United States v. Rueda , 933 F.3d 6 ( 2019 )

          United States Court of Appeals
For the First Circuit
No. 18-1962
UNITED STATES,
Appellee,
v.
MEYLISI RUEDA,
Defendant, Appellant.
APPEAL FROM THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF MAINE
[Hon. Nancy Torresen, U.S. District Judge]
Before
Howard, Chief Judge,
Thompson and Barron, Circuit Judges.
J. Hillary Billings, Assistant Federal Defender was on brief
for appellant.
Renee M. Bunker, Assistant United States Attorney, Appellate
Chief, with whom Halsey B. Frank, United States Attorney, was on
brief, for appellee.
July 31, 2019
BARRON, Circuit Judge.          Meylisi Rueda ("Rueda") pleaded
guilty to one count of conspiracy to commit access-device fraud,
in violation of 

(a)(2), (a)(3), and (b)(2), in the
District Court for the District of Maine.               She now challenges the
District Court's sentence resulting from that plea.                   She argues
that the District Court erred in its calculation of the "loss"
attributable to her offense, due to what, she argues, was an
incorrect reading of § 2B1.1(b)(1) of the United States Sentencing
Guidelines.      We affirm.
I.
Beginning   in    June    of     2016,   state   and   federal    law
enforcement agencies initiated an investigation into multiple
complaints    of   credit     card    fraud    originating    in    Maine.    Law
enforcement agents received information in connection with that
investigation that Yaisder Herrera Gargallo, Jose Castillo Febles,
Juan Carlos Febles, and Rueda, had, over the span of several
months, used fraudulent credit cards to purchase merchandise, gift
cards, airline tickets, and to lease rental vehicles.
On June 18, 2016, law enforcement agents stopped a Jeep
in Brunswick, Maine that matched the description of a vehicle used
during     the     fraudulent        credit      card    transactions        under
investigation.      Rueda was not in the vehicle when it was pulled
over, but Gargallo, Jose Castillo Febles, and Juan Carlos Febles
were.    The agents questioned the three passengers, who admitted in
- 2 -
response that they, along with Rueda, were participants in a
fraudulent credit card scheme; that they had traveled from Florida
to Maine to undertake that scheme; and that they had stolen credit
cards in their possession at the time that they were pulled over.
A search of the vehicle led agents to discover multiple
packages of unopened merchandise (e.g., a Dewalt drill set and
three    iPads),     multiple    credit    cards      bearing    stolen    account
information, credit card "skimming" equipment, and a laptop.                     A
forensic search of the laptop revealed nine text files that
contained what appeared to be credit card information.                      Agents
identified what they determined were numbers for 2,732 unique
credit cards in these files.            In addition to the text files, the
forensic search of the laptop revealed various programs associated
with the manufacture of fake credit cards.
Investigators      were     able    to    identify    the     issuing
financial institutions associated with 2,580 of the 2,732 apparent
credit card numbers that were retrieved from the laptop's text
files.   Most of these financial institutions did not submit victim
impact   statements.       Eight    of    them   did.      The    victim    impact
statements    that    those     eight    financial     institutions      submitted
averred that the losses associated with the card numbers from the
laptop text files that were associated with their institutions
totaled, collectively, $24,673.60.
- 3 -
On October 6, 2017, Rueda pleaded guilty to one count of
conspiracy to commit access-device fraud, in violation of 

(a)(2),      (a)(3),   and    (b)(2).          The    District      Court   then
requested a pre-sentence report ("PSR"), which the United States
Office of Probation prepared and disclosed on November 24, 2017.
The PSR recommended, pursuant to the Guidelines, a guidelines
sentencing range ("GSR") of 37-46 months of imprisonment.
The    PSR   based    the    GSR     on    the    Guidelines'      "loss"
definition.        Section 2B1.1 of the guidelines defines "loss" as
"the greater of actual loss or intended loss."                         § 2B1.1, cmt.
n.3(A).    "Actual loss" is defined as "the reasonably foreseeable
pecuniary harm that resulted from the offense."                          Id. at cmt.
n.3(A)(i).         "Intended loss," by contrast, is defined as "the
pecuniary harm that the defendant purposely sought to inflict
[which] includes intended pecuniary harm that would have been
impossible or unlikely to occur."            Id. at cmt. n.3(A)(ii).
The    Guidelines     provide       additional         instructions    for
calculating "loss" in cases that involve "Stolen or Counterfeit
Credit    Cards     and   Access     Devices."          Id.    at    cmt.    n.3(F)(i)
[hereinafter       Application     Note    3(F)(i)].           These     instructions
provide that, "[i]n a case involving any counterfeit access device
or unauthorized access device, loss includes any unauthorized
charges made with the counterfeit access device or unauthorized
access device and shall be not less than $500 per access device."
- 4 -
Section 2B1.1 further states that "counterfeit access device" and
"unauthorized access device" are defined in accordance with 

(e).       

 at cmt. n.10(A).
Section    1029(e)       of    the    United    States      Criminal    Code
defines "access device" as "any card, plate, code, account number,
electronic    serial        number,    mobile      identification        number,     [or]
personal identification number . . . that can be used, alone or in
conjunction with another access device, to obtain money, goods,
services, or any other thing of value."                 

(e)(1).
That section of the federal criminal code defines "counterfeit
access   device"       as    "any     access      device    that    is    counterfeit,
fictitious, altered, or forged, or an identifiable component of an
access   device    or        a   counterfeit        access    device."         

     at
§ 1029(e)(2).     Finally, that section of the federal criminal code
defines "unauthorized access device" as "any access device that is
lost, stolen, expired, revoked, canceled, or obtained with intent
to defraud."    Id. at § 1029(e)(3).
After applying the Application Note 3(F)(i), the PSR
determined that the "loss" totaled $1,290,000.                     The PSR did so by
attributing a loss of $500 to each of the 2,580 numbers retrieved
from the laptop text files that had been determined to constitute
unauthorized or counterfeit access devices.
Rueda objected to the PSR's loss calculation.                            She
contended that to apply Application Note 3(F)(i)'s $500 minimum
- 5 -
loss amount to each of the 2,580 credit card numbers at issue, the
government    would   first   need    to   establish   that    each   "can   be
used . . . to obtain money, goods, services, or any other thing of
value," in accordance with the statutory definition of an access
device.    See 

(e)(1).       Rueda further contended that
there was no evidentiary basis for the government to make such a
showing.   Accordingly, she contended that the "loss" that could be
attributed to her offense was no more than the $24,673.60 of loss
that the eight financial institutions had described in their victim
impact statements.
At sentencing, on October 1, 2018, the District Court
noted that the question of the loss calculation was "close" but
ultimately    rejected   Rueda's     contention.       The    District   Court
adopted, instead, the GSR of 37-46 months of imprisonment based on
the PSR's attribution of a loss of $500 to each of the 2,580
numbers retrieved from the laptop's text files determined to be
counterfeit or unauthorized access devices.             The District Court
did note, however, that the difference between the GSR based on
the PSR's "loss" calculation and the GSR based on Rueda's proposed
calculation    was    "profound."      Thus,   given   various    mitigating
factors that the District Court identified, it imposed a variant
sentence of four-months imprisonment followed by two years of
supervised release.       Additionally, the District Court ordered a
joint and several restitution obligation of $24,673.60 on Rueda
- 6 -
and her co-defendants.          Finally, the District Court granted a
motion to stay Rueda's sentence, pending appeal, to allow Rueda
the opportunity to receive an answer from our Court on the "loss
issue."
Rueda timely appealed her sentence. Our review is de
novo, as her challenge to her sentence turns on a matter of
guidelines interpretation.         United States v. Flores-Machicote, 

, 19 (1st Cir. 2013).
II.
Rueda first contends that the District Court erred in
applying Application Note 3(F)(i)'s $500 minimum loss amount to
each   of   the   2,580    credit       card    numbers    in   making    its    loss
calculation under the Guidelines, because the government failed to
establish that, in accord with 18 U.S.C. 1029(e)(1)'s definition
of an "access device," each of those numbers "can be used . . . to
obtain money, goods, services, or any other thing of value."                      

(e)(3).       But, we do not agree.
Application Note 3(F)(i) incorporates the definition of
"counterfeit" and "unauthorized" access devices in 

(e)(2)    and   

(e)(3),      respectively.         Thus,
Application Note 3(F)(i) necessarily requires that a $500 minimum
loss be attributed to each access device of that type, see United
States v. Moon, 

, 1092 (6th Cir. 2015) (concluding
that   Application       Note   3(F)(i)'s        express    use   of     the    terms
- 7 -
"counterfeit" and "unauthorized" access devices indicated that any
usability requirement must be permissive enough to encompass such
devices in its scope), save for possibly available exceptions not
relevant   here,    see   Application   Note   3(F)(i)   (describing   the
exception for "telecommunication" access devices).          As a result,
by the plain terms of Application Note 3(F)(i), the $500 minimum
loss amount must be attributed even to, for example, a "fictitious"
"expired, revoked, [or] canceled" access device.            

(e)(2)-(3).
As a result, we do not see how Rueda's contention that
Application Note 3(F)(i) must be read to exclude from its scope
the 2,580 numbers that are at issue here is a tenable one.           Rueda
does contend that Application Note 3(F)(i) incorporates the "can
be used" requirements from the definition of an "access device" in
§ 1029(e)(3).      She does not develop, however, any argument that
would explain why, given this record, these 2,580 numbers do not
qualify as the kind of "unauthorized" or "counterfeit" access
devices to which Application Note 3(F)(i) plainly applies.
To be sure, Rueda argues that nothing about Application
Note   3(F)(i)'s     express    inclusion      of   "unauthorized"     and
"counterfeit" access devices precludes the conclusion that it
contains an implicit usability requirement.           According to her,
even "expired, revoked, or canceled" access devices can be "used"
in limited ways, such as by "manually impress[ing] [the fraudulent
- 8 -
cards] onto a paper receipt" and "present[ing] [the fraudulent
cards] over the phone . . . when electronic access is temporarily
unavailable."
But, if this is the definition of "can be used" that
Rueda contends should apply here, then we fail to see on what basis
she means to contend that it would not encompass every one of the
2,580 numbers at issue here.    Rueda cannot supportably argue that
any of those 2,580 numbers is just a random string of sixteen
digits that happened to be stored on the co-conspirators' computer.
Each of the 2,580 credit card numbers was linked, by a bank
identification number, to an identifiable financial institution.
Each of those 2,580 credit card numbers was also discovered along
with physical credit cards bearing stolen credit card information,
software used to manufacture fake credit cards, products purchased
using stolen credit cards, and "skimming" equipment used to steal
credit card information from gas station customers.
Rueda does rely on the out-of-circuit case United States
v. Onyesoh, 

 (9th Cir. 2012), in which the Ninth
Circuit did clearly endorse a usability requirement.        But, we do
not read that precedent to hold that the government must show that
a credit card number could successfully obtain money before such
a number could be subject to the $500 minimum "loss" amount for
"counterfeit"   and   "unauthorized"    access   devices   pursuant   to
Application Note 3(F)(i).      Thus, even that precedent does not
- 9 -
support her challenge on this score, given this record.                    See 

 (holding that evidence of expired cards "in combination
with another device" such as an "embosser" would potentially
suffice to establish usability).
III.
Rueda      separately        contends     that     Application       Note
3(F)(i)'s use of the phrase "shall not be less than $500 per access
device" merely modifies "loss includes any unauthorized charges
made with the counterfeit access device or unauthorized access
device." (Emphasis added). Accordingly, Rueda contends, the "most
logical and reasonable" reading of Application Note 3(F)(i) is
that its $500 minimum loss amount may be attributed to an access
device only when it was actually "charge[d]" during the commission
of the offense.        And, so read, Rueda contends, Application Note
3(F)(i) would not permit the $500 loss amount to be attributable
to   any   of   the    2,580   numbers     at   issue   here,    given    that    the
government has not shown that any of them were actually charged.
As a result, Rueda argues that the loss attributable to her offense
should not be the $1,290,000 calculated by the District Court.                     It
should be the $24,673.60 that was reflected in the victim impact
statement that the eight financial institutions submitted.
But,      here   too,   we    disagree.      The    word     "loss"    in
Application Note 3(F)(i) operates as the subject for the two verb
clauses that follow and that are connected by a conjunction:
- 10 -
"includes     any    unauthorized   charges     made   with   the    counterfeit
access device or unauthorized access device" and "shall be not
less than $500 per access device."             Accordingly, the sentence is
most naturally read so that these two verb clauses have the same
subject: "loss."       So read, Application Note 3(F)(i) provides that
"loss" both (1) shall "include[] any unauthorized charges made
with the counterfeit access device or unauthorized access device"
and (2) "shall be not less than $500 per access device" regardless
of whether each access device was actually charged.
This   reading   accords    --    as     Rueda's   reading    does
not -- with Section 2B1.1(b)(1)'s broader instruction that "loss"
include "intended loss," which is defined as "intended pecuniary
harm that would have been impossible or unlikely to occur."                  

at cmt. n.3(A)(ii) (emphasis added).            This reading also comports
with the rest of Application Note 3(F)(i)'s language, which appears
to establish a special carve-out from the $500 limit for only a
certain type of unauthorized access device -- a telecommunications
access device -- that is merely possessed and not used.                § 2B1.1,
cmt. n.3(F)(i).        That carve-out indicates that -- contrary to
Rueda's contention -- the higher $500 minimum loss amount generally
does apply to unauthorized or counterfeit access devices that a
defendant merely possesses and has not otherwise used. See United
States   v.    Cardenas,   

,   267    (5th   Cir.   2015)
(concluding that the language in the telecommunications provision
- 11 -
indicates that the loss calculation in the previous sentence
encompassed both used and unused devices); United States v. Thomas,

, 764 (8th Cir. 2016) (concluding the same).
Finally, this reading accords with the reading given to
Application Note 3(F)(i) by every circuit to have addressed the
argument about its scope that Rueda now advances.                See, e.g.,
Cardenas, 598 F. App'x at 267 (concluding that "nothing in the
text [of Application Note 3(F)(i)] requires the access devices to
be actually used" (emphasis in original)); Thomas, 841 F.3d at 764
("[Application Note 3(F)(i)] does not require that the device
actually have been used."); United States v. Gilmore, 

, 430-31 (6th Cir. 2011) ("The plain language [of Application
Note 3(F)(i)] sets a floor for calculating the loss attributable
to each device, namely $500; it does not limit loss calculations
to devices actually used.").
IV.
The District Court here noted the "profound" disparity
between the "loss" as calculated by Rueda's PSR and the actual
"loss" attributed to her offense based on the victim impact
statements submitted by the various financial institutions.            But,
the District Court, based on that disparity and various mitigating
factors, exercised its discretion to impose a variant sentence of
four-months   imprisonment   followed    by   two   years   of   supervised
release.   We thus conclude that the District Court did not err in
- 12 -
imposing the sentence that it did.   United States v. Popovski, 

, 554 (7th Cir. 2017) ("If a calculation under Application
Note 3(F)(i) overstates the seriousness of the offense, a district
judge must adjust accordingly.").      Accordingly, we affirm the
District Court's sentence.
- 13 -