Yes. A service member can be prosecuted for improperly accessing records even if nothing was changed, deleted, or damaged. Many people assume that a computer offense requires sabotage, a planted virus, or some visible harm to the system. Under military law, that assumption is wrong. The act of reaching into a government system without authorization and pulling out information can itself be the crime, regardless of whether a single byte of data was altered.
The governing statute: Article 123
When the Military Justice Act of 2016 took effect on January 1, 2019, Article 123 of the Uniform Code of Military Justice was rewritten to address offenses concerning government computers. The current statute, codified at 10 U.S.C. 923, defines three distinct ways a person subject to the code can violate it. Reading them in order shows precisely why alteration is not required.
The first prohibition reaches a person who knowingly accesses a government computer with an unauthorized purpose and by doing so obtains classified information, with reason to believe the information could be used to the injury of the United States or to the advantage of a foreign nation, and then communicates or transmits that information to someone not entitled to receive it. This is the espionage-flavored variant, and it involves both access and onward disclosure.
The second prohibition is the one most relevant to the question of access without alteration. It reaches a person who intentionally accesses a government computer with an unauthorized purpose and thereby obtains classified or other protected information. Nothing in this provision requires that the data be modified, deleted, or harmed. The wrongful act is the unauthorized access coupled with obtaining the information.
The third prohibition reaches a person who knowingly causes the transmission of a program, information, code, or command and thereby intentionally causes damage without authorization to a government computer. This is the variant that does require harm, but it is only one of the three theories, and the government is not limited to it.
Why alteration is not an element of the access offense
The structure of Article 123 makes the point clearly. Congress created a separate, damage-based offense in the third subsection. If unauthorized access always required damage, that third subsection would be redundant. Instead, the second subsection criminalizes obtaining classified or protected information through unauthorized access standing alone. The harm the law guards against is the breach of confidentiality and the integrity of access controls, not just the corruption of data.
In plain terms, looking at records you have no business viewing, and pulling them up through a government system you accessed for an unauthorized purpose, can complete the offense even if you left everything exactly as you found it.
What “protected information” and “unauthorized purpose” mean
The access offense applies to classified information and to other protected information. Protected information includes nonclassified information that has been designated for protection, such as controlled information identified by the Secretary of Defense. This is a broad category. Personnel records, medical data, investigative files, and similar sensitive nonpublic records can fall within it.
The phrase unauthorized purpose is what separates legitimate work from criminal conduct. A service member who has system credentials and uses them within the scope of assigned duties is acting with an authorized purpose. The same member who uses those credentials to snoop into a coworker’s file, a former partner’s records, or a case file unrelated to any assigned task is accessing the system for an unauthorized purpose. Having a valid login does not equal having authorization for every use of it.
Other charging options the government may use
Even where Article 123 does not fit a particular fact pattern, prosecutors have additional tools, which is another reason alteration is unnecessary for criminal exposure.
Unauthorized access to records frequently violates a lawful general regulation or order governing information systems and the handling of protected data. That makes Article 92, failure to obey an order or regulation, available. Acceptable-use policies, system access agreements, and privacy regulations commonly form the basis for an Article 92 charge when a member exceeds authorized access.
Depending on the facts, conduct prejudicial to good order and discipline or service-discrediting conduct under Article 134 may also apply, and some misuse of records can implicate other punitive articles. The existence of these alternatives means a service member should not assume that the absence of data alteration places the conduct beyond the reach of military justice.
Practical takeaways
The core answer is straightforward. Under Article 123, intentionally accessing a government computer for an unauthorized purpose and obtaining classified or protected information is a complete offense without any showing that data was altered or the system was damaged. The damage-based variant is a separate theory, not a precondition to liability for unauthorized access.
A few practical points follow. First, credentials are not consent. Authorization is tied to purpose and duty, not merely to possessing a working account. Second, curiosity is not a defense. Pulling up a record out of personal interest, with no official need, is the kind of unauthorized purpose the statute targets. Third, the records do not have to be classified. Protected nonclassified information is enough to trigger the access offense. A service member who suspects an investigation into computer use should understand that the government can build a viable case on access alone and should seek qualified military defense counsel rather than assuming that an untouched dataset means no crime occurred.
Disclaimer
This article is provided strictly for general educational and informational purposes. It is intended to explain how the Uniform Code of Military Justice (UCMJ), the Rules for Courts-Martial, the Military Rules of Evidence, and related military administrative processes work as a matter of public legal education. It does not constitute legal advice, a legal opinion, or a recommendation about any particular case, and it is not a substitute for advice from a qualified military defense attorney who can evaluate the specific facts and command, service, and jurisdictional circumstances involved.
Reading this article, or contacting any website on which it appears, does not create an attorney-client relationship between the reader and any law firm, attorney, or author. Every court-martial, nonjudicial punishment action, administrative separation, and security-clearance matter turns on its own facts, the charged articles, the convening authority, the service branch, and the evidence, and outcomes vary widely from one case to another.
Military law also changes over time. The Military Justice Act of 2016 (effective January 1, 2019) and subsequent National Defense Authorization Acts renumbered and rewrote many punitive articles, revised the Article 32 preliminary hearing, and altered sentencing, clemency, and appellate procedures. Statutes, regulations, executive orders, the Manual for Courts-Martial, and decisions of the service Courts of Criminal Appeals and the Court of Appeals for the Armed Forces may have been amended, superseded, or reinterpreted after this article was written, and article numbers or procedures cited here may have changed.
For these reasons, no reader should act or decline to act based on this content without first consulting a licensed attorney experienced in military justice about their own situation. The author and publisher make no warranty, express or implied, as to the accuracy, completeness, timeliness, or current applicability of the information provided, and disclaim any liability for any action taken or not taken in reliance on it. If you are facing investigation, charges, or an adverse administrative action, time limits may apply, and you should seek qualified counsel promptly.