1.

A. Provide the criminal codes for homicide in Alabama, Texas, and Washington.

1. Describe any differences among these criminal codes

B. Provide the criminal code for homicide and manslaughter in Alabama.

1. What are the key differences between each of these?
2. How do the penalties for each of these differ?

2. What are the criminal codes governing sexual assault in the first degree, second degree, and of a minor less than 12 years of age in the state of Alabama.

1. What are the classifications for each of these (misdemeanor A, B, C, etc.) and the sentences each of these carries?

3. Under the Alabama Criminal Code, what criminal offenses would Phillip Chisholm be held criminally liable for?

A. Using the Alabama Sentencing Standards Manual, what sentence length should he have gotten for these offenses?

B. Do these differ from the sentence he received in Massachusetts?

United States v. Phillips 477 F.3d 215 (5th Cir. 2007) Background: Christopher Andrew Phillips was convicted of violating the Computer Fraud and Abuse Act in the Western District of Texas. The Fifth Circuit Court of Appeals affirmed. . . Phillips entered the University of Texas at Austin ("UT") in 2001 and was admitted to the Department of Computer Sciences in 2003. Like all incoming UT students, Phillips signed UT's "acceptable use" computer policy, in which he agreed not to perform port scans using his university computer account. Nonetheless, only a few weeks after matriculating, Phillips began using various programs designed to scan computer networks and steal encrypted data and passwords. He succeeded in infiltrating hundreds of computers, including machines belonging to other UT students, private businesses, U.S. Government agencies, and the British Armed Services webserver. In a matter of months, Phillips amassed a veritable informational goldmine by stealing and cataloguing awide variety of personal and proprietary data, such as credit card numbers, bank account information, student financial aid statements, birth records, passwords, and Social Security numbers. The scans, however, were soon discovered by UT's Information Security Office ("ISO"), which informed Phillips on three separate occasions that his computer had been detected portscanning hundreds of thousands of external computers for vulnerabilities. Despite several instructions to stop, Phillips continued to scan and infiltrate computers within and without the UT system, daily adding to his database of stolen information. At around the time ISO issued its first warning in early 2002, Phillips designed a computer program expressly for the purpose of hacking into the UT system via a portal known as the "TXClass Learning Central: A Complete Training Resource for UT Faculty and Staff." TXClass was a "secure" server operated by UT and used by faculty and staff as a resource for enrollment in professional education courses. Authorized users gained access to their TXClass accounts by typing their Social Security numbers in a field on the TXClass website's log-on page. Phillips exploited the vulnerabilityeducation courses. Authorized users gained access to their TXClass accounts by typing their Social Security numbers in a field on the TXClass website's log-on page. Phillips exploited the vulnerability inherent in this log-on protocol by transmitting a "brute-force attack" program, which automatically transmitted to the website as many as six Social Security numbers per second, at least some of which would correspond to those of authorized TXClass users. . . . Phillips asserts that the Government failed to produce sufficient evidence that he "intentionally access[ed] a protected computer without authorization" under $ 1030(a)(5)(A)(ii) . . . Phillips's insufficiency argument takes two parts: that the Government failed to prove (1) he gained access to the TXClass website without authorization and (2) he did so intentionally. With regard to his authorization, the CFAA does not define the term, but it does clearly differentiate between unauthorized users and those who "exceed[ ] authorized access." Several subsections of the CFAA apply exclusively to users who lack access authorization altogether. In conditioning the nature of the intrusion in part on the level of authorization a computer user possesses, Congressdistinguished between "insiders, who are authorized to access a computer.\" and "outside haclters who break into a computer.\" Courts haye therefore typically analyzed the scope of a user's authorization to access a protected computer on the basis of the expected norms of intended use or the nature of the relationship established between the computer owner and the user. . . Phillips's bruteforce attack program was not an intended use of the UT network within the understanding of any reasonable computer user and constitutes a method of obtaining unauthorized access to computerized data that he was not permitted to yiew or use. During crossexamination, Phillips admitted that TXClass's normal hourly hit yolume did not exceed a few hundred requests, but that his bruteforce attack created as many as 4D.UDG. He also monitored the UT system during the multiple crashes his program caused. and backed up the numerical ranges ofthe Social Security numbers after the crashes so as not to omit any potential matches. Phillips intentionally and meticulously executed both his intrusion into TXClass and the extraction of a sizable quantity of confidential personal data. There was no lack of eyidence to find hint guilty of intentional unauthorized access. Phillips makes a subsidiary argument that because the TXClass website was a public application. he. like any internet user. was a fecto authorized user. In essence. Phillips contends that his theft ofother people's data from TXClass merely exceeded the preexisting generic authorization that he maintained as a user of the World IWide Web. and he cannot be considered an unauthorized user under l3{a}{5]{A}(ii]. This argument misconstrues the nature of obtaining \"access" to an internet application and the CFM's use of the term "authorization." While it is true that any internet user can insert the appropriate URL into a web browser and thereby view the 'TXClass Administrative Training System\" login web page. a user cannot gain access to the TXClass application itself without a valid Social Security number password to which UT has afrmatively granted authorization. Neither Phillips. nor members of the public. obtain such authorization from UT merely by viewing a log- in page. or clicking a hypertext link. Instead. courts have recognized that authorized access typically arises only out of a contractual or agency relationship. While Phillips was authorized to use his UT email account and engage in other activities dened by UT's acceptable computer use policy. he was never authorized to access TXClass. The method of access he used makes this fact even more plain. In short. the government produced sufficient evidence at trial to support Phillipsis conviction under 1U3D{aj[5j[A}{ii} _ _ _ For the foregoing reasons. the conviction and sentence are AFFIRMED