Computer crimes.

• Author: Galicki, Alexander
• Position: Annual Survey of White Collar Crime

1. INTRODUCTION A. Defining Computer Crime B. Types of Computer-Related Offenses 1. Object of Crime 2. Subject of Crime a. Spam b. Viruses c. Worms d. Trojan Horses e. Logic Bombs f. Sniffers g. Denial of Service Attacks h. Web Bots & Spiders 3. Instrument of Crime II. GENERAL ISSUES A. Constitutional Issues 1. First Amendment 2. Fourth Amendment B. Jurisdiction 1. Federal Jurisdiction 2. State Jurisdiction C. Interaction with Other Federal Statutes III. FEDERAL APPROACHES A. Sentencing Guidelines B. Federal Statutes 1. Child Pornography Statutes a. Communications Decency Act of 1996 b. Child Pornography Prevention Act of 1996 2. Computer Fraud and Abuse Act a. Offenses Under the Statute b. Jurisdiction c. Defenses d. Penalties e. Proposed Reform 3. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 a. Provisions b. Penalties c. Expansion to Social Media 4. Copyright Statutes a. Criminal Copyright Infringement in the Copyright Act i. Provisions ii. Defenses iii. Penalties b. Digital Millennium Copyright Act i. Background ii. Provisions iii. Defenses iv. Penalties c. Stop Online Piracy Act 5. Electronic Communications Privacy Act a. Stored Communications Act b. Title III (Wiretap Act) i. Defenses ii. Penalties c. Statutory Issues 6. Identity Theft a. Penalties 7. Wire Fraud Statute C. Enforcement IV. STATE APPROACHES A. Overview of State Criminal Codes B. Enforcement V. INTERNATIONAL APPROACHES A. Issues B. Solutions I. INTRODUCTION

   This Article discusses federal, state, and international approaches to computer- related criminal law. Section I defines computer crimes, Section II covers the constitutional and jurisdictional issues concerning computer crimes, Section III describes the federal approaches used for prosecuting computer crime and analyzes enforcement strategies, Section IV examines state approaches to battling computer crimes, and Section V addresses international approaches to regulating computer crimes.

   1. Defining Computer Crime

      The U.S. Department of Justice ("DOJ") broadly defines computer crime as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution." (1) Because of the diversity of computer-related offenses, a narrower definition would be inadequate. While the term "computer crime" includes traditional crimes committed with the use of a computer, (2) the rapid emergence of computer technologies and the Internet's exponential growth spawned a variety of new, technology-specific criminal behaviors that must also be included in the "computer crimes" category. (3) To combat these criminal behaviors, Congress passed technology-specific legislation. (4)

      Experts have had difficulty calculating the damage caused by computer crimes due to: (1) the difficulty of adequately defining "computer crime;" (5) (2) victims' reluctance to report incidents for fear of losing customer confidence; (6) (3) the dual system of prosecution; (7) and (4) the lack of detection. (8) In 2006, the DOJ's Bureau of Justice Statistics and the Department of Homeland Security's National Cyber Security Division conducted a joint effort to estimate the number of cyber attacks and the number of incidents of fraud and theft of information. (9) It found that nearly sixty-seven percent of businesses reported at least one incident of computer crime the past year. (10)

   2. Types of Computer-Related Offenses

      1. Object of Crime

         The DOJ divides computer-related crimes into three categories according to the computer's role in the particular crime. (11) First, a computer may be the "object" of a crime. (12) This category primarily refers to theft of computer hardware or software. Under state law, computer hardware theft is generally prosecuted under theft or burglary statutes. (13) Under federal law, computer hardware theft may be prosecuted under 18 U.S.C. [section]2314, which regulates the interstate transportation of stolen or fraudulently obtained goods. (14) Computer software theft is included in this category only if it is located on a tangible piece of hardware because the theft of intangible software is not prosecutable under 18 U.S.C. [section] 2314. (15)

      2. Subject of Crime

         Second, a computer may be the "subject" of a crime. (16) In this category, the computer is akin to the pedestrian who is mugged or the house that is robbed; it is the subject of the attack and the site of any damage caused. This category includes spam, viruses, worms, Trojan horses, logic bombs, sniffers, distributed denial of service attacks, and unauthorized web bots or spiders. Each of these subcategories is defined and discussed below.

         In the past, malice or mischief rather than financial gain motivated most offenders in this category. (17) These types of crimes were frequently committed by juveniles, disgruntled employees, and professional hackers as a means of showing off their skills. (18) Disgruntled employees were once widely thought to pose the biggest threat to company computer systems. (19) The less visible threat from juvenile offenders led to unique challenges because sentencing courts had a difficult time finding appropriate penalties. (20) The disparity in visibility has decreased in recent years, however, as an increasingly diverse group of individuals motivated by financial gain have committed crimes against computers. (21)

         1. Spam

            Spam is unsolicited bulk commercial e-mail from a party with no preexisting business relationship. (22) In 2009, more than ninety-seven percent of all e- mails sent over the Internet were spam. (23) Additionally, hackers often use spam as a way of distributing viruses, spyware, and other malicious software. (24)

         2. Viruses

            A virus is a program that modifies other computer programs. (25) It usually spreads from one host to another when a user transmits an infected file by e-mail, over the Internet, across a company's network, or by disk. (26)

         3. Worms

            Worms are similar to viruses, but use computer networks or the Internet to self-replicate and "send themselves" to other users, generally via e-mail, while viruses require human action to spread from one computer to the next. (27) Worms have far more destructive potential than viruses because they can spread much faster. (28)

         4. Trojan Horses

            Trojan horses are programs with legitimate functions that also contain hidden malicious code. (29) Like its namesake, a Trojan horse dupes a user into installing the seemingly innocent program on his or her computer system and then activates the hidden code, which may release a virus or allow an unauthorized user access to the system. (30) Hackers use Trojan horses as the primary means to transmit viruses. (31)

         5. Logic Bombs

            Logic bombs are programs that activate when a specific event occurs, such as the arrival of a particular date or time. (32) They can be destructive, but software companies also commonly use them to protect against violation of licensing agreements by disabling the program upon detection of a violation. (33)

            f Sniffers

            Sniffers, also known as network analyzers, can read electronic data as it travels through a network. (34) Network administrators use sniffers to monitor networks and troubleshoot network connections. (35) Sniffers can help network administrators find and resolve network problems. (36) However, a hacker can break into a network and install a sniffer that logs all activity across a network, including the exchange of passwords, credit card numbers, and other personal information. (37)

         7. Denial of Service Attacks

            In a denial of service attack, hackers bombard the target website with an overwhelming number of simple requests for connection, making the site unable to respond to legitimate users. (38) In distributed denial of service attacks, hackers use networks of innocent third parties to overwhelm websites and prevent them from communicating with other computers. (39) After breaking into several network systems, the individual makes one system the "Master" system and turns the others into agent systems. (40) Once activated, the Master directs the agents to launch a denial of service attack. (41) The use of third-party agents makes it particularly difficult to identify the culprit. (42)

         8. Web Bots & Spiders

            "Web bots" or "spiders" are data search and collection programs that can create searchable databases cataloguing a website's activities. (43) Although seemingly innocuous, too many spiders on the same website can effectively operate as a denial of service attack. Moreover, they can steal data from the websites that they search. (44)

      3. Instrument of Crime

         In addition to being the object or subject of crime, a computer may be an "instrument" used to commit traditional crimes. (45) These traditional crimes include identity theft, (46) distribution of child pornography, (47) copyright infringement, (48) and wire fraud. (49)

2. GENERAL ISSUES

   1. Constitutional Issues

      Part A addresses general constitutional issues with computer crimes. These concerns generally fall under either the First Amendment or the Fourth Amendment. In addition, computer crimes raise difficult issues of federalism and Commerce Clause limitations.

      1. First Amendment

         The First Amendment protects the same forms of speech on the Internet that it protects under traditional First Amendment analysis. (50)

         It is particularly relevant to computer crimes that the First Amendment does not protect "true threats of force," (51) such as sending threatening e-mail messages or making a public announcement on the Internet of an intention to commit a violent act. (52) Similarly, the First Amendment does not protect harassment by e-mail or on the Internet, as long as it is sufficiently persistent and malicious to inflict, or is motivated by a desire to cause substantial emotional or physical harm (53) and is directed at a specific person. (54) Child pornography is not protected either, but finding a sufficiently narrow description to...