Legal expert argues Mueller showed Trump Jr. committed computer fraud — but let him get away with it
Donald Trump, Jr. speaking with attendees at the 2018 Student Action Summit hosted by Turning Point USA at the Palm Beach County Convention Center in West Palm Beach, Florida. (Gage Skidmore/Flickr)

University of North Carolina law professor Carissa Byrne Hessick argued in a blog post Monday that Special Counsel Robert Mueller’s report indicated that Donald Trump Jr. violated the Computer Fraud and Abuse Act. But the discussion of why charges were never brought against the president’s eldest son appears to be almost entirely redacted.

Mueller explained the relevant conduct in September 2016 in the following passage:

Several hours later, WikiLeaks sent a Twitter direct message to Donald Trump Jr., “A PAC run anti-Trump site is about to launch. The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?”

Several hours later, Trump Jr. emailed a variety of senior campaign staff:

Guys I got a weird Twitter DM from wikileaks. See below. I tried the password and it works and the about section they reference contains the next pic in terms of who is behind it. Not sure if this is anything but it seems like it’s really wikileaks asking me as I follow them and it is a DM. Do you know the people mentioned and what the conspiracy they are looking for could be? These are just screen shots but it’s a fully built out page claiming to be a PAC let mc know your thoughts and if we want to look into it.

Trump Jr. attached a screenshot of the “About” page for the unlaunched site The next day (after the website had launched publicly), Trump Jr. sent a direct message to WikiLeaks: “Off the record, I don’t know who that is but i’ll ask around. Thanks.” [Emphasis added]

Essentially, WikiLeaks figured out the password for an anti-Trump site (because it was easy), gave that information to Trump Jr., and he used that password to gain unauthorized access to the site.

Legal scholar Orrin Kerr has pointed out in 2018, when Trump Jr.’s email had first been revealed, that the act his claim “sounds a lot like an admission that he committed a federal crime, and in particular a violation of 18 U.S.C. § 1030(a)(2)(c).”

In a separate passage, the report explained how Trump Jr. might have violated campaign finance law in setting up the meeting with a Russian government lawyer at Trump Tower to accept “dirt” on Hillary Clinton, but it argued that the facts were insufficient to make it likely a prosecution on such a charge would succeed. But the redacted version of the report doesn’t say whether Mueller considered bringing a CFAA charge against the president’s son.

As Hessick argued, one redacted section is almost certainly about this potential crime.

“Mueller decided not to prosecute a person who violated 18 U.S.C. 1030, a section of the Computer Fraud and Abuse Act,” she wrote. “Although the person’s name has been redacted for ‘personal privacy,’ it seems obvious to me that the person in question is the President’s son, Donald Trump, Jr.”

So if this is right, why did Mueller let Trump Jr. get away without facing a charge on this violation? As Kerr argued in 2018, all the elements to fit the crime clearly seem to be present.

Hessick contended that Mueller’s decision doesn’t appear to be a matter of the facts or the law — both of those showed how the conduct was clearly in violation of the statute. Rather, Mueller made a policy decision, exercising his prosecutorial discretion in a way that she believes was, in fact, merited:

I don’t disagree with the decision not to prosecute Don Jr.  The Computer Fraud and Abuse Act is, in my opinion, an overly broad statute.  That is to say, I believe that the text of the statute sweeps in far more conduct than it ought to.  In particular, it includes unauthorized password sharing.  So if, for example, I were to allow my friend to use my Netflix password so that she did not have to pay for her own, separate account, I have likely committed a crime under the Computer Fraud and Abuse Act.

When Kerr fist discussed this issue, he similarly suggested that prosecutorial discretion against pressing charges would likely be defensible. And in fact, he argued that the case was analogous to the case of Hillary Clinton’s email investigation, which then-FBI Director James Comey concluded by saying “no reasonable prosecutor would bring such a case.” The case against Trump Jr. is actually stronger than a case against Clinton would have been, he argued, because his intent to gain unauthorized access to a website was clear, whereas there’s no evidence the former secretary of State intended to send classified information over her private email.

“But if this was merely [Trump Jr.] trespassing into a website and not a particularly big deal in context, then it’s likely a case that wouldn’t be normally prosecuted at the federal level,” Kerr concluded.

“While I agree with the decision not to charge Don Jr., I wish that the report had redacted less of the analysis associated with the declination decision,” said Hessick. “We do not know whether the Department of Justice has adopted an internal policy not to charge all defendants in these sorts of cases, or whether this was a one-off decision based on the unique facts and circumstances surrounding this case.”

It would be good for the country, she said, if we could have an open discussion about whether the CFAA is too broad, and whether the DOJ has adopted a policy that potentially “trivial” violations like Trump Jr.’s will go unprosecuted.

There’s another reason it would have been good if this section had been unredacted. It would have been further proof, of which there is plenty, that Mueller and his team were not on a “witch hunt” or on a rampage to ruin the president. It seems his team could have brought an aggressive case against the president’s son if it had so chosen. Instead, it appears it made a fair-minded and legally conservative judgment not to punish this less serious conduct.