Thursday, March 02, 2006

Computer Fraud—Kenneth Kwak

A man from Chantilly, Virginia, has pleaded guilty in Washington, D.C., to a one-count information “charging him with in furtherance of a criminal or tortious act.”[1] According to a statement of facts that was filed along with the guilty plea, Kenneth Kwak “was a system auditor working on federal information security management audits as a member of the Department of Education's Office of Inspector General.”[2] He placed software on his supervisor’s computer that gave him access to that computer’s storage; he used that access to view his supervisor’s email and Internet habits, apparently for his own personal entertainment.[3]

US Attorney Kenneth L. Wainstein said that prosecuting Mr. Kwak showed a “zero-tolerance approach to and computer hacking.” Categorizing this activity as “corruption” is a bit of a stretch, especially since “there is no indication he profited financially from his actions.”[4]

The relevant statute in this case is (a)(2)(B) or (C), which makes it a crime for a person to intentionally access a computer without authorization and obtain information from any department or agency of the United States or information from that computer when the conduct involves interstate or foreign communication. If done in furtherance of any criminal or tortious act (in this case invasion of privacy), the punishment is a fine, imprisonment for up to five years or both.[5]

Mr. Kwak, however, may not receive such a harsh sentence. His base offense level is 7, which is 0-6 months in prison.[6] However, there was no financial loss mentioned, so there can be no increase in level due to that factor.[7] There was only one victim, so there can be no increase based on the number of victims.[8] The offense didn’t really allege a theft, but it could be possible to classify it as such, so perhaps the level could go up by 2, but not without arguing that email and web-surfing habits should not constitute theft.[9] There was no receipt of stolen property, no misappropriation of a trade secret, no damage done to a national cemetery, and he wasn’t convicted under 18 U.S.C. § 1037, so none of those enhancements apply.[10] Furthermore, it is not alleged that Mr. Kwak misrepresented himself in any significant manner for the purposes of the Sentencing Guidelines, nor is it alleged that he tried to evade prosecution by leaving the jurisdiction.[11] However, if the court finds that installing a piece of software was a “sophisticated means,” the offense level could go up by 2;[12] however, “sophisticated means” means “especially complex or especially intricate offense conduct pertaining to the execution or concealment of an offense” which really shouldn’t apply to the installation of software.[13] Furthermore, it is not alleged that Mr. Kwak’s activity involved counterfeiting, stealing vehicles, financial misdeeds, or a violation of securities law.[14] However, since the offense did involve an intent to obtain personal information, the offense level could be raised by 2.[15] Therefore, his offense level could be as high as 13, but would likely be only 9 or 11, which would translate to 4-10 or 8-14 months in prison before any two-level reduction based on acceptance of responsibility.[16]


[1] US DOJ, ,Mar. 1, 2006.
[2] Id.
[3] Id.
[4] Id.
[5] 18 U.S.C. § 1030(c)(2)(B)(ii).
[6] U.S. Sentencing Guidelines Manual § (a)(1).
[7] Id. § 2B1.1(b)(1)(A).
[8] Cf. Id. § 2B1.1(b)(2).
[9] Id. § 2B1.1(b)(3).
[10] Id. § 2B1.1(b)(4)-(7).
[11] Id. § 2B1.1(8)-(9).
[12] Id. § 2B1.1(9)(C).
[13] See Id. § 2B1.1 note 8.
[14] Id. § 2B1.1(10)-(13), (15).
[15] Id. § 2B1.1(14)(A)(i)(II),
[16] Id. § (a).

posted by McNabb Associates, P.C. @ 10:09 AM