Handbook of Information Security Management:Law, Investigation, and Ethics

Previous Table of Contents Next


The diversity and variety found in various state enactments was well demonstrated by Anne W. Branscomb in Rogue Computer Programs and Computer Rogues: Tailoring the Punishment to Fit the Crime, an important study conducted in 1990. This study was dedicated predominantly to assessing how adequately existing laws might address problems presented by rogue programs or intrusive code. Branscomb distilled from existing enactments ten discrete ways in which states have acted to devise protective legislation. Branscomb’s taxonomy, which has since been adopted by a number of authoritative sources, among them, the American Criminal Law Review’s annual survey of white collar crime, includes:

  Definition of Property Expanded. Branscomb noted that a few states reacted to the threat of computer-related crime by including, within their respective definitions of property, information in the form of electronic impulses or data, whether tangible or intangible, either in transit or stored.
  Unlawful Destruction. Many states have criminalized activities that alter, damage, delete, or destroy computer programs or files. Branscomb noted that such prohibitions, standing alone, might not always reach the problem of intrusive code, which may be introduced without immediate alteration of existing files and programs.
  Use of a Computer to Commit, Aid, or Abet the Commission of a Crime. Laws of this type were passed to prohibit the use of a computer to facilitate other crimes, such as theft or fraud. Standing alone, however, these laws cannot deal with offenses that follow from, rather than precede, the emergence of computer technology.
  Crimes Against Intellectual Property. Laws falling in this category include offenses from the perspective of the information being protected. For example, some were passed to define offenses involving the destruction, alteration, disclosure, or use of intellectual property without consent.
  Knowing and Unauthorized Use. Other statutes sought to criminalize acts of knowing and unauthorized use of computers or computer services.
  Unauthorized Copying. Statutes in this category were enacted to criminalize the unauthorized copying of computer files or software and the receipt of goods so reproduced.
  Prevention of Authorized Use. Branscomb noted that approximately one-fourth of states criminalized interference with, or prevention of computer use by, authorized parties.
  Unlawful Insertion. These laws, common to a handful of states, prohibit the unauthorized insertion of data without regard to damage resulting therefrom.
  Voyeurism. These statutes cover what is most akin to an electronic trespass. That is, they traditionally deal with unauthorized entry, without regard to damage or the resulting harm. Notably, however, some states expressly exclude mere trespass from criminal sanction.
  Taking Possession. A few statues have criminalized the taking possession of a computer or computer software.

It should thus be apparent that state enactments are broader and more flexible than corresponding federal laws. They are certainly more frequently revisited and amended, thus permitting rapid response to particularized problems arising from changing technology. Over the past decade, much competent scholarship has compared and contrasted the various state approaches to computer crime legislation, and only some of this work is cited in this chapter. An examination of the state laws and this commentary highlights the directions in which the states are moving and may indicate future trends.

Legislative Challenges Presented by Computer-Related Crimes

In its relatively short history, computer-related criminal legislation has been subjected to its share of critical examination. Two overarching problems have emerged: (1) deciding exactly what is to be protected and (2) drafting statutory language that provides that protection without being overinclusive or underinclusive, even as technologies advance at breakneck speed. Generally speaking, three types of harms have been addressed: (1) unauthorized intrusion, (2) unauthorized alteration or destruction of information, and (3) the insertion of malicious programming code.

Although 49 states now have computer crime legislation to address these problems, some early commentators questioned the need for discrete computer-related criminal legislation. They felt many of the offensive acts could be addressed through traditional laws governing property and theft. Despite these assertions, however, difficulties arose in applying general criminal statutes governing theft of property to electronically stored and manipulated information. The legal definitions of property, theft, and damages were historically too narrow to encompass emerging offenses. Traditional laws against larceny and embezzlement, for example, often required that stolen property actually be taken and carried away or that the suspect demonstrate an intent to deprive the owner of his or her property. These common law statutory requirements have little bearing when applied to offenses against intangible information, which often remains with the owner even after being compromised and which is rarely carried away in the traditional sense.

It did not take long for legislators to suspect that traditional criminal statutes were not ideally suited to the prohibition and prosecution of emerging computer-related offenses. This remained the case even after efforts by some states to expand traditional notions of property to pertain to intangibles. Not only did computer technology change the form and way such crimes as fraud and larceny are committed, but it led to the development of new kinds of crimes. Ultimately, new laws had to be passed.


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.