Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Cybercrime continues to make the headlines. Indeed, damages from viruses, hacking and denial-of-service attacks have been estimated in the range of multiple billions of dollars. As cybercrime is becoming a real threat to businesses and users, this article examines some of the applicable laws. THE COMPUTER FRAUD AND ABUSE ACT Computer crimes started showing up on the radar screen in the 1980s, and in 1986 Congress enacted the Computer Fraud and Abuse Act (18 USC 1030). The act, the primary prosecutorial weapon against cybercrime, has been updated several times, and was amended most recently in 1996. THE SCOPE OF THE ACT The act criminalizes the following seven general categories of activities: Government espionage: Knowingly accessing a computer and without authorization obtaining information deemed by the U.S. government to be restricted data, and willfully providing this information to someone else not entitled to it; or willfully refusing to turn such information over to the U.S. government. Wrongfully obtained information: Intentionally accessing a computer without authorization and obtaining information from the financial records of a financial institution, from the U.S. government, or from any protected computer if the conduct involved an interstate or foreign communication (practically any computer hooked up to the Internet). Accessing a government computer: Intentionally and without authorization accessing any non-public computer of the U.S. government (mere access without obtaining information can be sufficient to trigger liability). Fraud: With the intent to defraud, knowingly accessing a computer without authorization, and in furtherance of the intended fraud, obtaining anything of value (unless the object of the fraud consists only of the use of the computer and the value of such use is less than $5,000 over a one-year period). Hacking, viruses and denial of service: Knowingly causing the transmission of a program, information, code or command and without authorization intentionally causing damage to a computer. Liability also can be based on intentionally accessing a computer and recklessly or otherwise causing damage. Damage is defined as losses aggregating at least $5,000 during any one-year period, harm to medical care or treatment, physical injury or threats to public health or safety. Password traffic: Knowingly and with intent to defraud, trafficking in any password or similar information. Extortion: With the intent to extort anything of value, transmitting a communication containing any threat to cause damage to a protected computer. CRIMINAL PENALTIES AND CIVIL LIABILITY Most of the offenses listed above constitute felonies with sentences of up to five years. Sentences of 10 years may be given for repeat offenses. Espionage carries a first offense sentence of 10 years, with 20 years for repeat offenses. Wrongfully obtaining information (unless done for commercial advantage or private financial gain), simply accessing a government computer and trafficking in passwords constitute misdemeanors and can lead to prison terms of up to one year and 10 years for repeat offenses. Victims of cybercrime are not always content just to have perpetrators put behind bars; they want to be compensated for their losses. Accordingly, the act provides that any person who suffers a loss as a result of the seven categories of criminalized behavior may maintain a civil action against the violator and obtain compensatory economic damages and injunctive relief. PROPOSED AMENDMENTS In recent times, some proposed amendments to the Computer Fraud and Abuse Act have been put before Congress. One proposal would have permitted a federal court to issue one nationwide “trap and trace” order to acquire data apparently linked to cybercrime, instead of the current status quo, which requires separate court orders for the different communications companies involved in the chain. This proposal has caused concern about privacy violations. Another proposal would have created a misdemeanor offense for fraud that has damages of less than $5,000. Currently, for certain activities to be considered criminal, there must be a showing of damage of at least $5,000. The proposed amendment came about because establishing this damage threshold has been problematical in certain instances. Yet another proposal would have allowed (but not required) prosecution of juveniles under the more serious felony sections of the act, given that it appears that juveniles currently cannot be prosecuted under the act (although they very well may face criminal liability under state and other statutes). Finally, proposals have been made to stiffen the penalties for causing malicious code and hacking damage. Whether and when Congress amends the act remains to be seen. Hopefully, over time clear rules will help to deter criminal online behavior. Eric J. Sinrod is a partner in the San Francisco office of Duane Morris, where he focuses on technology and litigation matters. His Web site is sinrodlaw.com and his firm’s site is Duane Morris.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.