimes in that are considered “Federal Crime[s] of Terrorism” under 18 U.S.C. 2332b(g)(5)(B).  Among other issues, this means that a violation of this subsection can be used as a predicate offense under the RICO statute, may have an extended statute of limitations and could result in an additional term of supervised release.


18 U.S.C. § 1030(a)(2): Unauthorized Access and Obtaining Information

Subsection (a)(2) criminalizes the unauthorized access of different kinds of computers and information.  This subsection contains both a misdemeanor and felony alternative.  As a starting point, violations of this subsection begin as misdemeanors unless aggravating factors exist that increase the crime to a felony.  One factor is the value of the information obtained.  While the statute has no minimum monetary threshold for a misdemeanor offense, this subsection does require the information obtained to be valued above $5,000 for the offense to become a felony.

To prove a misdemeanor violation of subsection (a)(2) the government must prove that a person did the following:

  1. Intentionally access a computer
  2. Without or in excess of authorization
  3. Obtain information
  4. From financial records of financial institution or consumer reporting agency OR the U.S. government OR a protected computer

To take the offense from a misdemeanor to a felony, the government must prove the elements listed above in addition to showing that a person:

  1. Committed for commercial advantage or private financial gain OR committed in furtherance of any criminal or tortious act OR the value of the information obtained exceeds $5,000

Unlike subsection (a)(1) which requires knowing access to a computer, this subsection requires intentional access.  In 1986, Congress changed the intent standard to emphasize that “intentional acts of unauthorized access—rather than mistaken, inadvertent, or careless ones— are precisely what the Committee intends to proscribe.” S. Rep. No. 432, 99th Cong., 2d Sess., reprinted in 1986 U.S.C.C.A.N. 2479, 2483.  Thus, a slightly heightened standard for accessing information is required under this subsection.

However, one of the biggest debates surrounding prosecutions under the Computer Fraud and Abuse Act is the meaning and application of “unauthorized access” and “in excess of authorization.”  Unauthorized access is not defined by the statute.  So, courts around the country have been left to interpret the meaning of what constitutes access and when is that access unauthorized.  The statute does define in excess of authorization as, “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. 1030(e)(6).

The legislative history of the CFAA reflects an expectation that persons who “exceed authorized access” will be a person who has some authorization to use the computer or network (i.e. employees, contractors, IT specialists), while persons who access computers “without authorization” will typically be hackers or other outsiders who exploit the system without having been given any authorization at all. See S. Rep. No. 99- 432, at 10 (1986), reprinted in 1986 U.S.C.C.A.N. 2479 (discussing section 1030(a)(5).  However difficult questions arise when courts try to determine whether a person with some authorization to access a computer can ever act “without authorization” with respect to that computer. There is no definitive answer to this question currently, but there is growing consensus that such “insiders” cannot act “without authorization” unless and until their authorization to access the computer is rescinded.  This will typically happen in the context of employee termination or layoffs.

Where the statute permits prosecution for exceeding authorization, the government should be prepared to present evidence proving (a) how the person’s authority to obtain or alter information on the computer was limited, rather than absolute, and (b) how the person exceeded those limitations in obtaining or altering information.  The most significant issue that comes up is whether a particular defendant exceeded authorized access by accessing the computer for an improper purpose where no explicit or implicit restrictions on access existed. The argument typically arises in three ways:

(1) the authorizing party has expressly prohibited the defendant from accessing the computer for the improper purpose; (2) the authorizing party has expressly prohibited the defendant from using the authorizing party’s data for the improper purpose but did not condition the defendant’s computer access on compliance with this prohibition; and (3) the authorizing party did not expressly prohibit the defendant from using its data for the improper purpose, but the defendant was acting against the authorizing party’s interests.

Obviously, the answers to these questions in court opinions become more difficult to distill in questions 2 and 3.  As a result, significant litigation occurs surrounding these issues.

In the next prong, the meaning of “obtaining information” is very broad.  It includes not only downloading or physically copying information, but also includes mere observation or viewing.  Thus, a violation of this subsection can include scenarios where information is accessed and simply looked at, without more.  Information in the context of this statute includes computer programs and other intellectual or intangible property.

In terms of heavily litigated areas of the CFAA, “protected computer” is another area that is heavily contested.  Basically, a protected computer is any computer used in or affecting interstate or foreign commerce and computers used by the federal government and financial institutions.  The computer must only be “used in or affecting” interstate commerce.  The government need not prove that the defendant specifically used that computer in affecting interstate commerce.  Based on case law, it is typically enough that the computer is connected to the Internet to meet the interstate commerce prong. The statute does not require proof that the defendant also used the Internet to access the computer or used the computer to access the Internet.  A protected computer can also include a computer outside the United States as long as it affects interstate commerce.

In terms of one of the aggravating felony factors requiring proof that the information was valued at over $5,000, any reasonable method can be used to establish the value of the information obtained. For example, the research, development, and manufacturing costs or the value of the property “in the thieves’ market” can be used to meet the $5,000 valuation. See, e.g., United States v. Stegora, 849 F.2d 291, 292 (8th Cir. 1988).

18 U.S.C. § 1030(a)(3): Computer trespassing in a government computer

Subsection (a)(3) specifically protects government computers.  To violate this subsection the government must prove:

  1. Intentionally access
  2. without authorization
  3. a nonpublic computer of the U.S. that was exclusively for the use of U.S. or was used by or for U.S.
  4. affected U.S. use of computer

There is no requirement that information be obtained.  It is the act of trespassing alone that is criminalized.  A violation of (a)(3) is a misdemeanor offense.  There is no provision that would increase a violation of this section to a felony.  However, a second conviction of the CFAA under his subsection results in a felony carrying a maximum of 10 years in prison.

A nonpublic computer includes most government computers, but does not include government servers that, by design, are intended for public use.  As an example, a government agency’s database server is probably “nonpublic,” while the same agency’s web servers are “public.”


18 U.S.C. § 1030(a)(4): Committing fraud with computer

Subsection (a)(4) is typically charged in conjunction with or in lieu of subsection (a)(2) violations because this subsection carries felony penalties.  The government will also charge (a)(4) violations in addition to wire fraud because this subsection contains an intent to defraud element.  A violation of this section requires the government to prove:

  1. Knowingly access a protected computer without or in excess of authorization
  2. with intent to defraud
  3. access furthered the intended fraud
  4. obtained anything of value, including use if value exceeded $5000

While this subsection of the CFAA significantly resembles the mail and wire fraud statutes, it purposefully includes the use of a computer without authorization or in excess of his authorization to obtain property of another, which property furthers the intended fraud.  In that way it is more narrowly tailored that mail and wire fraud.

“Knowingly and with intent to defraud is not defined by the CFAA.  There is little case law intercepting the meaning, but it seems Congress intended to punish attempts to steal valuable data, not just mere unauthorized access.  However, courts may use the definition of the term “defraud” as it relates to mail and wire fraud cases to inform their decisions.

The requirement that the access must further the intended fraud can be met in a number of ways.  Some examples are deleting or altering computer files to receive some value, obtaining information from a computer that is later used to complete a fraud (i.e. stealing credit card information), or producing falsified records that are later used to commit a fraud (i.e. creating and printing backdated winning lottery tickets).

The government must also prove that the offender obtained money, cash, or a good or service with measurable value. However, two cases that are more dfficult arise (1) when the defendant obtains only the use of a computer, and (2) when the defendant obtains only information.  Legislative history suggests that obtaining some computer data or information, alone, is not valuable enough to qualify.

A violation of (a)(4) is punishable by up to five years in prison and a fine.  A second conviction, like other subsections, is punishable by up to 10 years in prison.

18 U.S.C. § 1030(a)(5): Damaging a protected computer (including viruses, worms)


Subsection (a)(5) is perhaps the most widely used subsection of the CFAA.  It prohibits damage to protected computers, and can be violated in a number of ways.  Hackers who access computers and delete or alter files, install malware, initiate denial of service (DDoS) attacks or unleash computer viruses or worms are frequently charged under this subsection.

Subsection (a)(5) has three alternatives.  Each of the subsection, if violated as outlined below without any aggravating factors is a misdemeanor.  However, there are a number of ways that a violation of subsections (a)(5)(A) and (a)(5)(B) can elevate the crime to a felony.  Subsection (a)(5)(A) prohibits:

1. Knowingly cause transmission of a program, information, code, or command

2. intentionally cause damage to protected computer without authorization

Subsection (a)(5)(B) prohibits:

1. Intentionally access a protected computer without authorization

2. recklessly cause damage

Subsection (a)(5)(C) prohibits:

  1. Intentionally access a protected computer without authorization
  2. cause damage
  3. cause loss

A violation of subsection (a)(5)(A) and (a)(5)(B) can be a felony if the offense:

results in loss of $5,000 during 1 year


modifies medical care of a person


causes physical injury


threatens public health or safety


damages systems used by or for government entity for administration of justice, national defense, or national security


damages affect 10 or more protected computers during 1 year

In basic terms, subsection (a)(5)(A) prohibits anyone from intentionally damaging a computer (without authorization) while subsection (a)(5)(B) prohibits unauthorized users from causing damage recklessly and subsection (a)(5)(C) from causing damage (and loss) negligently.

Damaging a computer can have far-reaching effects. For example, a business may not be able to operate if its computer system stops functioning or it may lose sales if it cannot retrieve the data in a database containing customer information. Similarly, if a computer that operates a hospital or power plant stops functioning, people could be injured or die as a result of not receiving emergency services. Such damage to a computer can occur following a successful intrusion, but it may also occur in ways that do not involve the unauthorized access of a computer system.

Subsections (a)(5)(B) and (a)(5)(C), unlike (a)(5)(A) require that the offender “access” the computer without authorization and hold intruders accountable for any damage they cause while intentionally trespassing on a computer, even if they did not intend to cause that damage.  Section 1030(a)(5)(A) requires proof only of the knowing transmission of data, a command, or software to intentionally damage a computer without authorization. The government does not need to prove “access.”

Section (a)(5)(A) prohibits knowingly causing the transmission of a “program, information, code, or command” and intentionally causing damage to a protected computer.  “Program, information, code, or command” broadly covers all transmissions that are capable of having any effect on a computer’s operation.  This can include keystroke commends to change or delete computer files, software packages that alter the operation of a computer (i.e. worms, malware) and even DDoS attacks that flood the network connection of a computer or server taking its operation offline without actually accessing the computer itself.  These acts do not have to be directly sent to the victim computer in order to violate this statute.

Subsections (a)(5)(B) and (a)(5)(C) do not include offenses defined as “exceeds authorized access.”  A violation of these subsection is only available in the prosecution of offenders who are unauthorized to access the computer.

Damage under each prong of (a)(5) requires the proof of damage.  The computer accessed need not be the same computer that was damaged.  “Damage” is defined as “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. 1030(e)(8).  Impairment of integrity can include situations where, for example, where an act causes data or information to be deleted or changed (i.e. deleted log files or changed entries in a bank database).  Installing key logger software or altering security software so the intruders changes go undetected can also constitute damage.  Additionally, damage includes making information on a computer unavailable through a DDOS attack or other ways of consuming a computers computational power.

In addition to damage, under (a)(5)(C) the government must also prove loss.  Loss is defined as, “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.”

In addition to the statutory penalties prescribed for offenses to the CFAA additional enhancements under the federal sentencing guidelines exist specifically for violation of section (a)(5)(A).  Those increases result in an elevated guideline range, which often leads to a  more severe sentence.


18 U.S.C. § 1030(a)(6): Trafficking in passwords of a government or commerce computer


Violations of (a)(6) prohibit knowingly and with intent to defraud trafficking in computer passwords and similar information when the trafficking affects interstate or foreign commerce, or when the password may be used to access without authorization a computer used by or for the federal government.  Violations of (a)(6) may often be charged with or in addition to violations of 18 U.S.C. 1029, access device fraud.  To convict, the government must prove:

  1. Trafficking
  2. in computer password or similar information
  3. knowingly and with intent to defraud
  4. trafficking affects interstate or foreign commerce OR computer used by or for U.S.

“Traffic” in section 1030(a)(6) is defined by reference to the definition of the same term in 18 U.S.C. 1029, which means “transfer, or otherwise dispose of, to another, or obtain control of with intent to transfer or dispose of.” 18 U.S.C. 1029(e)(5).  Mere possession of passwords without intent to transfer is not prohibited.  Additionally, personal use of any obtained passwords is not a violation of this subsection.  Although, in both scenarios prosecution may be brought under another subsection.  If transferred, the offender need not have the motive to profit from the transaction.

In the context of this provision of the CFAA, a password is broadly defined:

The Committee recognizes that a “password” may actually be comprised of a set of instructions or directions for gaining access to a computer and intends that the word “password” be construed broadly enough to encompass both single words and longer more detailed explanations on how to access others’ computers.  S. Rep. No. 99-432, at 13 (1986), reprinted in 1986 U.S.C.C.A.N. 2479, 2491.

A violation of (a)(6) is a misdemeanor, while a second or subsequent conviction is a felony punishable by up to 10 years in prison.


18 U.S.C. § 1030(a)(7): Threatening to damage a protected computer

In basic terms, Subsection (a)(7) prohibits extortion threats involving damage to a computer or involving confidential data.  Threats to access and delete or alter computer information, along with threats of DDoS attacks are covered by this subsection.  To prove a violation of (a)(7) the government must prove:

1. With intent to extort money or any other thing of value

2. transmits in interstate or foreign commerce a communication

3. containing a:

threat to damage a protected computer


threat to obtain or reveal con dential information without or in excess of authorization


demand or request for money or value in relation to damage done in connection with the extortion.

Proving intent to extort does not require proof that the money or thing of value for which the threat issued was obtained.  In other words, the government does not have to prove that the offense was completed by actually obtaining the thing demanded, just the intent to dos suffices.  The threat must be sent in interstate or foreign commerce, but does not have to be sent by computer.  The computer portion comes into play if the threats are targeting, “against computers, computer networks, and their data and programs.”  The threat can be sent by, “mail, a telephone call, electronic mail, or through a computerized messaging service.”

Unlawful threats to the business that owns a computer system, such as threats to reveal flaws in the network or to reveal that the network has been hacked, are not threats to damage a protected computer under this subsection. However, a threat to a business, rather than to a protected computer, might be chargeable as a violation of the Hobbs Act.

Under this subsection the government may charge an offender for the use of ransomware.  In that scenario, an intruder may obtain or encrypt information and refuse to repair or cover the information unless certain demands are met.  In this way, information is held for ransom.  Prosecutors could charge such conduct under (a)(7)(C).

A violation of (a)(7) is punishable by a fine and up to five years in prison.  Any second or subsequent offense is punishable by up to 10 years in prison.

18 U.S.C. § 1030(a)(7): Threatening to damage a protected computer

Attempt and Conspiracy

Attempts to violate 18 U.S.C. 1030 are criminal acts that carry the same statutory penalties as the underlying subsection.  However, the sentencing guidelines call for the reduction of three points from the final calculation in the case of attempt.  This results in a lower  guideline range and a potentially lower sentence.  Thus, an argument that a crime was attempted but not completed may provide some relief in sentencing if it becomes necessary to negotiate a favorable outcome.

In 2008, the Identity Theft Enforcement and Restitution Act amended section 1030(b) to create a new conspiracy offense. It says:

Whoever conspires to commit or attempts to commit an o ense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.

However, Congress has not included a penalty provisions in subsection (c) to specify what penalties apply to offenders who engage in a conspiracy to violate section 1030. See, e.g., 18 U.S.C. 1030(c)(1)(A) (specifying a penalty of 10 years imprisonment for “an attempt to commit an offense punishable under this subparagraph” but not mentioning the penalty for conspiracy to commit such an offense).

Like in a drug conspiracy, the government need not prove an overt act in order to obtain a conviction for a section 1030 conspiracy.  Additionally, impossibility is not a defense.  In other words, the object of the conspiracy may be impossible to achieve, but the agreement to hack the objective is sufficient.


How Can We Help


Computer Fraud and Abuse Act violations are serious and wide-ranging. In today’s world where almost everyone has a computer and the government and large companies rely heavily of computer systems to operate, the government is pouring enormous resources and manpower into the detection and prosecution of computer crimes. As a result, the number of prosecutions continues to rise in number and complexity.  The computer crime attorneys at The Henry Law Firm PLLC have represented some of the most high profile hacking cases ever brought by the U.S. government. We have significant experience engaging and arguing against the attorneys in the DOJ cybercrime division.  Our attorneys have been cleared in previous cases to deal with classified information. If you have been contacted about or charged with a Computer Fraud and Abuse Act violation, call immediately at 646-820-0224. Early intervention is extremely important. Let the innovative federal criminal defense attorneys at The Henry Law Firm PLLC provide you with the defense you deserve.

Can I Plead the Fifth in a Company Internal Investigation?

You probably already understand that only a state, local, or federal prosecutor can bring criminal charges against you, and that your employer’s attorneys or outside law firm may have the power to discipline you in the form of suspension or termination, but they cannot put you in jail. But what your employer’s lawyers can do is to report information about you – including statements you have made and your work emails and other records – to the government, which can then use that information in any way it pleases, including in preparing civil actions and/or criminal charges against you. Which raises the question of whether it is appropriate for an employee, manager, director, officer, or other individual to raise the protections of the Fifth Amendment in an internal investigation conducted by a business entity.

Why Companies Report Misconduct to the Government

It may seem counterintuitive that your employer would self-report incriminating information relating to its employees’ work on their behalf – as companies are often but not always liable for the acts of employees within the scope of employment – but such is the nature of white collar civil and criminal investigations in recent decades.

More and more, state and federal investigators incentivize companies to self-report wrongdoing by employees. Common ways in which this occurs is that prosecutors and companies will reach a deferred prosecution agreement (DPA) or non-prosecution agreement (NPA), by which the company will avoid prosecution itself by agreeing to undertake other actions, such as paying fines, instituting new procedures, and/or taking actions against individuals in the company perceived to be problematic. This is generally only done when the company makes efforts to self-report, e.g. handing over the findings of an internal investigation.

This of course can be a relatively good outcome for the company, but not for the individuals who are on the receiving end of the company’s internal actions. Furthermore, the government may bring civil and/or criminal proceedings against the individuals based on information provided by the company.

You Are Not Obligated to Incriminate Yourself

The Fifth Amendment protection against self-incrimination applies only to the government and its agents, meaning that it would only make sense for an individual to invoke his or her Fifth Amendment rights when being questioned by an agent of a state, local, or federal government.

That said, you are never obligated to respond to questions from private parties, including your supervisor, HR department, in-house counsel, or an outside law firm conducting an internal investigation. Of course, your employer is, in many cases, not obligated to continue employing if you refuse to participate in an internal investigation related to your conduct at work.

Thus, rather than invoking your Fifth Amendment right in an internal investigation where you have reason to believe negative consequences might flow from what you say, a more appropriate action is to work with an experienced white collar defense attorney who can assess your situation and help you strategize what your best options are in light of your circumstances. Those options might range from simply providing your employer with all information requested to being represented by an attorney during all questioning, and so on, but only a white collar attorney that represents you can provide you with that guidance.

Contact a New York Defense Attorney Today

The Henry Law Firm PLLC provides criminal defense to individuals and businesses throughout New York in all state and federal investigations and prosecutions. If you believe you may be under investigation for any state or federal crime, do not hesitate to contact us today to schedule a confidential consultation regarding your matter.

What Does it Mean to Have “Constructive Possession” of a Firearm in New York?

Although we often hear about a lack of gun control in the U.S., federal agents arrest around 7,000 individuals for firearms violations every year, and many more arrests are made at the state level. While the Second Amendment and current federal regulations do allow for legal ownership of a wide variety of firearms, you can face stiff criminal penalties if arrested for possession of an illegal weapon. Furthermore, felony convicts and others who have had their gun ownership rights revoked also face arrest, which are among the most common type of federal firearms. States and localities such as New York do go further than federal law in regulating firearms, requiring permits for pistol ownership and outlawing assault rifles. But what does it mean to have possession of a firearm in New York? Under the concept of “constructive possession,” defendants in firearms crime cases face legal challenges in asserting their criminal defense in New York.

Possession and Constructive Possession Defined

First off, it should be understood that possession is not the same as ownership. If you are holding a firearm, you are possessing it, regardless of whether someone loaned it to you even for a brief moment, you are transferring it to someone else, or you simply found it.

Constructive possession takes the concept of possession a step further. It says that a person can be considered to have possessed a firearm – and thus run afoul of any relevant firearm laws – even if the firearm was not literally in their possession. Specifically, New York courts have held that: a defendant has property in his or her constructive possession when that defendant:

  • exercises a level of control over the area in which the property is found, OR
  • exercises control over the person from whom the property is seized, AND
  • this control was sufficient to give the defendant the ability to use or dispose of the property

New York legal authorities have also said that two people can both have constructive possession over contraband when: “they each exercise dominion or control over the property by a sufficient level of control over the area in which the property is found.”

Defending Against Constructive Possession Charges

Taking the above definition, this means that prosecutors can bring charges for illegal possession of a firearm when the defendant is not literally possessing the firearm on his body or in his personal belongings, but where a gun is simply found on a person over whom he has control (e.g. a spouse, a child, a subordinate, etc.) or in property he possesses, such as a shared home, vehicle, or business.

That said, it is important to remember that prosecutors must prove every element of a firearms charge beyond a reasonable doubt, and an experienced criminal defense attorney can cast doubt and present contrary arguments against the prosecutor’s allegations.

Such defenses can take any number of specific forms, but might include questioning whether a defendant did in fact have control over the person or the property on which the firearm was found or whether the defendant was even aware of the presence of the firearm. Talk to an experienced criminal defense attorney about the best defense in your particular circumstance.

Contact a New York Defense Attorney Today

The Henry Law Firm PLLC provides criminal defense to individuals and businesses throughout New York in all state and federal investigations and prosecutions. If you believe you may be under investigation for any state or federal crime, do not hesitate to contact us today to schedule a confidential consultation regarding your matter.

Are There Legal Defenses to Extortion/Blackmail?

Extortion and blackmail crimes both involve threats made against another person to do violence to that person or their property – which can include publicizing facts about that person to damage his or her reputation – for the purpose of extracting money or other property from the person. Under both state and federal law, an extortion conviction is a felony that can mean many years in prison, fines, as well as a ruined personal and professional reputation. But sometimes people are investigated and/or charged with extortion based on exaggerations or statements taken out of context. If you are under investigation for extortion, it is important to obtain experienced legal counsel to present your best defenses to the potential charges.

Lack of Evidence to Support an Extortion Charge

Extortion statutes may vary across states and at the federal level, but in general they require that the defendant have knowingly made a threat to damage the person, property, or reputation of a victim with the purpose of obtaining money or other property from the victim.

When a disagreement between parties gets out of control, an extortion or blackmail allegation may arise based on what has actually just heated negotiations and discussions which should not be taken literally or which were not based on an actual intent to threaten another person. Your defense attorney can assess all of the available evidence for relevance and strength and cast doubt on the prosecutor’s allegations in this regard, as the prosecutor is required to prove your intent beyond a reasonable doubt.

Lack of Admissible Evidence

Even where evidence may support elements of an extortion or blackmail charge, that evidence can only be used against you where it is admissible based on being legally obtained by police and other government agents.

If evidence was obtained through illegal means – including custodial interrogations that did not include Miranda warnings, detainments not supported by reasonable suspicion, questionings that did not honor your right to counsel, searches not conducted via a warrant or a warrant exception – your attorney can successfully argue that such evidence should not presented to a jury and that charges should be dismissed.

Attempted Extortion or Conspiracy to Commit Extortion

When no money or property was actually obtained in response to an alleged extortion threat, prosecutors may still try to bring charges based on an attempt to extort or even a conspiracy (agreement) to commit conspiracy. In such cases, your attorney can argue that you did not have the requisite intent for either an attempt or conspiracy and/or that no significant steps were actually taken in furtherance of committing extortion.

Other Defenses to Extortion

Other defenses that your attorney may raise to an extortion charge could include:

  • You performed illegal acts under duress
  • You were voluntarily or involuntarily intoxicated at the time, negating the mental intent
  • You otherwise lacked the mental capacity to commit extortion

Speak to an experienced defense attorney at the first sign of an extortion investigation to begin mounting your best defense to all potential charges.

Contact a New York Extortion Defense Attorney Today

The Henry Law Firm PLLC provides criminal defense to individuals and businesses throughout New York in all state and federal investigations and prosecutions. If you believe you may be under investigation for any state or federal crime, do not hesitate to contact us today to schedule a confidential consultation regarding your matter.  

Other Practice Areas

White Collar Defense and Regulatory Enforcement

We defend public officials, executives, board members, securities brokers, traders, law enforcement personnel, and employees facing criminal charges, internal investigations and regulatory enforcement actions.

learn more

Criminal Appeals

Our attorneys have successfully appealed to The United States Supreme Court and other federal appellate courts throughout the country.

learn more

Federal Criminal Defense

We represent individuals who have been charged with or are being investigated for a full range of federal crimes nationwide.

learn more

Contact Us


535 Fifth Avenue

Suite 2520

New York, NY, 10017

social channels

  • twitter-icon
  • in-icon
  • in-icon


The information on this website is for general information purposes only. Nothing on this site should be taken as legal advice for any individual case or situation. This information is not intended to create, and receipt or viewing does not constitute, an attorney-client relationship. Prior results do not guarantee future outcomes.