
    THE PEOPLE OF THE STATE OF ILLINOIS, Plaintiff-Appellee, v. ELLERY E. CASEY, Defendant-Appellant.
    First District (4th Division)
    No. 1 — 90—0877
    Opinion filed January 23, 1992.
    
      Thomas Anthony Durkin and Janis D. Roberts, both of Chicago, for appellant.
    Jack O’Malley, State’s Attorney, of Chicago (Renee Goldfarb, Mary Brigid Kenney, and Donald T. Lyman, Assistant State’s Attorneys, of counsel), for the People.
   JUSTICE LINN

delivered the opinion of the court:

Defendant, Ellery Casey, was convicted of theft and unlawful use of a computer for his participation in a scheme to use stolen authorization codes to place long distance telephone calls on the International Telephone and Telegraph network (ITT). Several of the exhibits used by the State at trial were challenged on foundational and hearsay grounds during a defense pretrial motion. The court denied the motion and later admitted People’s exhibit 39 into evidence. The court convicted Casey of theft (Ill. Rev. Stat. 1987, ch. 38, pars. 16—1(a), 16—1(b)) and unlawful use of a computer (Ill. Rev. Stat. 1985, ch. 38, pars. 16—9(b)(3), 16—9(b)(4)). Casey was sentenced to 30 months of probation.

On appeal, Casey argues that People’s exhibit 39 was erroneously admitted into evidence because it was produced in anticipation of litigation and not in the ordinary course of business. He also asserts that a proper foundation for exhibit 39 was not provided when the source material for what was in effect a selective summary of data was lost or destroyed and the defense was denied an opportunity to evaluate or test it. Casey further contends that the evidence was insufficient to sustain his convictions beyond a reasonable doubt.

We agree that exhibit 39 was improperly admitted, but we believe that the remaining evidence is sufficient to sustain Casey’s conviction.

Background

ITT provides long distance telephone service to enrolled customers, who are given a seven-digit access code. This code puts the caller in contact with the ITT switch computer in Miami, Florida. Next, the caller must dial the desired long distance number, after which he or she dials a personal, seven-digit ITT authorization code which allows the switch computer to route the call and identify the calling party for billing. If an unauthorized person obtains and uses a customer’s ITT authorization code, the customer receives the bill.

In late 1985, ITT had reason to believe that some person or persons were hacking into its telecommunications computer system in Miami, Florida, to discover both the ITT access code and one or more individual authorization codes. Hacking refers to a process by which someone keeps calling into a switch site in an effort to obtain authorization codes, using sequential dialing of numbers. The switch computer in Miami makes a contemporaneous record of all calls and attempts routed through it. This information is then transmitted to ITT’s mainframe computer in New York, the day after it is recorded, for bill processing. The mainframe computer is a giant IBM computer.

Approximately once a month, the information from the switch computer is transmitted from the mainframe disc memory to a magnetic tape which also runs on the mainframe computer. The magnetic tape is thus used for storage and the information on it can be retrieved at any time.

In 1985, Martin Locker, manager of “Telefraud” for ITT, began an investigation into an alleged hacking operation which was believed to have originated in Florida. A person named Ira Stem was implicated. During the investigation, Locker searched ITT records and discerned a pattern of unauthorized calls being made from Chicago. Locker directed his employees to start tracking calls originating from Chicago that used ITT authorization codes. Eventually the investigation focused on an address on South Archer Avenue, the location of Lock Technology.

ITT enlisted Illinois Bell Telephone Company to help track the suspected problem by putting “DNRs,” or dialed number recorders, on the telephone numbers and lines coming from the Archer Avenue address. A DNR is a telephone monitoring device which prints a compíete record on paper of what is dialed on a particular line on any particular call. The printout shows the date of the call, except for the year, and the time, the numbers dialed, and the date and time when the call is terminated.

DNRs were placed on telephone lines of Lock Technology in April 1986. Based on the results of the ITT investigation, the State’s Attorney’s office obtained and executed a search warrant. Ellery Casey and 10 employees of Lock Technology were arrested and items were seized from the company.

Martin Locker testified at trial that when he began the ITT investigation he received a “log reader report” of switch activity that was identified as People’s exhibit 38. The report was referred to as the “hacking report,” which recorded all calls attempted to be placed through the ITT switches in Florida, including the date and disposition of the call, its duration, the called number, the ITT serial and ID numbers generated to the call, the incoming and outgoing trunk group, and the lead line. The report did not include the telephone number of the caller or identify him or her in any way. Locker testified that the information on the exhibit is kept in the ordinary course of business.

To track some of these calls using authorization codes that he believed had been compromised, Locker had employees call the distant-end receivers of these calls. He then wrote a report and instructed Richard Steinel in Chicago to open an internal ITT investigation.

Steinel contacted the Illinois Bell Telephone Corporation and arranged for the placement of the DNRs on the telephone lines at the Archer Avenue address. He had learned that Lock Technology had a multiple-telephone system at that location.

The State called as a witness the Bell Telephone employee who had placed the DNRs and retained possession of the tapes generated in 1986. The Bell employee testified that he turned the tapes over to the State’s Attorney and police on the day the search warrant was executed.

James Mack, a Chicago police officer with the financial investigative unit, testified that Steinel contacted him in May 1986 and provided documentation from ITT and Illinois Bell that included what authorization or customer codes were being used, how long they had been used, and where they were being used.

Steinel accompanied the police during the raid. Inside the Archer Avenue address the police found 10 calling booths with an employee at each and one additional phone at the defendant’s desk. Officers secured and inventoried each booth by number and took the phones and documents from the premises. Also confiscated was a notebook belonging to defendant Casey that Detective Mack perceived to be telephone numbers and access or authorization codes.

Locker testified that he was able to identify over 400 ITT customer codes as a result of the information obtained in the police search. The telephones confiscated dining the search were hooked up to a DNR that printed out the information programmed into each telephone’s memory. These tapes are the derivation of People’s exhibit 33.

Locker testified that he reviewed the information from Bell and the police department and from that and other information made a file of telephone numbers. Using the file of numbers and directing a computer programmer to create a program to retrieve information from other computer records, Locker produced what became People’s exhibit 39, the chief evidence under challenge in the pending appeal. Locker testified that the documents he reviewed had “various bits of information, including telephone numbers.” From these he “extracted” telephone numbers to create his list and computer file, neither of which was provided to the defense or existed at the time of trial. Locker explained that he created a computer program to perform what he called a “retrieval” function, based on information from his list. The computer program was not available at trial and the programmer did not testify.

According to the State, People’s exhibit 39 contains information from records kept by ITT in the ordinary course of business. When a call is made in the ITT network, a contemporaneous record is made of the call, indicating originating city, trunk group, date, time, duration, access code, and authorization number. The information is maintained on the computer for customer billing purposes and is placed on a magnetic tape in New York at month’s end. It does not, however, include the originating telephone number. Locker conceded that exhibit 39 was produced during and as part of the ITT investigation and in anticipation of litigation.

The trial court denied a motion in limine to bar exhibit 39 and ultimately ruled that, while the foundation for the exhibit could have been better, the information in the exhibit had been adequately accounted for and therefore the exhibit would be admitted. The court did bar People's exhibit 40, a summary of losses Locker had prepared for litigation using invoices from another exhibit. The court also excluded People’s exhibit 38, the “hacking report,” even though it purported to be a computer printout generated in the ordinary course of business at the Fort Lauderdale switching office of ITT. Locker had testified that to his knowledge, such records were kept in the ordinary course of business, but the trial court ultimately found that he lacked sufficient personal knowledge of those records.

Introduced into evidence by stipulation were written documents with information concerning five ITT customer accounts. The stipulations specified the authorization code number personal to each customer and the amount credited to each for unauthorized calls made on the customer’s number. Also admitted were eight stipulations from employees of Lock Technology. The affidavits identified Casey as the employees’ supervisor and stated that the employees would contact potential business customers by using a list of telephone numbers supplied by Casey. The affidavits also indicated that if the automatic dialing system was not functioning properly, the employees would notify Casey, who “would do something to [their] phone[s] so that [they] would work again.”

Opinion

I

Casey contends that exhibit 39 was erroneously admitted into evidence against him because it does not satisfy the requirements of a record kept in the ordinary course of business and in fact was prepared in anticipation of litigation. Section 115—5(a) of the Code of Criminal Procedure of 1963 (Ill. Rev. Stat. 1985, ch. 38, par. 115—5(a)) provides for the introduction into evidence of records “made in regular course of any business *** if it was the regular course of such business to make such memorandum or record at the time of such act, transaction, occurrence, or event or within a reasonable time thereafter.” Other circumstances surrounding the making of the record go to its weight, but not admissibility. In contrast, “[n]o writing or record made in the regular course of any business shall become admissible as evidence *** if [s]uch writing or record has been made by anyone during an investigation of an alleged offense or during any investigation relating to pending or anticipated litigation of any kind.” Ill. Rev. Stat. 1985, ch. 38, par. 115-5(c).

Locker admitted that he produced exhibit 39 for the purpose of the fraud investigation and to pursue civil litigation and criminal prosecution. The primary source data came from a list that Locker prepared using, among other things, People’s exhibit 36, documents seized by the Chicago police during the search of the Archer Avenue address. Locker also testified he had used numbers from telephonic and letter communication with Illinois Bell, some “memo cards” and “other assorted copies of documents.” He did not identify specific numbers extracted from specific documents but said “some” of the numbers came from one place and some from another. The list or data he used included “a few other numbers that *** did not specifically come off [exhibit 36]” but which came “from invoices or what [he termed] commonly called numbers that [he] looked at that were being used in conjunction with the investigation.”

After preparing his list from this data, Locker had an ITT computer programmer use this input to design a computer program for the purpose of retrieving selective ITT billing information maintained on magnetic computer tapes at ITT’s offices in New York. Locker failed to preserve his list, however, and testified that it no longer existed. The computer programmer did not testify. Locker also admitted that exhibit 39 does not show where a call was placed, or the ITT authorization code, and in fact by looking at the document there was nothing to link the information thereon to the Archer Avenue address.

In admitting exhibit 39, the trial court determined that Locker had adequately explained how he had created the exhibit. The court acknowledged that a better foundation could have been laid, but ruled that the computer-generated records of telephone calls going through the switching computer were admissible as business records. In so doing, the court found that they were not created in anticipation of litigation.

In support of the court’s ruling, the State asserts that exhibit 39 was properly admitted as a business record because the switch computer in Miami automatically creates a record of information regarding the calls as they come in. Therefore, the resulting computer record is trustworthy. Since the ITT computer’s accuracy and reliability are not challenged with respect to its generation of the data, the State asserts that it met the foundational requirements necessary for the admission of exhibit 39.

The cases make a distinction between “computer-generated” and “computer-stored” data. In People v. Holowko (1985), 109 Ill. 2d 187, 486 N.E.2d 877, the court explained that computer-generated data, such as that recorded spontaneously to track incoming telephone calls, are generally admissible as representing the tangible result of the computer’s internal operations. In the same way, we believe, the ITT computer’s contemporaneous recording of incoming data through a program designed to track billing information is a normal business use of the computer. Absent some infirmity in the underlying source material or the way in which the program is set up, the spontaneously created data is reliable enough to satisfy the foundational requirement of a business record. A computer printout of such data would not be barred on foundational or hearsay grounds. Holowko, 109 Ill. 2d 187, 486 N.E.2d 877.

In contrast to computer-generated records, the Holowko court found that “¡printouts of the computer-stored data constitute statements placed into the computer by out-of-court declarants and cannot be tested by cross-examination.” (Emphasis added.) (109 Ill. 2d at 191, 486 N.E.2d at 878-79.) Such data therefore should not be admitted into evidence.

In Grand Liquor Co. v. Department of Revenue (1977), 67 Ill. 2d 195, 202, 367 N.E.2d 1238, the court held that computer records are admissible if the equipment itself is shown to be standard, the entries were made in the regular course of business at or near the time of the transaction, and the source of information and method and time of the preparation show the records to be trustworthy. In the pending case, there is no question raised as to the manner in which the mainframe and switch computers of ITT spontaneously record information that is used to prepare the billings. Casey is not challenging the methodology by which those computer records are created or stored. Rather, he asserts that exhibit 39 is itself nothing more than a summary of data that Locker assembled and selected in anticipation of litigation. Locker compiled a list of information, no longer in existence, and used it in conjunction with a special computer program that was designed to retrieve certain business records from the ITT computers. Casey contends that the main foundational flaw in exhibit 39 stems from the human selection process used by Locker and the manual input of numbers into a computer program that was unavailable for cross-examination. The defense’s attempt to verify or expose any errors in the exhibit was thus defeated.

We agree with Casey Because exhibit 39 was prepared as an aid to the investigation and litigation and was the product of Locker’s selection process, we find that exhibit 39 cannot properly be viewed as a record prepared in the ordinary course of business. The fact that some of the data incorporated into the exhibit were retrieved records that were themselves made in the regular course of business does not salvage it because exhibit 39 appears to be something more than just a summary of the retrieved records. Since the exhibit was a compilation of information from various sources, some of which were not verifiable by the defense, we believe it falls outside the definition of a computer-generated business record kept in the ordinary course of business.

We do not mean to suggest that the act of merely retrieving previously generated business records from a computer is improper or that summaries of such records cannot ever be admitted into evidence. (See People v. Rivera (1989), 182 Ill. App. 3d 33, 537 N.E.2d 924.) But if the retrieval process is designed from a litigant’s various sources of information and purposeful selection that cannot be independently reviewed by the defense, the challenge is well taken.

Our examination of the record reveals that the trial court held several thorough hearings on motions directed toward the admissibility of various exhibits. The court’s rulings on numerous evidentiary matters were impressively well thought out. Our holding as to the inadmissibility of exhibit 39 stems from our belief that the indicia of reliability accorded to computer-generated records cannot be automatically extended to the special computer “retrieval” program in this case, based as it was on the manual transmission of selected information by a litigant in anticipation of trial.

That is not to say that Locker intentionally or even inadvertently skewed information or created a false picture to incriminate Casey. The central problem with exhibit 39, in our opinion, is that its trustworthiness as a business record was not established by the State; the defense was put in the position of taking Locker’s word for what the exhibit represented. No witness for the State asserted that ITT keeps documents similar to exhibit 39 in the ordinary course of business. In the pending case, the information necessary to test the validity of Locker’s list and retrieval program was in the control of ITT, not defendant. We conclude that exhibit 39 lacks sufficient indicia of reliability to be admitted into evidence as a business record and should have been excluded.

II

Although we have found error in the admission of the exhibit, we do not agree with Casey that the remaining evidence is insufficient to prove him guilty of the offenses beyond a reasonable doubt. Nor do we believe that the outcome of the trial would have been different if the court had excluded this exhibit from consideration. After carefully reviewing the record, we hold that the other evidence, construed in the light most favorable to the State (People v. Collins (1985), 106 Ill. 2d 237, 478 N.E.2d 267), amply supports the trial court’s conclusion that Casey used unauthorized ITT codes from the Archer Avenue address.

The trial judge, in his ruling, stated that “it is clear from the evidence that there was in fact the unauthorized use of certain access codes out of this business which has come to be known as Lock Technology. There is no question in my mind about that.” The court went on to note that “[t]he question that the court must decide *** is whether there has been sufficient connection between Mr. Ellery Casey and the actions that took place through the phones to prove him guilty beyond a reasonable doubt.”

The court found that although the ownership of Lock Technology had not been proven, there was sufficient evidence to show that Mr. Casey was in charge of the operations, as shown by “his actions and his control of the people who actually made certain telephone calls.”

We agree that the evidence, even without exhibit 39, shows that unauthorized customer codes were being used in the telephone calls made from the Archer Avenue address. The DNRs and other materials from the investigation and the items recovered by police in executing the search warrant trace the unlawful numbers back to the business. Exhibit 33 indicated that the numbers programmed into the telephones included unauthorized codes. Substantial oral testimony was offered to explain the basis for ITT’s investigation into the fraud and the basis for concluding that unauthorized codes were being programmed into the telephones used in the business located at the Archer Avenue address. The employees who sat in booths making calls for the business gave stipulated testimony that Casey was their supervisor. He was the one who, if the automatic dialing system did not function properly, did “something” to their phones, which at least indicates a technical familiarity with the phone system and, by reasonable inference, an ability to program numbers into the telephones. It is true that no one testified that he or she had actual knowledge that Casey was using unauthorized codes. However, police recovered suspicious sequences of numbers from his desk and an address book containing the number and address of Ira Stern, the Florida resident implicated in the computer hacking scheme. At least six authorization codes found on the DNR tapes were found in Casey’s possession. Finally, there is no evidence that a person or persons other than Casey programmed the telephones.

Certain defense exhibits in the record reveal that other corporate entities and individuals may have been affiliated with Casey, but nothing suggests that he was only a low-level employee of the business. In fact, in a copy of what appears to be a Dun & Bradstreet report on Lock Technology, at 3004 South Archer Avenue, an entry lists Casey as “principal” and notes Casey’s “verbal acknowledgement” of ownership. Although the purpose for which the defense exhibits were tendered relates to a pretrial motion to suppress, and thus the relevance of such information for trial purposes is lacking, the fact remains that with the State’s showing that Casey was in charge of the operations, and in the absence of any testimony or evidence to the contrary, a finder of fact could well infer that Casey was the one responsible for the illegal use of ITT’s customer authorization codes. His knowing use of the codes with intent to deceive ITT was established.

For the reasons set forth, we hold that the admission of People’s exhibit 39 was error, but that under the particular facts of this case the error was harmless. The outcome of the trial would not likely have differed had the exhibit been excluded, and the remaining evidence was sufficient to sustain the convictions.

Affirmed.

JIGANTI, P.J., and JOHNSON, J., concur.  