928 F.2d 504 (1991)

No. 774, Docket 90-1336.

Argued December 4, 1990.
Decided March 7, 1991.

Thomas A. Guidoboni, Washington, D.C., for defendant-appellant.

Ellen R. Meltzer, U.S. Dept. of Justice, Washington, D.C. (Frederick J. Scullin, Jr., U.S. Atty., Syracuse, N.Y., Mark D. Rasch, U.S. Dept. of Justice, Washington, D.C., on the brief), for appellee.

[505] Before NEWMAN and WINTER, Circuit Judges, and DALY, District Judge.^[1]

JON O. NEWMAN, Circuit Judge:

This appeal presents two narrow issues of statutory construction concerning a provision Congress recently adopted to strengthen protection against computer crimes. Section 2(d) of the Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030(a)(5)(A) (1988), punishes anyone who intentionally accesses without authorization a category of computers known as "[f]ederal interest computers" and damages or prevents authorized use of information in such computers, causing loss of $1,000 or more. The issues raised are (1) whether the Government must prove not only that the defendant intended to access a federal interest computer, but also that the defendant intended to prevent authorized use of the computer's information and thereby cause loss; and (2) what satisfies the statutory requirement of "access without authorization."

These questions are raised on an appeal by Robert Tappan Morris from the May 16, 1990, judgment of the District Court for the Northern District of New York (Howard G. Munson, Judge) convicting him, after a jury trial, of violating 18 U.S.C. § 1030(a)(5)(A). Morris released into INTERNET, a national computer network, a computer program known as a "worm"^[2] that spread and multiplied, eventually causing computers at various educational institutions and military sites to "crash" or cease functioning.

We conclude that section 1030(a)(5)(A) does not require the Government to demonstrate that the defendant intentionally prevented authorized use and thereby caused loss. We also find that there was sufficient evidence for the jury to conclude that Morris acted "without authorization" within the meaning of section 1030(a)(5)(A). We therefore affirm.

FACTS

In the fall of 1988, Morris was a first-year graduate student in Cornell University's computer science Ph.D. program. Through undergraduate work at Harvard and in various jobs he had acquired significant computer experience and expertise. When Morris entered Cornell, he was given an account on the computer at the Computer Science Division. This account gave him explicit authorization to use computers at Cornell. Morris engaged in various discussions with fellow graduate students about the security of computer networks and his ability to penetrate it.

In October 1988, Morris began work on a computer program, later known as the INTERNET "worm" or "virus." The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers. Morris designed the program to spread across a national network of computers after being inserted at one computer location connected to the network. Morris released the worm into INTERNET, which is a group of national networks that connect university, governmental, and military computers around the country. The network permits communication and transfer of information between computers on the network.

Morris sought to program the INTERNET worm to spread widely without drawing attention to itself. The worm was supposed to occupy little computer operation time, and thus not interfere with normal use of the computers. Morris programmed the worm to make it difficult to detect and read, so that other programmers would not be able to "kill" the worm easily.

[506] Morris also wanted to ensure that the worm did not copy itself onto a computer that already had a copy. Multiple copies of the worm on a computer would make the worm easier to detect and would bog down the system and ultimately cause the computer to crash. Therefore, Morris designed the worm to "ask" each computer whether it already had a copy of the worm. If it responded "no," then the worm would copy onto the computer; if it responded "yes," the worm would not duplicate. However, Morris was concerned that other programmers could kill the worm by programming their own computers to falsely respond "yes" to the question. To circumvent this protection, Morris programmed the worm to duplicate itself every seventh time it received a "yes" response. As it turned out, Morris underestimated the number of times a computer would be asked the question, and his one-out-of-seven ratio resulted in far more copying than he had anticipated. The worm was also designed so that it would be killed when a computer was shut down, an event that typically occurs once every week or two. This would have prevented the worm from accumulating on one computer, had Morris correctly estimated the likely rate of reinfection.

Morris identified four ways in which the worm could break into computers on the network:

(1) through a "hole" or "bug" (an error) in SEND MAIL, a computer program that transfers and receives electronic mail on a computer;

(2) through a bug in the "finger demon" program, a program that permits a person to obtain limited information about the users of another computer;

(3) through the "trusted hosts" feature, which permits a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and

(4) through a program of password guessing, whereby various combinations of letters are tried out in rapid sequence in the hope that one will be an authorized user's password, which is entered to permit whatever level of activity that user is authorized to perform.

On November 2, 1988, Morris released the worm from a computer at the Massachusetts Institute of Technology. MIT was selected to disguise the fact that the worm came from Morris at Cornell. Morris soon discovered that the worm was replicating and reinfecting machines at a much faster rate than he had anticipated. Ultimately, many machines at locations around the country either crashed or became "catatonic." When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution. Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late. Computers were affected at numerous installations, including leading universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.

Morris was found guilty, following a jury trial, of violating 18 U.S.C. § 1030(a)(5)(A). He was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.

DISCUSSION

I. The intent requirement in section 1030(a)(5)(A)

Section 1030(a)(5)(A), covers anyone who

(5) intentionally accesses a Federal interest computer without authorization, and by means of one or more instances of such conduct alters, damages, or destroys information in any such Federal interest computer, or prevents authorized use of any such computer or information, and thereby

(A) causes loss to one or more others of a value aggregating $1,000 or more during any one year period; ... [emphasis added].

The District Court concluded that the intent requirement applied only to the accessing and not to the resulting damage. [507] Judge Munson found recourse to legislative history unnecessary because he considered the statute clear and unambiguous. However, the Court observed that the legislative history supported its reading of section 1030(a)(5)(A).

Morris argues that the Government had to prove not only that he intended the unauthorized access of a federal interest computer, but also that he intended to prevent others from using it, and thus cause a loss. The adverb "intentionally," he contends, modifies both verb phrases of the section. The Government urges that since punctuation sets the "accesses" phrase off from the subsequent "damages" phrase, the provision unambiguously shows that "intentionally" modifies only "accesses." Absent textual ambiguity, the Government asserts that recourse to legislative history is not appropriate. See Burlington N.R. Co. v. Oklahoma Tax Comm'n, 481 U.S. 454, 461, 107 S.Ct. 1855, 1859, 95 L.Ed.2d 404 (1987); Consumer Product Safety Comm'n v. GTE Sylvania, Inc., 447 U.S. 102, 108, 100 S.Ct. 2051, 2056, 64 L.Ed.2d 766 (1980); United States v. Holroyd, 732 F.2d 1122, 1125 (2d Cir.1984).

With some statutes, punctuation has been relied upon to indicate that a phrase set off by commas is independent of the language that followed. See United States v. Ron Pair Enterprises, Inc., 489 U.S. 235, 241, 109 S.Ct. 1026, 1030, 103 L.Ed.2d 290 (1989) (interpreting the Bankruptcy Code). However, we have been advised that punctuation is not necessarily decisive in construing statutes, see Costanzo v. Tillinghast, 287 U.S. 341, 344, 53 S.Ct. 152, 153, 77 L.Ed. 350 (1932), and with many statutes, a mental state adverb adjacent to initial words has been applied to phrases or clauses appearing later in the statute without regard to the punctuation or structure of the statute. See Liparota v. United States, 471 U.S. 419, 426-29, 105 S.Ct. 2084, 2088-90, 85 L.Ed.2d 434 (1985) (interpreting food stamps provision); United States v. Nofziger, 878 F.2d 442, 446-50 (D.C.Cir.) (interpreting government "revolving door" statute), cert. denied, ___ U.S. ___, 110 S.Ct. 564, 107 L.Ed.2d 559 (1989); United States v. Johnson & Towers, Inc., 741 F.2d 662, 667-69 (3d Cir.1984) (interpreting the conservation act), cert. denied, 469 U.S. 1208, 105 S.Ct. 1171, 84 L.Ed.2d 321 (1985). In the present case, we do not believe the comma after "authorization" renders the text so clear as to preclude review of the legislative history.

The first federal statute dealing with computer crimes was passed in 1984, Pub.L. No. 98-473 (codified at 18 U.S.C. § 1030 (Supp. II 1984)). The specific provision under which Morris was convicted was added in 1986, Pub.L. No. 99-474, along with some other changes. The 1986 amendments made several changes relevant to our analysis.

First, the 1986 amendments changed the scienter requirement in section 1030(a)(2) from "knowingly" to "intentionally." See Pub.L. No. 99-474, section 2(a)(1). The subsection now covers anyone who

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.).

According to the Senate Judiciary Committee, Congress changed the mental state requirement in section 1030(a)(2) for two reasons. Congress sought only to proscribe intentional acts of unauthorized access, not "mistaken, inadvertent, or careless" acts of unauthorized access. S.Rep. No. 99-432, 99th Cong., 2d Sess. 5 (1986), reprinted in 1986 U.S.Code Cong. & Admin.News 2479, 2483 [hereinafter Senate Report].

Also, Congress expressed concern that the "knowingly" standard "might be inappropriate for cases involving computer technology." Id. The concern was that a scienter requirement of "knowingly" might encompass the acts of an individual "who inadvertently `stumble[d] into' someone else's computer file or computer data," especially where such individual was authorized [508] to use a particular computer. Id. at 6, 1986 U.S.Code Cong. & Admin.News at 2483. The Senate Report concluded that "[t]he substitution of an `intentional' standard is designed to focus Federal criminal prosecutions on those whose conduct evinces a clear intent to enter, without proper authorization, computer files or data belonging to another." Id., U.S.Code Cong. & Admin.News at 2484. Congress retained the "knowingly" standard in other subsections of section 1030. See 18 U.S.C. § 1030(a)(1), (a)(4).

This use of a mens rea standard to make sure that inadvertent accessing was not covered is also emphasized in the Senate Report's discussion of section 1030(a)(3) and section 1030(a)(5), under which Morris was convicted. Both subsections were designed to target "outsiders," individuals without authorization to access any federal interest computer. Senate Report at 10, U.S.Code Cong. & Admin.News at 2488. The rationale for the mens rea requirement suggests that it modifies only the "accesses" phrase, which was the focus of Congress's concern in strengthening the scienter requirement.

The other relevant change in the 1986 amendments was the introduction of subsection (a)(5) to replace its earlier version, subsection (a)(3) of the 1984 act, 18 U.S.C. § 1030(a)(3) (Supp. II 1984). The predecessor subsection covered anyone who

knowingly accesses a computer without authorization, or having accessed a computer with authorization, uses the opportunity such access provides for purposes to which such authorization does not extend, and by means of such conduct knowingly uses, modifies, destroys, or discloses information in, or prevents authorized use of, such computer, if such computer is operated for or on behalf of the Government of United States and such conduct affects such operation.

The 1986 version changed the mental state requirement from "knowingly" to "intentionally," and did not repeat it after the "accesses" phrase, as had the 1984 version. By contrast, other subsections of section 1030 have retained "dual intent" language, placing the scienter requirement at the beginning of both the "accesses" phrase and the "damages" phrase. See, e.g., 18 U.S.C. § 1030(a)(1).

Morris notes the careful attention that Congress gave to selecting the scienter requirement for current subsections (a)(2) and (a)(5). Then, relying primarily on comments in the Senate and House reports, Morris argues that the "intentionally" requirement of section 1030(a)(5)(A) describes both the conduct of accessing and damaging. As he notes, the Senate Report said that "[t]he new subsection 1030(a)(5) to be created by the bill is designed to penalize those who intentionally alter, damage, or destroy certain computerized data belonging to another." Senate Report at 10, U.S.Code Cong. & Admin.News at 2488. The House Judiciary Committee stated that "the bill proposes a new section (18 U.S.C. § 1030(a)(5)) which can be characterized as a `malicious damage' felony violation involving a Federal interest computer. We have included an `intentional' standard for this felony and coverage is extended only to outside trespassers with a $1,000 threshold damage level." H.R.Rep. No. 99-612, 99th Cong.2d Sess. at 7 (1986). A member of the Judiciary Committee also referred to the section 1030(a)(5) offense as a "malicious damage" felony during the floor debate. 132 Cong.Rec. H3275, 3276 (daily ed. June 3, 1986) (remarks of Rep. Hughes).

The Government's argument that the scienter requirement in section 1030(a)(5)(A) applies only to the "accesses" phrase is premised primarily upon the difference between subsection (a)(5)(A) and its predecessor in the 1984 statute. The decision to state the scienter requirement only once in subsection (a)(5)(A), along with the decision to change it from "knowingly" to "intentionally," are claimed to evince a clear intent upon the part of Congress to apply the scienter requirement only to the "accesses" phrase, though making that requirement more difficult to satisfy. This reading would carry out the Congressional objective of protecting the individual who "inadvertently `stumble[s] into' someone else's computer file." Senate Report at 6, U.S.Code Cong. & Admin.News at 2483.

[509] The Government also suggests that the fact that other subsections of section 1030 continue to repeat the scienter requirement before both phrases of a subsection is evidence that Congress selectively decided within the various subsections of section 1030 where the scienter requirement was and was not intended to apply. Morris responds with a plausible explanation as to why certain other provisions of section 1030 retain dual intent language. Those subsections use two different mens rea standards; therefore it is necessary to refer to the scienter requirement twice in the subsection. For example, section 1030(a)(1) covers anyone who

(1) knowingly accesses a computer without authorization or exceeds authorized access, and by means of such conduct obtains information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data ... with the intent or reason to believe that such information so obtained is to be used to the injury of the United States, or to the advantage of any foreign nation.

Since Congress sought in subsection (a)(1) to have the "knowingly" standard govern the "accesses" phrase and the "with intent" standard govern the "results" phrase, it was necessary to state the scienter requirement at the beginning of both phrases. By contrast, Morris argues, where Congress stated the scienter requirement only once, at the beginning of the "accesses" phrase, it was intended to cover both the "accesses" phrase and the phrase that followed it.

There is a problem, however, with applying Morris's explanation to section 1030(a)(5)(A). As noted earlier, the predecessor of subsection (a)(5)(A) explicitly placed the same mental state requirement before both the "accesses" phrase and the "damages" phrase. In relevant part, that predecessor in the 1984 statute covered anyone who "knowingly accesses a computer without authorization, ... and by means of such conduct knowingly uses, modifies, destroys, or discloses information in, or prevents authorized use of, such computer...." 18 U.S.C. § 1030(a)(3) (Supp. II 1984) (emphasis added). This earlier provision demonstrates that Congress has on occasion chosen to repeat the same scienter standard in the "accesses" phrase and the subsequent phrase of a subsection of the Computer Fraud Statute. More pertinently, it shows that the 1986 amendments adding subsection (a)(5)(A) placed the scienter requirement adjacent only to the "accesses" phrase in contrast to a predecessor provision that had placed the same standard before both that phrase and the subsequent phrase.

Despite some isolated language in the legislative history that arguably suggests a scienter component for the "damages" phrase of section 1030(a)(5)(A), the wording, structure, and purpose of the subsection, examined in comparison with its departure from the format of its predecessor provision persuade us that the "intentionally" standard applies only to the "accesses" phrase of section 1030(a)(5)(A), and not to its "damages" phrase.

II. The unauthorized access requirement in section 1030(a)(5)(A)

Section 1030(a)(5)(A) penalizes the conduct of an individual who "intentionally accesses a Federal interest computer without authorization." Morris contends that his conduct constituted, at most, "exceeding authorized access" rather than the "unauthorized access" that the subsection punishes. Morris argues that there was insufficient evidence to convict him of "unauthorized access," and that even if the evidence sufficed, he was entitled to have the jury instructed on his "theory of defense."

We assess the sufficiency of the evidence under the traditional standard. Morris was authorized to use computers at Cornell, Harvard, and Berkeley, all of which were on INTERNET. As a result, Morris was authorized to communicate with other computers on the network to send electronic mail (SEND MAIL), and to find out certain information about the users of other computers [510] (finger demon). The question is whether Morris's transmission of his worm constituted exceeding authorized access or accessing without authorization.

The Senate Report stated that section 1030(a)(5)(A), like the new section 1030(a)(3), would "be aimed at `outsiders,' i.e., those lacking authorization to access any Federal interest computer." Senate Report at 10, U.S.Code Cong. & Admin.News at 2488. But the Report also stated, in concluding its discussion on the scope of section 1030(a)(3), that it applies "where the offender is completely outside the Government, ... or where the offender's act of trespass is interdepartmental in nature." Id. at 8, U.S.Code Cong. & Admin.News at 2486 (emphasis added).

Morris relies on the first quoted portion to argue that his actions can be characterized only as exceeding authorized access, since he had authorized access to a federal interest computer. However, the second quoted portion reveals that Congress was not drawing a bright line between those who have some access to any federal interest computer and those who have none. Congress contemplated that individuals with access to some federal interest computers would be subject to liability under the computer fraud provisions for gaining unauthorized access to other federal interest computers. See, e.g., id. (stating that a Labor Department employee who uses Labor's computers to access without authorization an FBI computer can be criminally prosecuted).

The evidence permitted the jury to conclude that Morris's use of the SEND MAIL and finger demon features constituted access without authorization. While a case might arise where the use of SEND MAIL or finger demon falls within a nebulous area in which the line between accessing without authorization and exceeding authorized access may not be clear, Morris's conduct here falls well within the area of unauthorized access. Morris did not use either of those features in any way related to their intended function. He did not send or read mail nor discover information about other users; instead he found holes in both programs that permitted him a special and unauthorized access route into other computers.

Moreover, the jury verdict need not be upheld solely on Morris's use of SEND MAIL and finger demon. As the District Court noted, in denying Morris' motion for acquittal,

Although the evidence may have shown that defendant's initial insertion of the worm simply exceeded his authorized access, the evidence also demonstrated that the worm was designed to spread to other computers at which he had no account and no authority, express or implied, to unleash the worm program. Moreover, there was also evidence that the worm was designed to gain access to computers at which he had no account by guessing their passwords. Accordingly, the evidence did support the jury's conclusion that defendant accessed without authority as opposed to merely exceeding the scope of his authority.

In light of the reasonable conclusions that the jury could draw from Morris's use of SEND MAIL and finger demon, and from his use of the trusted hosts feature and password guessing, his challenge to the sufficiency of the evidence fails.

Morris endeavors to bolster his sufficiency argument by contending that his conduct was not punishable under subsection (a)(5) but was punishable under subsection (a)(3). That concession belies the validity of his claim that he only exceeded authorization rather than made unauthorized access. Neither subsection (a)(3) nor (a)(5) punishes conduct that exceeds authorization. Both punish a person who "accesses" "without authorization" certain computers. Subsection (a)(3) covers the computers of a department or agency of the United States; subsection (a)(5) more broadly covers any federal interest computers, defined to include, among other computers, those used exclusively by the United States, 18 U.S.C. § 1030(e)(2)(A), and adds the element of causing damage or loss of use of a value of $1,000 or more. If Morris violated subsection (a)(3), as he concedes, then his conduct in inserting the worm into the INTERNET [511] must have constituted "unauthorized access" under subsection (a)(5) to the computers of the federal departments the worm reached, for example, those of NASA and military bases.

To extricate himself from the consequence of conceding that he made "unauthorized access" within the meaning of subsection (a)(3), Morris subtly shifts his argument and contends that he is not within the reach of subsection (a)(5) at all. He argues that subsection (a)(5) covers only those who, unlike himself, lack access to any federal interest computer. It is true that a primary concern of Congress in drafting subsection (a)(5) was to reach those unauthorized to access any federal interest computer. The Senate Report stated, "[T]his subsection [(a)(5)] will be aimed at `outsiders,' i.e., those lacking authorization to access any Federal interest computer." Senate Report at 10, U.S.Code Cong. & Admin.News at 2488. But the fact that the subsection is "aimed" at such "outsiders" does not mean that its coverage is limited to them. Congress understandably thought that the group most likely to damage federal interest computers would be those who lack authorization to use any of them. But it surely did not mean to insulate from liability the person authorized to use computers at the State Department who causes damage to computers at the Defense Department. Congress created the misdemeanor offense of subsection (a)(3) to punish intentional trespasses into computers for which one lacks authorized access; it added the felony offense of subsection (a)(5) to punish such a trespasser who also causes damage or loss in excess of $1,000, not only to computers of the United States but to any computer within the definition of federal interest computers. With both provisions, Congress was punishing those, like Morris, who, with access to some computers that enable them to communicate on a network linking other computers, gain access to other computers to which they lack authorization and either trespass, in violation of subsection (a)(3), or cause damage or loss of $1,000 or more, in violation of subsection (a)(5).

Morris also contends that the District Court should have instructed the jury on his theory that he was only exceeding authorized access. The District Court decided that it was unnecessary to provide the jury with a definition of "authorization." We agree. Since the word is of common usage, without any technical or ambiguous meaning, the Court was not obliged to instruct the jury on its meaning. See, e.g., United States v. Chenault, 844 F.2d 1124, 1131 (5th Cir.1988) ("A trial court need not define specific statutory terms unless they are outside the common understanding of a juror or are so technical or specific as to require a definition.").

An instruction on "exceeding authorized access" would have risked misleading the jury into thinking that Morris could not be convicted if some of his conduct could be viewed as falling within this description. Yet, even if that phrase might have applied to some of his conduct, he could nonetheless be found liable for doing what the statute prohibited, gaining access where he was unauthorized and causing loss.

Additionally, the District Court properly refused to charge the jury with Morris's proposed jury instruction on access without authorization. That instruction stated, "To establish the element of lack of authorization, the government must prove beyond a reasonable doubt that Mr. Morris was an `outsider,' that is, that he was not authorized to access any Federal interest computer in any manner." As the analysis of the legislative history reveals, Congress did not intend an individual's authorized access to one federal interest computer to protect him from prosecution, no matter what other federal interest computers he accesses.

CONCLUSION

For the foregoing reasons, the judgment of the District Court is affirmed.

[1] The Honorable T.F. Gilroy Daly of the District Court for the District of Connecticut, sitting by designation.

[2] In the colorful argot of computers, a "worm" is a program that travels from one computer to another but does not attach itself to the operating system of the computer it "infects." It differs from a "virus," which is also a migrating program, but one that attaches itself to the operating system of any computer it enters and can infect any other computer that uses files from the infected computer.

Page 1069

Page 1071

        Susan B. Hanmer, with whom Oliver C. Mitchell, Jr., Louis J. Scerra, Jr., Boston, MA, and Goldstein & Manello, P.C., were on brief, for defendant-appellant.

        S. Theodore Merritt, Assistant United States Attorney, with whom Donald K. Stern, United States Attorney, Boston, MA, and Amy B. Lederer, Assistant United States Attorney, Washington, DC, were on brief, for appellee.

        Before TORRUELLA, Chief Judge, BOWNES, Senior Circuit Judge, and STAHL, Circuit Judge.

        TORRUELLA, Chief Judge.

        Defendant-appellant Richard Czubinski ("Czubinski") appeals his jury conviction on nine counts of wire fraud, 18 U.S.C. §§ 1343, 1346, and four counts of computer fraud, 18 U.S.C. § 1030(a)(4). The wire fraud and computer fraud prosecution that led to the conviction survived serious challenges put forward by Czubinski in various pre-trial motions. Given the broad scope of the federal fraud statutes, motions charging insufficient pleadings or selective prosecution generally deserve careful consideration. We need not scrutinize the lower court's rejection of the defendant's arguments in favor of dismissing the indictment, however, because we reverse the conviction on the clearer ground that the trial evidence mustered by the government was insufficient to support a guilty verdict, and hold that the defendant's motion for judgment of acquittal should have been granted on all counts. Unauthorized browsing of taxpayer files, although certainly inappropriate conduct, cannot, without more, sustain this federal felony conviction.

I. Pertinent Facts

        On an appeal from a jury conviction, we review the relevant facts in the light most favorable to the government. United States v. Tierney, 760 F.2d 382, 384 (1st Cir.1985). The evidence in this case, so presented, is inadequate to support convictions on either the wire fraud or computer fraud charges.

        For all periods relevant to the acts giving rise to his conviction, the defendant Czubinski was employed as a Contact Representative in the Boston office of the Taxpayer Services Division of the Internal Revenue Service ("IRS"). To perform his official duties, which mainly involved answering questions from taxpayers regarding their returns, Czubinski routinely accessed information from one of the IRS's computer systems known as the Integrated Data Retrieval System ("IDRS"). Using a valid password given to Contact Representatives, certain search codes, and taxpayer social security numbers, Czubinski was able to retrieve, to his terminal screen in Boston, income tax return information regarding virtually any taxpayer--information that is permanently stored in the IDRS "master file" located in Martinsburg, West Virginia. In the period of Czubinski's employ, IRS rules plainly stated that employees with passwords and access codes were not permitted to access files on IDRS outside of the course of their official duties. ¹

        In 1992, Czubinski carried out numerous unauthorized searches of IDRS files. He knowingly disregarded IRS rules by looking at confidential information obtained by performing computer searches that were outside of the scope of his duties as a Contact Representative, including, but not limited to, the searches listed in the indictment. ² Audit

Page 1072

        Nothing in the record indicates that Czubinski did anything more than knowingly disregard IRS rules by observing the confidential information he accessed. No evidence suggests, nor does the government contend, that Czubinski disclosed the confidential information he accessed to any third parties. The government's only evidence demonstrating any intent to use the confidential information for nefarious ends was the trial testimony of William A. Murray, an acquaintance of Czubinski who briefly participated in Czubinski's local Invisible Knights of the Ku Klux Klan ("KKK") chapter and worked with him on the David Duke campaign. Murray testified that Czubinski had once stated at a social gathering in "early 1992" that "he intended to use some of that information to build dossiers on people" involved in "the white supremacist movement." Trial Transcript, Vol. 2 at 170, 188. There is, however, no evidence that Czubinski created dossiers, took steps toward making dossiers (such as by printing out or recording the information he browsed), or shared any of the information he accessed in the years following the single comment to Murray. No other witness testified to having any knowledge of Czubinski's alleged intent to create "dossiers" on KKK members.

        The record shows that Czubinski did not perform any unauthorized searches after 1992. He continued to be employed as a Contact Representative until June 1995, when a grand jury returned an indictment against him on ten counts of federal wire fraud under 18 U.S.C. §§ 1343, 1346, and four counts of federal interest computer fraud under 18 U.S.C. § 1030(a)(4).

        The portion of the indictment alleging wire fraud states that Czubinski defrauded the IRS of confidential property and defrauded the IRS and the public of his honest services by using his valid password to acquire confidential taxpayer information as part of a scheme to: 1) build "dossiers" on associates in the KKK; 2) seek information regarding an assistant district attorney who was then prosecuting Czubinski's father on an unrelated criminal charge; and 3) perform opposition research by inspecting the records of a political opponent in the race for a Boston City Councilor seat. The wire fraud indictment, therefore, articulated particular personal ends to which the unauthorized access to confidential information through interstate wires was allegedly a means.

        The portion of the indictment setting forth the computer fraud charges stated that Czubinski obtained something of value, beyond the mere unauthorized use of a federal interest computer, by performing certain searches--searches representing a subset of those making up the mail fraud counts.

II. Proceedings Below

        After indictment and arraignment in June 1995, Czubinski filed a motion to dismiss the indictment, a motion to strike surplusage from the indictment, and a motion for discovery from the government relating to a claim of selective prosecution. In separate orders, a magistrate judge and the district court rejected all of these motions. Specifically, the district court rejected Czubinski's argument that counts 1 through 10 of the indictment must be dismissed because "browsing"

Page 1073

        On December 15, 1995, the district court denied Czubinski's motion for judgment of acquittal on all counts except for count 3, ³ and on that day the jury returned a verdict finding Czubinski guilty on all thirteen remaining counts. On appeal, Czubinski challenges the denial of his motion to dismiss the indictment, including the rejection of a selective prosecution claim, the finding that he had not made out a prima facie case of selective prosecution, the admission at trial of allegedly inflammatory evidence of Czubinski's white supremacist activities, the denial of his motion for acquittal, the jury instructions, and the sentencing determination.

        We reverse on the ground that the district court erred in denying Czubinski's motion for acquittal, and therefore bypass Czubinski's other claims.

        A motion for judgment of acquittal under Federal Rule of Criminal Procedure 29 is the proper vehicle for a defendant to make a sufficiency challenge. See 2 C. Wright, Federal Practice and Procedure: Crim.2d § 467 (1982). The denial of a motion for judgment of acquittal presents a question of law, and our review is de novo. See United States v. Staula, 80 F.3d 596, 604 (1st Cir.1996). We determine anew whether "the evidence is sufficient to sustain a conviction." Fed.R.Crim.P. 29(a).

        In determining the evidentiary sufficiency of a guilty verdict, "the relevant question is whether, after viewing the evidence in the light most favorable to the prosecution, any rational trier of fact could have found the essential elements of the crime beyond a reasonable doubt." Jackson v. Virginia, 443 U.S. 307, 319, 99 S.Ct. 2781, 2789, 61 L.Ed.2d 560 (1979); see also United States v. Valle, 72 F.3d 210, 216 (1st Cir.1995). The scope of review is over the totality of the evidence, both direct and circumstantial: we "take a hard look at the record" and "reject those evidentiary interpretations and illations that are unreasonable, insupportable, or overly speculative." United States v. Spinney, 65 F.3d 231, 234 (1st Cir.1995).

I. The Wire Fraud Counts

        We turn first to Czubinski's conviction on the nine wire fraud counts. ⁴ To support a conviction for wire fraud, the government must prove two elements beyond a reasonable doubt: (1) the defendant's knowing and willing participation in a scheme or artifice to defraud with the specific intent to defraud, and (2) the use of interstate wire communications in furtherance of the scheme. United States v. Sawyer, 85 F.3d 713, 723 (1st Cir.1996) (citing United States v. Cassiere, 4 F.3d 1006, 1011 (1st Cir.1993)). Although defendant's motion for judgment of acquittal places emphasis on shortcomings in proof with regard to the second element, by arguing that the wire transmissions at issue were not proved to be interstate, we find the

Page 1074

⁵

        The government pursued two theories of wire fraud in this prosecution: first, that Czubinski defrauded the IRS of its property, under section 1343, by acquiring confidential information for certain intended personal uses; second, that he defrauded the IRS and the public of their intangible right to his honest services, under sections 1343 and 1346. ⁶ We consider the evidence with regard to each theory, in turn.

A. Scheme to Defraud IRS of Property

        The government correctly notes that confidential information may constitute intangible "property" and that its unauthorized dissemination or other use may deprive the owner of its property rights. See Carpenter v. United States, 484 U.S. 19, 26, 108 S.Ct. 316, 320, 98 L.Ed.2d 275 (1987) ("Confidential business information has long been recognized as property.... [A newspaper] had a property right in keeping confidential and making exclusive use, prior to publication, of the schedule and contents" of a particular column.). Where such deprivation is effected through dishonest or deceitful means, a "scheme to defraud," within the meaning of the wire fraud statute, is shown. See id. at 27, 108 S.Ct. at 321. Thus, a necessary step toward satisfying the "scheme to defraud" element in this context is showing that the defendant intended to "deprive" another of their protected right.

        The government, however, provides no case in support of its contention here that merely accessing confidential information, without doing, or clearly intending to do, more, is tantamount to a deprivation of IRS property under the wire fraud statute. In Carpenter, for example, the confidential information regarding the contents of a newspaper column was converted to the defendants's use to their substantial benefit. See id. at 27, 108 S.Ct. at 321 (defendants participated in "ongoing scheme to share profit from trading in anticipation" of newspaper column). We do not think that Czubinski's unauthorized browsing, even if done with the intent to deceive the IRS into thinking he was performing only authorized searches, constitutes a "deprivation" within the meaning of the federal fraud statutes.

        Binding precedents, and good sense, support the conclusion that to "deprive" a person of their intangible property interest in confidential information under section 1343, either some articulable harm must befall the holder of the information as a result of the defendant's activities, or some gainful use must be intended by the person accessing the information, whether or not this use is profitable in the economic sense. ⁷ Here,

Page 1075

        All of the cases cited by the government in support of their contention that the confidentiality breached by Czubinski's search in itself constitutes a deprivation of property in fact support our holding today, for they all involve, at a minimum, a finding of a further intended use of the confidential information accessed by the defendants. The government's best support comes from United States v. Seidlitz, 589 F.2d 152, 160 (4th Cir.1978), in which a former employee of a computer systems firm secretly accessed its files, but never was shown to have sold or used the data he accessed, and was nevertheless convicted of wire fraud. The affirming Fourth Circuit held, however, that a jury could have reasonably found that, at the time the defendant raided a competitor's computer system, he intended to retrieve information that would be helpful for his own start-up, competing computer firm. In the instant case, Czubinski did indeed access confidential information through fraudulent pretenses--he appeared to be performing his duties when in fact he used IRS passwords to perform unauthorized searches. Nevertheless, it was not proven that he intended to deprive the IRS of their property interest through either disclosure or use of that information.

        The resolution of the instant case is complex because it is well-established that to be convicted of mail or wire fraud, the defendant need not successfully carry out an intended scheme to defraud. See, e.g., United States v. Serrano, 870 F.2d 1, 6 (1st Cir.1989) (defendant need only participate in a scheme to defraud with the intent to achieve its illicit objectives); Seidlitz, 589 F.2d at 160 (where circumstantial evidence suffices to prove intent to accomplish scheme to defraud, actual use of confidential information need not be shown). The government does not contend either that Czubinski actually created dossiers or that he accomplished some other end through use of the information. It need not do so. All that the government was required to prove was the intent to follow through with a deprivation of the IRS's property and the use or foreseeable use of interstate wire transmissions pursuant to the accomplishment of the scheme to defraud. See, e.g., United States v. Silvano, 812 F.2d 754, 760 (1st Cir.1987). In the case at bar, the government failed to make even this showing.

        The fatal flaw in the government's case is that it has not shown beyond a reasonable doubt that Czubinski intended to carry out a scheme to deprive the IRS of its property interest in confidential information. Had there been sufficient proof that Czubinski intended either to create dossiers for the sake of advancing personal causes or to disseminate confidential information to third parties, then his actions in searching files could arguably be said to be a step in furtherance of a scheme to deprive the IRS of its property interest in confidential information. The government's case regarding Czubinski's intent to make any use of the information he browsed rests on the testimony of one witness at trial who stated that Czubinski once remarked at a social gathering that he intended to build dossiers on potential KKK informants. ⁸ We must assume, on this appeal, that Czubinski did indeed make such a comment. Nevertheless, the fact that during the months following this remark--that is, during the period in which Czubinski made his unauthorized searches--he did not create dossiers (there was no evidence that he created dossiers either during or after the period of his unauthorized searches); given the fact that he did not even take steps toward creating dossiers, such as recording or printing out the information; given the fact that no other person testifying as to Czubinski's involvement in white supremacist organizations had any knowledge of Czubinski's alleged intent to create dossiers or use confidential information; and given the fact that not a single piece of evidence suggests

Page 1076

        Mere browsing of the records of people about whom one might have a particular interest, although reprehensible, is not enough to sustain a wire fraud conviction on a "deprivation of intangible property" theory. Curiosity on the part of an IRS officer may lead to dismissal, but curiosity alone will not sustain a finding of participation in a felonious criminal scheme to deprive the IRS of its property.

B. Honest Services Fraud (Section 1346)

        In McNally v. United States, 483 U.S. 350, 107 S.Ct. 2875, 97 L.Ed.2d 292 (1987), the Supreme Court held that the mail and wire fraud statutes do not prohibit schemes to defraud individuals of their intangible, nonproperty right to honest government services. Id. at 359-60, 107 S.Ct. at 2881-82. ⁹ Congress responded to McNally in 1988 by enacting section 1346, the honest services amendment, which provides:

For the purposes of this chapter, the term "scheme or artifice to defraud" includes a scheme or artifice to deprive another of the intangible right of honest services.

        18 U.S.C. § 1346 (effective Nov. 11, 1988). We have held, after considering the relevant legislative history, that section 1346 effectively restores to the scope of the mail and wire fraud statutes ¹⁰ their pre-McNally applications to government officials' schemes to defraud individuals of their intangible right to honest services. See Grandmaison, 77 F.3d at 566 (collecting cases). ¹¹

        We recently had the opportunity to discuss, at some length, the proper application of the section 1346 honest services amendment to the wrongful acts of public officials. See Sawyer, 85 F.3d at 722-26. The discussion and holding in Sawyer directly guide our disposition of the instant appeal. ¹² First, as a general matter, we noted in Sawyer that although the right to honest services "eludes easy definition," honest services convictions of public officials typically involve serious corruption, such as embezzlement of public funds, bribery of public officials, or the failure of public decision-makers to disclose certain conflicts of interest. Id. at 724. Second, we cautioned that "[t]he broad scope of the mail fraud statute, however, does not encompass every instance of official misconduct that results in the official's personal gain." Id. at 725. Third, and most importantly, Sawyer holds that the government must not merely indicate wrongdoing by a public official, but must also demonstrate that the wrongdoing at issue is intended to prevent or call into question the proper or impartial performance of that public servant's official duties. Id. at 725 (citing pre-McNally precedent to demonstrate that even where public

Page 1077

        Applying these principles to Czubinski's acts, it is clear that his conviction cannot stand. First, this case falls outside of the core of honest services fraud precedents. Czubinski was not bribed or otherwise influenced in any public decisionmaking capacity. Nor did he embezzle funds. He did not receive, nor can it be found that he intended to receive, any tangible benefit. His official duty was to respond to informational requests from taxpayers regarding their returns, a relatively straightforward task that simply does not raise the specter of secretive, self-interested action, as does a discretionary, decision-making role. Cf. United States v. McNeive, 536 F.2d 1245, 1251 (8th Cir.1976) (finding no mail fraud violation where city employee accepted gratuities in connection with non-discretionary duty).

        Second, we believe that the cautionary language of Sawyer is particularly appropriate here, given the evidence amassed by the defendant at trial indicating that during his span of employment at IRS, he received no indication from his employer that this workplace violation--the performance of unauthorized searches--would be punishable by anything more than dismissal. ¹³ "To allow every transgression of state governmental obligations to amount to mail fraud would effectively turn every such violation into a federal felony; this cannot be countenanced." Sawyer, 85 F.3d at 728. Here, the threat is one of transforming governmental workplace violations into felonies. We find no evidence that Congress intended to create what amounts to a draconian personnel regulation. We hesitate to imply such an unusual result in the absence of the clearest legislative mandate.

        These general considerations, although serious, are not conclusive: they raise doubts as to the propriety of this conviction that can be outweighed by sufficient evidence of a scheme to defraud. The third principle identified in Sawyer, instructing us as to the basic requirements of a scheme to defraud in this context, settles any remaining doubts. The conclusive consideration is that the government simply did not prove that Czubinski deprived, or intended to deprive, the public or his employer of their right to his honest services. Although he clearly committed wrongdoing in searching confidential information, there is no suggestion that he failed to carry out his official tasks adequately, or intended to do so.

        The government alleges that, in addition to defrauding the public of his honest services, Czubinski has defrauded the IRS as well. The IRS is a public entity, rendering this contention sufficiently answered by our holding above that Czubinski did not defraud the public of his honest services. Even if the IRS were a private employer, however, the pre-McNally honest services convictions involving private fraud victims indicate that there must be a breach of a fiduciary duty to an employer that involves self-dealing of an order significantly more serious than the misconduct at issue here. See, e.g., United States v. Lemire, 720 F.2d 1327, 1332-34 (D.C.Cir.1983) (employee took bribes and did not disclose that contractor was overcharging); United States v. Siegel, 717 F.2d 9, 14 (2d Cir.1983) (employees used corporate funds for non-corporate purposes); United States v. Boffa, 688 F.2d 919, 931 (3d Cir.1982) (union official bribed into accepting lower wages for union members). Once again, the government has failed to prove that Czubinski intended to use the IRS files he browsed for any private purposes, and hence his actions, however reprehensible, do not rise to the level of a scheme to defraud his employer of his honest services.

Page 1078

II. The Computer Fraud Counts

        Czubinski was convicted on all four of the computer fraud counts on which he was indicted; these counts arise out of unauthorized searches that also formed the basis of four of the ten wire fraud counts in the indictment. Specifically, he was convicted of violating 18 U.S.C. § 1030(a)(4), a provision enacted in the Computer Fraud and Abuse Act of 1986. Section 1030(a)(4) applies to:

whoever ... knowingly and with intent to defraud, accesses a Federal interest computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer.

        We have never before addressed section 1030(a)(4). Czubinski unquestionably exceeded authorized access to a Federal interest computer. ¹⁴ On appeal he argues that he did not obtain "anything of value." We agree, finding that his searches of taxpayer return information did not satisfy the statutory requirement that he obtain "anything of value." The value of information is relative to one's needs and objectives; here, the government had to show that the information was valuable to Czubinski in light of a fraudulent scheme. The government failed, however, to prove that Czubinski intended anything more than to satisfy idle curiosity.

        The plain language of section 1030(a)(4) emphasizes that more than mere unauthorized use is required: the "thing obtained" may not merely be the unauthorized use. It is the showing of some additional end--to which the unauthorized access is a means--that is lacking here. The evidence did not show that Czubinski's end was anything more than to satisfy his curiosity by viewing information about friends, acquaintances, and political rivals. No evidence suggests that he printed out, recorded, or used the information he browsed. No rational jury could conclude beyond a reasonable doubt that Czubinski intended to use or disclose that information, and merely viewing information cannot be deemed the same as obtaining something of value for the purposes of this statute. ¹⁵

        The legislative history further supports our reading of the term "anything of value." "In the game of statutory interpretation, statutory language is the ultimate trump card," and the remarks of sponsors of legislation are authoritative only to the extent that they are compatible with the plain language of section 1030(a)(4). Rhode Island v. Narragansett Indian Tribe, 19 F.3d 685, 699 (1st Cir.1994) (citing Grove City College v. Bell, 465 U.S. 555, 567, 104 S.Ct. 1211, 1218, 79 L.Ed.2d 516 (1984)). Here, a Senate co-sponsor's comments suggest that Congress intended section 1030(a)(4) to punish attempts to steal valuable data, and did not wish to punish mere unauthorized access:

The acts of fraud we are addressing in proposed section 1030(a)(4) are essentially thefts in which someone uses a federal interest computer to wrongly obtain something of value from another.... Proposed section 1030(a)(4) is intended to reflect the distinction between the theft of information, a felony, and mere unauthorized access, a misdemeanor.

        132 Cong. Rec. 7128, 7129, 99th Cong., 2d. Sess. (1986). The Senate Committee Report further underscores the fact that this section should apply to those who steal information through unauthorized access as part of an illegal scheme:

The Committee remains convinced that there must be a clear distinction between

Page 1079

        S. Rep. No. 432, 99th Cong., 2d Sess., reprinted in 1986 U.S.C.C.A.N. 2479, 2488. For the same reasons we deemed the trial evidence could not support a finding that Czubinski deprived the IRS of its property, see discussion of wire fraud under section 1343 supra, we find that Czubinski has not obtained valuable information in furtherance of a fraudulent scheme for the purposes of section 1030(a)(4).

        We add a cautionary note. The broad language of the mail and wire fraud statutes are both their blessing and their curse. They can address new forms of serious crime that fail to fall within more specific legislation. See United States v. Maze, 414 U.S. 395, 405-06, 94 S.Ct. 645, 651, 38 L.Ed.2d 603 (1974) (observing that the mail fraud statute serves "as a first line of defense" or "stopgap device" to tackle new types of frauds before particularized legislation is developed) (Burger, C.J., dissenting). On the other hand, they might be used to prosecute kinds of behavior that, albeit offensive to the morals or aesthetics of federal prosecutors, cannot reasonably be expected by the instigators to form the basis of a federal felony. The case at bar falls within the latter category. Also discomforting is the prosecution's insistence, before trial, on the admission of inflammatory evidence regarding the defendant's membership in white supremacist groups purportedly as a means to prove a scheme to defraud, when, on appeal, it argues that unauthorized access in itself is a sufficient ground for conviction on all counts. Finally, we caution that the wire fraud statute must not serve as a vehicle for prosecuting only those citizens whose views run against the tide, no matter how incorrect or uncivilized such views are.

        For the reasons stated in this opinion, we hold the district court's denial of defendant's motion for judgment of acquittal on counts 1, 2, and 4 through 14, to be in error. The defendant's conviction is thus reversed on all counts.

---------------

1 In 1987 Czubinski signed an acknowledgment of receipt of the IRS Rules of Conduct, which contained the following rule:

Employees must make every effort to assure security and prevent unauthorized disclosure of protected information data in the use of Government owned or leased computers. In addition, employees may not use any Service computer system for other than official purposes.

See Government's Exhibit 1. In addition, Czubinski received separate rules regarding use of the IDRS, one of which states:

Access only those accounts required to accomplish your official duties.

See Government's Exhibit 3.

2 The indictment charged ten counts of wire fraud for accessing the return information of ten different entities; the four computer fraud counts (counts eleven through fourteen) identified unauthorized searches that also underlay four of the ten wire fraud counts (counts one, two, eight and nine).

3 On count 3, the district court ruled that there was insufficient proof showing that the search alleged in count 3 was not requested by the taxpayer whose files were browsed.

4 The federal wire fraud statute, 18 U.S.C. § 1343, provides in pertinent part:

Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire ... communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than five years, or both.

5 We do not find that it was irrational for a trier of fact to conclude beyond a reasonable doubt that Czubinski's searches caused information from the IDRS master file in Martinsburg, West Virginia, to be sent to his terminal in Boston. The interstate element could reasonably be inferred from circumstantial evidence. See, e.g., Testimony of Edward Makaskill, Trial Transcript, Vol. 3 at 82 (explaining that certain command codes used by Czubinski generally access information from out-of-state computer).

6 The district court's jury instructions on the wire fraud counts repeat both of the scheme to defraud theories:

In this case, the government has charged Mr. Czubinski with devising a scheme or artifice, that is, a plan, to do two things:

(1) to defraud the IRS, the United States Government, and the citizens and taxpayers of the United States by depriving them of their intangible right to his honest services as an IRS employee; and

(2) to defraud the IRS and to obtain its property, that is, confidential taxpayer information, by false pretenses, representations and promises.

Trial Transcript, Vol. 4 at 76-77.

7 For example, had the government established that Czubinski disclosed or intended to disclose taxpayer information, then the deprivation or intended deprivation of property rights would have been shown.

8 Testimony of William J. Murray. See Background, supra.

9 Before McNally, however, the fraud statutes had been "read as a broad shield" by this and other circuits, applying, for example, to cases of corruption on the ground that the defendant had used the mails in furtherance of a scheme to defraud the public of its intangible right to honest services. See, e.g., Silvano, 812 F.2d 754 (1st Cir.1987) (applying, pre-McNally, mail fraud statute to local political corruption); see generally United States v. Grandmaison, 77 F.3d 555, 565 (1st Cir.1996) (discussing change wrought by McNally ).

10 Identical standards apply in determining the "scheme to defraud" element under the mail and wire fraud statutes. United States v. Boots, 80 F.3d 580, 586 n. 11 (1st Cir.1996) (citing Carpenter, 484 U.S. at 25 n. 6, 108 S.Ct. at 320 n. 6).

11 Finding insufficient evidence to convict, we do not reach the issue of whether the honest services amendment raises vagueness concerns. Cf. United States v. Waymer, 55 F.3d 564, 568-69 (11th Cir.1995) (rejecting facial vagueness and overbreadth challenge to section 1346).

12 In Sawyer, we vacated and remanded for further factfinding the mail and wire fraud conviction of a private lobbyist who was found to have violated Massachusetts' gift and gratuity statutes in the course of his lobbying activities. See 85 F.3d at 730-31. The conviction was vacated because the violation of the gift statute, in itself, was held insufficient to establish a scheme to defraud the public of its intangible right to honest services. See id.

13 See Appendices to Czubinski's Motion to Dismiss (including February 8, 1994 IRS memorandum to employees indicating that the probable penalty for "unauthorized accessing" of taxpayer information ranges from "Reprimand" to "Removal").

14 "[T]he term 'exceeds authorized access' means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6).

15 The district court, in denying a motion to dismiss the computer fraud counts in the indictment, found that the indictment sufficiently alleged that the confidential taxpayer information was itself a "thing of value" to Czubinski, given his ends. The indictment, of course, alleged specific uses for the information, such as creating dossiers on KKK members, that were not proven at trial. In light of the trial evidence--which, as we have said, indicates that there was no recording, disclosure or further use of the confidential information--we find that Czubinski did not obtain "anything of value" through his unauthorized searches.