MORRIS~1.TXT

928 F.2d 504
 59 U.S.L.W. 2603
(CITE AS: 928 F.2D 504)
                       UNITED STATES of America, Appellee,
                                       v.
                   Robert Tappan MORRIS, Defendant-Appellant.
                            No. 774, Docket 90-1336.
                         United States Court of Appeals,
                                 Second Circuit.
                              Argued Dec. 4, 1990.
                             Decided March 7, 1991.
  Defendant was convicted in the United States District Court for the Northern
 District of New York, Howard G. Munson, J., of violating computer Fraud and
 Abuse Act.  Defendant appealed.  The Court of Appeals, Jon O. Newman, Circuit
 Judge, held that:  (1) statute punishing anyone who intentionally accesses
 without authorization federal interest computers and damages or prevents
 authorized use of information in those computers causing loss of $1,000 or
 more does not require Government to demonstrate that defendant intentionally
 prevented authorized use and thereby caused loss, and (2) there was
 sufficient evidence to conclude that defendant acted without authorization
 within meaning of statute.
  Affirmed.
 [1]
 129K1
 DISORDERLY CONDUCT
 K. Nature and elements of offenses.
 C.A.2 (N.Y.) 1991.
 Statute which punishes anyone who intentionally accesses without authorization
 federal interest computers and damages or prevents authorized use of
 information in those computers causing loss of $1,000 or more does not require
 Government to demonstrate that defendant intentionally prevented authorized use
 and thereby caused loss.  18 U.S.C.A. s 1030(A)(5)(A).
 U.S. v. Morris
 928 F.2d 504, 59 U.S.L.W. 2603
 [2]
 129K1
 DISORDERLY CONDUCT
 K. Nature and elements of offenses.
 C.A.2 (N.Y.) 1991.
 Defendant's transmission of computer "worm" constituted accessing federal
 interest computer without authorization under statute punishing anyone who
 intentionally accesses without authorization federal interest computers and
 damages or prevents authorized use of information in those computers causing
 loss of $1,000 or more;  defendant used computer program that transfers and
 receives electronic mail and program that permits person to obtain limited
 information about users of another computer to release "worm" into group of
 national networks that connected university, governmental, and military
 computers around the country and use of those features was not in any way
 related to their intended function.  18 U.S.C.A. s 1030(A)(5)(A).

  *504 Thomas A. Guidoboni, Washington, D.C., for defendant-appellant.
  Ellen R. Meltzer, U.S. Dept. of Justice, Washington, D.C. (Frederick J.
 Scullin, Jr., U.S. Atty., Syracuse, N.Y., Mark D. Rasch, U.S. Dept. of Justice,
 Washington, D.C., on the brief), for appellee.

  *505 Before NEWMAN and WINTER, Circuit Judges, and DALY, District Judge.
 [FN*]

      FN* The Honorable T.F. Gilroy Daly of the District Court for the District
     of Connecticut, sitting by designation.

  JON O. NEWMAN, Circuit Judge:

  This appeal presents two narrow issues of statutory construction
 concerning a provision Congress recently adopted to strengthen protection
 against computer crimes.  Section 2(d) of the computer Fraud and Abuse Act of
 1986, 18 U.S.C. s 1030(A)(5)(A) (1988), punishes anyone who intentionally
 accesses without authorization a category of computers known as "[f]ederal
 interest computers" and damages or prevents authorized use of information in
 such computers, causing loss of $1,000 or more.  The issues raised are (1)
 whether the Government must prove not only that the defendant intended to
 access a federal interest computer, but also that the defendant intended to
 prevent authorized use of the computer'S information and thereby cause loss;
 and (2) what satisfies the statutory requirement of "access without
 authorization."
  These questions are raised on an appeal by Robert Tappan Morris from the May
 16, 1990, judgment of the District Court for the Northern District of New York
 (Howard G. Munson, Judge) convicting him, after a jury trial, of violating 18
 U.S.C. s 1030(A)(5)(A).  Morris released into INTERNET, a national computer
 network, a computer program known as a "worm" [FN1] that spread and multiplied,
 eventually causing computers at various educational institutions and military
 sites to "crash" or cease functioning.

      FN1. In the colorful argot of computers, a "worm" is a program that
     travels from one computer to another but does not attach itself to the
     operating system of the computer it "infects."  It differs from a "virus,"
     which is also a migrating program, but one that attaches itself to the
     operating system of any computer it enters and can infect any other
     computer that uses files from the infected computer.

  We conclude that section 1030(a)(5)(A) does not require the Government to
 demonstrate that the defendant intentionally prevented authorized use and
 thereby caused loss.  We also find that there was sufficient evidence for the
 jury to conclude that Morris acted "without authorization" within the meaning
 of section 1030(a)(5)(A).  We therefore affirm.
                                      FACTS
  In the fall of 1988, Morris was a first-year graduate student in Cornell
 University's computer science Ph.D. program.  Through undergraduate work at
 Harvard and in various jobs he had acquired significant computer experience and
 expertise.  When Morris entered Cornell, he was given an account on the

 computer at the computer Science Division.  This account gave him explicit
 authorization to use computers at Cornell.  Morris engaged in various
 discussions with fellow graduate students about the security of computer
 networks and his ability to penetrate it.
  In October 1988, Morris began work on a computer program, later known as the
 INTERNET "worm" or "virus."  The goal of this program was to demonstrate the
 inadequacies of current security measures on computer networks by exploiting
 the security defects that Morris had discovered.  The tactic he selected was
 release of a worm into network computers.  Morris designed the program to
 spread across a national network of computers after being inserted at one
 computer location connected to the network.  Morris released the worm into
 INTERNET, which is a group of national networks that connect university,
 governmental, and military computers around the country.  The network permits
 communication and transfer of information between computers on the network.
  Morris sought to program the INTERNET worm to spread widely without
 drawing attention to itself.  The worm was supposed to occupy little computer
 operation time, and thus not interfere with normal use of the computers.
 Morris programmed the worm to make it difficult to detect and read, so that
 other programmers would not be able to "kill" the worm easily.
  *506 Morris also wanted to ensure that the worm did not copy itself onto a
 computer that already had a copy.  Multiple copies of the worm on a computer
 would make the worm easier to detect and would bog down the system and
 ultimately cause the computer to crash.  Therefore, Morris designed the worm
 to "ask" each computer whether it already had a copy of the worm.  If it
 responded "no," then the worm would copy onto the computer;  if it responded
 "yes," the worm would not duplicate.  However, Morris was concerned that other
 programmers could kill the worm by programming their own computers to falsely
 respond "yes" to the question.  To circumvent this protection, Morris
 programmed the worm to duplicate itself every seventh time it received a "yes"
 response.  As it turned out, Morris underestimated the number of times a
 computer would be asked the question, and his one-out-of-seven ratio resulted
 in far more copying than he had anticipated.  The worm was also designed so
 that it would be killed when a computer was shut down, an event that typically
 occurs once every week or two.  This would have prevented the worm from
 accumulating on one computer, had Morris correctly estimated the likely rate of
 reinfection.
  Morris identified four ways in which the worm could break into computers on
 the network:
   (1) through a "hole" or "bug" (an error) in SEND MAIL, a computer program
 that transfers and receives electronic mail on a computer;
   (2) through a bug in the "finger demon" program, a program that permits a
 person to obtain limited information about the users of another computer;
   (3) through the "trusted hosts" feature, which permits a user with certain
 privileges on one computer to have equivalent privileges on another computer
 without using a password;  and
   (4) through a program of password guessing, whereby various combinations of
 letters are tried out in rapid sequence in the hope that one will be an
 authorized user's password, which is entered to permit whatever level of
 activity that user is authorized to perform.
  On November 2, 1988, Morris released the worm from a computer at the
 Massachusetts Institute of Technology.  MIT was selected to disguise the fact
 that the worm came from Morris at Cornell.  Morris soon discovered that the
 worm was replicating and reinfecting machines at a much faster rate than he had
 anticipated.  Ultimately, many machines at locations around the country either
 crashed or became "catatonic."  When Morris realized what was happening, he
 contacted a friend at Harvard to discuss a solution.  Eventually, they sent an
 anonymous message from Harvard over the network, instructing programmers how to
 kill the worm and prevent reinfection.  However, because the network route was
 clogged, this message did not get through until it was too late.  computers
 were affected at numerous installations, including leading universities,
 military sites, and medical research facilities.  The estimated cost of d...