|
...Sniffers g. Denial of Service Attacks h. Web Bots Spiders 3. Instrument of Crime II. GENERAL ISSUES A. Constitutional Issues 1. First Amendment 2. Fourth Amendment B. Other Issues III. FEDERAL APPROACHES A. Sentencing Guidelines B. Federal Statutes 1. Child Pornography Statutes a. Communications Decency Act of 1996 b. Child Pornography Prevention Act of 1996 2. Computer Fraud and Abuse Act a. Offenses Under the Statute b. Jurisdiction c. Defenses d. Penalties 3. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 4. Copyright Statutes a. Criminal Copyright Infringement in the Copyright Act i. Defenses ii. Penalties b. Digital Millennium Copyright Act 5. Electronic Communications Privacy Act a. Stored Communications Act b. Title III (Wiretap Act) i. Defenses ii. Penalties c. Statutory Issues 6. Identity Theft a. Penalties 7. Wire Fraud Statute C. Enforcement IV. STATE APPROACHES A. Overview of State Criminal Codes B. Jurisdiction C. Enforcement V. INTERNATIONAL APPROACHES A. Issues B. Solutions
I. INTRODUCTION
This Article discusses federal, state, and international developments in computer-related criminal law. This Section defines computer crimes. Section II covers the constitutional issues concerning computer crimes. Section HI describes the federal approaches used for prosecuting computer crime, and analyzes enforcement strategies. Section IV examines state approaches to battling computer crime and the resulting federalism issues. Lastly, Section V addresses international approaches to regulating computer crimes.
A. Defining Computer Crime
The U.S. Department of Justice ("DOJ") broadly defines computer crime as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution." (1) Because of the diversity of computer-related offenses, a narrower definition would be inadequate. While the term "computer crime" includes traditional crimes committed with the use of a computer, (2) the rapid emergence of computer technologies and the exponential expansion of the Internet (3) spawned a variety of new, technology-specific criminal behaviors that must also be included in the category of "computer crimes." (4) To combat these new criminal behaviors, Congress passed specialized legislation:
Experts have had difficulty calculating the damage caused by computer crimes due to: the difficulty in adequately defining "computer crime;" (6) victims' reluctance to report incidents for fear of losing customer confidence; (7) the dual system of prosecution; (8) and, the lack of detection. (9) In 2006, DOJ's Bureau of Justice Statistics and the Department of Homeland Security's National Cyber Security Division began a joint effort to estimate the number of cyber attacks and the number of incidents of fraud and theft of information. (10)
B. Types of Computer-Related Offenses
1. Object of Crime
DOJ divides computer-related crimes into three categories according to the computer's role in the particular crime. (11) First, a computer may be the "object" of a crime. (12) This category primarily refers to theft of computer hardware or software. Under state law, computer hardware theft is generally prosecuted under theft or burglary statutes. (13) Under federal law, computer hardware theft may be prosecuted under 18 U.S.C. [section] 2314 (2000), which regulates the interstate transportation of stolen or fraudulently obtained goods. (14) Computer software theft is only included in this category if it is located on a tangible piece of hardware because the theft of intangible software is not prosecutable under 18 U.S.C. [section] 2314.
2. Subject of Crime
Second, a computer may be the "subject" of a crime. (15) In this category, the computer is akin to the pedestrian who is mugged or the house that is robbed, it is the subject of the attack and the site of any damage caused. These are computer crimes for which there is generally no analogous traditional crime and for which special legislation is needed. This category encompasses spam, viruses, worms, Trojan horses, logic bombs, sniffers, distributed denial of service attacks, and unauthorized web bots or spiders. In the past, malice or mischief rather than financial gain motivated most offenders in this category. Now, many crimes are driven by personal profit or malice. (16) These types of crimes were frequently committed by juveniles, disgruntled employees, and professional hackers as a means of showing off their skills. (17) Disgruntled employees are widely thought to pose the biggest threat to company computer systems. (18) Teenage hackers remain a problem as well. (19) Courts have had a hard time finding appropriate punishments for teenage hackers. (20) In recent years, more of these crimes have been committed for financial gain. (21)
a. Spam
Spam is unsolicited bulk commercial email from a party with no preexisting business relationship. (22) In 2003, the Senate estimated that spam would account for more than 50% of global email traffic by the end of the year. (23) Additionally, hackers often use spam as a way of distributing viruses, spyware, and other malicious software. (24)
b. Viruses
A virus is a program that modifies other computer programs, causing them to perform the task for which the virus was designed. (25) It usually spreads from one host to another when a user transmits an infected file by e-mail, over the Internet, across a company's network, or by disk. (26)
c. Worms
Worms are like viruses, but they use computer networks or the Internet to self-replicate and "send themselves" to other users, generally via e-mail, while viruses require human action to spread from one computer to the next. (27) Worms have far more destructive potential than viruses because they can spread so much faster. (28)
d. Trojan Horses
Trojan horses are programs with legitimate functions that also contain hidden malicious code. (29) Like its namesake, a Trojan horse dupes a user into installing the seemingly innocent program on his or her computer system, and then activates the hidden code, which may release a virus or allow an unauthorized user access to the system. (30) Hackers use Trojan horses as the primary way they transmit viruses. (31)
e. Logic Bombs
Logic bombs are programs that activate when a specific event occurs, such as the arrival of a particular date or time. (32) They can be destructive but software companies commonly use them to protect against violation of licensing agreements by disabling the program upon detection of a violation. (33)
f. Sniffers
Sniffers, also known as network analyzers, can read electronic data as it travels through a network. (34) Network administrators use them to monitor networks and troubleshoot network connections. (35) Sniffers can help network administrators find and resolve network problems. (36) However, a hacker can break into a network and install a sniffer that logs all activity across a network, including the exchange of passwords, credit card numbers, and other personal information. (37)
g. Denial of Service Attacks
In a denial of service attack, hackers bombard the target website with an overwhelming number of simple requests for connection, thus rendering the site unable to respond to legitimate users. (38) In distributed denial of service attacks, hackers use the networks of innocent third parties to overwhelm websites and prevent them from communicating with other computers. (39) After breaking into several network systems, the individual makes one system the "Master" system and turns the others into agent systems. (40) Once activated, the Master directs the agents to launch a denial of service attack. (41) The use of third party "agents" makes it particularly difficult to identify the culprit. (42)
h. Web Bots & Spiders
"Web bots" or "spiders" are data search and collection programs that can create searchable databases that catalogue a website's activities. (43) Although seemingly innocuous, too many spiders on the same web site can effectively be a denial of service attack. In addition, they can steal data from the websites that they search. (44)
3. Instrument of Crime
Third, a computer may be an "instrument" used to commit traditional crimes. (45) These traditional crimes include identity theft, (46) child pornography, (47) copyright infringement, (48) and mail or wire fraud. (49)
II. GENERAL ISSUES
A. Constitutional Issues
This Section addresses general constitutional issues with computer crimes. Specific constitutional issues with federal and state statutes are discussed in the relevant Sections of this article. Constitutional issues related to computer crimes usually fall under either the First Amendment or the Fourth Amendment. There are also some federalism issues. In particular, how much the federal government can regulate intrastate behavior under the Commerce Clause. This is discussed more fully in the following Section on federal child pornography statutes. (50)
1. First Amendment
The First Amendment (51) protects the same forms of speech in cyberspace that it does in the real world. Hate speech and other forms of racist speech receive the same protection on the Internet as they have always received under traditional First Amendment analysis. (52) The guarantee of the First Amendment extends well beyond personally held beliefs to include speech that advocates conduct, even when that conduct is illegal. (53) Racist speech is also probably protected on the Internet, as it is not likely to fit within the "fighting words" exception to the First Amendment. (54)
There is an exception to this general Free Speech principle for "true threats," (55) such as sending threatening e-mail messages to a victim or even a public announcement on the Internet of an intention to commit an act that is racially motivated. (56) A similar exception exists for harassment on e-mail or the Internet, as long as it is sufficiently persistent and malicious as to inflict, or is motivated by desire to cause, substantial emotional or physical harm (57) and is directed at a specific person. (58) Child pornography is not protected either, but finding a sufficiently narrow description to prevent its spread on the Internet has proven difficult. (59)
2. Fourth Amendment
A number of difficult Fourth Amendment (60) issues inhere in computer crimes. The Fourth Amendment prohibits unreasonable searches and seizures by the government. (61) What constitutes a search and seizure with respect to computer crimes is not always clear. Nor is it always apparent how courts should apply the warrant requirement.
Although the Fourth Amendment generally requires specificity in search warrants, broad search warrants have been upheld when addressed to computer crimes. (62) Broad searches have been justified as "about the narrowest definable search and seizure reasonably likely to obtain the [evidence]." (63) The Eleventh Circuit held that the Fourth Amendment's particularity requirement must be applied flexibly in computer crime cases. (64) There is a circuit split as to whether that law enforcement agents with a warrant may search and seize computer files even though doing so might cause seizure of contents having no relation to the crime being investigated. (65) However, agents may seize and search a disk, even if its label indicates that it is not within the scope of the warrant. (66) Agents may also search computer hardware and software when they have reason to believe that those items contain records covered by the warrant. (67)
The agents may even remove the hardware and software from the owner's premises to conduct their examination. (68) The seizure of computer disks is allowed even when the warrant facially refers only to records and documents. (69) They may not, however, seize peripheral items, such as printers, to assist them in their review of the seized items. (70) State courts have split on extending this principle to their search and seizure jurisprudence. (71)
Fourth Amendment issues may also arise when law enforcement intercepts address information on the Internet, such as e-mail addresses and website addresses. The Supreme Court has found that there is no expectation of privacy in the phone numbers someone dials. (72) Therefore, this information is not subject to Fourth Amendment protection. (73) Before 2001, the FBI routinely searched similar information on Internet communications without much mention of constitutional issues. (74) However, the Court has not directly addressed whether there is an expectation of privacy for similar address information on Internet communications. Nonetheless, the Ninth Circuit has held that obtaining Internet address information by installing a surveillance program at the Internet Service Provider's ("ISP") facility is "constitutionally indistinguishable" from the use of a pen register and, therefore, Internet users have no expectation of privacy in such information. (75) The Fourth Circuit has similarly held that a criminal defendant has no reasonable expectation of privacy in the information he provides to his ISP. (76) Despite these decisions, and the implication of the changes made by the Patriot Act, the analogy to phone numbers does not necessarily follow. (77)
The use of investigative tools devised for eavesdropping on Internet communications may present additional Fourth Amendment questions. (78) The use of a keystroke logger system appears to be constitutional. (79) The constitutionality of other techniques, however, will likely be tested as the government discloses more information about both the nature of its capabilities and the frequency of their application.
Another relevant Fourth Amendment issue is the doctrine of staleness, (80) which "applies when information proffered in support of a warrant application is so old that it casts doubt on whether the fruits or evidence of a crime will still be found at a particular location." (81) The durability of data and graphics stored on computer hardware has drastically extended the period after which the staleness doctrine applies. For example, the Ninth Circuit upheld the validity of a search warrant even though ten-month-old information supported it. (82)
B. Other Issues
In addition to constitutional obstacles, federal laws may interfere with computer crime statutes at both the federal and state level. Several laws intended to protect privacy have implications in computer crimes as well. For example, Title III applies to both the government and civilians in situations in which there are Fourth Amendment issues. (83) Title III applies to state actors as well and states may not legislate lower standards for interception, although they may set higher ones. (84)
Another complication arises as a result of additional protection for computer records provided by the Privacy Protection Act of 1980. (83) The statute requires police to obtain a subpoena prior to searching or seizing work product or other materials reasonably believed to pertain to public communications such as newspapers. (86) This protection does not include child pornography. (87) The Privacy Protection Act still applies to other material that may be public communications.
III. FEDERAL APPROACHES
This Section explores the major federal statutes, enforcement strategies, and constitutional issues regarding computer related crimes. The government can charge computer-related crimes under at least forty different federal statutes. (88) There are also a number of traditional criminal statutes whose application to computer crime is unclear. (89) Because the federal government has used the United States Sentencing Guidelines ("Guidelines") to enhance sentences for traditional crimes committed with the aid of computers, (90) This Section discusses the role of the Sentencing Guidelines in general, key federal statutes in the prosecution of computer crimes, and relevant enforcement efforts. Although the focus of this Article is the federal government's approach to prosecuting criminal computer offenses, past litigation has also sought civil remedies. (91)
A. Sentencing Guidelines
The Guidelines supplement the federal computer crime statutes and help determine how much of the maximum sentence a perpetrator should serve. (92) The Guidelines treat most computer crimes as economic crimes sentenced under [section] 2B 1.1. (93) The Guidelines also dictate "special skills" enhancements for particular crimes including computer crimes. (94)
B. Federal Statutes
Since 1984, Congress has pursued a dual approach to combating computer crime. The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (95) and subsequent amending acts (96) address crimes in which the computer is the "subject." This line of statutes culminated in the CFAA, (97) which is discussed in detail in Section 2. The federal government's other approach to regulating computer crime has been to update traditional criminal statutes to reach similar crimes involving computers. (98)
1. Child Pornography Statutes
Federal child pornography statutes have not fared well under the First Amendment. In Reno v. American Civil Liberties Union, (99) the Supreme Court gave an unqualified level of First Amendment protection to Internet communications. (100) Under Reno, legislation will not withstand scrutiny if it requires web surfers or Internet content providers to estimate the age of those with whom they communicate or to tag their communications as potentially indecent or offensive, prior to engaging in "cyberspeech." (101) The Court found that less regulation is necessary to protect children on the Internet compared to television or radio because users rarely come across content on the Internet accidentally and warnings often precede sexually explicit images. (102) The global nature of the Internet also renders it difficult, if not impossible, for users to predict when their potentially offensive communications will reach a minor. (103) Consequently, Reno requires courts to apply unqualified First Amendment scrutiny to speech restrictions affecting the Internet. (104) Note that "unqualified" protection does not cover obscenity, which the government may ban. (105) Under this standard, parts of several federal child pornography laws discussed below and all of the Child Online Protection Act of 1998 ("COPA"), (106) have been found unconstitutional. (107)
a. Communications Decency Act of 1996
The Communications Decency Act of 1996 ("CDA"), or Title V of the Telecommunications Act of 1996, (108) originally prohibited the transmission of "indecent," (109) "patently offensive," (110) or "obscene" (111) material to minors over the Internet. In Reno v. American Civil Liberties Union, (112) the Supreme Court struck down those portions of the statute that banned "indecent" (113) and "patently offensive" (114) images as being unconstitutionally vague and overbroad. (115) The rest of [section] 223(a), banning transmission of obscene speech to minors, remains in effect. (116)
Under [section] 223(a), knowing transmission of obscene speech or images to minors is punishable by a fine, imprisonment of up to two years, or both. (117) The Guidelines set a base offense level of ten for transportation of obscene matter, which is automatically increased by five levels if the obscene matter is transmitted to a minor. (118) A seven-level upward adjustment is mandated if the distribution was intended to convince a minor to engage in prohibited sexual conduct. (119) The base level of the offense can be raised no less than five levels if the offense is related to distribution of material for pecuniary gain. (120) If the material involved in the offense portrays sadistic, masochistic conduct, or other depictions of violence, the offense level increases by four. (121)
b. Child Pornography Prevention Act of 1996
In 1996, Congress passed the Child Pornography Prevention Act (122) ("CPPA"), which criminalized the production, distribution, and reception of computer generated, sexual images of children. (123) Thus, CPPA sought to prohibit computer transmission of erotic photographs of adults doctored to resemble children. (124) However, in April 2002, the Supreme Court held as unconstitutionally vague and overbroad two provisions of the statute. (125)
In response, Congress passed the Prosecutorial Remedies and Other Tools to End the Exploitation of Children Today Act of 2003 ("PROTECT Act"). (126) The PROTECT Act included a pandering provision to address the distribution of images of real children disguised as computer-generated images within the bounds of Ashcroft. (127) A number of courts have recognized that this provision is also unconstitutional as overly broad and impermissibly vague. (128)
In addition, the constitutionality of child pornography statutes like CPPA, with...
NOTE: All illustrations and photos
have been removed from this article.
More articles from American Criminal Law Review
Corporate criminal liability.(Twenty-Third Annual Survey of White Coll..., March 22, 2008
Election law violations.(Twenty-Third Annual Survey of White Collar Cr..., March 22, 2008
Employment-related crimes.(Twenty-Third Annual Survey of White Collar ..., March 22, 2008
Environmental crimes.(Twenty-Third Annual Survey of White Collar Crime..., March 22, 2008
False statements and false claims.(Twenty-Third Annual Survey of White..., March 22, 2008
Looking for additional articles?
Search our database of over 3 million articles.
Looking for more in-depth information on this industry?
Search our complete database of Industry & Market reports by text, subject, publication
name or publication date.
About Goliath
Whether you're looking for sales prospects, competitive information, company
analysis or best practices in managing your organization,
Goliath can help you meet your business needs.
Our extensive business information databases empower business
professionals with both the breadth and depth of credible,
authoritative information they need to support their business
goals. Whether it be strategic planning, sales prospecting,
company research or defining management best practices -
Goliath is your leading source for accurate information.
|
%20%20&position=1)