Holding: Morris acted “without authorization” because (1) he used applications contrary to their intent (exploiting security holes) and (2) accessed other departments and computers on which he was “without authorization,” including bypassing passwords. Facts: Cornell grad student released the first internet worm that crashed computers across the nascent Internet. This was the first case prosecuted under 18 USC § 1030(a)(5)(a). The defendant claimed the term “without authorization” meant that he must lack an authorized account on any “federal interest computer.”
Holding: Cellular telephone used for purpose of “free riding” on telephone system or transferred to another for that purpose, without use of a customer's account, is not an “access device” within meaning of the statute proscribing fraud and related activity in connection with access devices. Facts: Brady trafficked in an altered cellular telephone, which permitted unauthorized access to telephone services.
Holding: Even though Czubinsk exceeded authorized access to a federal interest computer, he was not convicted of computer fraud through his browsing of confidential taxpayer files, as he did not obtain “anything of value.” Facts: Czubinski was employed as a Contact Representative for the IRS. Czubinski routinely accessed information from one of the IRS's computer systems known as the Integrated Data Retrieval System. He carried out unauthorized searches by looking at confidential information by performing computer searches that were outside of the scope of his duties as a Contact Representative. He did not do anything more than knowingly disregard IRS rules by observing confidential information.
Holding: The CFAA criminalizes computer crimes against persons as well as corporations. Facts: Middleton worked as the personal computer administrator for Slip.net, an Internet service provider. His responsibilities included installing software and hardware on the company's computers and providing technical support to its employees. He had extensive knowledge of Slip.net's internal systems, including employee and computer program passwords. Dissatisfied with his job, Middleton quit. He then began to write threatening e-mails to his former employer.
Holding: Sending large quantities of e-mails to a protected computer server violated the CFAA by knowingly and intentionally causing the transmission of a program, information, or code, without authorization, which resulted in damage to a protected computer. Facts: Drew bombarded ESI with massive quantity of e-mail messages.
Holding: The U.S. had jurisdiction over computer crimes committed from Russia because the actual and detrimental effects of the defendant’s actions occurred in Connecticut. Facts: The defendant was charged with conspiracy, computer fraud and related activity, extortion, and possession of unauthorized access devices based on threats allegedly made while he was in Russia. He gained root access to a business’s computers in Connecticut and moved data from a Connecticut computer to a computer in Russia.
Holding: The amount of loss to each site would not total the requisite $5,000.00 without including “lost profits.” The defendant’s motion for acquittal was granted. Facts: Pierre–Louis sent a computer virus that damaged computers at two sites, one in New York and, the other in Minnesota, owned and operated by his then-employer, Purity Wholesale Grocers, Inc.
Holding: Losses sustained by contractor hired to manage secure computer system of defendant's former employer could be considered when determining whether defendant's damage to the system exceeded $5,000 Facts: After leaving his employment with Aventis, Millot kept his SecureID card. He used it to access the Aventis computer network and deleted the manager of Technical Services’ account. Rebuilding the account and performing a security audit required 407 hours of labor, with a total cost of $20,350.
Holding: By sending thousands of e-mails to one e-mail address using spoofed e-mail addresses, the defendant caused an impairment to the integrity or availability of data, a program, a system, or information, and he intended to cause damage. Facts: Beginning in 2001, Carlson engaged in two types of e-mail activities that caused damage to other internet users: “direct attack” e-mailing, in which Carlson sent thousands of e-mails to one particular e-mail address, and “indirect attack” e-mailing, where he sent one e-mail to many e-mail addresses. In employing the direct attack method, Carlson sent thousands of e-mails mainly to a few e-mail addresses at the Philadelphia Phillies.
Holding: Phillips's brute-force attack program was not an intended use of the UT network within the understanding of any reasonable computer user and constitutes a method of obtaining unauthorized access to computerized data that he was not permitted to view or use. Facts: From his access to secure university computer site, the defendant used a brute force attack to steal Social Security numbers and other confidential information.
