COMPUTER CRIMES

Published date01 July 2021
Date01 July 2021
COMPUTER CRIMES
I. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
II. COMPUTER INTRUSION AND FRAUD . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
A. Botnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616
B. Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
C. Ransomware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618
D. Viruses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619
E. Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619
F. Trojan Horses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
G. Logic Bombs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
H. Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
I. Denial of Service Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
J. Rootkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
K. Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
L. Phishing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
III. FEDERAL APPROACHES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
A. The Computer Fraud and Abuse Act . . . . . . . . . . . . . . . . . . . 623
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
2. Provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
3. Penalties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627
4. Proposed Reform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628
B. First Amendment and Online Speech . . . . . . . . . . . . . . . . . . . 629
1. Threat Speech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629
2. Child Pornography and Sexual Communication with
Minors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
3. Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 633
4. Anonymous Speech . . . . . . . . . . . . . . . . . . . . . . . . . . . . 634
5. Miscellaneous Exceptions . . . . . . . . . . . . . . . . . . . . . . . . 636
C. Traditional Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636
1. Property Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637
2. Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638
3. Wire Fraud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
4. Facilitating Prostitution and Section 230 . . . . . . . . . . . . . 640
D. Fourth Amendment Search and Seizure . . . . . . . . . . . . . . . . . 641
1. Scope and Execution of a Search . . . . . . . . . . . . . . . . . . . 643
2. Third-Party Doctrine. . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
E. Electronic Surveillance & the Electronic Communications
Privacy Act. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
1. Categorization of Information . . . . . . . . . . . . . . . . . . . . . 650
2. Components of The ECPA . . . . . . . . . . . . . . . . . . . . . . . 652
611
a. Pen/Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
b. Wiretap Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
c. Stored Communications Act. . . . . . . . . . . . . . . . . . . 655
3. Exceptions and Defenses. . . . . . . . . . . . . . . . . . . . . . . . . 657
IV. STATE APPROACHES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658
A. Structure of State Criminal Codes . . . . . . . . . . . . . . . . . . . . . 658
B. State Computer Crime Initiatives . . . . . . . . . . . . . . . . . . . . . . 658
1. Online Harassment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
2. Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
3. Unauthorized Access, Hacking, and Spyware . . . . . . . . . . 660
4. Protection of Personal Information . . . . . . . . . . . . . . . . . 660
5. Cyberbullying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
6. Jurisdiction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662
7. Enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
V. ENFORCEMENT CHALLENGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
A. Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
B. Extraterritoriality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
C. International Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
D. Rules of Evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668
I. INTRODUCTION
The U.S. Department of Justice (“DOJ”) broadly defines computer crime—also
known as cybercrime—as crime that “use[s] or target[s] computer networks.”
1
While the term computer crime includes traditional crimes, such as fraud or theft
committed with the use of a computer,
2
it also encompasses unique criminal
behaviors such as hacking.
3
To combat these crimes, prosecutors rely on technol-
ogy-specific federal legislation, such as the Computer Fraud and Abuse Act,
4
as
well as the application of traditional law to activities in cyberspace, such as
1. Office of Legal Educ., Prosecuting Computer Crimes, U.S. DEPT OF JUSTICE (2010), http://www.justice.
gov/criminal/cybercrime/docs/ccmanual.pdf [hereinafter PROSECUTING COMPUTER CRIMES]; see also Crime,
BLACKS LAW DICTIONARY (12th ed. 2019) (defining computer crime as “[a] crime involving the use of a
computer . . . [a]lso termed cybercrime; computer offense; cyberoffense”).
2. See infra Section III.C.
3. See, e.g., 18 U.S.C. §§ 1029, 1037; Stephen Cobb, Advancing Accurate and Objective Cybercrime Metrics, 10 J.
NATL SEC. L. & POLY 605, 610 (2020) (listing examples of cybercrimes and explaining that “some computer crimes
are unique to computers while others are traditionally prohibited forms of human misbehavior enhanced by
technology”); Neal Kumar Katyal, Criminal Law in Cyberspace, 149 U. PA. L. REV. 1003, 1013 (2001) (describing
different types of crimes that occur online or on a computer); Charlotte Decker, Note, Cyber Crime 2.0: An Argument to
Update the United States Criminal Code to Reflect the Changing Nature of Cyber Crime, 81 S. CAL. L. REV. 959, 964–
70 (2008) (discussing crimes aimed at computers, including hacking and extortionate hacking, distributed denial-of-
service attacks, theft of trade secrets, access device theft, and wiretap violations).
4. See Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, Pub. L. No. 99-474, 100 Stat.
1213 (1986) (codified at 18 U.S.C. § 1030).
612 AMERICAN CRIMINAL LAW REVIEW [Vol. 58:611
proscriptions against narcotics trafficking and theft.
5
Though cybercrime is prosecuted at the state and federal level, its frequency is
difficult to measure.
6
Many never learn that they were the victim of a cybercrime,
and commercial entities and institutions that do learn of an intrusion are often
reluctant to report the event due to fear of negative publicity, reduced consumer
trust, and increased regulatory scrutiny.
7
Such disincentives to reporting cyber-
crime, coupled with the difficulty of detecting it and the dual systems of state and
federal prosecution,
8
make calculating the total damage and frequency of computer
crime challenging.
9
5. See, e.g., United States v. Ulbricht, 31 F. Supp. 3d 540, 546–47 (S.D.N.Y. 2014) (describing prosecution
for narcotics trafficking involving the use of a website functioning as “an online marketplace for illicit goods and
services”); Intel Corp. v. Hamidi, 71 P.3d 296, 303–04 (Cal. 2003) (holding that sending mass emails through an
Intel list-serve did not constitute trespass to chattels under tort theory because it did not cause or threaten to cause
damage to the defendant’s computer). But see Sch. of Visual Arts v. Kuprewicz, 3 Misc. 3d 278, 281 (N.Y. Sup.
Ct. 2003) (holding that large volume email could at least constitute a cause of action for trespass to chattel). See
generally Morgan N. Temte, Blockchain Challenges Traditional Contract Law: Just How Smart Are Smart
Contracts?, 19 WYO. L. REV. 87 (2019) (discussing “the application of traditional contract law principles, the
potential for unauthorized practice of law, jurisdictional challenges in drafting and enforcing smart contracts, and
concerns regarding the potential liability for errors in smart contracts”); Catherine M. Sharkey, Can Data Breach
Claims Survive the Economic Loss Rule?, 66 DEPAUL L. REV. 339 (2017) (discussing the application of the
economic loss rule, which precludes tort recovery for purely financial losses, in the context of credit card data
breaches); Keith N. Hylton, Property Rules, Liability Rules, and Immunity: An Application to Cyberspace, 87 B.
U. L. REV. 1 (2007) (applying traditional tort rules to cyberspace).
6. COUNCIL OF ECON. ADVISERS, EXEC. OFFICE OF THE PRESIDENT, THE COST OF MALICIOUS CYBER ACTIVITY
TO THE U.S. ECONOMY 30 (2018), https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-
Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf [hereinafter THE COST OF MALICIOUS CYBER ACTIVITY]
(“[T]he field of cybersecurity is plagued by insufficient data, largely because firms face a strong disincentive to
report negative news.”). Cf. Stephen Cobb, Advancing Accurate and Objective Cybercrime Metrics, 10 J. NATL
SEC. L. & POLY 605, 605–06 (2020) (arguing that “[e]ven the most affluent of nations have not yet managed to
consistently generate acceptable statistics about any crimes, cyber or non-cyber,” but that a deficiency in crime
metrics seems most damaging to “efforts to deter and defeat cybercrime”).
7. Press Release, Fed. Trade Comm’n, FTC Addresses Uber’s Undisclosed Data Breach in New Proposed
Order (April 12, 2018), https://www.ftc.gov/news-events/blogs/business-blog/2018/04/ftc-addresses-ubers-
undisclosed-data-breach-new-proposed (describing the FTC’s revised consent order against Uber after the
company failed to disclose its 2016 breach); see also Gary Guthrie, Facebook Admits Malware Defrauded Users
Out of $4 Million, CONSUMER AFFAIRS (Oct. 2, 2020), https://www.consumeraffairs.com/news/facebook-admits-
malware-defrauded-users-of-4-million-100220.html (explaining how it took Facebook two years to tell the world
about the SilentFace mob that defrauded users); Robert Lemos, Companies Fall Shot on Mandatory Reporting of
Cybercrimes, DARKREADING (Jun. 2, 2020), https://www.darkreading.com/attacks-breaches/companies-fall-
short-on-mandatory-reporting-of-cybercrimes/d/d-id/1337977 (citing the ISACA “State of Cybersecurity 2020”
report finding that 62% of 2,051 surveyed cybersecurity professionals believe their companies under-report
cybercrimes); KENNETH OLMSTED & AARON SMITH, PEW RSCH. CTR., AMERICANS AND CYBERSECURITY 3–4
(2017), http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/ (describing a poll that found only
about twelve percent of Americans have a very high level of confidence that government and private companies
can protect their personal information).
8. See Joseph M. Olivenbaum, Ctrl-Alt-Delete: Rethinking Federal Computer Crime Legislation, 27 SETON
HALL L. REV. 574, 575 n.4 (1997) (arguing that the dual system of prosecution renders statistics suspect).
9. THE COST OF MALICIOUS CYBER ACTIVITY, supra note 6, at 30; see also Josephine Wolff, The Real
Reasons Why Cybercrimes May Be Vastly Undercounted (Feb. 12, 2018), https://slate.com/technology/2018/02/
the-real-reasons-why-cybercrimes-are-vastly-underreported.html (describing why companies may be reluctant to
report accurate numbers regarding cybercrime); cf. Stephen Cobb, Advancing Accurate and Objective
2021] COMPUTER CRIMES 613

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT