U.S. Federal and State Statutes
We have already mentioned the somewhat broad definition of computer crime adopted by the U.S. Department of Justice. Individual federal agencies (and task forces within those agencies) have their own definitions. For example, the FBI investigates violations of the federal Computer Fraud and Abuse Act, which lists specific categories of computer and network-related crimes:
Public switched telephone network (PSTN) intrusions
Major computer network intrusions
Network integrity violations
Other crimes in which computers play a major role in committing the offense
USA PATRIOT Act and Protect America Act
Many aspects of the Computer Fraud and Abuse Act were amended by the USA PATRIOT Act, which increased penalties and allowed the prosecution of individuals who intended to cause damage, as opposed to those actually causing damage. The USA PATRIOT Act is an acronym for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. As its clumsy and cumbersome title indicates, it was created after the September 11, 2001 terrorist attacks on the United States, and pushed through the U.S. Senate to give law enforcement enhanced authority over monitoring private communications and accessing personal information.
Another Act that was signed into law by President Bush in August of 2007 is the Protect America Act (nicknamed by many as PATRIOT II). It also provides greater authority to law enforcement, and allows the government to perform such actions as:
Access the credit reports of a citizen without a subpoena Conduct domestic wiretaps without a court order for 15 days after an attack on the United States or congressional authorization of use of force
Criminalize the use of encryption software used in the commission or planning of a felony
Extend authorization periods used for wiretaps or Internet surveillance
The focus of the Protect America Act was to update the Foreign Surveillance Act and deal with shortcomings in the law that dont address modern technology. However, these Acts were controversial enough to require the U.S. Department of Justice to create www.lifeandliberty.gov, a Web site is designed to provide information and disclaim arguments against these two Acts.
Title 18 of the U.S. Code, in Chapter 47, Section 1030, defines a number of fraudulent and related activities that can be prosecuted under federal law in connection with computers. Most pertain to crimes involving data that is protected under federal law (such as national security information), involving government agencies, involving the banking/financial system, or involving intrastate or international commerce or protected computers. Defining and prosecuting crimes that dont fall into these categories usually is the province of each state.
Most U.S. states have laws pertaining to computer crime. These statutes are generally enforced by state and local police and might contain their own definitions of terms. For example, the Texas Penal Codes Computer Crimes section (which is available to view at http://tlo2.tlc.state.tx.us/statutes/pe.toc.htm) defines only two offenses:
Online Solicitation of a Minor (Texas Penal Code Section 33.021)
Breach of Computer Security (Texas Penal Code Section 33.02), which is defined as knowingly accessing a computer, computer network, or computer system without the effective consent of the owner. The classification and penalty grade of the offense is increased according to the dollar amount of loss to the system owner or benefit to the offender.
Section 502 of the California Penal Code (Section 502), on the other hand, defines a list of eight acts that constitute computer crime, including altering, damaging, deleting, or otherwise using computer data to execute a scheme to defraud; deceiving, extorting, or wrongfully controlling or obtaining money, property, or data; using computer services without permission; disrupting computer services; assisting another in unlawfully accessing a computer; or introducing contaminants (such as viruses) into a system or network. Additional sections of the penal code also address other computer and Internet-related crimes, such as those dealing with child pornography and other crimes that may incorporate the use of a computer. However, as stated earlier, these are not necessarily dependent on the use of computers or other technologies.
Depending on the state, the definition of computer crime under state law differs. Once again, the jurisdictional question rears its ugly head. If the multijurisdictional nature of cybercrime prevents us from even defining it, how can we expect to effectively prosecute it?