D was a graduate student in Cornell's computer science PhD program. D designed a worm that would replicate and infect computers.
D released the worm from MIT to disguise the source.
Due to a miscalculation about the rate of spread, the worm duplicated and spread so much that it crashed government and educational computers.
D unsuccessfully attempted to send a message from Harvard to tell programmers how to kill the worm.
D was charged with violating the Computer Fraud and Abuse Act of 1986.
D argued that the statute required that he intentionally damage computers (which he did not do).
Procedural History:
Trial court found P guilty.
2nd Cir COA affirmed, P guilty.
Issues:
In order to convict the D under the CFAA, did the government need to prove that the D meant to intentionally damage computers?
Holding/Rule:
In order to convict D under the CFAA, the government only needed to prove that the D intended to access a federal-use computer, not that intended to cause loss or damage.
Reasoning:
The Act states that any who intentionally access without authorization any federal computer and damages or prevents access, causing loss of $1k or more may be punished under federal law.
The intent requirement only applies to the accessing, not to the damaging.
Legislative history reveals that Congress changed the mental state requirement from knowingly to intentionally and did not repeat it after the accesses phrase.
Several other subsections of the Act have dual-intent language, placing the scienter requirement at the beginning of both the accesses and damages phrases.
Congress made this change because it did not want to punish those who unintentionally accessed government computers.
