Chapter 6-1-2 Federal and State Computer Crime Laws
Scott Charney Stevan D. Mitchell
The widespread use of computers has resulted in a new challenge for law enforcement computer crime. A computer crime can be said to occur when a computer is the target of the offense, that is, when the actors conduct is designed to steal information from, or cause damage to, a computer or computer network.
Some computer crime definitions also include cases in which the computer is an integral tool in committing an offense. For example, a bank teller might write a computer program to skim small amounts of money from a large number of accounts. Although this might constitute a computer crime, such conduct is prohibited by traditional criminal laws, and could be charged accordingly.
FEDERAL COMPUTER CRIME LAWS
Because existing laws focused on tangible property, Congress enacted a law specifically designed to protect computers and the information they contain. The Computer Fraud and Abuse Act of 1986, located at Title 18 of the United States Code in Section 1030, contains six separate offenses, three of which are felonies and three of which are misdemeanors. Generally speaking, these offenses protect certain types of computers and certain types of information.
The first felony, which protects classified information, prohibits knowingly accessing a computer, without or exceeding authorization, and thereby obtaining classified information with intent to use or reason to believe that such information is to be used to the injury of the United States or to the advantage of any foreign nation. It is important to note that obtaining information includes simply reading the material. It is not necessary that the information be physically moved or copied.
The second felony seeks to punish those who use computers in schemes to defraud others. This section applies when anyone knowingly, and with intent to defraud, accesses a federal-interest computer without authorization or when anyone exceeds authorized access to further the intended fraud and obtain anything of value, other than merely the use of the computer. By requiring that the actor obtain something of value, Congress ensured that every trespass into a federal-interest computer did not become a felony.
The term federal-interest computer is significant. A federal-interest computer is a computer used exclusively by the United States or a financial institution, one used partly by the United States or a financial institution where the dependants conduct affected the governments or financial institutions operation of the computer, or any computer that is one of two or more computers used in committing the offense, not all of which are located in the same state. This last portion of the definition is extremely important because it allows a computer owned by a private company to be a federal-interest computer and thus protected by the statute. Essentially, all that is required is that at least two computers, not all located in the same state, be involved in the offense. For example, if a defendant uses a personal computer in New York to steal information from a mainframe in Texas to commit a fraud, a federal-interest computer is involved.
The last felony section also protects federal-interest computers. Under this section, it is a felony to intentionally access such a computer without authorization and by means of one or more instances of such conduct to alter, damage, or destroy information or prevent the authorized use of any such computer or information and thereby either (1) cause loss to one or more others aggregating $1,000 or more during any one year period or (2) modify or impair, or potentially modify or impair, the medical examination, diagnosis, treatment, or care of one or more individuals. Significantly, the only intent requirement is that the defendant intentionally access the federal-interest computer without authority; the defendant need not intend to cause the damage that results.
The statute also provides for three misdemeanors. The most important misdemeanor is designed to protect government computers and is a strict trespass provision. Anyone accessing a government computer without authority violates this statute, whether or not the intruder does any damage, alters any files, or steals any property. The second misdemeanor is designed to protect financial information and covers bank records, credit card information, and information maintained by credit reporting services. The last is meant to prohibit trafficking in passwords or similar information through which a computer may be accessed without authorization, if such trafficking affects interstate or foreign commerce or the computer is used by or for the government.
The most significant weakness in 18 U.S.C. § 1030 is that it fails to criminalize certain malicious conduct by insiders. Under 18 U.S.C. § 1030(a)(5), an individual must access a computer without authority and thereby cause damage. Thus, insiders with authority to access a particular machine cannot be held criminally liable for the damage they cause, even though their acts were intentionally destructive (e.g., a disgruntled employee may deliberately launch a destructive virus). Indeed, Congress is currently looking at this very issue.
|