Analysis of the Jurisdictional Thresholds for Prosecuting Cyber Crimes --- Online Security

Online Security, a global provider of computer forensics and information technology risk mitigation since 1997

Go back

Analysis of the Jurisdictional Thresholds for Prosecuting Cyber Crimes

Analysis of the Jurisdictional Thresholds for Prosecuting Cyber Crimes in the United States at the State Level
Posted: Aug 18 2004
Supplied by Dartmouth College

GENERAL COMPUTER CRIME STATUTES

General computer crime statutes attempt to prohibit many different types of computer-related criminal activities within a single statute. Because such statutes attempt to cover a wide range of computer-related criminal activity without headings detailing exactly what each section or clause seeks to proscribe, it can often be difficult to determine what types of conduct may be prosecuted. The following is an attempt to ascertain what types of general conduct may be prosecuted under the computer crime statutes of the following states.

General Computer Crimes Explanatory Note:

In some situations, such as with California, if a state has dealt directly with a particular category of computer crime within the context of a larger encompassing computer crime statute, we have included in our statutory analysis a cross reference to the relevant subsection of that state’s statute. We have denoted states that are also listed in our general computer crime statute section with a ‘*’.

However, it is important to note that a state’s absence from a category of cybercrime does not necessarily imply that the state has no method of prosecuting such criminal activity. Rather, it is often the case that much criminal activity is prosecutable under a state’s general computer statute. It is also important to note that general computer crime statutes may sometimes be preferable to specifically delineated statutes. This is most especially true when attempting to prosecute novel instances of cybercrime whose conduct was not contemplated within specific cybercrime statutes. Therefore, a user of this report should always be careful to verify whether a particular type of criminal activity is covered by any general state statutes before making any final determinations as to which jurisdiction is best to prosecute an offender within.

Statutes by State | Key to Table Elements | Expanded Table

COMPUTER TAMPERING

Computer tampering statutes tend to be broad in nature and most seek to proscribe unauthorized modifications of computer programs or the way in which a computer or computer network operates. Because of their broad scope, computer tampering statutes can be used as a catchall when a state lacks other statutes expressly punishing particular computer-related criminal activities. Computer tampering charges can often be brought together with other charges, and because of their often lenient penalties should only brought without other offenses where a state lacks alternative substantial means to prosecute an offender.
Statutes by State | Key to Table Elements | Expanded
Table

COMPUTER TRESPASS

Computer trespass is directed generally towards computer hackers. A key element for all computer trespass offenses is lack of authorization to access a computer or computer system. An offender does not often require the intent to use the accessed computer system to commit or aid the commission of a felony, but only have in fact accessed computer material without authorization.
Statutes by State | Key to Table Elements | Expanded Table

UNAUTHORIZED USE OF A COMPUTER
Unauthorized use of a computer statutes are related to computer trespass. Because unauthorized use of a computer is often the result of computer trespass, it is quite common that both offenses may be brought against an offender for a single criminal act.

Unauthorized use statutes are fairly popular and they may be found in 12 states. Such statutes seek to punish those who without authorization use a computer or computer services. Generally, there is not a great deal of divergence among the states and the two elements which must be present are the user’s knowledge that access is not authorized and actual access.
Statutes by State | Key to Table Elements | Expanded Table

INTERRUPTION OF COMPUTER SERVICES

While individual computer intrusions may be troublesome and a nuisance for government agencies and companies, the threat to a network’s infrastructure from mere intrusion is slight, unless the intruder has the malicious intent to disrupt network services. By far, the greatest threat to the nation’s information infrastructure is malicious minded individuals set on seriously disrupting computer services on a broad scale.

Disrupting computer services usually takes the form of a Denial of Service (hereinafter “DoS”) attack or a Distributed Denial of Service Attack (hereinafter “DDoS”). DoS attacks attempt to deny a user or users of a network the resources normally available. The most common methods of DoS and DDoS attacks are carried out by way of undue bandwidth consumption, computer resource theft, exploiting flawed programming, and traffic redirection. In order to carry out such attacks, one need not be a technical wizard -- there are easy to use programs which facilitate DoS and DDoS attacks.

Interruption of computer services statutes thus seek to proscribe conduct that intentionally or recklessly disrupts or degrades computer services or denies computer services to an authorized user. Thus, interruption of computer services statutes may be used to specifically prosecute those responsible for DoS and DDoS attacks. However, notwithstanding the highly publicized DDoS attacks of February 2000, only five states have statutes specifically directed towards the interruption of computer services.
Statutes by State | Key to Table Elements | Expanded Table

COMPUTER FRAUD

Many states have statutes that relate directly to computer fraud most of which are entitled "computer fraud," or often the statute will generally proscribe fraudulent activity, electronic or not, by way of a theft of services statute.

While theft of services statutes remain applicable to general phone fraud, computer fraud statutes target crimes in which one uses a computer to perpetuate the fraud. As a general rule, computer fraud involves access, either authorized or unauthorized, together with the specific intent to use the computer to perpetuate a fraud. Often the offense of computer fraud may be brought against an offender together with a computer trespass or intrusion charge. Moreover, computer fraud can sometimes include attempts of an offender to send malicious attachments through email or to execute unauthorized computer code. In this sense, computer fraud offenses can often be related to DoS and DDoS attacks and therefore be brought in conjunction with computer tampering and interruption of computer services charges.
Statutes by State | Key to Table Elements | Expanded Table

SPAM-RELATED OFFENSES

States have taken various approaches to combating spam and federal legislation outlawing massive spam emails appears to be looming on the horizon. Generally, spam-related statutes proscribe the use of a computer or computer network to falsify e-mail routing information (technically known as “header information”) for the purpose of sending spam. Other often proscribed activities include the distribution or sale of software designed to accomplish the mass distribution of spam emails.
Statutes by State | Key to Table Elements | Expanded Table

UNLAWFUL USE OF ENCRYPTION
Increasingly, encryption is being used to conceal and facilitate secure communications between criminals. The unlawful use of encryption should not be considered only in relation to computer crimes. Rather encryption is often used in the facilitation of drug-related offenses and terrorism. The most notable instance of encryption concealing evidence and communications is the case of Ramsey Youssef, the terrorist who bombed the World Trade Center in 1996. Youssef’s files were encrypted using a free and easily obtainable encryption program, Pretty Good Privacy. It took the National Security Agency 10 months to unencrypt the contents of the encrypted files. Currently only two states have statutes prohibiting the unlawful use of encryption.
Statutes by State | Key to Table Elements | Expanded Table

OFFENSES AGAINST COMPUTER USERS

Statutes detailing offenses against computer users are very similar to and often a blend of interruption of computer services and computer tampering offenses. The difference is that an offender need direct such acts towards an individual computer user and not a computer network itself. Interruption of computer services and computer tampering charges can often be brought together with charges of offenses against computer users.
Statutes by State | Key to Table Elements | Expanded Table

CYBERSTALKING

Cyberstalking statutes criminalize using e-mail or electronic means of communicating language threatening to inflict harm to persons or property, or for the purpose of extorting money or property. Cyberstalking statutes generally criminalize repeated communications for the purpose of terrorizing or harassing another person.
Statutes by State | Key to Table Elements | Expanded Table

Go Top