So, a question has come up regarding venue, as it applies to Computer Crimes.

In short, I am charged with investigating and preparing for prosecution various cases under Chapter 33 of Texas Penal Code, most commonly Breach of Computer Security (33.02) and Online Impersonation (33.07). In so doing, a problem has recently arisen regarding venue for some of these cases involving victims located within my jurisdiction, but suspects located outside my jurisdiction.

In a typical case, we might see a victim in Austin who has, for example, a Facebook (or other online provider) account that the suspect accesses without the victim's permission. Alternately, a victim in Austin might be impersonated using a Facebook account not owned or controlled by the victim. In a case in which the suspect is located outside my jurisdiction, we don't appear to have venue to file charges under Art 13.25 CCP, which states:

Art. 13.25. COMPUTER CRIMES. (a) In this section "access," "computer," "computer network," "computer program," "computer system," and "owner" have the meanings assigned to those terms by Section 33.01, Penal Code.

(b) An offense under Chapter 33, Penal Code, may be prosecuted in:

(1) the county of the principal place of business of the owner or lessee of a computer, computer network, or computer system involved in the offense;

(2) any county in which a defendant had control or possession of:

(A) any proceeds of the offense; or

(B) any books, records, documents, property, negotiable instruments, computer programs, or other material used in furtherance of the offense; or

(3) any county from which, to which, or through which access to a computer, computer network, computer program, or computer system was made in violation of Chapter 33, whether by wires, electromagnetic waves, microwaves, or any other means of communication.

Basically this lets us file it if the suspect is here, if the data goes through here, or if the 'principal place of business of the owner...' is here.

In a case involving 'cloud' resources, such as Facebook (or Google, Yahoo!, Microsoft, etc.) accounts, however, the computer itself is not physically located here, although the 'owner' of the account (and victim) may be. As well, the data doesn't go through here, since the servers for these accounts are located elsewhere (CA, WA, etc.).

So what I'm wondering is:

1) Has anybody else run into this? How'd that work out?

2) Is anybody aware of specific case law or anything else that might help us establish venue dealing with the victim's location? It could potentially be argued under 13.01 that if there is an out of state suspect, they could be prosecuted because 'an element of the offense' occurred here, namely the lack of consent to the victim, but that's in the hands of my D.A. and as well, it doesn't address out of jurisdiction cases that remain in the state (such as a suspect in San Antonio and a victim in Austin).

3) Does anybody have any other thoughts/ideas/suggestions on the matter that could be helpful?

Obviously it would be ideal if, after investigating a case and eventually determining that the suspect is located elsewhere, I could still file the case under some portion of the law akin to CCP 13.29, rather than transferring it to another agency who may or may not have the time, interest, or resources to file and follow through on a case such as this. Unfortunately, I have yet to have located any portion of the law currently in existence that would allow that to happen.

Thanks.

Contact me off list.