How Does the Military Justice System Handle Cybercrime and Technology-Related Offenses?
On this page
- The Mapping Problem: Conduct First, Article Second
- Article 123: Offenses Concerning Government Computers
- Article 117a: Intimate Visual Images
- Espionage and Large-Scale Disclosure: Article 103a, Not 106a
- Computer Fraud, Child Exploitation, and the Federal Statute Bridge
- What This Field Looks Like in Practice
- Frequently Asked Questions
- Sources
- Related posts:
A service member who copies a classified file to a thumb drive, accesses a network they were not cleared to use, or forwards a private sexual image of a colleague has not violated a single “cybercrime statute,” because the Uniform Code of Military Justice does not contain one. There is no Article titled “cybercrime.” Instead, technology-related misconduct is charged under whichever existing punitive article fits the conduct, and the article that fits often surprises people who assume military law has a tidy digital chapter. Understanding how cyber conduct maps onto the current articles, especially after the 2019 renumbering that gave several articles entirely new subject matter, is the practical key to this area.
The Mapping Problem: Conduct First, Article Second
Because no article owns “computer crime,” prosecutors reason backward from the act to the statute. The same keystroke can be charged differently depending on what was accessed, what was taken, and to whom it went. Pulling protected data off a government system is one article; sending classified data to a foreign power is a different and far graver one; sharing an intimate image is a third; possessing exploitation material is a fourth. The accused is not charged with “hacking” in the abstract. They are charged with the specific offense the conduct satisfies, and several distinct articles supply those offenses.
This matters for a reason that goes beyond labeling. The article chosen determines the elements the government must prove, the maximum punishment, and, after the 2023 reforms, who decides whether the case is prosecuted at all. A clear-eyed view of the field requires walking through the articles one at a time.
Article 123: Offenses Concerning Government Computers
The article most directly aimed at computer misconduct is Article 123 of the UCMJ, codified at 10 U.S.C. § 923 and titled “Offenses concerning Government computers.” This is a point of frequent confusion, because before the Military Justice Act of 2016 took effect on 1 January 2019, Article 123 was the forgery article. The renumbering moved forgery elsewhere and repurposed Article 123 for computer offenses. Any reference describing “Article 123 forgery” as current law is describing the pre-2019 code.
Article 123 reaches three forms of conduct against a “Government computer,” defined as a computer owned or operated by or on behalf of the United States Government. The first is knowingly accessing a government computer with an unauthorized purpose, obtaining classified information, and communicating it to a person not entitled to receive it. The second is intentionally accessing a government computer with an unauthorized purpose and thereby obtaining classified or other protected information, a category that the statute ties to information the Secretary of Defense designates as protected. The third is knowingly causing the transmission of a program, information, code, or command that intentionally damages a government computer. The statute itself prescribes that violators “shall be punished as a court-martial may direct,” leaving the maximum to the Manual for Courts-Martial, which a reader should confirm against the current Manual rather than assume.
The element that does the real work in Article 123 cases is the authorization boundary. Military networks are built as a layered permission structure: a security clearance level, a need-to-know designation, and a system-specific access grant all sit between a user and a given file. The government must show not merely that the accused touched the system, but that the purpose was unauthorized and that the access crossed a boundary the accused was not entitled to cross. A member who had a clearance and a valid login but used it for a forbidden purpose can still fall within the statute, because the offense turns on the purpose of the access, not the mere existence of credentials.
Article 117a: Intimate Visual Images
When the technology at issue is a phone camera and a group chat rather than a network intrusion, the governing article is usually Article 117a, “Wrongful broadcast or distribution of intimate visual images” (10 U.S.C. § 917a). Congress added this article through the fiscal year 2018 National Defense Authorization Act, in the wake of a social-media scandal in which private sexual images of service members were shared without consent. It criminalizes knowingly and wrongfully broadcasting or distributing an intimate visual image, or a visual image of sexually explicit conduct, of a person who is at least eighteen, identifiable from the image or accompanying information, and who did not consent to the distribution.
The statute defines an intimate visual image as one depicting a private area, meaning the naked or underwear-clad genitalia, anus, buttocks, or female areola or nipple. It also requires that the accused knew or reasonably should have known that the image was made under circumstances in which the depicted person retained a reasonable expectation of privacy, and that distribution was likely to cause harm, harassment, intimidation, emotional distress, or financial loss. A distinctive feature is the nexus requirement: the conduct must have a reasonably direct and palpable connection to a military mission or military environment. That element is what keeps the article tethered to military justice rather than reaching every private dispute, and it is frequently litigated.
Article 117a also illustrates how the 2023 reforms reshape who controls these cases. It is one of the offenses placed within the exclusive authority of the Office of Special Trial Counsel, the independent prosecutorial body created by the FY2022 NDAA and effective 27 December 2023. For covered Article 117a conduct, the decision to prefer and refer charges sits with independent special trial counsel rather than the accused’s commander.
Espionage and Large-Scale Disclosure: Article 103a, Not 106a
Digital disclosure of classified information to a foreign power is espionage, and here precision about the article number is essential. Espionage is Article 103a of the UCMJ (10 U.S.C. § 903a). It was renumbered from the former Article 106a effective 1 January 2019. The number 106a has not vanished, but it now carries a completely different and minor offense, the wrongful wearing of unauthorized insignia, decorations, or badges (10 U.S.C. § 906a). Citing “Article 106a espionage” as current law is therefore an error, and a consequential one, because it points to the wrong statute entirely. Article 103a authorizes enhanced punishment, including death, where the compromised information concerns nuclear weaponry, military spacecraft, war plans, communications intelligence, cryptography, or major weapons systems.
It is worth separating espionage from the broader insider-disclosure problem, because not every large unauthorized release is charged as espionage. The most cited example, the 2013 court-martial arising from the transmission of hundreds of thousands of classified records to a public-facing website, ended in an acquittal on the charge of aiding the enemy and convictions under the federal Espionage Act and theft statutes, prosecuted through Article 134 rather than under the Article 103a espionage provision. The 35-year sentence was later commuted by the President in January 2017, a commutation rather than a pardon. The case is a useful reminder that disclosure prosecutions draw on assimilated federal statutes, the general article, and the espionage article in combination, and that the precise charge depends on intent and audience, not simply the volume of data moved.
Computer Fraud, Child Exploitation, and the Federal Statute Bridge
A large share of technology offenses are not native UCMJ crimes at all. They are federal statutes pulled into the court-martial through Article 134, Clause 3, the general article’s provision for noncapital federal offenses. The Computer Fraud and Abuse Act (18 U.S.C. § 1030) is the principal example. Conduct it covers, such as accessing a computer without authorization or exceeding authorized access and obtaining information, can be charged against a service member at court-martial under Clause 3 even though the prohibition lives in Title 18 rather than Title 10. The same bridge carries the federal child-exploitation statutes (18 U.S.C. §§ 2252 and 2252A). Possession, distribution, or production of child sexual abuse material is charged under Article 134, and these offenses are among those placed within the exclusive authority of the Office of Special Trial Counsel, removing the charging decision from the chain of command.
Clause 3 is not the only home for online misconduct. Clauses 1 and 2 of Article 134 supply residual authority over conduct that is prejudicial to good order and discipline or service-discrediting, which can capture online harassment, threats, or stalking that does not fit a more specific article. Larceny of digital property or data implicates Article 121, and a member who installs unauthorized software or bypasses information-security controls may also face Article 92 for violating a lawful general order or regulation. The picture is deliberately modular: one set of facts can support several charges drawn from several articles.
What This Field Looks Like in Practice
The differentiator that a list of articles can obscure is that cyber cases are won or lost on digital evidence, and the rules for that evidence are where much of the real contest happens. Authentication of electronic evidence runs through the Military Rules of Evidence, with Rule 901 governing the showing that data is what its proponent claims and that a process or system produced an accurate result. Chain of custody for a forensic image, the bit-for-bit copy of a device that examiners analyze rather than the original, must account for every handler and every change, including changes introduced by the forensic process itself.
Searches of phones and computers also carry constitutional weight. Following the Supreme Court’s decision in Riley v. California (2014), which held that searching a cell phone generally requires a warrant, military authorities ordinarily need probable cause and a command authorization with a scope reasonably tied to the evidence sought. That protection is reduced, not eliminated, on government-owned systems, where banner warnings and acceptable-use policies establish that authorized monitoring is occurring and that the user has a diminished expectation of privacy. Evidence pulled from such monitoring is generally admissible when the monitoring complied with the governing regulations and the user was properly notified. The interplay between these privacy rules and the modular charging structure is what makes technology offenses one of the faster-moving corners of military justice.
Frequently Asked Questions
Is there a single “cybercrime” article in the UCMJ?
No. Technology offenses are charged under whichever existing article fits the conduct, principally Article 123 for offenses against government computers, Article 117a for intimate-image distribution, and Article 134 for federal statutes assimilated through Clause 3, including the Computer Fraud and Abuse Act and child-exploitation laws.
Why does Article 123 sometimes appear as “forgery” in older materials?
Because before 1 January 2019, Article 123 was the forgery article. The Military Justice Act of 2016 renumbered the punitive articles and repurposed Article 123 for offenses concerning government computers. Older references describing Article 123 as forgery reflect the pre-2019 code.
Who decides whether a technology offense is prosecuted?
For offenses placed within the Office of Special Trial Counsel’s authority, such as Article 117a intimate-image distribution and child pornography under Article 134, independent special trial counsel, not the accused’s commander, hold the charging decision for covered conduct committed on or after 27 December 2023.
Sources
- 10 U.S.C. § 923 (Article 123, Offenses concerning Government computers): https://www.law.cornell.edu/uscode/text/10/923
- 10 U.S.C. § 917a (Article 117a, Wrongful broadcast or distribution of intimate visual images): https://www.law.cornell.edu/uscode/text/10/917a
- 10 U.S.C. § 903a (Article 103a, Espionage): https://www.law.cornell.edu/uscode/text/10/903a
- 10 U.S.C. § 906a (Article 106a, Wearing unauthorized insignia): https://www.law.cornell.edu/uscode/text/10/906a
- 10 U.S.C. § 824a (Article 24a, Special trial counsel): https://uscode.house.gov/view.xhtml?req=granuleid%3AUSC-prelim-title10-section824a&num=0&edition=prelim
- 18 U.S.C. § 1030 (Computer Fraud and Abuse Act): https://www.law.cornell.edu/uscode/text/18/1030
- Manual for Courts-Martial / Uniform Code of Military Justice (Joint Service Committee): https://jsc.defense.gov/
This article is for general informational purposes only and is not legal advice. It describes military law and procedure of public record, does not address any individual case, and does not create an attorney-client relationship.