INTRODUCTION TO COMPUTER CRIMES
Legal Links<tm>: Chain
1, Link 3A
Copyright © 1996-2004
All rights reserved.
R. Zegarelli, Esq.
THE FOUNDATION OF COMPUTER CRIMES
A "crime" is an act against the general public welfare. Crimes are defined
in the criminal codes. If someone is accused of a crime, a federal or state prosecutor
brings a legal action in the name of the government on behalf of the people. Criminal
cases have captions such as "United States v. Doe." If the accused is
found to have violated the law beyond a reasonable doubt, then he or she is guilty,
becomes a criminal, and is placed in a penal institution and/or pays a fine. A crime is
distinguished from a "tort," which is an act against another private citizen.
Torts are defined by court-made law and civil codes. If someone is accused of a tort, the
injured individual brings a legal action in his or her own name. Civil cases have captions
such as "Hatfields v. McCoys." If the defendant is found to have caused
an injury by a preponderance of the evidence, then he or she is liable, becomes a
tortfeasor, and must pay damages.
The term "computer crime," is often used to describe criminal activity that
either uses computer technology to accomplish a crime, or focuses upon computer technology
as the object of the crime. Difficulties in applying traditional criminal laws to computer
crimes arose because the nature of technology does not fit well into categories of
property traditionally subject to abuse or theft. For example, a computer program might
only exist in the form of magnetic impulses, and, when misappropriated, the original might
not be removed from the owner's possession. Federal and state prosecutors were faced with
a wide range of statutes potentially applicable to computer crimes, but they had no legal
basis upon which to draw analogies. As a result, the need for a specific computer crime
statutes was recognized in the mid-seventies.
Computer Fraud and Abuse Act of 1984
The first federal legislation to address computer-related criminal activity appeared
in the form of the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984.
That law was quite limited in scope. It provided criminal penalties only for stealing
national security-related data by trespassing onto government computers, or for stealing
computerized information on a person's credit history. In 1986, the Act was amended to
create three new offenses: 1) theft by computer with the intent to defraud; 2) computer
damage resulting in the loss of $1,000 or more, or interfering with medical procedures;
and 3) trafficking in passwords for government computers or those that affect interstate
commerce. Under the Act, it is illegal to, or attempt to:
1. knowingly access a computer without authorization and obtain protected information
relating to national defense or foreign relations, with the intent or reason to believe
that the information is to be used to the injury of the United States or the advantage of
any foreign nation;
2. intentionally access a computer without authorization and obtain financial
3. intentionally access a computer for the exclusive use of the United States without
authorization, or, in the case of computer not for the exclusive use of the United States,
affect the government's operation of such a computer;
4. knowingly, and with the intent to defraud, access a federal interest computer
without authorization and obtain anything of value except the use of a computer;
5. intentionally access the federal interest computer without authorization and alter,
damage or destroy information or prevent the authorized use of the computer or information
if the resulting loss is $1,000 or more or if the information relates to medical records;
6. knowingly, and with the intent to defraud, traffic in passwords or similar access
information without authorization if the trafficking affects interstate or foreign
commerce where the computer is used by or for the U.S. Government.
The term "computer" means high speed data processing device and includes any
data, storage or communication facility directly related to or operating in conjunction
with such a device, but expressly excludes a typewriter, typesetter, or calculator. A
"federal interest computer" is one that is for the exclusive use of a financial
institution or the United States Government, or, in the case of nonexclusive use, the
unauthorized use affects the operation of the computer by the financial institution or the
government. A federal interest computer is also one of two or more computers used in
committing an offense which are not located in the same state.
Penalties include prison terms which range from ten years (or, 20 years for subsequent
conviction) for the access of defense or foreign relations information; five years (or,
ten years for subsequent conviction) for the access of a federal interest computer in the
furtherance of a fraud or resulting in the alteration of information; one year (or, ten
years for subsequent conviction) for access of financial information or departmental
agencies computers or for trafficking in passwords.
Additional Criminal Statues.
Prior to the enactment of the Computer Fraud and Abuse Act, statutes relating to
embezzlement, invasion of privacy, trade secrets, copyright, mail fraud and wire fraud
were utilized and interpreted so as to apply to computer crime. Although these statues
were designed for the prosecution of other offenses, and their application to computer
activity was initially untested, once established, the usefulness in the prosecution of
computer-related criminal activity continues.
1. Wire and Mail Fraud.
The federal wire fraud statute prohibits the transmission of wire, radio, or
television communications in interstate or foreign commerce for the purpose of executing
any actual or intended scheme or artifice to defraud, or for obtaining money or property
by means of false or fraudulent pretenses, representations, or promises. The federal mail
fraud statute prohibits the use of U.S. mail for similar purposes.
Any prosecution of computer crime under the wire fraud statute based on access calls,
however, is limited to situations where the access calls cross state lines. An intent to
defraud must be shown for conviction under either statute, but need not be shown by direct
evidence. For example, in one case, the unauthorized retrieval of computerized information
was found to be fraudulent, despite the absence of evidence that the defendant used the
data in his own business or attempted to sell it. The wire and mail fraud statutes are not
limited to tangible property.
Confidential information belonging to one's employer is a property interest that can
invoke the wire and mail fraud statutes. For conviction under the mail or wire fraud
statutes, the wire or mail, as the case may be, must be used for "the purpose of
executing" the fraudulence scheme. For example, the mailing of promotional material
to solicit potential sales for a computer system developed through employees' unauthorized
use of their employer's computer system and storage facilities was for "the purpose
of executing" the scheme to defraud their employer by using company resources for
personal gain. Each violation can result in a fine of up to $1,000 and/or imprisonment for
not more than five years.
2. Interstate Transportation of Stolen Property.
The interstate transportation of stolen property statute prohibits, among other
things, the transportation "in interstate or foreign commerce of any goods,
merchandise, security or money, the value of $5,000 or more, knowing the same to have been
stolen, converted or taken by fraud." The statute has been used to prosecute employee
theft of trade secrets. Penalties range to $10,000 and/or imprisonment for not more than
3. Sale of Government Property.
Any person who "embezzles, steals, conveys, or knowingly converts to his own
use," or "without authority, sells, conveys, or disposes of any record, voucher,
money, or thing of value of the United States" or "receives, conceals, or
retains the same with the intent to convert it to his use or gain, knowing it to have been
embezzled, stolen, conveyed or converted," is subjected to penalties, of up to
$10,000 and/or imprisonment for ten years. The statute has been used to prosecute the sale
of information derived from a government computer.
4. Wiretapping Act
The Wiretapping Act is the primary law protecting the security and privacy of business
and personal communications in the United States. As originally enacted, in 1968, the law
generally prohibits the interception of wire or oral communications without a court order,
which could be issued only if the "search" was reasonable. The Act was passed in
response to the Supreme Court's holding that the Fourth Amendment applies to protect
against governmental interception of a telephone conversation and electronic eavesdropping
on oral conversations. The Act prohibits the actual or attempted willful interception, use
of an interception device, or disclosure of the contents of a wire or oral communication
by persons who are not a party to the communication.
The 1986 amendments, embodied in the Electronic Communications Privacy Act, greatly
expanded the coverage of the Wiretapping Act by extending it to electronic communications.
The Electronic Communications Privacy Act of 1986 protects against the unauthorized
interception of electronic communications in light of the new computer and
telecommunications technologies. The Act seeks to protect privacy interests in personal
and proprietary information while protecting the government's legitimate law enforcement
needs. In short, it is a crime if a person gains unauthorized access, or an access in
excess of authorization, to a facility through which an electronic communication service
is provided that results in obtaining, altering or preventing authorized access to a
stored wire or electronic communication. Actions that are authorized by the service
provider, by a user with respect to a communication of or intended for that user, or by
law are excepted. Furthermore, the provider of a public electronic communication or remote
computing service may not knowingly divulge the contents of a stored communication, except
to an addressee or intended recipient or his or her agent, with the lawful consent of the
originator or intended recipient, or forwarding agent, as necessary for the rendition of
service, or to a law enforcement agency under limited circumstances. It is noteworthy that
any provider of electronic communication service or customer has a civil cause of action
against anyone who commits a knowing or intentional violation.
State computer crime laws generally prohibit a range of computer-related activities.
Among the most frequently prohibited computer activities are: unauthorized access;
alteration, damage or destruction of data or software or of a computer, computer system or
computer network; the disclosure, use, copying or taking of computer services, data or
software; and utilizing a computer to devise or execute a scheme to defraud or obtain
money, property, or services.
The denial of access to an authorized user, computer invasion of privacy, supplying
passwords or access codes, and the receipt or possession of a illegally obtained
information is prohibited in fewer states. What constitutes a "computer" is
generally consistent among the states. Most state laws refer to electronic, magnetic, and
optical devices that perform logical, arithmetic, memory functions by manipulation. Some
statutes include "organic device" within the list of items that constitute a
computer. In many states, a person commits a computer crime if the person:
1. accesses, alters, damages or destroys, any computer, computer system, computer
network, computer software, computer program or data base or any part thereof, with the
intent to interrupt the normal functioning of an organization or to deceive or to execute
any scheme or artifice to defraud or to conceive property or services by means of false or
fraudulent pretence, representations or promises;
2. intentionally or without authorization accesses, alters, interferes with the
operation of, damages or destroys any computer, computer system, computer network,
computer software, computer program, or computer data base or any part thereof;
3. intentionally or knowingly and without authorization gives or publishes a password,
identifying code, personnel identification number or other confidential information about
a computer, computer system, computer network or data base.
Violation of the statute can result in imprisonment of up to 7 years.
As in all statutes, understanding the defined terms becomes crucial to understanding
of the statute. For example, "access" means to "intercept, instruct,
communicate with, store data in, retrieve data or otherwise make use of any resource of a
computer, computer system, computer network or data base. "Computer" means
"electronic, magnetic, optical, hydraulic, organic or other high speed data
processing device or system which performs logic, arithmetic, or memory functions and
includes all the input, output, processing, storage, software communications facilities
which are connected or related to the device or the system or network."
"Property" includes, but is not limited to, financial instruments, computer
software and programs in either machine or human readable form and of any value, tangible
or intangible. "Services" includes, but are not limited to, computer time, data
processing and storage functions.
Federal and state legislators have recognized the risks associated with the new
technologies, they are responding with more sophisticated laws.
Contact us today! Our firm can assist
you with understanding and applying the law to your particular situation.
Represent the Entrepreneurial Spirit®.
If you would like to obtain our other firm publications, please go
mailing list page.
Articles and information are for general information only, and often address
issues, without expressly indicating, in generalizations. Laws vary between and
among jurisdictions. You should not rely upon any
information provided by or on the website, including articles, as applicable to your
particular situation. The
law, filing fees, etc., change often, so the information in this document may
not be current. The laws of various jurisdictions may be different than provided
here. Please contact us at firstname.lastname@example.org
if you are interested in becoming our client--only then would this office be in
the position to provide advise with regard to your particular situation.
It is important for you to review
Unless otherwise specified above, Copyright © 2004,2008 Technology & Entrepreneurial Law Group, PC. All rights reserved.
Z e g a r e l l i
Home Page (click here)
Zegarelli Law Group
429 Forbes Avenue, 12th Floor, Pittsburgh, PA 15219-1616
Join Mailing List
Get More Information