Computer Crime Law



OK, OK, we admit it, you might learn things at this web site that will help you commit computer crime. Heck, just becoming an excellent programmer and sysadmin will help you learn how to commit computer crime. So if anyone reading this is planning on mangling web sites, torturing firewalls, breaking into their boyfriend's/ girlfriend's/ husband's/wife's/ ex's/enemy's email server, committing electronic theft, or just plain raising heck, here's what they need to know.

...let me tell you what this all means. You're going to get busted, lose everything you own, not get out on bail, snitch on your enemies, get even more time than you expected and have to put up with a bunch of idiots in prison. Sounds fun? Keep hacking. -- Agent Steal (Justin Peterson) writing from federal prison,
1997


Tired of reading all those “You could go to jail” notes in these guides? Who says those things are crimes? Well, now you can get the first in a series of Guides to the gory details of exactly what laws we’re trying to keep you from accidentally breaking, and who will bust you if you go ahead with the crime anyhow.

This Guide covers the two most important US Federal computer crime statutes: 18 USC, Chapter 47, Section 1029, and Section 1030, known as the “Computer Fraud and Abuse Act of 1986.”

Now these are not the *only* computer crime laws.  It’s just that these are the two most important laws used in US Federal Courts to put computer criminals behind bars.

COMPUTER CRIMES: HOW COMMON? HOW OFTEN ARE THEY REPORTED?

The FBI’s national Computer Crimes Squad estimates that between 85 and 97 percent of computer intrusions are not even detected.  In a recent test sponsored by the Department of Defense, the statistics were startling.  Attempts were made to attack a total of 8932 systems participating in the test. 7860 of those systems were successfully penetrated.  The management of only 390 of those 7860 systems detected the attacks, and only 19 of the managers reported the attacks (Richard Power, -Current and Future Danger: A CSI Primer on Computer Crime and Information Warfare_, Computer Security Institute, 1995.)

The reason so few attacks were reported was “mainly because organizations frequently fear their employees, clients, and stockholders will lose faith in them if they admit that their computers have been attacked.” Besides, of the computer crimes that *are* reported, few are ever solved.

SO, ARE HACKERS A BIG CAUSE OF COMPUTER DISASTERS?

According to the Computer Security Institute, these are the types of computer crime and other losses: 
· Human errors - 55% 
· Physical security problems - 20%(e.g., natural disasters, power problems) 
· Insider attacks conducted for the purpose of profiting from computer crime - 10% 
· Disgruntled employees seeking revenge - 9% 
· Viruses - 4% 
· Outsider attacks - 1-3%

So when you consider that many of the outsider attacks come from professional computer criminals -- many of whom are employees of the competitors of the victims, hackers are responsible for almost no damage at all to computers.

In fact, on the average, it has been our experience that hackers do far more good than harm.

Yes, we are saying that the recreational hacker who just likes to play around with other people’s computers is not the guy to be afraid of. It’s far more likely to be some guy in a suit who is an employee of his victim. But you would never know it from the media, would you?


In general, a computer crime breaks federal laws when it falls into one of these categories:

· It involves the theft or compromise of national defense, foreign relations, atomic energy, or other restricted information. 
· It involves a computer owned by a U.S. government department or agency. 
· It involves a bank or most other types of financial institutions. 
· It involves interstate or foreign communications. 
· it involves people or computers in other states or countries.

Of these offenses, the FBI ordinarily has jurisdiction over cases involving national security, terrorism, banking, and organized crime.  The U.S. Secret Service has jurisdiction whenever the Treasury Department is victimized or whenever computers are attacked that are not under FBI or U.S. Secret Service jurisdiction (e.g., in cases of password or access code theft).  In certain federal cases, the customs Department, the Commerce Department, or a military organization, such as the Air Force Office of Investigations, may have jurisdiction.

In the United States, a number of federal laws protect against attacks on computers, misuse of passwords, electronic invasions of privacy, and other transgressions.  The Computer Fraud and Abuse Act of 1986 is the main piece of legislation that governs most  common computer crimes, although many other laws may be used to prosecute different types of computer crime. The act amended Title 18 United States Code §1030. It also complemented the Electronic Communications Privacy Act of 1986, which outlawed the unauthorized interception of digital communications and had just recently been passed. The Computer Abuse Amendments Act of 1994 expanded the 1986 Act to address the transmission of viruses and other harmful code.

In addition to federal laws, most of the states have adopted their own computer crime laws.  A number of countries outside the United States have also passed legislation defining and prohibiting computer crime.

THE BIG NO NO’S -- THE TWO MOST IMPORTANT FEDERAL CRIME LAWS

As mentioned above, the two most important US federal computer crime laws are 18 USC: Chapter 47, Sections 1029 and 1030.

SECTION 1029

Section 1029 prohibits fraud and related activity that is made possible by counterfeit access devices such as PINs, credit cards, account numbers, and various types of electronic identifiers.  The nine areas of criminal activity covered by Section 1029 are listed below.  All *require* that the offense involved interstate or foreign commerce.