Is this Computer Fraud?

D

David B

New Member
Jurisdiction
Virginia
A high school uses a web site to post homework and events and such, and tells students to register. So a student goes the site, clicks the "Register" button then has to choose "Register as Student" or "Register as Teacher." He clicks "Register as Teacher," creates a fake teacher account, uses that account to create fake awards (the ButtHurt award, for example), grants those awards to his buddies, and clicks "Print." The awards print out in the prinicipal's office. The principal marches down the hall into homeroom and presents the awards. The awardees immediately crack under pressure and rat out the awarder. Busted.

So, is that computer fraud?

I found this DOJ briefing: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf

It seems to me that Dr. ButtHurt's actions might be called "Accessing a Computer and Obtaining Information § 1030(a)(2)," and that he might have "exceeded authorized access" in a manner consistent with "(3) the authorizing party did not expressly prohibit the defendant from using its data for the improper purpose, but the defendant was acting against the authorizing party's interests."

§ 1030(a)(2) reads "Whoever (2) intentionally accesses (check) ... and thereby obtains —
(A) information contained in a financial record ... (nope)
(B) information from any department or agency of the United States; (nope)
or
(C) information from any protected computer (hmm, maybe, but did he really obtain it or put it there?)

Thoughts?
 
David B said:
So, is that computer fraud?
Click to expand...

That is not a label that I would use to describe or which I think reasonably describes the conduct that you described.

David B said:
It seems to me that Dr. ButtHurt's actions might be called "Accessing a Computer and Obtaining Information § 1030(a)(2)," and that he might have "exceeded authorized access" in a manner consistent with "(3) the authorizing party did not expressly prohibit the defendant from using its data for the improper purpose, but the defendant was acting against the authorizing party's interests."
Click to expand...

18 U.S.C. section 1030(a) states, "Whoever . . . (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains" any of three different types of information . . . shall be punished as provided in subsection (c) of this section."

I'm not sure who "Dr. ButtHurt" is supposed to be, but your description of the facts does not indicated that the student received any of the stated types of information. Section 1030(a)(2)(A) covers "information contained in a financial record of a financial institution, or of a card issuer . . ., or contained in a file of a consumer reporting agency." Section 1030(a)(2)(B) covers "information from any department or agency of the United States." Section 1030(a)(2)(C) covers "information from any protected computer," with "protected computer" being defined in section 1030(e)(2) to mean computers maintained by or for financial institutions or the federal government or computers that are used in or affect interstate or foreign commerce or communication." While "interstate commerce" has sometimes been defined very broadly by the Supreme Court, I doubt any court would define it to include computers maintained and used by local private or public high, middle or elementary schools. Moreover, nothing in your hypothetical indicates that the student received any information.

Whether the conduct described violated any other state or federal law is not something I care to spend time researching (and I'm certainly not reading through the 213 page PDF to which you linked). I feel relatively certain, however, that the conduct violated the school/district's terms of use and would be punished accordingly by the school.
 
I don't respond to hypotheticals. If you were not one of the participants, I have nothing to say.
 

Share this page

Get a free case review from a lawyer
Back
Top