Overview of the 18 USC 1030(a)(1) offenses | US v Pfc. Manning

Diplomatic Security Service (DSS) at the Department of State was responsible for handling forensic analysis of the hard drives that arrived from Iraq on June 10, 2010.

Despite Army Criminal Investigative Command’s (CID) September 2010 preservation request for other hard drives from the T-SCIF at FOB Hammer, Iraq, and the defense’s own preservation request for the same in September 2011, the Government notified the Court and defense that of the 181 drives identified belonging to the Second Brigade Combat Team, 10th Mountain Division, only the computers with a user profile for Manning were preserved.

The other computers, the Government told the Court, the unit was free to discard and ‘DX’ post deployment in September 2010.

The Government was able to identify only 14 other computers post deployment from the T-SCIF by serial numbers.

Of those 14 drives, two drives were completely inoperable, seven drives were wiped, and one drive was partially wiped.

The other hard drives are relevant to Pfc. Bradley E. Manning’s defense, since the Government has charged Manning with two Specifications containing violations of federal statutes, vis. 18 USC 1030(a)(1), an offense of the Computer Fraud and Abuse Act.

The Government, however, alleges unauthorized access based on Pfc. Manning’s ‘use’ of access, and not because the Government alleges Manning bypassed technical restrictions, i.e. ‘hacked’.

18 USC 1030(a)(1) reads:

Whoever–

(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

The Government’s alleged theory for the 1030(a)(1) offenses are an Acceptable Use Policy (AUP) which Manning may have signed – the Government apparently cannot find a copy; and Non Disclosure Agreements – Manning allegedly signed seven;

Moreover, the US Government’s “unauthorized access theory” for Specifications 2 and 3 of Charge III, under Article 92, and which pertain to 18 USC 1030(a)(1) are that Pfc. Manning placed Wget on “two separate systems.”

Wget is a “computer program that retrieves content from Web servers, and is part of the GNU Project (a free software, mass collaboration project software announced on September 27, 1983, by Richard Stallman at MIT).”

According to defense filings, “Although the program was not apparently officially authorized for the individual user, it was authorized for use on the Army Server components of the system.”

Without the other hard drives, it is impossible to tell if other soldiers in the 2nd Brigade Combat Team added similar programs to their computers – vis. installing them as executable files on their desktop. Without such evidence, defense cannot challenge the 18 USC 1030(a)(1) for prejudice.

Pretrial testimony showed that other soldiers in the FOB Hammer, Iraq T-SCIF were known to install executable programs on their desktops; as well as play music and pirated movies they purchased from Iraqi nationals on classified machines (see Captain Casey Fulton testimony on December 18, 2011)

Another aspect of defense contention regarding the way the Government has used the 18 USC 1030(a)(1) charges against Manning is that Manning ‘had access’. Captain Steven Lim, the Brigade S2, gave the analyst a link to Net Centric Diplomacy database via email with no password required in January 2010. Captain Lim testified, “I gave [the intelligence analysts a] link through email. Got from headquarters. They [headquarters] said pass along. Felt at time we were so focused on the ground, and needed bigger picture.”

Defense had sought to dismiss Specifications 13 and 14 of Charge II related to the 1030(a)(1) charges for failure to state an offense. The crux of the defense arguments is that Manning is charged with offenses that are not offenses under 18 USC 1030(a)(1).

Based on the prosecution’s theory, the defense argues, the Government should charge Manning with misappropriation, and not use turns of phrase – like ‘bypass’ or ‘hack’ – to turn their theory of an offense into 18 USC 1030(a)(1), which is an anti-hacking statute.

18 USC 1030, defense argues, “basically says that you exceed your authorized access when you go to some place within the computer by bypassing perhaps a technical restriction or by hacking into the computer and obtaining information that you do not have authorized access to.” Defense, says, however, Manning had ‘access.’ Manning did not ‘hack’ anything.

The Court ruled on June 8, 2012 that the Court would “adopt a narrow meaning of ‘exceeds authorized access’ under the Computer Fraud and Abuse Act and will instruct the fact finder that the term ‘exceeds authorized access’ is limited to violations of restrictions on access to information and not restrictions on its use. The Court shall craft instructions for defining ‘exceeding authorized access’ in Specifications 13 and 14 of Charge II using the language of the legislative history of 1996.”

The Court also ruled similarly on July 18, 2012 on the defense renewed motion to dismiss Specifications 13 and 14 for failure to state an offense.

Further, the following exchange regarding ‘exceptions’ and ‘subsets’ of US code violations 1030(a)(1) took place in the July 18, 2012 oral arguments for maximum punishment for lesser included offenses for Article 134 offenses.

Defense (Coombs)

…[18 USC] 1030 and [“791” but am not sure if that is correct, since Manning is charged with 793(e)].

Judge Lind

…by exceptions…my ruling may not have. I ruled no subsets of 641 and 793(e).

Defense (Coombs)

Only if they find by exceptions?

Judge Lind

…hard part of LIO for [18 USC] 1030.

Defense (Coombs)

Correct. LIO’s for [18 USC] 1030 only exist…scratching out language from statute.

The Judge ruled that the proposed defense plea of guilty for lesser included offenses striking the clause (3) federal violation of 1030(a)(1) for Specifications 13 and 14 of Charge II was not lesser included offenses of 1030(a)(1), regarding information requiring protection, as well as the proposed substitutions have an additional element.

In that Private First Class E. Manning, US Army, did, at or near [ALLEGED LOCATION], between on or about [ALLEGED DATE RANGE], [See update. Defense according to a media inquiry with ‘legal expert’ ‘substituted the element of unauthorized computer use’ for ‘unauthorized possession’] having knowingly exceeded authorized access [on a Secret Internet Protocol Router Network computer, and by means of such conduct having obtained information that has been determined by the United States government pursuant to an Executive Order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, to wit: [CHARGED INFORMATION], willfully communicate , deliver, transmit, or cause to be communicated, delivered, or transmitted the said information, to a person not entitled to receive it, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation , in violation of 18 US Code Section 1030(a)(1), such conduct being prejudicial to good order and discipline in the armed forces and being of a nature to bring discredit upon the armed forces.

According to the ‘legal expert’ organized by the Military District of Washington, the “Military Judge found that the proposed please to Specification 13 and 14 of Charge II [which is under Article 134] were not acceptable because it substituted the element of unauthorized computer use…and in its place put a new element of unauthorized possession, which [the Judge ruled] substantially changed the nature of the misconduct.”

Other Resources