United States v. Czubinski

The Cyber Blog IndiaCase Summary

Is accessing data without authorisation sufficient to establish a violation of CFAA?

United States v. Richard W. Czubinski
106 F.3d 1069
In the United States Court of Appeals for the First Circuit
Case Number 96-1317
Before Chief Judge Torruella, Senior Circuit Judge Bownes, and Circuit Judge Stahl
Decided on February 21, 1997

Relevancy of the Case: Is accessing data without authorisation sufficient to establish a violation of CFAA?

Statutes and Provisions Involved

  • The Computer Fraud and Abuse Act, 18 U.S.C. § 1030
  • 18 U.S.C. §§ 1343, 1346

Relevant Facts of the Case

  • The defendant worked as a contact representative at the Taxpayer Services Division of the Internal Revenue Service (IRS). His work primarily involved answering taxpayers’ questions.
  • He routinely accessed information from one of the IRS computer systems known as the Integrated Data Retrieval System (IDRS), using a valid password, specific search codes, and social security number of taxpayers.
  • IRS rules clearly state that employees shall not access files on IDRS beyond their official duties.
  • He knowingly disregarded IRS rules and carried out numerous unauthorised searches on the IDRS system.
  • Internal auditors at the IRS established that he frequently made unauthorised access to the IDRS system in 1992.
  • After 1992, he did not perform any unauthorised searches. He continued to be employed with the IRS until June 1995, when a grand jury convicted him on ten counts of federal wire fraud and four counts of computer fraud.

Prominent Arguments by the Counsels

  • The defendant’s counsel submitted that browsing does not deprive the IRS of any property. While searching on the IDRS system, he did not obtain anything of value, as required under CFAA.
  • The prosecution pursued two theories of wire fraud in the present case. First, the defendant defrauded the IRS of its property under Section 1343 by acquiring confidential information for certain personal uses. Second, he defrauded the IRS and the public of their intangible right to his honest services under Sections 1343 and 1346.

Opinion of the Bench

  • The present evidence does not indicate that the defendant did anything more than knowingly disregard IRS rules by observing confidential information. The prosecution has not contended that he disclosed confidential information he accessed to any third parties.
  • Mere browsing of the records is not enough to sustain a wire fraud conviction on the prosecution’s theory. The curiosity of an IRS employee may lead to dismissal, but curiosity alone would not sustain a finding of participation in a felonious criminal activity.

Final Decision

  • The court reversed the defendant’s conviction on all counts except the third count.

Srikari Ammanamanchi, an undergraduate student at the NALSAR University of Law, prepared this case summary during her internship with The Cyber Blog India in May/June 2022.