Differentiating Crimes That Use the Net from Crimes That Depend on the Net
In many cases, crimes that we would call cybercrimes under our general definition are really just the same old stuff, except that a computer network is somehow involved. That is, a person could use the Internet to run a pyramid scheme or chain letters, set up clients for prostitution services, take bets for illegal gambling, or acquire pornographic pictures of minors. All these acts are already criminal in certain jurisdictions and could be committed without the use of the computer network. The cyber aspect is not a necessary element of the offense; it merely provides the means to commit the crime. The computer network gives criminals a new way to commit the same old crimes. Existing statutes that prohibit these acts can be applied to people who use a computer to commit them as well as to those who commit them without the use of a computer or network.
In other cases, the crime is unique and came into existence with the advent of the Internet. Unauthorized access is an example; while it might be likened to breaking and entering a home or business building, the elements that comprise unauthorized computer access and physical breaking and entering are different. By statutory definition, breaking and entering generally require physical entry onto a premise, an element that is not present in the cyberspace version of the crime. Thus, new statutes had to be written prohibiting this specific behavior.
Theft of Intangible Property
Theft of intangible property, such as computer data, poses a problem under the traditional theft statutes of many U.S. jurisdictions. A common statutory definition of theft is unlawful appropriation of the property of another without the effective consent of the owner, with the intent to deprive the owner of the property. (This definition is taken from the Texas Penal Code, Section 31.03.) This definition works well with tangible property; if I steal your diamond necklace or your new Dell laptop, my intent to deprive you of the use of the property is clear. However, I can steal your companys financial records or the first four chapters of the great American novel youre writing without depriving you of the property or its use at all. If I were prosecuted under the theft statute, my defense attorney could argue that the last element of the offense wasnt met. This is the reason new statutes had to be written to cover theft of intangible or intellectual properties, which are not objects that can be in the possession of only one person at a time.
Traditional intellectual property laws (copyright, trademark, and the like) are civil laws, not prosecuted in criminal court other than under special newer laws pertaining to only narrowly defined types of intellectual property such as software and music. Some federal laws prohibit theft of data, but the FBI and federal agencies have jurisdiction only in certain circumstances, such as when the data is stolen from federal government computers or when it constitutes a trade secret. In most cases, its up to the state to prosecute. States cant bring charges under federal law, only under their state statutes. Until recently, many states didnt have statutes that covered data theft because it didnt fit under traditional theft statutes and they didnt have theft of intellectual property statutes.
Working Toward a Standard Definition of Cybercrime
Why is it so important for us to develop a standard definition of cybercrime? Unless we all use the sameor at least substantially similardefinitions, it is impossible for IT personnel, users and victims, police officers, detectives, prosecutors, and judges to discuss the offense intelligently. As we saw when discussing the European Convention on Cybercrime treaty, poor or omitted definitions of technology can create issues that can impact the rights and business practices of law-abiding citizens. In addition to this, as well discuss later in this chapter, it is impossible to collect meaningful statistics that can be used to analyze crime patterns and trends. If we cant agree on what something is, then we cant compile statistics on it.
Crime analysis allows agencies to allocate resources more effectively and to plan their own strategies for responding to problems. It is difficult for agency heads to justify the need for additional budget items (specialized personnel, training, equipment, and the like) to appropriations committees and governing bodies without hard data to back up the requests. Standard definitions and meaningful statistical data are also needed to educate the public about the threat of cybercrime and involve communities in combating it. Crime analysis is the foundation of crime prevention; understanding the types of crime that are occurring, where and when they are happening, and who is involved is necessary in order to develop proactive prevention plans.
Even though we have no standard definitions to invoke, lets look at how cybercrime is defined by some of the most prominent authorities.