Computer crimes.
| Author | Benson, Carl |
| Position | Twelfth Survey of White Collar Crime |
-
INTRODUCTION
-
Defining Computer Crime
-
Types of Computer-Related Offenses II. FEDERAL APPROACHES
-
Federal Criminal Code
-
Computer Abuse Amendments Act of 1994
-
Offenses Under the Statute
-
Defenses
-
-
Other Statutes
-
Copyright Act
-
National Stolen Property Act
-
Mail and Wire Fraud
-
Electronic Communications Privacy Act
-
Telecommunications Act of 1996
-
-
-
Enforcement Strategies
-
Sentencing
-
Computer Fraud and Abuse Act
-
Other Statutes
-
Copyright Act
-
National Stolen Property Act
-
Mail and Wire Fraud
-
Electronic Communications Privacy Act
-
-
Ancillary Issues
-
Searches of Computer Records
-
First Amendment Issues III. STATE APPROACHES
-
-
Overview of State Criminal Codes
-
Conflict Between State and Federal Laws
-
Prosecution of Computer-Related Crimes IV. INTERNATIONAL APPROACHES V. RECENT DEVELOPMENTS
-
-
INTRODUCTION
This article tracks developments in computer-related criminal law and legal literature. An analysis of federal computer crime legislation and enforcement, and a discussion of state and international approaches are presented in the article. Finally, recent developments in this area are reviewed.
-
Defining Computer Crime
The rapid emergence of computer technologies has spawned a variety of new criminal behaviors and an explosion in specialized legislation to combat them.(1) While computer crimes include traditional crimes committed with a computer, the term also encompasses offenses against intellectual property and other crimes that do not fall within traditional criminal statutes. The diversity of computer-related offenses thus demands a broad definition. The Department of Justice defines computer crimes as "any violations of criminal law that involve[s] a knowledge of computer technology for their perpetration, investigation, or prosecution."(2)
Estimates of the predominant sources and extent of computer crimes vary. Many experts value losses due to computer crimes in the hundreds of millions and even in the billions of dollars.(3) While the exploits of youthful computer hackers have received the most press coverage,(4) experts maintain that insider crimes committed by disgruntled or greedy employees have caused far more damage.(5)
-
Types of Computer-Related Offenses
There are no "typical" computer-related crimes and no typical motive for committing such crimes.(6) Computer criminals can be teenage hackers, disgruntled employees, mischievous technicians, or international terrorists.(7) However, classifying computer-related crimes by considering the role the computer plays in a particular crime is possible.(8)
First, a computer may be the "object"(9) of a crime, meaning the computer itself is targeted. In this category are theft of computer processor time and computerized services. Second, the computer may be the "subject"(10) of a crime. In these cases, the computer is the physical site of a crime, or is the source of or reason for unique forms of assets lost.(11) The use of "viruses'"(12) and "logic bombs"(13) fit into this category. These crimes present novel legal problems because of the intangible nature of the electronic information that is the object of the crime.(14) Third, a computer may be an "instrument"(15) used to commit traditional crimes, such as theft, fraud, embezzlement, or trespass,(16) but in a more complex manner.(17) For example, a computer might be used to scan telephone codes automatically to make unauthorized use of a telephone system.(18)
-
-
FEDERAL APPROACHES
-
Federal Criminal Code
Congress has treated computer-related crimes as distinct federal offenses since 1984 after passage of the Counterfeit Access Device and Computer Fraud and Abuse Law.(19) Since they passed the 1984 Act, the volume of such legislation has expanded greatly to address the many types of computer-related crimes. However, massive inter-networking within a decentralized computer industry make regulation extremely difficult.(20) Regulation began as a piecemeal effort, and initially regulators were unaware of the full scope of the problem.(21) As more data about computer crimes has become available, the law has attempted to adapt with the Computer Abuse Amendments Act of 1994.(22) This section examines the major federal statutes directed at computer-related crimes and some of their practical shortcomings.
-
Computer Abuse Amendments Act of 1994
The current version of the Computer Abuse Act, titled the Computer Abuse Amendments Act of 1994,(23) attempts to address the criticisms(24) of its previous version, the Computer Fraud and Abuse Act of 1986.(25) The 1994 Act prohibits unauthorized, intentional access to federal interest computers.(26)
-
Offenses Under the Statute
The statute proscribes six types of illegal activities.(27) Sections 1030(a)(1)-(3) prohibit unauthorized access of a computer: (1) to obtain information relating to national defense or foreign relations;(28) (2) to obtain information in a financial record of a financial institution or consumer reporting agency;(29) or (3) to manipulate information on a computer that would adversely affect(30) the United States government's operation of the computer.(31) Section 1030(a)(4) of the statute prohibits accessing a "federal interest computer" without or in excess of authorization and with intent to defraud or obtain anything of value.(32)
Subsection 1030(a)(5) prohibits the intentional(33) access of a "federal interest computer" without authorization, where such access alters, damages, or destroys information, or prevents "authorized use" of the computer.(34) The 1994 Act includes three significant additions to [sections] 1030(a)(5), amending the 1986 Act. First, the 1994 Act changes coverage from acts committed on federal interest computers and affecting such computers to acts committed on computers used in interstate commerce or communications and affecting any computer.(35) Second, the threshold requirement of "unauthorized access" has been removed.(36) As a result, the class of those potentially liable has been expanded to include, among others, company insiders and users of computer networks who were arguably immune under the 1986 Act because their access was authorized.(37) Finally, the 1994 Act criminalizes certain types of reckless conduct in addition to intentional acts.(38) This may facilitate prosecution of hackers who cause the transmission of malevolent software, such as computer viruses, if such actions are sufficiently reckless but would not have been considered intentional under the 1986 Act.(39)
Finally, [sections] 1030(a)(6) prohibits: "knowingly," and with intent to defraud, trafficking in passwords which either would permit unauthorized access to a government computer, or affect interstate or foreign commerce.(40)
Under the amended statute' intentional computer crimes committed on interstate computers are felonies,(41) while reckless acts on interstate computers are misdemeanors.(42) The 1994 Act also provides an incentive for victims to report computer-related crimes by allowing civil remedies for victims of intentional computer crimes.(43) Additionally, the 1994 Act amends subsection (a)(3) to insert "adversely" before "affects the use of the Government's operation of such computer,"(44) implying that a trespasser might affect the computer benignly and escape prosecution.
Punishment for an attempt to commit an offense is identical under this section to punishment for commission of an offense.(45) The 1986 Act expressly grants investigatory authority to the United States Secret Service, in addition to any other agency having such authority.(46)
-
Defenses
There are a variety of defenses available under [sections] 1030, including defenses relating to jurisdiction, statutory interpretation, damages, and intent.
For acts covered by the 1986 Act, a "federal interest" computer must be used and affected.(47) If an individual installs a virus that damages a network without federal interest computers, that person's conduct is not covered by the federal statute.(48)
Defenses to charges under the 1986 Act may also focus on undefined portions of the statutory language.(49) However, in United States v. Morris,(50) the Second Circuit rejected a defense based on ambiguities in the statutory language.(51) Furthermore, the 1994 Act may have closed some of the loopholes if courts interpret the "reckless disregard" provision to reach programmers who introduce a virus into a network by giving an innocent third party an infected program.(52)
Another defense to charges under either the.1986 Act or the 1994 Act is that the requisite $1,000 loss did not occur. Neither the 1986 Act nor the Morris decision articulate how to calculate this loss.(53) However, in United States v. Sablan,(54) only those losses directly resulting from the defendant's criminal activity were included. The Sablan court measured the direct losses, which amounted to over $20,000, by a "reasonable estimate" given the "available information," and utilizing a valuation based on the damaged business' normal business charges.(55) Even if a dollar value can be attached to a loss, there is still some question whether the government can aggregate losses or whether there must be $1,000 worth of damage at one particular site.(56)
Another available defense under both the 1986 Act and the 1994 Act is that a defendant lacked the requisite intent. The intent defense to charges under the 1986 Act has been narrowed by limiting the issue to the intent to access the computer.(57) In Morris, the Second Circuit rejected the contention that the adverb "intentionally" in the 1986 Act requires both intentional access and intentional harm; all that is required is intentional access.(58) The Sablan(59) court not only adopted the rule announced in Morris, but also upheld the constitutionality of the computer fraud statute's mens rea requirement. As a result, once intentional access is proven, courts will reject a defense claiming that the effects of a...
-
-
-
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
