The defendant is charged in [Count _______ of] the indictment with unlawfully obtaining information of a [financial institution] [card issuer] [consumer reporting agency] [government department or agency] in violation of Section 1030(a)(2) of Title 18 of the United States Code. For the defendant to be found guilty of that charge, the government must prove each of the following elements beyond a reasonable doubt:
First, the defendant intentionally [accessed without authorization] [exceeded authorized access to] a computer; and
[Second, by [accessing without authorization] [exceeding authorized access to] a computer, the defendant obtained information contained in a financial record of [specify financial institution or card issuer].]
or
[Second, by [accessing without authorization] [exceeding authorized access to] a computer, the defendant obtained information contained in a file [of specify consumer reporting agency] on a consumer.]
or
[Second, by [accessing without authorization] [exceeding authorized access to] a computer, the defendant obtained information from [specify department or agency of the United States].]
Comment
18 U.S.C. § 1030(e) provides definitions of the terms “computer,” “financial institution,” “financial record,” “exceeds authorized access,” and “department of the United States.”
Interpreting the civil counterpart to § 1030 and expressly finding such interpretation equally applicable in the criminal context, the Ninth Circuit held that “a person uses a computer ‘without authorization’ under §§ 1030(a)(2) and (4) when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone’s computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.” LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1135 (9th Cir. 2009). The court further held that an employee’s use of a computer contrary to the employer’s interest does not alone satisfy the “without authorization” prong of the statute. Id.
The Ninth Circuit has held that the phrase “exceeds [or exceeded] authorized access” is limited to violations of restrictions on access to information, and not restrictions on the use of information that is permissibly accessed. United States v. Nosal, 676 F.3d 854, 864 (9th Cir. 2012); see also United States v. Christensen, 828 F.3d 763, 786-87 (9th Cir. 2015), as amended on denial of reh’g (2016).
Revised June 2019