proscriptions against narcotics trafﬁcking and theft.
Though cybercrime is prosecuted at the state and federal level, its frequency is
difﬁcult to measure.
Many never learn that they were the victim of a cybercrime,
and commercial entities and institutions that do learn of an intrusion are often
reluctant to report the event due to fear of negative publicity, reduced consumer
trust, and increased regulatory scrutiny.
Such disincentives to reporting cyber-
crime, coupled with the difﬁculty of detecting it and the dual systems of state and
make calculating the total damage and frequency of computer
5. See, e.g., United States v. Ulbricht, 31 F. Supp. 3d 540, 546–47 (S.D.N.Y. 2014) (describing prosecution
for narcotics trafﬁcking involving the use of a website functioning as “an online marketplace for illicit goods and
services”); Intel Corp. v. Hamidi, 71 P.3d 296, 303–04 (Cal. 2003) (holding that sending mass emails through an
Intel list-serve did not constitute trespass to chattels under tort theory because it did not cause or threaten to cause
damage to the defendant’s computer). But see Sch. of Visual Arts v. Kuprewicz, 3 Misc. 3d 278, 281 (N.Y. Sup.
Ct. 2003) (holding that large volume email could at least constitute a cause of action for trespass to chattel). See
generally Morgan N. Temte, Blockchain Challenges Traditional Contract Law: Just How Smart Are Smart
Contracts?, 19 WYO. L. REV. 87 (2019) (discussing “the application of traditional contract law principles, the
potential for unauthorized practice of law, jurisdictional challenges in drafting and enforcing smart contracts, and
concerns regarding the potential liability for errors in smart contracts”); Catherine M. Sharkey, Can Data Breach
Claims Survive the Economic Loss Rule?, 66 DEPAUL L. REV. 339 (2017) (discussing the application of the
economic loss rule, which precludes tort recovery for purely ﬁnancial losses, in the context of credit card data
breaches); Keith N. Hylton, Property Rules, Liability Rules, and Immunity: An Application to Cyberspace, 87 B.
U. L. REV. 1 (2007) (applying traditional tort rules to cyberspace).
6. COUNCIL OF ECON. ADVISERS, EXEC. OFFICE OF THE PRESIDENT, THE COST OF MALICIOUS CYBER ACTIVITY
TO THE U.S. ECONOMY 30 (2018), https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-
Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf [hereinafter THE COST OF MALICIOUS CYBER ACTIVITY]
(“[T]he ﬁeld of cybersecurity is plagued by insufﬁcient data, largely because ﬁrms face a strong disincentive to
report negative news.”). Cf. Stephen Cobb, Advancing Accurate and Objective Cybercrime Metrics, 10 J. NAT’L
SEC. L. & POL’Y 605, 605–06 (2020) (arguing that “[e]ven the most afﬂuent of nations have not yet managed to
consistently generate acceptable statistics about any crimes, cyber or non-cyber,” but that a deﬁciency in crime
metrics seems most damaging to “efforts to deter and defeat cybercrime”).
7. Press Release, Fed. Trade Comm’n, FTC Addresses Uber’s Undisclosed Data Breach in New Proposed
Order (April 12, 2018), https://www.ftc.gov/news-events/blogs/business-blog/2018/04/ftc-addresses-ubers-
undisclosed-data-breach-new-proposed (describing the FTC’s revised consent order against Uber after the
company failed to disclose its 2016 breach); see also Gary Guthrie, Facebook Admits Malware Defrauded Users
Out of $4 Million, CONSUMER AFFAIRS (Oct. 2, 2020), https://www.consumeraffairs.com/news/facebook-admits-
malware-defrauded-users-of-4-million-100220.html (explaining how it took Facebook two years to tell the world
about the SilentFace mob that defrauded users); Robert Lemos, Companies Fall Shot on Mandatory Reporting of
Cybercrimes, DARKREADING (Jun. 2, 2020), https://www.darkreading.com/attacks-breaches/companies-fall-
short-on-mandatory-reporting-of-cybercrimes/d/d-id/1337977 (citing the ISACA “State of Cybersecurity 2020”
report ﬁnding that 62% of 2,051 surveyed cybersecurity professionals believe their companies under-report
cybercrimes); KENNETH OLMSTED & AARON SMITH, PEW RSCH. CTR., AMERICANS AND CYBERSECURITY 3–4
(2017), http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/ (describing a poll that found only
about twelve percent of Americans have a very high level of conﬁdence that government and private companies
can protect their personal information).
8. See Joseph M. Olivenbaum, Ctrl-Alt-Delete: Rethinking Federal Computer Crime Legislation, 27 SETON
HALL L. REV. 574, 575 n.4 (1997) (arguing that the dual system of prosecution renders statistics suspect).
9. THE COST OF MALICIOUS CYBER ACTIVITY, supra note 6, at 30; see also Josephine Wolff, The Real
Reasons Why Cybercrimes May Be Vastly Undercounted (Feb. 12, 2018), https://slate.com/technology/2018/02/
the-real-reasons-why-cybercrimes-are-vastly-underreported.html (describing why companies may be reluctant to
report accurate numbers regarding cybercrime); cf. Stephen Cobb, Advancing Accurate and Objective
2021] COMPUTER CRIMES 613