Computer crimes.

AuthorRaskin, Xan
PositionEleventh Survey of White Collar Crime
  1. Introduction

    1. Defining Computer Crime

    2. Types of Computer-Related Offenses II. Federal Approaches

    3. Federal Criminal Code

      1. Computer Abuse Amendments Act of 1994

        1. Offenses Under the Statute

        2. Defenses

      2. Other Statutes

        1. Copyright Act

        2. National Stolen Property Act

        3. Mail and Wire Fraud

        4. Electronic Communications Privacy Act

    4. New Legislative Developments

    5. Enforcement Strategies

    6. Sentencing

      1. Computer Fraud and Abuse Act

      2. Other Statutes

      1. Copyright Act

      2. National Stolen Property Act

      3. Mail and Wire Fraud

      4. Electronic Communications-Privacy Act.

    7. Ancillary Issues

      1. Searches of Computer Records

      2. First Amendment Issues III. State Approaches

    8. Overview of State Criminal Codes

    9. Conflict Between State and Federal Laws

    10. Prosecution of Computer-Related Crimes IV. International Approaches

  2. Introduction

    This article tracks developments in computer-related criminal law and legal literature, including an analysis of federal computer crime legislation and enforcement, and a discussion of state and international approaches.

    1. Defining Computer Crime

      The rapid emergence of computer technologies has spawned a variety of new criminal behaviors and an explosion in specialized legislation to combat them.(1) While computer crimes include traditional crimes committed with a computer, the term also encompasses offenses against intellectual property and other crimes which do not fall within traditional criminal statutes. Moreover, computer crime is moving in new directions as child pornographers abuse the information highway to distribute their wares and rapists and pedophiles use the internet to meet and set up their victims.(2) The diversity of computer-related offenses thus demands a broad definition. The Department of Justice defines computer crimes as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution."(3)

      Estimates of the predominant sources and extent of computer crimes vary. Many experts value losses due to computer crimes in the hundreds of millions and even billions of dollars.(4) While the exploits of youthful computer hackers have received the most press coverage, experts maintain that insider crimes committed by disgruntled or greedy employees have caused far more damage.(5)

    2. Types of Computer-Related Offenses

      There is no "typical" computer-related crime and no typical motive for committing such crimes.(6) Thus, computer criminals can be teenage hackers, disgruntled employees, mischievous technicians, or international terrorists.(7) However, it is possible to classify computer-related crimes by considering the role the computer plays in a particular crime.(8)

      First, a computer may be the "object"(9) of a crime, meaning the computer itself is targeted. Theft of computer processor time and computerized services are included in this category. Second, the computer may be the "subject"(10) of a crime. In these cases, the computer is the physical site of a crime, or is the source of or reason for unique forms of assets lost.(11) The use of "viruses"(12) and "logic bombs" (13) fit into this category. These crimes present novel legal problems because of the intangible nature of the electronic information which is the object of the crime.(14) Third, a computer may be an "instrument"(15) used as a means of committing traditional crimes such as theft, fraud, embezzlement, or trespass,(16) albeit in a more complex manner. (17) For example, a computer might be used to scan telephone codes automatically in order to make unauthorized use of a telephone system.(18)

  3. Federal Approaches

    1. Federal Criminal Code

    Computer-related crimes have been treated as distinct federal offenses since 1984, when Congress passed the Counterfeit Access Device and Computer Fraud and Abuse Law of 1984.(19) Since the 1984 Act was passed, the volume of such legislation has expanded greatly to meet the challenge of more types of computer-related crimes. However, massive internetworking within a decentralized computer industry makes regulation extremely difficult.(20) Regulation began as a piecemeal effort, and initially regulators were unaware of the full scope of the problem.(21) AS more data about computer crimes has become available, the law has attempted to adapt.(22) Yet even the most recent attempt to address the problem of computer-related crimes, the Computer Abuse Amendments Act of 1994,(23) may still contain significant gaps.(24) This section examines the major federal statutes directed at computer-related crimes and some of their practical shortcomings.

  4. Computer Abuse Amendments Act of 1994

    The current version of the Computer Abuse Act, entitled the Computer Abuse Amendments Act of 1994,(25) attempts to address the criticisms(26) of its previous version, the Computer Fraud and Abuse Act of 1986.(27) The 1994 Act prohibits unauthorized, intentional access to federal interest computers.(28)

    1. Offenses Under the Statute

      The statute proscribes six types of illegal activities.(29) Sections 1030(a)(1)-(3) prohibit unauthorized access of a computer:(30) to obtain information relating to national defense or foreign relations;(31) to obtain information in a financial record of a financial institution or consumer reporting agency;(32) or to manipulate information on a computer that would adversely affect(33) the United States government's operation of the computer.(34) Section 1030(a)(4) of the statute prohibits: accessing a "federal interest computer" without or in excess of authorization and with intent to defraud or obtain anything of value.(35)

      Subsection 1030(a)(5) prohibits the intentional(36) access of a "federal interest computer" without authorization, and thereby altering, damaging, or destroying information, or preventing "authorized use" of the computer.(37) The 1994 Act includes three significant additions to [sections] 1030(a)(5), amending the 1986 Act. First, the 1994 Act changes coverage from acts committed on federal interest computers and affecting such computers to acts committed on computers used in interstate commerce or communications and affecting any computer.(38) Second, the threshold requirement of "unauthorized access" has been removed.(39) As a result, the class of those potentially liable has been expanded to include, among others, company insiders and users of computer networks, who were arguably immune under the 1986 Act because their access was authorized.(40) Finally, the 1994 Act criminalizes certain types of reckless conduct in addition to intentional acts.(41) This may facilitate prosecution of hackers who cause the transmission of malevolent software, such as computer viruses, if such actions are sufficiently reckless but would not have been considered intentional under the 1986 Act.

      Finally, Section 1030(a)(6) prohibits: "knowingly," and with intent to defraud, trafficking in passwords which either would permit unauthorized access to a government computer, or affect interstate or foreign commerce.(42)

      Under the amended statute, intentional computer crimes committed on interstate computers are felonies,43 while reckless acts on interstate computers are misdemeanors.(44) The 1994 Act also provides an incentive for victims to report computer-related crimes by allowing civil remedies for victims of intentional computer crimes.(45) Additionally, the 1994 Act amends subsection (a)(3) to insert "adversely" before "affects the use of the Government's operation of such computer,"(46) implying that a trespasser might affect the computer benignly and escape prosecution.

      Punishment for an attempt to commit an offense is identical to punishment for commission of an offense.(47) The 1986 Act expressly grants investigatory authority to the United States Secret Service, in addition to any other agency having such authority.(48)

    2. Defenses

      There are a variety of defenses available under 18 U.S.C. [sections] 1030, including defenses relating to jurisdiction, statutory interpretation, damages, and intent.

      For acts covered by the 1986 Act, a federal interest computer must be used and affected.(49) If an individual installs a virus that damages a network without federal interest computers, that person's conduct is not covered by the federal statute.(50)

      Defenses to charges under the 1986 Act can also focus on undefined portions of the statutory language.(51) However, in United States v. Morris,(52) the only case to give a detailed interpretation of the 1986 Act, the Second Circuit rejected a defense based on ambiguities in the statutory language.(53) Furthermore, the 1994 Act may have closed some of the loopholes if courts interpret it to reach programmers who introduce a virus into a network by giving an innocent third party an infected program(54) as being sufficiently "reckless."

      Another defense to charges under either the 1386 Act or the 1994 Act is that the requisite $1,000 loss did not occur. Neither the 1986 Act nor the Morris court articulated how to calculate this loss.(55) Even if a dollar value can be attached to a loss, there is still some question whether the government can aggregate losses or whether there must be $1,000 worth of damage at one particular site.(56)

      Another available defense under both the 1986 Act and the 1994 Act is that a defendant lacked the requisite intent. The intent defense to charges under the 1986 Act has been narrowed by limiting the issue to the intent to access the computer.(57) In Morris, the Second Circuit rejected the contention that the adverb "intentionally"in the 1986 Act requires both intentional access and intentional harm; all that is required is intentional access.(58) As a result, once intentional access is proven, courts will probably reject a defense claiming that the effects of a program exceeded the programmer's intentions. The 1994 Act affirms the Morris holding by criminalizing certain reckless conduct.(59)

      1. Other Statutes

      Other statutes have been...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT