Computer Theft

A Florida man, Scott Levine, was convicted in Little RockArkansas during the largest federal computer theft trial in the country.^[1] He was charged with a total of 144 counts that included conspiracy to access unauthorized data, access device fraud, money laundering, and obstruction of justice.^[2] He was ultimately convicted on 120 counts of unauthorized access to data, two counts of access device fraud, and one count of obstruction of justice.^[3]

Mr. Levine ran a company called Snipermail, which was an email marketing operation.^[4] Snipermail had an agreement with Acxiom Corp., which is a data-management company that stored data for one of the advertisers with which Snipermail operated.^[5] Through that arrangement, Snipermail had a limited amount of access to certain data on Acxiom’s servers.^[6] The crime occurred when Snipermail employees unlocked certain passwords to gain unlimited access to personal customer records, such as telephone numbers, email addresses, and credit card numbers.^[7] Snipermail intended to use this information, to which it did not have authorized access, to make it seem more attractive to a large corporate buyout.^[8]

Unauthorized Access to Data
Unauthorized access to data is a federal crime under 18 U.S.C. § 1030. Section 1030 is a very large statute, but the relevant provisions of the statute are found in sections 1030(a)(2)(A) & (C) and (a)(4).

Section 1030(a)(2) makes it a crime for a person to

• intentionally access a computer without authorization or exceed authorized access, and thereby obtain—
• (A) information contained in a financial record of a financial institution, or of a card issuer, or contained in a file of a consumer reporting agency on a consumer;
• (C) information from any protected computer if the conduct involved an interstate or foreign communication.

Section 1030(a)(4) makes it a crime for a person to knowingly and with intent to defraud,

• access a protected computer without authorization, or exceed authorized access, and
• in furtherance of that fraud, obtain anything of value.

The punishment for a violation of section 1030 is a fine, up to ten years imprisonment, or both.^[9]

Access Device Fraud
Access device fraud is criminalized by 18 U.S.C. § 1029. Like section 1030, it is a large and complicated statute, but the relevant provision in this case is found at 18 U.S.C. § 1029(a)(6)(B), which makes it a crime for a person to

• without the authorization of the issuer of the access device, knowingly and with intent to defraud, solicit a person for the purpose of—
• (B) selling information regarding an access device.

An “access device” is defined as, among other things, any card, account number, or personal identification number that can be used to obtain money, goods, services, or any other thing of value.^[10]

A violation of section 1029 can be punished by a fine, up to 20 years in prison, or both, as well as the forfeiture of the personal property used to commit the fraud.^[11]

Obstruction of Justice
The obstruction of justice count seems to stem from the allegation that Snipermail employees attempted to hide the computers that held the stolen information from investigators.^[12] The relevant criminal statute is 18 U.S.C. § 1519, which makes it a crime for a person to conceal any records, documents, or tangible objects to impede or obstruct an investigation within the jurisdiction of any agency of the United States.

The punishment for a violation of section 1519 is a fine, imprisonment for up to 20 years, or both.^[13]

Mr. Levine faces up to 640 years in prison and $30.7 million in fines, but federal sentencing guidelines will likely make the sentence lower.^[14]

---

[1] James Jefferson, Man Convicted in Huge Computer-Theft Case, Wash. Post, Aug. 12, 2005, available here.
[2] United States Dept. of Justice, Florida Man Charged With Breaking Into Acxiom Computer Records, Jul. 21, 2004, available here; see also, United States Secret Service, United States Secret Service Joins Federal Task Force to Solve Major Network Intrusion Case, Jul. 21, 2004, available here (PDF). The Secret Service has authorization to investigate computer theft crimes under 18 U.S.C. § 1030(d)(1).
[3] Jefferson, supra note 1.
[4] Id.
[5] Id.
[6] Id.
[7] Id.
[8] Id.
[9] 18 U.S.C. § 1030(c).
[10] Id. § 1029(e)(1).
[11] Id. § 1029(c).
[12] Dept. of Justice, supra note 2.
[13] 18 U.S.C. § 1519.
[14] Jefferson, supra note 1.