What UCMJ provisions apply to unauthorized access to command-controlled personnel databases?

Unauthorized access to a command-controlled personnel database is most directly reached by Article 123 of the Uniform Code of Military Justice, the offense concerning Government computers, which Congress added in the reforms that took effect in 2019. Depending on the facts, several other articles can also apply, including Article 92 for violating a lawful regulation or order, Article 107 for false official statements when records are falsified, Article 134 for service-discrediting or prejudicial conduct, and the privacy-related obligations a member may breach. Which provision fits depends on what the member did with the access and why.

Article 123: offenses concerning Government computers

The reforms that took effect on January 1, 2019, the most significant overhaul of military justice in decades, renumbered much of the code and created several new offenses. One of them is the current Article 123, titled offenses concerning Government computers. It is modeled on the principal federal computer-crime statute, 18 U.S.C. 1030, and it is the natural fit for unauthorized access to a Government system such as a personnel database.

Article 123 reaches conduct including knowingly accessing a Government computer with an unauthorized purpose and thereby obtaining classified information or other protected information, accessing a Government computer in excess of authorized access and obtaining information, and knowingly causing damage to a Government computer. A personnel database maintained by a command is a Government computer system, and the records it holds, such as service members’ personal, medical, financial, and administrative data, are protected information. A member who reaches into that database without authorization, or who has some access but exceeds it to pull records they have no business viewing, fits squarely within the statute. The maximum punishment is significant; the offense of accessing a Government computer and obtaining protected information can carry a dishonorable discharge, total forfeitures, and confinement.

The phrase “exceeds authorized access” is important in this setting. Many personnel-database misuse cases do not involve an outsider breaking in but an insider with legitimate credentials who looks up records for an improper reason. Article 123’s exceeding-authorized-access theory is designed for that situation, although the precise contours of authorization should be examined carefully against the system’s actual access rules.

Article 92: dereliction and violation of regulations or orders

Even before reaching a computer-specific charge, access to Government information systems is governed by orders and regulations. Service members are routinely bound by acceptable-use policies, system access agreements, and information-security regulations that restrict access to authorized purposes. Violating a lawful general order or regulation, or being derelict in the performance of duties, is punishable under Article 92. Unauthorized querying of a personnel database commonly violates a published cybersecurity or privacy regulation or a specific order, making Article 92 a frequent companion or alternative charge. The choice between Article 92 and Article 123 often turns on whether the government wants to charge the specific computer offense or rely on the broader order-violation theory.

Article 107 and falsification of records

If the unauthorized access is paired with altering, creating, or falsifying entries in the personnel records, additional articles come into play. Making a false official statement or entry with intent to deceive is punishable under Article 107. A member who not only views but manipulates personnel data, for example to change an evaluation, a pay entry, or a duty status, can face an Article 107 charge for the false official record in addition to the access offense.

Article 134 and the general article

Where the conduct is prejudicial to good order and discipline or service discrediting and is not fully captured by an enumerated article, Article 134 can apply. Misuse of a personnel database to obtain another member’s private information for harassment, stalking, or other improper personal ends may be charged under Article 134, sometimes incorporating a federal statute through the clause that assimilates noncapital federal crimes, where one applies. Article 134 is fact-dependent and is generally used when the enumerated articles do not squarely fit.

Privacy obligations and related exposure

Personnel databases hold information protected by federal privacy law and Department of Defense regulations. A member who improperly accesses or discloses that information may expose the command and themselves to consequences under those privacy frameworks, and a knowing violation of the implementing regulations again routes back to Article 92. While the privacy statutes themselves are administered outside the punitive articles, their requirements frequently supply the underlying duty that an Article 92 or Article 134 charge enforces.

How charging decisions are made

In practice, the government examines what the member actually did. Simple unauthorized access or exceeding authorized access to obtain protected records points to Article 123. A clear violation of a published access regulation points to Article 92. Falsifying what was accessed adds Article 107. Using the data to harm another person can add Article 134. The same episode can support more than one charge, subject to the rules against unreasonable multiplication of charges, and counsel on both sides will scrutinize whether overlapping charges are appropriate. Critically, because the 2019 renumbering moved and renamed many offenses, the correct citation depends on when the conduct occurred; conduct after the effective date is charged under the current Article 123, and the older numbering does not control.

Bottom line

The primary UCMJ provision for unauthorized access to a command-controlled personnel database is Article 123, offenses concerning Government computers, which the 2019 reforms created on the model of the federal computer-fraud statute and which reaches both outright unauthorized access and exceeding authorized access to obtain protected information. Surrounding conduct brings in other articles: Article 92 for violating access regulations or orders, Article 107 for falsifying records, and Article 134 for service-discrediting misuse of the data. The applicable provision, and its correct article number, depends on exactly what the member did with the access and when the conduct took place.

Disclaimer

This article is provided strictly for general educational and informational purposes. It is intended to explain how the Uniform Code of Military Justice (UCMJ), the Rules for Courts-Martial, the Military Rules of Evidence, and related military administrative processes work as a matter of public legal education. It does not constitute legal advice, a legal opinion, or a recommendation about any particular case, and it is not a substitute for advice from a qualified military defense attorney who can evaluate the specific facts and command, service, and jurisdictional circumstances involved.

Reading this article, or contacting any website on which it appears, does not create an attorney-client relationship between the reader and any law firm, attorney, or author. Every court-martial, nonjudicial punishment action, administrative separation, and security-clearance matter turns on its own facts, the charged articles, the convening authority, the service branch, and the evidence, and outcomes vary widely from one case to another.

Military law also changes over time. The Military Justice Act of 2016 (effective January 1, 2019) and subsequent National Defense Authorization Acts renumbered and rewrote many punitive articles, revised the Article 32 preliminary hearing, and altered sentencing, clemency, and appellate procedures. Statutes, regulations, executive orders, the Manual for Courts-Martial, and decisions of the service Courts of Criminal Appeals and the Court of Appeals for the Armed Forces may have been amended, superseded, or reinterpreted after this article was written, and article numbers or procedures cited here may have changed.

For these reasons, no reader should act or decline to act based on this content without first consulting a licensed attorney experienced in military justice about their own situation. The author and publisher make no warranty, express or implied, as to the accuracy, completeness, timeliness, or current applicability of the information provided, and disclaim any liability for any action taken or not taken in reliance on it. If you are facing investigation, charges, or an adverse administrative action, time limits may apply, and you should seek qualified counsel promptly.

Leave a Reply

Your email address will not be published. Required fields are marked *