INTRODUCTION TO COMPUTER CRIMES
Legal Links<tm>: Chain 1, Link 3A
Copyright © 1996-2004 Zegarelli Law Group. All rights reserved.
Written by Gregg R. Zegarelli, Esq.

THE FOUNDATION OF COMPUTER CRIMES

A "crime" is an act against the general public welfare. Crimes are defined in the criminal codes. If someone is accused of a crime, a federal or state prosecutor brings a legal action in the name of the government on behalf of the people. Criminal cases have captions such as "United States v. Doe." If the accused is found to have violated the law beyond a reasonable doubt, then he or she is guilty, becomes a criminal, and is placed in a penal institution and/or pays a fine. A crime is distinguished from a "tort," which is an act against another private citizen. Torts are defined by court-made law and civil codes. If someone is accused of a tort, the injured individual brings a legal action in his or her own name. Civil cases have captions such as "Hatfields v. McCoys." If the defendant is found to have caused an injury by a preponderance of the evidence, then he or she is liable, becomes a tortfeasor, and must pay damages.

The term "computer crime," is often used to describe criminal activity that either uses computer technology to accomplish a crime, or focuses upon computer technology as the object of the crime. Difficulties in applying traditional criminal laws to computer crimes arose because the nature of technology does not fit well into categories of property traditionally subject to abuse or theft. For example, a computer program might only exist in the form of magnetic impulses, and, when misappropriated, the original might not be removed from the owner's possession. Federal and state prosecutors were faced with a wide range of statutes potentially applicable to computer crimes, but they had no legal basis upon which to draw analogies. As a result, the need for a specific computer crime statutes was recognized in the mid-seventies.

FEDERAL LAW

Computer Fraud and Abuse Act of 1984

The first federal legislation to address computer-related criminal activity appeared in the form of the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984. That law was quite limited in scope. It provided criminal penalties only for stealing national security-related data by trespassing onto government computers, or for stealing computerized information on a person's credit history. In 1986, the Act was amended to create three new offenses: 1) theft by computer with the intent to defraud; 2) computer damage resulting in the loss of $1,000 or more, or interfering with medical procedures; and 3) trafficking in passwords for government computers or those that affect interstate commerce. Under the Act, it is illegal to, or attempt to:

1. knowingly access a computer without authorization and obtain protected information relating to national defense or foreign relations, with the intent or reason to believe that the information is to be used to the injury of the United States or the advantage of any foreign nation;

2. intentionally access a computer without authorization and obtain financial information;

3. intentionally access a computer for the exclusive use of the United States without authorization, or, in the case of computer not for the exclusive use of the United States, affect the government's operation of such a computer;

4. knowingly, and with the intent to defraud, access a federal interest computer without authorization and obtain anything of value except the use of a computer;

5. intentionally access the federal interest computer without authorization and alter, damage or destroy information or prevent the authorized use of the computer or information if the resulting loss is $1,000 or more or if the information relates to medical records; and

6. knowingly, and with the intent to defraud, traffic in passwords or similar access information without authorization if the trafficking affects interstate or foreign commerce where the computer is used by or for the U.S. Government.

The term "computer" means high speed data processing device and includes any data, storage or communication facility directly related to or operating in conjunction with such a device, but expressly excludes a typewriter, typesetter, or calculator. A "federal interest computer" is one that is for the exclusive use of a financial institution or the United States Government, or, in the case of nonexclusive use, the unauthorized use affects the operation of the computer by the financial institution or the government. A federal interest computer is also one of two or more computers used in committing an offense which are not located in the same state.

Penalties include prison terms which range from ten years (or, 20 years for subsequent conviction) for the access of defense or foreign relations information; five years (or, ten years for subsequent conviction) for the access of a federal interest computer in the furtherance of a fraud or resulting in the alteration of information; one year (or, ten years for subsequent conviction) for access of financial information or departmental agencies computers or for trafficking in passwords.

Additional Criminal Statues.

Prior to the enactment of the Computer Fraud and Abuse Act, statutes relating to embezzlement, invasion of privacy, trade secrets, copyright, mail fraud and wire fraud were utilized and interpreted so as to apply to computer crime. Although these statues were designed for the prosecution of other offenses, and their application to computer activity was initially untested, once established, the usefulness in the prosecution of computer-related criminal activity continues.

1. Wire and Mail Fraud.

The federal wire fraud statute prohibits the transmission of wire, radio, or television communications in interstate or foreign commerce for the purpose of executing any actual or intended scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises. The federal mail fraud statute prohibits the use of U.S. mail for similar purposes.

Any prosecution of computer crime under the wire fraud statute based on access calls, however, is limited to situations where the access calls cross state lines. An intent to defraud must be shown for conviction under either statute, but need not be shown by direct evidence. For example, in one case, the unauthorized retrieval of computerized information was found to be fraudulent, despite the absence of evidence that the defendant used the data in his own business or attempted to sell it. The wire and mail fraud statutes are not limited to tangible property.

Confidential information belonging to one's employer is a property interest that can invoke the wire and mail fraud statutes. For conviction under the mail or wire fraud statutes, the wire or mail, as the case may be, must be used for "the purpose of executing" the fraudulence scheme. For example, the mailing of promotional material to solicit potential sales for a computer system developed through employees' unauthorized use of their employer's computer system and storage facilities was for "the purpose of executing" the scheme to defraud their employer by using company resources for personal gain. Each violation can result in a fine of up to $1,000 and/or imprisonment for not more than five years.

2. Interstate Transportation of Stolen Property.

The interstate transportation of stolen property statute prohibits, among other things, the transportation "in interstate or foreign commerce of any goods, merchandise, security or money, the value of $5,000 or more, knowing the same to have been stolen, converted or taken by fraud." The statute has been used to prosecute employee theft of trade secrets. Penalties range to $10,000 and/or imprisonment for not more than 10 years.

3. Sale of Government Property.

Any person who "embezzles, steals, conveys, or knowingly converts to his own use," or "without authority, sells, conveys, or disposes of any record, voucher, money, or thing of value of the United States" or "receives, conceals, or retains the same with the intent to convert it to his use or gain, knowing it to have been embezzled, stolen, conveyed or converted," is subjected to penalties, of up to $10,000 and/or imprisonment for ten years. The statute has been used to prosecute the sale of information derived from a government computer.

4. Wiretapping Act

The Wiretapping Act is the primary law protecting the security and privacy of business and personal communications in the United States. As originally enacted, in 1968, the law generally prohibits the interception of wire or oral communications without a court order, which could be issued only if the "search" was reasonable. The Act was passed in response to the Supreme Court's holding that the Fourth Amendment applies to protect against governmental interception of a telephone conversation and electronic eavesdropping on oral conversations. The Act prohibits the actual or attempted willful interception, use of an interception device, or disclosure of the contents of a wire or oral communication by persons who are not a party to the communication.

The 1986 amendments, embodied in the Electronic Communications Privacy Act, greatly expanded the coverage of the Wiretapping Act by extending it to electronic communications. The Electronic Communications Privacy Act of 1986 protects against the unauthorized interception of electronic communications in light of the new computer and telecommunications technologies. The Act seeks to protect privacy interests in personal and proprietary information while protecting the government's legitimate law enforcement needs. In short, it is a crime if a person gains unauthorized access, or an access in excess of authorization, to a facility through which an electronic communication service is provided that results in obtaining, altering or preventing authorized access to a stored wire or electronic communication. Actions that are authorized by the service provider, by a user with respect to a communication of or intended for that user, or by law are excepted. Furthermore, the provider of a public electronic communication or remote computing service may not knowingly divulge the contents of a stored communication, except to an addressee or intended recipient or his or her agent, with the lawful consent of the originator or intended recipient, or forwarding agent, as necessary for the rendition of service, or to a law enforcement agency under limited circumstances. It is noteworthy that any provider of electronic communication service or customer has a civil cause of action against anyone who commits a knowing or intentional violation.

STATE LAWS

State computer crime laws generally prohibit a range of computer-related activities. Among the most frequently prohibited computer activities are: unauthorized access; alteration, damage or destruction of data or software or of a computer, computer system or computer network; the disclosure, use, copying or taking of computer services, data or software; and utilizing a computer to devise or execute a scheme to defraud or obtain money, property, or services.

The denial of access to an authorized user, computer invasion of privacy, supplying passwords or access codes, and the receipt or possession of a illegally obtained information is prohibited in fewer states. What constitutes a "computer" is generally consistent among the states. Most state laws refer to electronic, magnetic, and optical devices that perform logical, arithmetic, memory functions by manipulation. Some statutes include "organic device" within the list of items that constitute a computer. In many states, a person commits a computer crime if the person:

1. accesses, alters, damages or destroys, any computer, computer system, computer network, computer software, computer program or data base or any part thereof, with the intent to interrupt the normal functioning of an organization or to deceive or to execute any scheme or artifice to defraud or to conceive property or services by means of false or fraudulent pretence, representations or promises;

2. intentionally or without authorization accesses, alters, interferes with the operation of, damages or destroys any computer, computer system, computer network, computer software, computer program, or computer data base or any part thereof;

3. intentionally or knowingly and without authorization gives or publishes a password, identifying code, personnel identification number or other confidential information about a computer, computer system, computer network or data base.

Violation of the statute can result in imprisonment of up to 7 years.

As in all statutes, understanding the defined terms becomes crucial to understanding of the statute. For example, "access" means to "intercept, instruct, communicate with, store data in, retrieve data or otherwise make use of any resource of a computer, computer system, computer network or data base. "Computer" means "electronic, magnetic, optical, hydraulic, organic or other high speed data processing device or system which performs logic, arithmetic, or memory functions and includes all the input, output, processing, storage, software communications facilities which are connected or related to the device or the system or network." "Property" includes, but is not limited to, financial instruments, computer software and programs in either machine or human readable form and of any value, tangible or intangible. "Services" includes, but are not limited to, computer time, data processing and storage functions.

CONCLUSION

Federal and state legislators have recognized the risks associated with the new technologies, they are responding with more sophisticated laws.

Articles and information are for general information only, and often address issues, without expressly indicating, in generalizations. Laws vary between and among jurisdictions.  You should not rely upon any information provided by or on the website, including articles, as applicable to your particular situation. The law, filing fees, etc., change often, so the information in this document may not be current. The laws of various jurisdictions may be different than provided here.  Please contact us at info@zegarelli.com if you are interested in becoming our client--only then would this office be in the position to provide advise with regard to your particular situation.  It is important for you to review Terms of Use.

Z e g a r e l l i
Home Page (click here)

Zegarelli Law Group Profile

Corporate Office:
429 Forbes Avenue, 12th Floor, Pittsburgh, PA 15219-1616
Voice: 412.765.0400
Fax: 412.765.0531

Join Mailing List
Give Feedback

Get More Information
Contact Webmaster