Content area
4 To combat these new criminal behaviors, Congress passed specialized legislation.5 Experts have had difficulty calculating the damage caused by computer crimes due to: the difficulty in adequately defining computer crime;6 victims' reluctance to report incidents for fear of losing customer confidence;7 the dual system of prosecution;8 and, the lack of detection.9 In 2006, DOJ's Bureau of Justice Statistics and the Department of Homeland security's National Cyber security Division began a joint effort to estimate the number of cyber attacks and the number of incidents of fraud and theft of information.10 B. Types of Computer-Related Offenses 1. [...] many crimes are driven by personal profit or malice.16 These types of crimes were frequently committed by juveniles, disgruntled employees, and professional hackers as a means of showing off their skills.17 Disgruntled employees are widely thought to pose the biggest threat to company computer systems.18 Teenage hackers remain a problem as well.19 Courts have had a hard time finding appropriate punishments for teenage hackers.20 In recent years, more of these crimes have been committed for financial gain.21 a. Spam Spam is unsolicited bulk commercial email from a party with no preexisting business relationship.22 In 2003, the Senate estimated that spam would account for more than 50% of global email traffic by the end of the year.23 Additionally, hackers often use spam as a way of distributing viruses, spyware, and other malicious software.24 b. Viruses A virus is a program that modifies other computer programs, causing them to perform the task for which the virus was designed.25 It usually spreads from one host to another when a user transmits an infected file by e-mail, over the Internet, across a company's network, or by disk.26 c. Worms Worms are like viruses, but they use computer networks or the Internet to self-replicate and "send themselves" to other users, generally via e-mail, while viruses require human action to spread from one computer to the next.27 Worms have far more destructive potential than viruses because they can spread so much faster.28 d.\n388 Moreover, what constitutes "acceptable" speech in the various countries on the information super-highway differs greatly. [...] thirty-nine countries have signed the Council of Europe's Treaty on Cybercrime.401 The Treaty requires parties to: (i) establish substantive laws against cybercrime; (ii) ensure that their law enforcement officials have the necessary procedural authorities to investigate and prosecute cybercrime effectively; and (iii) provide international cooperation to other parties in the fight against computer-related crime.402 While the United States has already signed the treaty, the Senate still must ratify the treaty in order to give it effect in the United States.403 Second, the United States participates in the Subgroup on High-Tech Crime at G-8's Lyon Group.404 One accomplishment of the Subgroup is the development of a network that lets law enforcement authorities of member nations contact each other for rapid assistance in investigating computer crime and preserving electronic evidence.405 In addition to increased multinational governmental cooperation, international organizations and private corporations are also working to combat international computer crimes by contributing to the drive to harmonize national legislation.406 For example, the Business Software Alliance, a software industry trade group, has an international copyright enforcement program involving national software trade associations and law enforcement agencies.407 Nonetheless, international efforts have been mixed.
I. INTRODUCTION........................................ 234
A. Defining Computer Crime ............................ 234
B. Types of Computer-Related Offenses .................... 235
1. Object of Crime ................................. 235
2. Subject of Crime. ................................ 236
a. Spam ...................................... 237
b. Viruses..................................... 237
c. Worms ..................................... 237
d. Trojan Horses................................ 238
e. Logic Bombs................................. 238
f. Sniffers..................................... 238
g. Denial of Service Attacks........................ 238
h. Web Bots & Spiders. ........................... 239
3. Instrument of Crime .............................. 239
II. GENERAL ISSUES ...................................... 239
A. Constitutional Issues................................ 239
1. First Amendment ................................ 240
2. Fourth Amendment. .............................. 240
B. Other Issues ...................................... 243
III. FEDERAL APPROACHES .................................. 243
A. Sentencing Guidelines............................... 244
B. Federal Statutes ................................... 244
1. Child Pornography Statutes ........................ 245
a. Communications Decency Act of 1996 .............. 245
b. Child Pornography Prevention Act of 1996. .......... 246
2. Computer Fraud and Abuse Act ..................... 248
a. Offenses Under the Statute....................... 248
b. Jurisdiction. ................................. 250
c. Defenses.................................... 250
d. Penalties.................................... 251
3. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ......................... 252
4. Copyright Statutes ............................... 253
a. Criminal Copyright Infringement in the Copyright Act... 253
i. Defenses ................................. 254
ii. Penalties ................................. 255
b. Digital Millennium Copyright Act. ................. 255
5. Electronic Communications Privacy Act ............... 258
a. Stored Communications Act...................... 258
b. Title III (Wiretap Act) .......................... 259
i. Defenses ................................. 260
ii. Penalties ................................. 261
c. Statutory Issues. .............................. 261
6. Identity Theft ................................... 262
a. Penalties. ................................... 263
7. Wire Fraud Statute. .............................. 263
C. Enforcement...................................... 264
IV. STATE APPROACHES .................................... 267
A. Overview of State Criminal Codes ...................... 267
B. Jurisdiction ...................................... 269
C. Enforcement...................................... 270
V. INTERNATIONAL APPROACHES ............................. 270
A. Issues. .......................................... 271
B. Solutions ........................................ 272
I. INTRODUCTION
This Article discusses federal, state, and international developments in computerrelated criminal law. This section defines computer crimes. section Ð covers the constitutional issues concerning computer crimes. section ÐÉ describes the federal approaches used for prosecuting computer crime, and analyzes enforcement strategies. section IV examines state approaches to battling computer crime and the resulting federalism issues. Lastly, section V addresses international approaches to regulating computer crimes.
A. Defining Computer Crime
The U.S. Department of Justice ("DOP') broadly defines computer crime as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution."1 Because of the diversity of computer-related offenses, a narrower definition would be inadequate. While the term "computer crime" includes traditional crimes committed with the use of a computer,2 the rapid emergence of computer technologies and the exponential expansion of the Internet3 spawned a variety of new, technologyspecific criminal behaviors that must also be included in the category of "computer crimes."4 To combat these new criminal behaviors, Congress passed specialized legislation.5
Experts have had difficulty calculating the damage caused by computer crimes due to: the difficulty in adequately defining "computer crime;"6 victims' reluctance to report incidents for fear of losing customer confidence;7 the dual system of prosecution;8 and, the lack of detection.9 In 2006, DOJ's Bureau of Justice Statistics and the Department of Homeland security's National Cyber security Division began a joint effort to estimate the number of cyber attacks and the number of incidents of fraud and theft of information.10
B. Types of Computer-Related Offenses
1. Object of Crime
DOJ divides computer-related crimes into three categories according to the computer's role in the particular crime.11 First, a computer may be the "object" of a crime.12 This category primarily refers to theft of computer hardware or software. Under state law, computer hardware theft is generally prosecuted under theft or burglary statutes.13 Under federal law, computer hardware theft may be prosecuted under 18 U.S.C. § 2314 (2000), which regulates the interstate transportation of stolen or fraudulently obtained goods.14 Computer software theft is only included in this category if it is located on a tangible piece of hardware because the theft of intangible software is not prosecutable under 18 U.S.C. §2314.
2. Subject of Crime
Second, a computer may be the "subject" of a crime.15 In this category, the computer is akin to the pedestrian who is mugged or the house that is robbed, it is the subject of the attack and the site of any damage caused. These are computer crimes for which there is generally no analogous traditional crime and for which special legislation is needed. This category encompasses spam, viruses, worms, Trojan horses, logic bombs, sniffers, distributed denial of service attacks, and unauthorized web bots or spiders. In the past, malice or mischief rather than financial gain motivated most offenders in this category. Now, many crimes are driven by personal profit or malice.16 These types of crimes were frequently committed by juveniles, disgruntled employees, and professional hackers as a means of showing off their skills.17 Disgruntled employees are widely thought to pose the biggest threat to company computer systems.18 Teenage hackers remain a problem as well.19 Courts have had a hard time finding appropriate punishments for teenage hackers.20 In recent years, more of these crimes have been committed for financial gain.21
a. Spam
Spam is unsolicited bulk commercial email from a party with no preexisting business relationship.22 In 2003, the Senate estimated that spam would account for more than 50% of global email traffic by the end of the year.23 Additionally, hackers often use spam as a way of distributing viruses, spyware, and other malicious software.24
b. Viruses
A virus is a program that modifies other computer programs, causing them to perform the task for which the virus was designed.25 It usually spreads from one host to another when a user transmits an infected file by e-mail, over the Internet, across a company's network, or by disk.26
c. Worms
Worms are like viruses, but they use computer networks or the Internet to self-replicate and "send themselves" to other users, generally via e-mail, while viruses require human action to spread from one computer to the next.27 Worms have far more destructive potential than viruses because they can spread so much faster.28
d. Trojan Horses
Trojan horses are programs with legitimate functions that also contain hidden malicious code.29 Like its namesake, a Trojan horse dupes a user into installing the seemingly innocent program on his or her computer system, and then activates the hidden code, which may release a virus or allow an unauthorized user access to the system.30 Hackers use Trojan horses as the primary way they transmit viruses.31
e. Logic Bombs
Logic bombs are programs that activate when a specific event occurs, such as the arrival of a particular date or time.32 They can be destructive but software companies commonly use them to protect against violation of licensing agreements by disabling the program upon detection of a violation.33
f. Sniffers
Sniffers, also known as network analyzers, can read electronic data as it travels through a network.34 Network administrators use them to monitor networks and troubleshoot network connections.35 Sniffers can help network administrators find and resolve network problems.36 However, a hacker can break into a network and install a sniffer that logs all activity across a network, including the exchange of passwords, credit card numbers, and other personal information.37
g. Denial of Service Attacks
In a denial of service attack, hackers bombard the target website with an overwhelming number of simple requests for connection, thus rendering the site unable to respond to legitimate users.38 In distributed denial of service attacks, hackers use the networks of innocent third parties to overwhelm websites and prevent them from communicating with other computers.39 After breaking into several network systems, the individual makes one system the "Master" system and turns the others into agent systems.40 Once activated, the Master directs the agents to launch a denial of service attack.41 The use of third party "agents" makes it particularly difficult to identify the culprit.42
h. Web Bots & Spiders
"Web bots" or "spiders" are data search and collection programs that can create searchable databases that catalogue a website's activities.43 Although seemingly innocuous, too many spiders on the same web site can effectively be a denial of service attack. In addition, they can steal data from the websites that they search.44
3. Instrument of Crime
Third, a computer may be an "instrument" used to commit traditional crimes.45 These traditional crimes include identity theft,46 child pornography,47 copyright infringement,48 and mail or wire fraud.49
II. GENERAL ISSUES
A. Constitutional Issues
This Section addresses general constitutional issues with computer crimes. Specific constitutional issues with federal and state statutes are discussed in the relevant Sections of this article. Constitutional issues related to computer crimes usually fall under either the First Amendment or the Fourth Amendment. There are also some federalism issues. In particular, how much the federal government can regulate intrastate behavior under the Commerce Clause. This is discussed more fully in the following Section on federal child pornography statutes.50
1. First Amendment
The First Amendment51 protects the same forms of speech in Cyberspace mat it does in the real world. Hate speech and other forms of racist speech receive the same protection on the Internet as they have always received under traditional First Amendment analysis.52 The guarantee of the First Amendment extends well beyond personally held beliefs to include speech that advocates conduct, even when that conduct is illegal.53 Racist speech is also probably protected on the Internet, as it is not likely to fit within the "fighting words" exception to the First Amendment.54
There is an exception to this general Free Speech principle for "true threats,"55 such as sending threatening e-mail messages to a victim or even a public announcement on the Internet of an intention to commit an act that is racially motivated.56 A similar exception exists for harassment on e-mail or the Internet, as long as it is sufficiently persistent and malicious as to inflict, or is motivated by desire to cause, substantial emotional or physical harm57 and is directed at a specific person.58 Child pornography is not protected either, but finding a sufficiently narrow description to prevent its spread on the Internet has proven difficult59
2. Fourth Amendment
A number of difficult Fourth Amendment60 issues inhere in computer crimes. The Fourth Amendment prohibits unreasonable searches and seizures by the government.61 What constitutes a search and seizure with respect to computer crimes is not always clear. Nor is it always apparent how courts should apply the warrant requirement.
Although the Fourth Amendment generally requires specificity in search warrants, broad search warrants have been upheld when addressed to computer crimes.62 Broad searches have been justified as "about the narrowest definable search and seizure reasonably likely to obtain the [evidence]."63 The Eleventh Circuit held that the Fourth Amendment's particularity requirement must be applied flexibly in computer crime cases.64 There is a circuit split as to whether that law enforcement agents with a warrant may search and seize computer files even though doing so might cause seizure of contents having no relation to the crime being investigated.65 However, agents may seize and search a disk, even if its label indicates that it is not within the scope of the warrant.66 Agents may also search computer hardware and software when they have reason to believe that those items contain records covered by the warrant.67
The agents may even remove the hardware and software from the owner's premises to conduct their examination.68 The seizure of computer disks is allowed even when the warrant facially refers only to records and documents.69 They may not, however, seize peripheral items, such as printers, to assist them in their review of the seized items.70 State courts have split on extending this principle to their search and seizure jurisprudence.71
Fourth Amendment issues may also arise when law enforcement intercepts address information on the Internet, such as e-mail addresses and website addresses. The Supreme Court has found that there is no expectation of privacy in the phone numbers someone dials.72 Therefore, this information is not subject to Fourth Amendment protection.73 Before 2001, the FBI routinely searched similar information on Internet communications without much mention of constitutional issues.74 However, the Court has not directly addressed whether there is an expectation of privacy for similar address information on Internet communications. Nonetheless, the Ninth Circuit has held that obtaining Internet address information by installing a surveillance program at the Internet Service Provider's ("ISP") facility is "constitutionally indistinguishable" from the use of a pen register and, therefore, Internet users have no expectation of privacy in such information.75 The Fourth Circuit has similarly held that a criminal defendant has no reasonable expectation of privacy in the information he provides to his ISP.76 Despite these decisions, and the implication of the changes made by the Patriot Act, the analogy to phone numbers does not necessarily follow.77
The use of investigative tools devised for eavesdropping on Internet communications may present additional Fourth Amendment questions.78 The use of a keystroke logger system appears to be constitutional.79 The constitutionality of other techniques, however, will likely be tested as the government discloses more information about both the nature of its capabilities and the frequency of their application.
Another relevant Fourth Amendment issue is the doctrine of stateness,80 which "applies when information proffered in support of a warrant application is so old that it casts doubt on whether the fruits or evidence of a crime will still be found at a particular location."81 The durability of data and graphics stored on computer hardware has drastically extended the period after which the stateness doctrine applies. For example, the Ninth Circuit upheld the validity of a search warrant even though ten-month-old information supported it.82
B. Other Issues
In addition to constitutional obstacles, federal laws may interfere with computer crime statutes at both the federal and state level. Several laws intended to protect privacy have implications in computer crimes as well. For example, Title III applies to both the government and civilians in situations in which there are Fourth Amendment issues.83 Title III applies to state actors as well and states may not legislate lower standards for interception, although they may set higher ones.84
Another complication arises as a result of additional protection for computer records provided by the Privacy Protection Act of 1980.85 The statute requires police to obtain a subpoena prior to searching or seizing work product or other materials reasonably believed to pertain to public communications such as newspapers.86 This protection does not include child pornography.87 The Privacy Protection Act still applies to other material that may be public communications.
III. FEDERAL APPROACHES
This Section explores the major federal statutes, enforcement strategies, and constitutional issues regarding computer related crimes. The government can charge computer-related crimes under at least forty different federal statutes.88 There are also a number of traditional criminal statutes whose application to computer crime is unclear.89 Because the federal government has used the United States Sentencing Guidelines ("Guidelines") to enhance sentences for traditional crimes committed with the aid of computers,90 This section discusses the role of the Sentencing Guidelines in general, key federal statutes in the prosecution of computer crimes, and relevant enforcement efforts. Although the focus of this Article is the federal government's approach to prosecuting criminal computer offenses, past litigation has also sought civil remedies.91
A. Sentencing Guidelines
The Guidelines supplement the federal computer crime statutes and help determine how much of the maximum sentence a perpetrator should serve.92 The Guidelines treat most computer crimes as economic crimes sentenced under § 2B1.1.93 The Guidelines also dictate "special skills" enhancements for particular crimes including computer crimes.94
B. Federal Statutes
Since 1984, Congress has pursued a dual approach to combating computer crime. The Counterfeit Access Device and Computer Fraud and Abuse Act of 198495 and subsequent amending acts96 address crimes in which the computer is the "subject." This line of statutes culminated in the CFAA,97 which is discussed in detail in section 2. The federal government's other approach to regulating computer crime has been to update traditional criminal statutes to reach similar crimes involving computers.98
1. Child Pornography Statutes
Federal child pornography statutes have not fared well under the First Amendment. In Reno v. American Civil Liberties Union," the Supreme Court gave an unqualified level of First Amendment protection to Internet communications.100 Under Reno, legislation will not withstand scrutiny if it requires web surfers or Internet content providers to estimate the age of those with whom they communicate or to tag their communications as potentially indecent or offensive, prior to engaging in "cyberspeech."101 The Court found that less regulation is necessary to protect children on the Internet compared to television or radio because users rarely come across content on the Internet accidentally and warnings often precede sexually explicit images.102 The global nature of the Internet also renders it difficult, if not impossible, for users to predict when their potentially offensive communications will reach a minor.103 Consequently, Reno requires courts to apply unqualified First Amendment scrutiny to speech restrictions affecting the Internet.104 Note that "unqualified" protection does not cover obscenity, which the government may ban.105 Under this standard, parts of several federal child pornography laws discussed below and all of the Child Online Protection Act of 1998 ("COPA"),106 have been found unconstitutional.107
a. Communications Decency Act of 1996
The Communications Decency Act of 1996 ("CDA"), or Title V of the Telecommunications Act of 1996,108 originally prohibited the transmission of "indecent,"109 "patently offensive,"110 or "obscene"111 material to minors over the Internet. In Reno v. American Civil Liberties Union,112 the Supreme Court struck down those portions of the statute that banned "indecent"113 and "patently offensive"114 images as being unconstitutionally vague and overbroad.115 The rest of § 223(a), banning transmission of obscene speech to minors, remains in effect.116
Under § 223(a), knowing transmission of obscene speech or images to minors is punishable by a fine, imprisonment of up to two years, or both.117 The Guidelines set a base offense level of ten for transportation of obscene matter, which is automatically increased by five levels if the obscene matter is transmitted to a minor.118 A seven-level upward adjustment is mandated if the distribution was intended to convince a minor to engage in prohibited sexual conduct.119 The base level of the offense can be raised no less than five levels if the offense is related to distribution of material for pecuniary gain.120 If the material involved in the offense portrays sadistic, masochistic conduct, or other depictions of violence, the offense level increases by four.121
b. Child Pornography Prevention Act of 1996
In 1996, Congress passed the Child Pornography Prevention Act122 ("CPPA"), which criminalized the production, distribution, and reception of computergenerated, sexual images of children.123 Thus, CPPA sought to prohibit computer transmission of erotic photographs of adults doctored to resemble children.124 However, in April 2002, the Supreme Court held as unconstitutionally vague and overbroad two provisions of the statute.125
In response, Congress passed the Prosecutorial Remedies and Other Tools to End the Exploitation of Children Today Act of 2003 ("PROTECT Act").126 The PROTECT Act included a pandering provision to address the distribution of images of real children disguised as computer-generated images within the bounds of Ashcmft.127 A number of courts have recognized that this provision is also unconstitutional as overly broad and impermissibly vague.128
In addition, the constitutionality of child pornography statutes like CPPA, with interstate commerce jurisdictional provisions, is unclear under the Commerce Clause.129 Most courts have held that the courts should treat jurisdictional components of the statutes as meaningful restrictions.130 Therefore, they must judge whether the activity in question implicates interstate commerce on a case-by-case basis.131 This analysis has centered upon there being a sufficient nexus between the offending activity and interstate commerce. Where there has been movement of people or materials in interstate commerce in furtherance of the offending activity,132 or where the Internet has been employed, the application of the statute has been held constitutional.133 However, a serious question remains as to whether the statute can reach purely intrastate activity.134 Under the Supreme Court's holding and reasoning in Gonzales v. Raich,135 courts considering the question have answered "yes."136
Despite these issues, two sections of the original statute are still active. These sections define child pornography for the purposes of 18 U.S.C. §§ 2251-2260A. One includes visual depictions, created by computer or other means, which used minors engaging in sexual activity in the production.137 The other includes such visual depictions in which an identifiable minor appears to be engaged in sexual activity.138
2. Computer Fraud and Abuse Act
18 U.S.C. § 1030,139 which many courts refer to as the Computer Fraud and Abuse Act ("CFAA"),140 protects against various crimes involving "protected computers." Because "protected computers" include those used in interstate commerce or communications, the statute covers any computer attached to the Internet, even if all the computers involved are located in the same state.141
a. Offenses Under the Statute
The CFAA prohibits seven specific acts of computer-related crime. First, it is a crime to access computer files without authorization and to subsequently transmit classified government information if the information "could be used" to the injury of the United States.142 second, the CFAA prohibits obtaining,143 without authorization, information from financial institutions,144 the United States, or private computers that are used in interstate commerce.145 Third, it proscribes intentionally accessing a United States department or agency nonpublic computer without authorization.146 If the government or a government agency does not use the computer exclusively, the illegal access must affect the government's use.147 Fourth, it prohibits accessing a protected computer, without authorization, with the intent to defraud and obtain something of value.148
The fifth prohibition, which addresses computer hacking, has two categories of offenses depending on whether there is intent to cause damage. The first category criminalizes knowingly causing the transmission of a program, code, or command, that intentionally causes damage to a protected computer.149 This subsection applies regardless of whether the user had authorization to access the protected computer. Thus, company insiders and authorized users can be culpable for intentional damage to a protected computer.
The second category of offenses prohibits intentional access without authorization that results in damage but does not require intent to damage.150 The statute, however, does not define either "access" or "authorization."151 The culpability for damage can be either reckless152 or negligent.153 This provision makes unauthorized users responsible even if the transmission was not intentional but was reckless154 or negligent.155 Damage under the statute is "any impairment to the integrity or availability of data, a program, a system, or information."156
Sixth, the CFAA prohibits someone from trafficking in passwords knowingly and with intent to defraud.157 The passwords must either permit unauthorized access to a government computer or the trafficking must affect interstate or foreign commerce.158 Finally, the CFAA makes it illegal to transmit in interstate or foreign commerce any threat to cause damage to a protected computer with intent to extort something of value.159 Threats against protected computers only violate the CFAA if they intend to extort from individuals. 16°
b. Jurisdiction
The U.S. Secret Service has investigatory authority for all violations of the CFAA.161 The FBI has express jurisdiction over offenses for obtaining national security information162 that involve espionage, foreign counterintelligence, unauthorized access to national defense information or restricted data.163 Certain offenses for obtaining national security information164 and damaging a protected computer165 are also included in the definition of "federal crime of terrorism," bringing them under the express jurisdiction of the Attorney General.166
c. Defenses
One defense to charges of accessing a protected computer without authorization is that the defendant simply did not "obtain anything of value."167 The First Circuit interpreted the statutory language "obtain anything of value" to require something more than simply viewing information.168 Instead, prosecutors must prove that the information was valuable to the defendant in conducting his fraudulent scheme.169
In order for the CFAA to apply, a defendant must not only access a protected computer and cause damage, but that damage must cause some additional injury.170 The damage must be worth at least $5,000 over a one-year period,171 or lead to potential injury or a threat to public health or safety.172
d. Penalties
The CFAA punishes attempts to commit an offense as if the offense had been successfully carried out173 The CFAA has lesser penalties for first time than for repeat offenders. The CFAA defines recidivism as a subsequent violation of any of the subsections of the act174 Thus, a repeat offender can receive an enhanced sentence even if she commits a different type of computer fraud than before. Conviction includes any conviction under state law if the elements include unauthorized access to a computer.175
First time offenders who obtain national security information or intentionally damage a protected computer are subject to a fine, imprisonment of not more than ten years, or both.176 Subsections (a)(2), (a)(3), (a)(5)(A)(iii), and (a)(6) have penalties of a fine, imprisonment of not more than one year, or both, for first offenses.177 First time offenders under (a)(4), (a)(5)(A)(ii), and (a)(7) are subject to a fine, imprisonment of not more than five years, or both.178
CFAA also differentiates between conduct that involves improper access and conduct in which the defendant uses access for pernicious purposes. It does so by increasing the maximum prison sentence for first time violations of (a)(2) to five years if the crime was committed for financial gain or commercial advantage, in furtherance of a criminal or tortious act, or if the value of the obtained information exceeds $5,000.179 This is the same as the sentencing for first time offenders under (a)(4),(a)(5)(A)(ii),and(a)(7).180
Repeat offenders may receive much tougher sentences. Maximum sentences under (a)(2), (a)(3), (aX4), (a)(5)(AXii), (a)(6), and (a)(7) rise to ten years for recidivists.181 The maximum sentence goes up to twenty years for repeat offenders who obtain national security information or intentionally or recklessly damage a protected computer.182
Sentences also go up considerably if serious injury or death results from the violation. The maximum sentence is twenty years for anyone who "knowingly or recklessly causes or attempts to cause serious bodily injury" by intentionally damaging a protected computer.183 The maximum sentence is life in prison for anyone who "knowingly or recklessly causes or attempts to cause death" by intentionally damaging a protected computer.184
The Guidelines set the base offense level for obtaining national security information at thirty-five if unlawfully accessed national defense information is top secret, and at thirty otherwise.185 The offense levels for violations of the rest of the CFAA, except subsection (3), are largely dependent on the value of the loss suffered. Subsections (2), (4), (5), and (6) are covered by the Guidelines' section on theft, stolen property, property damage, fraud, forgery, and counterfeiting.186 The section on trespass covers § 1030(a)(3).187 And the section on extortion covers § 1030(a)(7).188 Attempts to violate the CFAA, also a crime under the statute, are also covered by the Guidelines.189
3. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003
Unsolicited commercial email or "spam" has been a growing problem in the United States for many years.190 Congress has considered many proposed federal anti-spam bills since 1995, but did not enact a comprehensive statute until December of 2003.191 The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003192 ("CAN-SPAM") was enacted to establish a national standard for email solicitations.193 The CAN-SPAM Act has several key provisions that affect persons or companies sending commercial solicitations via email. section 1037 of Title 18 prohibits a number of well-known deceptive and/or fraudulent practices commonly used in commercial emails.194 These techniques include using deceptive subject lines, providing false or misleading header information, and using another computer to relay email messages without authorization to prevent anyone from tracing the email back to its sender.195 section 7704 of Title 15 further prohibits similar deceptive practices, as well as requiring that a commercial email include a method for the recipient to "opt-out" of future solicitations and that the subject line warn if the email contains sexually oriented material.196
The CAN-SPAM Act has provisions for both fines and criminal penalties, which the FTC and the DOJ enforce.197 A violator of the act is subject to a maximum fine of $11,000.198 An individual who is found guilty of fraud or other intentionally deceptive violations of the Act could be sentenced to up to five years in prison.199
4. Copyright Statutes
Copyright violations are particularly harmful to computer software developers.200 Software piracy presents unique challenges to law enforcement because of the various ways the crime can be committed,201 the ease202 and minimal cost of reproduction,203 and the slight degradation in the quality of pirated software.204 The difficulty of detection also exacerbates the problem of electronic infringement.205 Many of these issues also apply to other media in digital form.206
a. Criminal Copyright Infringement in the Copyright Act
Persons who unlawfully copy and distribute copyrighted material by computer may be subject to punishment for criminal copyright infringement.207 The criminal copyright infringement statute has four elements:208 (i) existence of a valid copyright;209 (ii) that the defendant willfully;210 (iii) infringed;211 and (iv) "either (1) for commercial advantage or private financial gain, (2) by reproducing or distributing infringing copies of works with a total retail value of over $ 1,000 over a 180-day period, or (3) by distributing a 'work being prepared for commercial distribution' by making it available on a publicly-accessible computer network."212
i. Defenses
Under the first sale doctrine, one who legally purchases a copy of a copyrighted work may freely distribute that particular copy.213 The alleged copyright infringer bears the burden of proving that the first sale doctrine applies.214 This defense does not apply to computer software copyright infringement if the software is distributed by licensing agreement.215
The fair use doctrine permits non-copyright holders to make use of copyrighted works for purposes such as criticism, comment, news reporting, teaching, scholarship, or research.216 The "fair use" defense requires consideration of four factors: 217 (i) the purpose and character of the use;218 (ii) the nature of the work;219 (iii) the substantive amount of the portion used in relation to the work as a whole;220 and (iv) the effect of the use upon the potential market for the work.221
ii. Penalties
Section 2319 of Title 18 sets forth the punishment for criminal copyright infringement.222 Section 2319(c) provides variable prison terms and fines for copyright infringements through the reproduction or distribution of one or more copies or phonorecords with a total retail value of more than $1,000: (i) first-time offenders who reproduce or distribute more than ten copies or phonorecords of one or more copyrighted works that have a total retail value of $2,500 or more, face up to three years in prison; (ii) subsequent offenders face up to six years imprisonment; and (iii) those who reproduce or distribute one or more copies or phonorecords of one or more copyrighted works that have a total retail value of $ 1,000 or more face up to one year's imprisonment.223
Sentences for defendants convicted of criminal copyright infringement are determined considering section 2B5.3 of the Guidelines.224 The base offense level is eight.225 If the retail value of the infringing items226 exceeds $2,000, then the offense level is increased by the corresponding number of levels from the table in section 2B1.1.227
b. Digital Millennium Copyright Act
The Digital Millennium Copyright Act of 1998 ("DMCA")228 generally prohibits tampering with any access control or copy control measures applied to digital copies of copyrighted works.229 Section 1201 prohibits circumvention of technological measures used to protect copyrighted works.230 "[A] technological measure 'effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work."231 'To 'circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner."232 No person may manufacture, import, offer to the public, provide, or otherwise traffic233 in a technology,234 product, service, or device235 that is used to circumvent236 such technological measures, if one of the following conditions is met: (i) the technology, product, service or device is primarily designed or produced to circumvent; (ii) it has only limited commercial use other than that prohibited by the statute; or (iii) it is marketed for use in circumventing.237 A number of exceptions are available for research and other purposes.238
In Universal City Studios, Inc. v. Reimerdes,239 the District Court for the Southern District of New York acknowledged that § 1201 is in tension with the fair use doctrine in section 107 of the Copyright Act.240 Despite this tension, the court held that DMCA does not unduly frustrate the purpose of the fair use doctrine because DMCA provides exceptions for those uses it considers fair.241 The court ruled that the fair use doctrine is unavailable as a defense under § 1201 because production of a technology circumvention measure does not qualify as a use of a copyrighted work; furthermore, the prohibition on circumvention does not extend to an individual who has already obtained an authorized copy of a copyrighted work.242
Section 1202 prohibits interference with the integrity of copyright management information.243 "Copyright management information" includes: (i) the name of the work; (ii) the name of the author; (iii) the name of the copyright owner; (iv) the name and other identifying information about the author of a performance fixed, for example, on audio CD; (v) the name and other identifying information about the writer, performer, or director of a fixed audio-visual work; and (vi) terms and conditions of use.244 Finally, "copyright management information" includes any information that the Register of Copyrights may require by regulation.245
Section 1202(a) prohibits knowing dissemination of false copyright management information, if done with the intent to induce, enable, facilitate, or conceal copyright infringement, while § 1202(b) prohibits the intentional removal of copyright management information and the dissemination of works from which the copyright management information has been removed.246 The statute also prohibits tampering with the symbols that refer to this information, including Internet hypertext links to web pages containing copyright management information.247
The "safe harbor defense" provides a defense against contributory liability for ISPs whose services are used to violate DMCA.248 An ISP is exempt from liability if it: (i) did not know of the infringement or the facts making infringement apparent; (ii) received no material benefit from the infringement; and (iii) acted expeditiously to remove the offending sites once it was made aware of them.249
Violation of either of these sections is subject to a maximum fine of $500,000 or up to five years imprisonment, or both, for a first offense, and a maximum fine of $1,000,000 or up to ten years imprisonment, or both, for repeat offenses.250
5. Electronic Communications Privacy Act
The Electronic Communications Privacy Act of 1986(251) ("ECPA") regulates crimes with no close "traditional crime" analog, such as hacking. Unlike CFAA, ECPA approaches such crimes by updating existing federal prohibitions against intercepting wire and electronic communications.252 ECPA updated Title III and created the Stored Communications Act ("SCA").253 ECPA attempts to curb hacking activities by fortifying the privacy rights of computer users254 and enabling law enforcement officers to employ electronic surveillance in the course of investigating computer crimes.255 The government has used ECPA to prosecute hackers,256 although they generally rely on CFAA for such prosecutions.257 Prosecutors have invoked ECPA, however, against piracy of electronically encrypted, satellite-transmitted television broadcasts.258 Devices used to intercept cable television signals likewise fall within ECPA's purview.259
a. Stored Communications Act
Congress intended for the SCA to protect stored email and voicemail. The SCA prohibits any person from gaining (1) intentional access (2) without or exceeding authorization (3) to a facility that provided an electronic communication service and (4) using that access to obtain, alter, or prevent authorized access to a communication in electronic storage.260
There is a good faith defense available for parties who reasonably relied on a warrant, grand jury subpoena, or other exception to the SCA.261 In addition, the SCA does not apply to ISPs reading stored communications on their own systems.262 Nor does it apply if one of the parties to the stored communication gives permission to access.263
For violations of the SCA a first-time offender shall be fined under Title 18, imprisoned for not more than one year, or both. If the SCA is violated for purposes of private financial gain or malicious destruction or damage, a first-time offender shall be fined under Title 18, imprisoned for not more than five years, or both.264 A repeat offender shall be fined under Title 18, imprisoned for not more than ten years, or both.265 A repeat offender shall be fined under Title 18, imprisoned for not more than five years, or both.266 Additionally, the SCA's provisions for money damages can address governmental as well as private transgressions.267
b. Title III (Wiretap Act)
ECPA extended the prohibitions in Title III of the Omnibus Crime Control and Safe Streets Act of 1968 ('Title III")268 on intercepting oral and wire communication to include electronic communications intercepted during transmission.269 Title III was originally intended to protect privacy by codifying the Fourth Amendment standards for wiretapping and applying them to civilians.270 Now, Title III prohibits any person from intercepting or attempting to intercept any "wire, oral, or electronic communication."271
Under Title III, the government needs a court order for a wiretap.272 The court may require a showing that normal investigative techniques for obtaining the information have failed or are likely to fail.273 It may also require the government minimize the intrusion of any interception.274 The application to the court must show, through a sworn affidavit, why the intercept is necessary as opposed to other less-intrusive investigative techniques. 275 It must also provide additional detail, including: whether there have been previous interceptions of the target's communications; the identity of the target (if known); the nature and location of the communication facilities; and, a description of the type of communications sought and the offenses to which the communications relate.276
Senior DOJ staff, the principal prosecuting attorney of a state, or an attorney for the government must approve the Title III application, depending on the circumstances.277 The interception can last no longer than thirty days without an extension by the court.278 Courts can also require that they receive progress reports.279 In addition, DOJ has other procedures governing the use of Title III surveillance including requiring approval from the Office of Enforcement Operations ("OEO") in the Criminal Division of the DOJ.280
i. Defenses
There is a good faith defense available for parties who reasonably relied on a warrant, grand jury subpoena, or other exception to Title III.281 Title III also allows computer service providers who are victims of attacks by computer trespassers to authorize persons acting under color of law to monitor trespassers on thencomputer systems in a narrow class of cases without a court order.282 A computer trespasser is a person "who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communications transmitted to, through, or from the protected computer."283 Notably, the law does not reach a person known to have an existing contractual relationship with the owner or operator for access to all or part of the protected computer.284 Interception of an unscrambled satellite communication intended for retransmission to the public is also not punishable under this section.285 Keystroke loggers may also be exempt under Title III.286
ii. Penalties
Remedies for violating Title III include criminal sanctions, civil suit, and adverse employment action for law enforcement officials.287 For repeat offenders, a violation of Title III can result in a fine, imprisonment for not more than five years, or both.288 If first-time offenders violate the statute for purposes other than private financial gain, and the illegally received communication is not scrambled or part of a cellular telephone communication, punishment is limited to imprisonment of not more than one year, and a fine.289
Under the Guidelines, defendants convicted of intercepting communications or eavesdropping receive a base offense level of nine.290 If the purpose of the conduct was to obtain direct or indirect commercial advantage or economic gain, the offense level is increased by three.291 Additionally, if the purpose of the conduct was to facilitate another offense with a higher offense level, the guideline applicable to an attempt to commit that offense applies.292
Moreover, evidence seized in violation of Title III or the Fourth Amendment may be suppressed.293 Additionally, Title UTs provisions for money damages can address governmental as well as private transgressions.294
c. Statutory Issues
Effectively, Title III governs communications in transit, while the SCA governs communications in storage. However, it is not always obvious which ECPA provisions cover communications, such as electronic mail, that may be stored during transmission. In united States v. Councilman,295 the First Circuit held that an interception of electronic communications took place even though the intercepted e-mails had been stored periodically during transmission.296 The Court found that the legislative history shows that Congress only intended to include stored copies of the e-mail at the sender's location.297
This holding stands in contrast with the holdings of cases in the Third, Fifth, Ninth and Eleventh Circuits which found "that the Wiretap Act's prohibition on intercepting electronic communications does not apply when they are contained in electronic storage, whether such storage occurs pre-or post-delivery, and even if the storage lasts only a few mili-seconds."298 It is possible to distinguish the facts in Councilman from those in the other circuits, although the logical extension of the legal reasoning remains in conflict. For example, in Steve Jackson,299 the Fifth Circuit found that unread e-mail in the recipient's mailbox is stored and therefore was not intercepted even though the recipient had not read it yet.300 However, the interception in Councilman took place before the file reached the user's mailbox,301 so the two cases can be reconciled by assuming that e-mail transmission ends at the user's mailbox, not when the user opens the e-mail.302
6. Identity Theft
Section 1028 of Title 18 prohibits the knowing transfer, possession, or use of a means of identification, such as names, social security numbers, and dates of birth, to commit a crime.303 It prohibits the production,304 transfer,305 or possession, hi certain circumstances,306 of false307 or illegally issued identification documents.308 It further prohibits production, transfer, or possession of a "document-making implement,"309 specifically including computers, with the intent to use it in the production of a false identification document.310 The term "transfer" includes making either false identification documents or the software or data used to make them available online.311
a. Penalties
Illegal possession, transfer, or use of a means of identification, possession of five or more stolen or false identification cards with intent to transfer, use of at least one stolen or false identification card to aid an illegal activity, or production, transfer or use of less than five stolen or false identification cards results in a fine, a maximum sentence of five years imprisonment, or both.312 Illegal possession, transfer, or use of a means of identification that makes more than $1,000 in a year, or transfer or production of a false identification document or document-making implement, are punished by a fine, not more than fifteen years imprisonment, or both.313 Up to twenty years imprisonment is prescribed for these crimes for recidivists, if the crime is intended to aid drug trafficking, or is committed in connection with a violent crime.314 There is a maximum sentence of thirty years if the crime is committed to "facilitate an act... terrorism."315
The Guidelines ordinarily apply a baseline of six with upward departures based on the size of the monetary loss.316 Where the primary purpose of the offense is to violate, or assist in violating, immigration laws, different sections apply.317 Furthermore, where the established schedule does not fully capture the harmfulness and seriousness of the conduct, an upward departure beyond that which the Guidelines recommend is permissible.318
7. Wire Fraud Statute
The federal wire fraud statute319 prohibits the use of interstate wire communications to further a fraudulent scheme to obtain money or property.320 Several cases have held that the wire fraud statute applies to computer crimes.321 District courts have taken divergent positions as to whether the wire fraud statute reaches copyright infringement.322 Congress later amended the Copyright Act to address this issue.323
Penalties for violation of the wire fraud statute can be severe. Violations of the wire fraud statute are punishable by fines, imprisonment of up to twenty years, or both.324 If the violation affects a financial institution, the punishment is a fine of not more than $1,000,000, imprisonment of not more than thirty years, or both.325 Violation of the wire fraud statute is also a predicate offense for RICO and money-laundering charges.326
Defendants convicted of wire fraud are subject to punishment for deprivation of the intangible right to the honest services of government officials.327 The base offense level is ten, and is increased if the loss to the government or the value gained by a public official exceeds $5,000.328 If the offense involves an elected official or one holding a decision-making or sensitive position, the offense level increases by eight.329 Otherwise, the base offense level is six and increases according to the table in that provision if the gain or loss exceeds $5,000.330
C. Enforcement
Computer crimes are notoriously difficult to prosecute due to both the nature of the technology itself and the relative unfamiliarity of law enforcement with the technology. For example, people may encrypt data so that even if law enforcement seizes or intercepts the data, they will be unable to understand its contents or use it as evidence. The nature of the Internet allows people to engage in criminal conduct online with virtual anonymity.331 With respect to computer crimes such as hacking, a victim may never realize that anyone attacked her. Further impeding law enforcement, many private and commercial entities that do detect an intrusion are afraid to report offenses due to the potential for negative publicity.332
The FBI and DOJ have created numerous programs and deployed new technologies to aid in the investigation and prosecution of computer crime. In 1998 the FBI launched a new division, the Cyber Division, dedicated to investigating computer crimes.333 The Cyber Division is designed to act as a central coordinator for the FBI divisions that address computer crimes.334 Specifically, the Cyber Division is responsible for criminal investigations of intellectual property, high-tech, and computer crimes.335 The Cyber Division also has jurisdiction over investigations of online child pornography through the Innocent Images National Initiative ("IINI").336 Between fiscal years 1996 and 2006 the IINI opened 17,691 cases, resulting in 5,840 convictions.337 The FBI also investigates computer crimes through its Internet Crime Complaint Center ("IC3").338 which acts as an intermediary between law enforcement agencies and victims of computer fraud. In 2006, the IC3 received 207,492 complaints of Internet-based fraud and other crimes, referring 86,279 of these for investigation.339
DOJ's efforts to combat computer crime are centralized in its Computer Crime and Intellectual Property Section ("CCIPS").340 The CCIPS is responsible for prosecuting computer crimes, lobbying for strengthened penalties, and pushing for expanded coverage of the federal computer crime statutes.341
In March of 2004, the DOJ launched the Task Force on Intellectual Property to signal a renewed emphasis on combating intellectual property crime.342 This became part of the Bush Administration's multi-agency Strategy Targeting Organized Piracy ("STOP") initiative involving the Department of Commerce, Department of Homeland Security, and the Office of the United States Trade Representative.343 The Task Force has called for an expansion of the Computer Hacking and Intellectual Property ("CHIP") program.344 CHIP units within U.S. Attorney's offices work closely with the FBI and other agencies to establish relationships with the high-tech community and encourage them to refer cases to law enforcement.345 In addition to investigating and prosecuting computer crimes, CHIP provides specialized training for law enforcement and businesses on preventing, detecting, and investigating breaches in cyber security.346
DOJ has also stepped up its enforcement of child pornography. Through its Child Exploitation and Obscenity Section ("CEOS"), DOJ provides training and assistance to law enforcement officers throughout the country.347 In August 2002, DOJ formed the High Tech Investigative Unit ("HTIU") within CEOS.348 The HTlU is a multi-agency computer forensic and investigatory unit targeting child pornography and offenses against children that occur or are facilitated by the Internet. Prosecution of child pornographers appears to be increasing, despite the constitutional challenges to the various Federal Child Pornography statutes.349
Given the global nature of Internet-related crimes, CCIPS and CEOS must work with many other countries to achieve effective prosecution of cases involving organized Internet piracy and Internet-related child exploitation.350 Even so, the proliferation of computer bulletin boards, peer-to-peer networking, and other online services has created an ongoing qualitative and quantitative challenge.351
IV. STATE APPROACHES
A. Overview of State Criminal Codes
In 1978, state legislatures began enacting computer crime statutes, beginning with Arizona352 and Florida.353 Since then, every state has enacted some form of computer-specific criminal legislation.354 Approximately half of the states modeled their statutes on the 1977 or 1979 versions of the proposed Federal Computer Systems Protection Act,355 while the remainder enacted comprehensive computerassisted crime statutes less closely related to the proposed federal legislation.356 The precise definitions and penalties in these specialized provisions offer significant advantages over general criminal codes by explicitly addressing the unique issues posed by computer crimes, thereby promoting computer security, enhancing deterrence, and facilitating prosecution.357
Like the federal statutes, many of the state statutes divide computer crimes into the same three categories: "crimes where a computer is the target, crimes where a computer is a tool of the crime, and crimes where a computer is incidental."358
Reforms in state computer crime statutes have included provisions expanding forfeiture of computer equipment used in crimes, allowing state authorities to seize property involved in computer crimes.359 Some states have begun to respond to the growing concerns of online harassment by criminalizing online threats by including electronic communications under "unconsented contact" in anti-stalking statutes,360 and incorporating computers and electronic communications devices into general telephone harassment statutes.361 Other state statutes specifically address the problem of offenders whose target victims are minors.362 These statutes, however, may face significant constitutional challenges on First Amendment grounds.363
One particularly widespread initiative among the states is the effort to thwart spam. Thirty-nine states have enacted anti-spam laws regulating the use of Internet communications to send unsolicited advertisements for the purpose of promoting real property, goods, or services for sale or lease.364
Other states have recognized that prevention may be less difficult than apprehending and prosecuting computer criminals. For instance, Nebraska's computer crime statute empowers potential victims to implement their own security measures.365 Several states have enacted statutes that provide a civil cause of action for compensatory damages,366 thereby encouraging victims of computer crimes to come forward.
In order to prevent the proliferation of "spyware," a type of software usually unknowingly installed that collects a computer user's private information or displays unsolicited advertisements to the user, many states have enacted "anti-spyware" laws, often with criminal penalties.367 However, spyware companies are rarely, if ever, criminally prosecuted.368
In the absence of federal legislation, 23 states369 have passed legislation protecting private personal information and setting requirements for the use and storage of such data.370 Most of these statutes closely follow the provisions of the landmark statute passed by California in 2002.371
B. Jurisdiction
A significant challenge to state officials in prosecuting computer crimes is one of jurisdiction.372 Jurisdictional problems arise for state prosecutors when the acts are committed out of state373 because the jurisdictional rules of criminal law require the prosecutor to prove that the defendant intended to cause harm within his state.374 As a result, many states have broadened their jurisdictional rules to address the new concerns that arise from the global nature of the Internet.375 Wisconsin's criminal statute permits jurisdiction even when no result occurs in the state.376 Alabama, California, and South Dakota have statutes providing for jurisdiction where an offense begins outside the state and "consummates" within the state.377
C. Enforcement
Prosecution of computer crimes under state law has been increasing.378 In 2001, 42 percent of prosecutors' offices reported prosecuting either felony or misdemeanor computer-related crimes under their state's computer statutes.379 In addition, 97 percent of offices serving populations of one million or more reported conducting such prosecutions.380 While the prosecution of child pornography was the most popular charge, state prosecutors have also charged computer crimes ranging from credit card fraud, to unauthorized access to computers, to cyber stalking.381
IV. INTERNATIONAL APPROACHES
Developing an international paradigm for addressing computer crime is difficult, given the global nature of the technology. This Section covers issues in international computer crime law and addresses solutions to these problems, as well as areas of convergence and cooperation among nations, international organizations, and private corporations.
A. Issues
All nations continue to struggle to define computer crimes and develop computer crime legislation applicable to both domestic and international audiences.382 Purely domestic solutions are inadequate because Cyberspace has no geographic or political boundaries383and many computer systems can be easily and surreptitiously accessed from anywhere in the world.384 International financial institutions are common targets for computer fraud and embezzlement schemes.385 In addition, the development of sophisticated computer technology has enabled organized crime and terrorist groups to bypass government detection and carry out destructive acts of violence.386 Even when computer-specific criminal statutes are in place, however, the rules of evidence in several industrialized countries could continue hinder prosecutions until they adapt them to computer crimes.387
Countries that restrict their political discourse face the problem that the Internet provides a source of "illegal" information that is difficult to regulate.388 Moreover, what constitutes "acceptable" speech in the various countries on the information super-highway differs greatly. In Germany and France, the dissemination of Nazi propaganda and paraphernalia is illegal.389 Such material, however, is easily accessible via the Web. Countries observing strict Islamic law have similar problems.390
Solutions to freedom of expression issues on the Internet have varied widely. France and Germany initially tried to target ISPs.391 Germany has since decided not to hold ISPs "liable for content they merely transmit."392 China, on the other hand, has implemented regulations that criminalize the "distribution or consumption via the Internet of... 'harmful information.'"393 Cuba has addressed the problem by limiting internet access, allowing only 200 of its some eleven million citizens to have access.394
Intellectual property crimes are also a serious problem in the international arena. International software piracy remains endemic.395 Software piracy remains at around 35% worldwide.396 In practical terms, this means that approximately 35% of all business software applications existing on PCs around the world continue to be unpaid-for, illegal copies.
B. Solutions
While "computer crime" remains loosely defined, most industrialized countries have amended their law to address four needs created by computer crimes: (i) protection of privacy; (ii) prosecution of economic crimes; (iii) protection of intellectual property;397 and (iv) procedural provisions to aid in the prosecution of computer crimes.398 Worldwide, national governments are adopting computerspecific criminal codes that address unauthorized access and manipulation of data similar to the CFAA.399
While a number of differences remain, there are significant areas of convergence in nations' legislation.400 By defining specific new offenses and penalties, these codes avoid analytical difficulties that arise when general criminal laws are applied to computer crimes. There have also been two significant steps towards achieving a uniform transnational legal framework for addressing multinational computer-related crimes. First, thirty-nine countries have signed the Council of Europe's Treaty on Cybercrime.401 The Treaty requires parties to: (i) establish substantive laws against cybercrime; (ii) ensure that their law enforcement officials have the necessary procedural authorities to investigate and prosecute cybercrime effectively; and (iii) provide international cooperation to other parties in the fight against computer-related crime.402 While the United States has already signed the treaty, the Senate still must ratify the treaty in order to give it effect in the United States.403
Second, the United States participates in the Subgroup on High-Tech Crime at G-8's Lyon Group.404 One accomplishment of the Subgroup is the development of a network that lets law enforcement authorities of member nations contact each other for rapid assistance in investigating computer crime and preserving electronic evidence.405
In addition to increased multinational governmental cooperation, international organizations and private corporations are also working to combat international computer crimes by contributing to the drive to harmonize national legislation.406 For example, the Business Software Alliance, a software industry trade group, has an international copyright enforcement program involving national software trade associations and law enforcement agencies.407 Nonetheless, international efforts have been mixed.
JOSEPH AUDAL
QUINCY LU
PETER ROMAN
1. NAT'L INST. OF JUST., DOJ, COMPUTER CRIME: CRIMINAL JUSTICE RESOURCE MANUAL 2 (1989) [hereinafter DOJ COMPUTER CRIME MANUAL]; see BLACK'S LAW DICTIONARY (8th ed. 2004), crime (defining computer crime as "[a] crime involving the use of a computer"); Jo-Ann M. Adams, Comment, Controlling Cyberspace: Applying the Computer Fraud and Abuse Act to the Internet, 12 SANTA CLARA COMPUTER & HIGH TECH. LJ. 403, 409 (1996) (denning computer crime as "those crimes where knowledge of a computer system is essential to commit the crime").
2. See, e.g., United States v. Saxena, 229 F.3d 1, 4 (1st Gr. 2000) (finding Internet distribution of financial information constituted fraud against investors); eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058, 1065-67 (N.D. Cal. 2000) (analyzing traditional trespass claim brought as a result of actions occurring on the Internet); see also infra Part III.B.1 (discussing Internet distribution of child pornography); infra Part III.B.4 (discussing copyright infringement).
3. Reno v. ACLU, 521 U.S. 844, 849, 852-53 (1997) (characterizing the Internet as "an international network of interconnected computers... [with] content... as diverse as human thought... comparable... to both a vast library including millions of readily available and indexed publications and a sprawling mall offering goods and services.").
4. See Neal Kumar Katyal, Criminal Law in Cyberspace, 149 U. PA. L. REV. 1003, 1013 (2001) (describing different types of computer crimes with no real-world analogue); Eric J. Sinrod & William P. Reilly, CyberCrimes: A Practical Approach to the Application of Federal Computer Crime Laws, 16 SANTA CLARA COMPUTER & HIGH TECH. LJ. 177, 181-87 (2000) (discussing "hacking," which involves unauthorized access to computer files, programs, or websites).
5. See Stephen P. Heymann, Legislating Computer Crime, 34 HARV. J. ON LEOIS. 373, 373-91 (1997) (analyzing technological advances that require new criminal legislation).
6. See Joseph M. Olivenbaum, Ctrl-Alt-Delete: Rethinking Federal Computer Crime Legislation, 27 SETON HALL L. REV. 574, 575 n.4 (1997) (arguing there exists a "protean difficulty [in] defining a computer crime"). Compare Int'l Ass'n of Machinists & Aerospace Workers v. Wemer-Masuda, 390 F. Supp. 2d 479,499 (D. Md. 2005) (noting that 18 U.S.C. § 2701 is directed against unauthorized users gaining access to protected computers rather than against authorized users gaining access for larcenous acts), with Int'l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 420 (7th Cir. 2006) ("[18 U.S.C. § 1030] is concerned with... attacks by virus and worm writers ... from the outside, and attacks by disgruntled programmers.").
7. See Marc S. Friedman & Kristin Bissinger, "Infojacking ": Crimes on the Information Super Highway, 5 J. PROPRIETARY RTS. 2, 2 (1997); see also Olivenbaum, supra note 6, at 575 n.4 (arguing that victim reluctance to report computer crimes make statistics suspect); Bradley Graham, Lack of Disclosure Impedes Development of Safeguards, WASH. POST, Feb. 28,1998, at A6.
8. See Olivenbaum, supra note 6, at 575 n.4 (arguing dual system of prosecution renders statistics suspect).
9. U.S. GEN. ACCOUNTINO OFHCE, INFORMATION secURITY: COMPUTER ATTACKS AT DEPARTMENT OF DEFENSE POSE INCREASING RISKS, GAO/AIMD 96-84, 3 (1996) (revealing the Defense Information Systems Agency intentionally "attacked" 38,000 DOD computers to test security and of the 24,700 penetrations only 4% were detected, and only 27% of those were reported).
10. Hedda Litwin, DOJ Launches Survey of Cyber Crime Stats, CYBER CRIME NEWSL., March-April 2006, at 19, http://www.naag.org/assets/files/pdf/2006-mar-apr-cyber.pdfflast visited Jan. 22, 2008).
11. See DOJ COMPUTER CRIME MANUAL, supra note 1.
12. See id.
13. See, e.g., Commonwealth v. Sullivan, 768 N.E.2d 529, 532 (Mass. 2002) (affirming several convictions including burglary conviction for theft of computers); State v. Geer, 799 So. 2d 698 (La. Q. App. 2001) (upholding sentencing of a man who pled guilty to state burglary charges for stealing a computer and other items).
14. See, e.g., United States v. Coviello, 225 F.3d 54,62 (1st Cir. 2000) (stating where defendant is convicted for conspiracy to transport stolen computer disks in interstate commerce, a sentence enhancement is warranted based on the value of the intellectual property located on the disks).
15. See DOJ COMPUTER CRIME MANUAL, supra note 1, at 2.
16. See Reid Skibell, Cybercrimes & Misdemeanors: A Reevaluation of the Computer Fraud and Abuse Act, 18 BERKELEY TECH. LJ. 909,919-921 (2003).
17. See Julie Tamaki, Famed Hacker Is Indicted by U.S. Grand Jury, L.A. TIMES, Sept. 27, 1996, at B1 (stating notorious hacker became an "anti-authority hero in the world of renegade hackers" when he caused millions of dollars in damage); see also Sinrod & Reilly, supra note 4, at 183-85 (discussing motives of hackers, such as sending a political message, being a disaffected employee, or thrill-seeking).
18. See Bob Drogin, U.S. Scurries to Erect Cyber-Defenses security: As Threat Rises, Government Task Force Prepares for Internet Combat, L.A. TIMES, Oct. 31,1999, at Al (mentioning that most computer crimes pending at the FBI involve disgruntled employees who sabotage computers for revenge); Donna Howell, Network security Hackers, Security Firms Wage Code War, INV.'s Bus. DAILY, May 2, 2000, at AS (discussing how a bank's computer network was secure from external hackers, but that an employee had launched an attack against the bank's computers from inside the system).
19. Leef Smith, Web Marauder Pleads Guilty; U.S. Government Sites Were Among Targets of 'Zyklon,' 'WASH. POST, Sept. 8, 1999, at B2.
20. See. e.g., Boucher v. Sch. Bd. of the Sch. Dist. of Greenfield, 134 F.3d 821, 825-29 (7th Cir. 1998) (allowing student to be expelled after he wrote an article about how to hack into the school's computer which was published in an underground newspaper); Thrifty-Tel, Inc. v. Bezenek, 54 CaI. Rptr. 2d 468,476-77 (CaI. Ct. App. 19%) (allowing parents to be held civilly liable for charges when their sons hacked the phone company's authorization and access codes).
21. See e.g., Cassell Bryan-Low, Virus for Hire: Growing Number Of Hackers Attack Web Sites for Cash-Entrepreneur Asked a Team To Mastermind Strikes Against Rivals, U.S. Says-WeaKnees on Its Knees, WALL ST. J., Nov. 30, 2004, at A1 (describing the indictment of a businessman who paid someone to launch a virus attack against WeaKnees over a proposed business deal); see also. Bob Sullivan, Consumers Still Falling for Phish: FTC, DOJ Announce Prosecution of Teen-ager, MSNBC (Mar. 22, 2004) (discussing case of 19-year-old college student who pleaded guilty to stealing identities by using a "phishing" scam), available at http:// www.msnbc.msn.com/id/4580909 Oast visited Jan. 22, 2008).
22. See Matthew B. Prince, After CAN-SPAM, How States Can Stay Relevant in the Fight Against Unwanted Messages: How a Children 's Protection Registry Can be Effective, and is Not Preempted, Under the New Federal Anti-Spam Law, 22 J. MARSHALL J. COMPUTER & INFO. L. 29, 45 (2003).
23. S. REP. No. 108-102, at 2 (2003).
24. Id. at 6; see Thomas Claburn, Spam Costs Billions, INFO. WK., Feb. 3, 2005, http://www. informationweek.com/story/showArticle.jhtml?articleID=59300834 (last visited Jan. 22, 2008) (reporting a study found that spam costs U.S. companies $21.58 billion annually in lost productivity).
25. Katyal, supra note 4, at 1023.
26. Id. at 1024.
27. Id. at 1024 n.57.
28. Id. at 1024.
29. Id. at 1026.
30. Katyal, supra note 4, at 1026.
31. Id.
32. Id. at 1025.
33. Id. See generally Robbin Rahman, Comment, Electronic Self-Help Repossession and You: A Computer Software Vendor's Guide to Staying Out of Jail, 48 EMORY L.J. 1477 (1999) (suggesting ways that software vendors can restrict their use of logic bombs to avoid legal difficulties).
34. Geoffrey A. North, Carnivore in Cyberspace: Extending the Electronic Communications Privacy Act's Framework to Carnivore Surveillance, 28 RUTOERS COMPUTER & TECH. L.J. 155, 163 (2002).
35. Rutrell Yasin, Sniffers Overhauled For E-Biz, INTERNET WK., May 5,2000, at 1.
36. Troy Denkinger, The Basics of Sniffing, the Sysadmin's Eye Inside the Network, CHI. TRIB., Apr. 6, 2000, at 1.
37. Id.
38. Katyal, supra note 4, at 1027.
39. Id. at 1026.
40. Id.
41. Id. at 1027.
42. Id. at 1026.
43. See Intel Coip. v. Hamidi, 71 P.3d 2%, 305 n.4 (Cal. 2003) (citing eBay, Inc. v. Bidder's Edge, Inc. 100 F. Supp. 2d 1058, 1060-1061 (N.D. Cal. 2000)), Laura Quilter, The Continuing Expansion of Cyberspace Trespass to Chattels, 17 BERKELEY TECH. LJ. 421, 423-424 (2002); Maureen A. O'Rourke, Property Rights and Competition on the Internet: In Search of an Appropriate Analogy, 16 BERKELEY TECH. L.J. 561, 570-571 (2001 ).
44. See generally EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001).
45. DOJ COMPUTER CRIME MANUAL, supra note 1, at 2.
46. See, e.g., United States v. Prochner, 417 F.3d 54,57 (1st Cir. 2005) (affirming conviction of defendant who obtained credit card numbers by hacking into secure websites and computer networks).
47. See, e.g., United States v. Brown, 237 F.3d 625, 628-29 (6th Cir. 2001) (upholding enhanced sentence because of computer use in violating non-computer-dependent child pornography statute).
48. See, e.g., United States v. Manzer, 69 F.3d 222,227 (8th Cir. 1995) (finding satellite descrambler program that was "more than seventy-percent similar to the copyrighted software" violated federal copyright statute).
49. See, e.g., United States v. Pirello, 255 F.3d 728, 729 (9th Cir. 2001) (affirming sentence for violation of federal wire fraud statute where defendant posted a fraudulent solicitation for money on a classified-ads website).
50. See discussion infra Part III.B. 1.
51. U.S. CONST amend. I.
52. See, e.g., Simon & Schuster, Inc. v. Members of N.Y. State Crime Victims Bd., 502 U.S. 105, 118 (1991) ("[T]he fact that society may find speech offensive is not a sufficient reason for suppressing it.").
53. See Brandenburg v. Ohio, 395 U.S. 444, 447 (1969) ("[T]he constitutional guarantees of free speech and free press do not permit a State to forbid or proscribe advocacy of the use of force or of law violation.").
54. See Chaplinsky v. New Hampshire, 315 U.S. 568, 574 (1942) (stating that the government may punish a limited class of speech "likely to provoke the average person to retaliation, and thereby cause a breach of the peace"). But see COMPUTER CRIME & INTELL. PROP. SEC., DOJ, LEGAL ASPECTS OF GOVERNMENT-SPONSORED PROHIBITIONS AGAINST RACIST PROPAGANDA ON THE INTERNET: THE U.S. PERSPECTIVE, PRESENTED IN GENEVA, SWITZERLAND AT HATE SPEECH AND THE INTERNET (1997) [hereinafter HATE SPEECH] http://www.usdoj.gov/criminal/ cybercrime/racismun.htm (last visited Jan. 22,2008) (explaining that words on the Internet are unlikely to breach the peace because of the lack of immediate proximity).
55. See Watts v. United States, 394 U.S. 705, 707-08 (1969) (holding that threats that imply action at an uncertain and future remote time are not true threats and therefore are protected under the First Amendment).
56. See HATE SPEECH, supra note 54 (stating that threats of harm receive no First Amendment protection and threatening e-mails or statements via Internet could in many cases be punished); but see United States v. Baker, 890 F. Supp. 1375 (E.D. Mich. 1995) (granting defendant's motion to quash indictment against him for statements he made over the Internet because they were not true threats).
57. See HATE SPEECH, supra note 54 (explaining that harassing speech must do more than simply anger or distress to lose constitutional protection).
58. See id. ("U.S. law does not recognize the notion of 'harassment' directed at a general class of persons.").
59. See infra Part III.B. 1 (describing the constitutional challenges to federal child pornography statutes).
60. U.S. CONST, amend. IV ("The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.").
61. United States v. Jacobsen, 466 U.S. 109 (1984).
62. United States v. Upham, 168 F.3d 532 (1st Cir. 1999) (upholding a search warrant authorizing the seizure, of "[a]ny and all computer software and hardware,... computer disks, disk drives" and "[a]ny and all visual depictions, in any format or media, of minors engaging in sexually explicit conduct [as defined by the statute]"); United States v. Sawyer, 799 F.2d 1494 (11th Cir. 1986) (same).
63. Upham, 168F.3d535.
64. Sawyer, 799 F.2d at 1508 (holding that in cases involving a "pervasive scheme to defraud, all the business records of the enterprise may properly be seized"); see also United States v. Grimmett, 439 F.3d 1263, 1270-71 (10th Cir. 2006) (holding that a search warrant authorizing the seizure of "computer equipment" was not overbroad because it contained "sufficiently particularized language requiring a nexus with child pornography"); United States v. Hall, 142 F.3d 988,995-97 (7th Cir. 1998) (same).
65. Compare Upham, 168 F.3d at 532 (upholding warrant allowing seizure of computer equipment because it is "no easy task to search a well-laden hard drive" on the premises), with United States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999) (invalidating the seizure of child pornography off the defendant's computer, when the search warrant only authorized search for "documentary evidence pertaining to the sale and distribution of controlled substances").
66. See United States v. Gray, 78 F. Supp. 2d 524, 529 (E.D. Va. 1999) ("[The] Agent [] was not required to accept as accurate any file name or suffix and limit his search accordingly."); United States v. Sissler, No. 1:90-CR-12,1991 WL 239000, at *4 (W.D. Mich. Aug. 30,1991) (same).
67. See, e.g., United States v. Ponce, 51 F3d 820 (9th Cir. 1995) (affirming admission of printout made from computer disk seized in search because disk from which printout was made contained drug ledger and was found at defendant's home).
68. See United States v. Hall, 142 F.3d 988, 994-95 (7th Cir. 1998) (upholding a warrant allowing officers to seize defendant's computer from a computer repair shop); United States v. Gawrysiak, 972 F. Supp. 853, 866 (D.N.J. 1997) (approving seizure of computer files for off-site search because the Fourth Amendment "does not require the agent to spend days at the site viewing the computer screens"); see also Sissler, 1991 WL 239000, at *3-4 (same).
69. See United States v. Mussen, 650 F. Supp. 525, 532 (D. Colo. 1986) ("[I]n the age of modern technology ... the warrant could not be expected to describe... the precise form the records would take." (quoting United States v. Reyes, 798 F.2d 380,383 (10th Cir. 1986))).
70. See Sissler, 1991 WL 239000, at *5 n.7 (declining to uphold seizure of printer on grounds of practicality because they contain no internal memory and can be used with a variety of computers).
71. Compare State v. Lehman, 736 A.2d 256,261 (Me. 1999), with Burnett v. State, 848 So. 2d 1170, 1173-74 (Fla. Dist. Ct. App. 2003).
72. See Smith v. Maryland, 442 U.S. 735 (1979).
73. Id.
74. See COMPUTER CRIME & INTELL. PROP. SECT., DOJ, FIELD GUIDANCE ON NEW AUTHORITIES THAT RELATE TO COMPUTER CRIME AND ELECTRONIC EVIDENCE ENACTED IN THE USA PATRIOT ACT OF 2001, http://www.usdoj.gov/ criminal/cybercrime/PatriotAct.htm (last visited Jan. 22, 2008).
75. United States v. Forrester, 495 F.3d 1041,1049 (9th Cir. 2007).
76. See United States v. Hambrick, No. 99-4793,2000 WL1062039, at *4 (4th Cir. Aug. 3,2000) (holding that the defendant did not have reasonable expectation of privacy in information provided to his ISP, including his IP address, name, and billing address); see also United States v. Kennedy, 81 F. Supp. 2d 1103, 1110 (D. Kan. 2000).
77. See generally Steven A. Osher, Privacy, Computers and the Patriot Act: The Fourth Amendment Isn't Dead, but No One Will Insure It, 54 FLA. L. REV. 521 (2002).
78. See id. at 539-40 (claiming that skeptics believe the FBI is acquiring more information when it uses its Internet surveillance software, "Carnivore," than it should be entitled to under the Constitution).
79. See United States v. Scarfo, 180 F. Supp. 2d 572, 581 (D.N.J. 2001) (holding that the use of a keystroke logger did not violate the defendant's Fourth Amendment rights); Ted Bridis, FBI Develops Eavesdropping Tools, AP ONLINE, Nov. 22, 2001.
80. See United States v. Lamb, 945 F. Supp. 441 (N.D.N.Y. 1996).
81. Id. at 459.
82. United States v. Lacy, 119 F.3d 742 (9th Cir. 1997) ("[T]he nature of the crime, as set forth in this affidavit, provided 'good reason[ ]' to believe the computerized visual depictions ... would be present... ten months later."); see also United States v. Irving, 452 F.3d 110 (2d Or. 2006).
83. See discussion infra Part III.B.S.b.
84. United States v. Mora, 821 F.2d 860,863 n.3 (1st Cir. 1987).
85. Pub. L. No. 96-440,94 Stat. 1879 (1980) (codified as 42 U.S.C. § 2000aa (200O)).
86. 42U.S.C. § 2000aa (a) (1), (b)(1).
87. § 2000aa; see DePugh v. Sutton, 917 F. Supp. 690,696-97 (W.D. Mo. 1996) (interpreting the unamended Privacy Protection Act as not protecting materials used in dissemination of child pornography).
88. See U.S. SENTENONO COMM'N, COMPUTER FRAUD WORKING GROUP, REPORT SUMMARY OF FINDINGS, 3 (1993).
89. Compare United States v. Farraj, 142 F. Supp. 2d 484 (S.D.N.Y. 2001) (upholding application of NSPA, 18 U.S.C. § 2314, to the email transfer of stolen electronic data) and United States v. Kwan, No. 02 CR. 241(DAB), 2003 WL 21180401, at *3 (S.D.N.Y. May 20, 2003) (approving of Farraj), with United States v. Wang, 898 F. Supp. 758, 760 (D. Colo. 1995) (holding that a computer program does not qualify as "goods, wares, merchandise, securities or money" for purposes of NSPA) and United States v. LaMacchia, 871 F. Supp. 535, 536-38 (D. Mass. 1994) (finding use of a computer bulletin board to copy copyrighted software does not involve "physical taking" and thus cannot be prosecuted under NSPA).
90. See, e.g., United States v. Brown, 237 F.3d 625,628-29 (6th Cir. 2001) (upholding increased sentence due to computer use in violating child pornography statute).
91. See, e.g., AOL v. Nat'1 Health Care Disc., Inc., 174 F. Supp. 2d 890, 898-99 (N.D. Iowa 2002) (holding defendant liable under statute for damage caused by unsolicited bulk e-mail); eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058, 1069 (N.D. Cal. 2000) (considering whether violation of statute created potential for irreparable harm warranting issuance of a preliminary injunction).
92. See generally U.S. SENTENCING GUIDELINES MANUAL (2007) [hereinafter U.S.S.G. MANUAL]. In 2005, the U.S. Supreme Court severed the provision that made the Guidelines mandatory, rendering them "effectively advisory." See United States v. Booker, 543 U.S. 220,245 (2005); see also Kimbrough v. United States, 2007 WL 4292040, at *10, (U.S. Dec. 10, 2007) ("[W]hile [the federal sentencing statute] still requires a court to give respectful consideration to the Guidelines, see Gall v. United States, 2007 WL 4292116 (U.S. Dec. 10, 2007), Booker 'permits the court to tailor the sentence in light of other statutory concerns as well.' Booker, 543 U.S. at 245-46.").
93. OFFICE OF LEGAL EDUC., DOJ, PROSECUTING COMPUTER CRIMES, at 109 (2006).
94. United States v. Petersen, 98 F.3d 502,506-07 (9th Cir. 1996) (finding defendant's computer programming was a "special skill" and thus permitting enhancement under the Guidelines where defendant did not possess formal computer training but demonstrated knowledge of computers not shared by the general public). But see United States v. Lee, 296 F.3d 792, 796-99 (9th Cir. 2002) (holding that developing a basic website does not require "special skills" as established in Petersen); United States v. Godman, 223 F.3d 320, 323 (6th Cir. 2000) (holding defendant's computer skills were not "particularly sophisticated" as required in Petersen, and therefore finding upward departure to be unwarranted).
95. Pub. L. No. 98-473, Title II, Chapter XXI, § 2102(a), 98 StaL 1837,2190; see also H.R. REP. No. 98-894, at 9 (1984) (discussing legislative history of Pub. L. No. 98-473 and the need for computer specific criminal laws).
96. Computer Fraud and Abuse Act of 1986, Pub. L. No. 99-474, § 2, 100 Stat. 1213; Pub. L. No. 100-690, Title VII, § 7065, 102 Stat. 4404 (1988); USA Patriot Act of 2001, Pub. L. No. 107-56, § 814, 115 Stat. 272, 382-84; Cyber Security Enhancement Act of 2002, Pub. L. No. 107-296, | 225, 116 Stat. 2135, 2156; 21st Century Department of Justice Appropriations Authorization Act, Pub. L. No. 107-273,116 Stat. 1758 (2002).
97. § 1030; see Jo-Ann M. Adams, Comment, Controlling Cyberspace: Applying the Computer Fraud and Abuse Act to the Internet, 12 SANTA CLARA COMPUTER & HIGH TECH. LJ. 403,424 (1996) (highlighting changes made by 1988,1989, and 1990 amendments).
98. For example, in 2005 and 2006, the 109th Congress considered (without resolution) several amendments to Title 18 including H.R. 5318, which would add specific provisions to § 1030 regarding remote access, remove some cyber-crime stipulations regarding foreign contact, and mandate increased interagency cooperation and § 1789, the Personal Data Privacy and Security Act of 2005, which would specify the criminal penalties under § 1039.
99. 521 U.S. 844 (1997).
100. Id. at 870-72.
101. Id. at 878-84.
102. Id. at 868-69.
103. See id. at 880.
104. Id. at 870.
105. See id. at 872-73.
106. 47U.S.C. §231.
107. ACLU v. Gonzales, 478 F. Supp. 2d 775 (E.D. Pa. 2007).
108. Telecommunications Act of 1996, Pub. L. No. 104-104, TiUe V, §§ 501-561, 110 Stat 56, 133-43 (codified at 18 U.S.C. §§ 1462,1465,2422 (1996) and as scattered sections of 47 U.S.C.).
109. 47 U.S.C. § 223(a)(l)(B).
110. §223(d).
111. §223(a)(1)(B).
112. Reno, 521 U.S. 844.
113. See id. at 863-64 (affirming district court finding that the statute "sweeps more broadly than necessary and thereby chills the expression of adults").
114. See id. at 864-66 (distinguishing § 223(d) from similar, constitutionally permissible enactments because it did not require that patently offensive material lack serious literary, artistic, political, or scientific value (citing Ginsberg v. New York, 390 U.S. 629 (1968) (banning certain magazine sales to persons under age seventeen even though magazines were not necessarily obscene to adults))).
115. Id. (holding that the CDA violated the First Amendment because it: (a) chilled free speech; (b) criminalized legitimate protected speech; (c) must be narrowly tailored since it regulated a fundamental freedom; (d) regulated the content of speech so time, place, and manner analysis was inapplicable; and (e) was unconstitutionally overbroad).
116. See id. at 872-73 (citing Miller v. California, 413 U.S. 15, 18 (1973) (permitting states to ban obscene speech in order to ensure general welfare of their citizens)).
117. 47 U.S.C. § 223(a).
118. U.S.S.G. MANUAL § 2G3.1(b)(l)(C) (2007).
119. Id. §2G3.1(b)(1)(E).
120. Id. § 2G3.1(b)(1)(A).
121. Id. § 2G3.1(b)(4).
122. Pub. L. No. 104-208, tit. I, § 121, 110 Stat. 3009, 3009-26 (19%) (amending 18 U.S.C. §§ 2241, 2243, 2251, 2252, 2256, 42 U.S.C. § 2000aa, and adding 18 U.S.C. § 2252A).
123. §§ 2252A, 2256 (2006).
124. See § 2256(S)(B).
125. See Ashcroft v. Free Speech Coalition, 535 U.S. 234 (2002) (holding that § 2256(S)(B), (D) were overbroad because there was no compelling governmental interest in prohibiting speech that is not obscene or child pornography).
126. Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act of 2003, Pub. L. 108-21, 117 Stat 650.
127. See id. § 503,117 Stat. at 680 (codified at 18 U.S.C. § 2252A(a)(3)(B)).
128. United States v. Rodriguez-Pacheco, 475 F.3d 434, 436 (1st Cir. 2007); United States v. Williams, 444 F.3d 1286 (11th Cir. 2006); United States v. Williamson, 439 F.3d 1125, 1126 (9th Cir. 2006); United States v. Wollet, 164 Fed. Appx. 672, 676 (10th Cir. 2006); United States v. Destio, 153 Fed. Appx. 888, 889 (3d Cir. 2005).
129. The Supreme Court's decisions in United States v. Lopez. 514 U.S. 549 (1995) (striking down the Gun-Free School Zones Act), and United States v. Morrison, 529 U.S. 598 (2000) (striking down the Violence Against Women Act), significantly curtailed the power of Congress to regulate activity that is purely intrastate and non-economic in nature.
130. See United States v. Robinson, 137 F.3d 652,656 (1st Cir. 1998); see also United States v. Corp, 236 F.3d 325, 332 (6th Cir. 2001) ("[J]urisdictional components of constitutional statutes are to be read as meaningful restrictions."). But see United States v. McCoy, 323 F.3d 1114,1125 (9th Cir. 2003) ("[T]he limiting jurisdiction,!] factor is almost useless here, since all but the most self-sufficient child pornographers will rely on film, cameras, or chemicals that traveled in interstate commerce.").
131. See Robinson, 137 F.3d at 656 ('The jurisdictional element in § 2252(a)(4)(B) requires an answer on a case-by-case basis.").
132. United States v. Riccardi, 405 F.3d 852 (10th Cir. 2005); United States v. Hampton, 260 F.3d 832 (8th Cir. 2001).
133. United States v. Kinder, 335 F.3d 1132 (10th Cir. 2003).
134. See Corp, 236 f.3d at 332 ("[W]e do not determine the aggregate effect on interstate commerce of the purely intrastate dealing in child pornography."); McCoy, 323 F.3d 1114.
135. 545 U.S. 1,24-33 (2005) (reconciling Lopez, 514 U.S. 549, and Morrison, 529 U.S. 598, with Wickard v. Filburn, 317 U.S. 111, 127-28 (1942) (permitting federal regulation of local activity if there is a "rational basis" for concluding that such activity in the aggregate can substantially affect interstate commerce)).
136. See United States v. Maxwell, 446 F.3d 1210 (11th Cir. 2006) (holding § 2252A(a) unconstitutional as applied to intrastate possession of child pornography); United States v. Forrest, 429 F.3d 73 (4th Cir. 2005) (same); United States v. Jeronimo-Bautista, 425 F.3d 1266 (10th Cir. 2005) (holding § 2251 (a) as unconstitutional for the same reasons).
137. 18 U.S.C.§ 2256(S)(A) (2000).
138. § 2256(8)(C).
139. 18 U.S.C. § 1030. This Article refers to § 1030 as "CFAA" when rfisntcdng its provisions generally, and as the "1996 Act" when distinguishing between the statute embodied in the 1996 amendments and its predecessors and successors.
140. See, e.g., Creative Computing v. Geuoaded.com LLC, 386 F.3d 930, 930 (9th Cir. 2004); AOL v. Nat'1 Health Care Disc., Inc., 174 F. Supp. 2d 890,898 (N.D. Iowa 2002).
141. § 1030(e)(2).
142. § 1030(a)(l).
143. See S. Rep. No. 99-432, at 6 (obtaining includes reading); AOL v. National Health Care Discount, Inc., 121 F. Supp. 2d 1255 (N.D. Iowa 2000) (same).
144. "Financial institution" is defined as: (A) an institution with deposits insured by the Federal Deposit Insurance Corporation; (B) the Federal Reserve or a member of the Federal Reserve including any Federal Reserve Bank; (C) a credit union with accounts insured by the National Credit Union Administration; (D) a member of the Federal home loan bank system and any home loan bank; (E) any institution of the Farm Credit System under the Farm Credit Act of 1971; (F) a broker-dealer registered with the securities and Exchange Commission pursuant to section IS of the Securities Exchange Act of 1934; (G) the securities Investor Protection Corporation; (H) a branch or agency of a foreign bank (as such terms are defined in paragraphs (1) and (3) of section 1 (b) of the International Banking Act of 1978); and (I) an organization operating under section 25 or section 25 (a) of the Federal Reserve Act. § 103<Xe)(4)(A)-(1).
145. § 1030(a002); see AOL v. LCGM, Inc., 46 F. Supp. 2d 444,450 (EX). Va. 1998) (finding that defendants' use of AOL membership to harvest e-mail addresses of other AOL members in order to send bulk e-mail advertisements ("spam"), in violation of AOUs terms of service, violated § 1030(a)(2)(C) by exceeding authorized access and obtaining information).
146. § 1030(a)(3).
147. Id.
148. § 1030(a)(4). There is an exception if the defendant only obtained computer time with a value of less than $5,000 per year. see id.
149. § 1030(a)(5)(AKi).
150. § 103(Xa)(S)(A)(U)-(Ui).
151. EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 582 n.10 (1st Cir. 2001); securelnfo Corp. v. TelosCorp., 387 F. Supp. 2d 593 (E.D. Va. 2005);seeOrin Kerr, Cybenrime'sScope: Interpreting "Access"and "Authorization" in Computer Misuse Statutes, 78 N.YU. L. REV. 1596, 1624-1642 (2003) (highlighting the courts' struggle with interpreting "access" and "authorization").
152. § 103(Xa)(S)(A)(U).
153. § 1030(a)(5)(A)(iii); see AOL v. LCGM, Inc., 46 F. Supp. 2d 444, 450-51 (E.D. Va. 1998) (finding defendants violated § 1030(a)(5)(C) of the 1996 Act by accessing computers within AOL's network without authorization and causing damage to its computer network, reputation, and goodwill).
154. See § 1030(c)(3)(A) (making a reckless violation a felony).
155. See § 1030(c)(2)(A) (making a negligent violation a misdemeanor).
156. § 1030(e)(8); see also In re AOL Version 5.0 Software Litig., 168 F. Supp. 2d 1359,1372-1374 (S.D. Fla. 2001) (analyzing the ambiguity of pre-USA Patriot Act assessment of damages under § 1030(a)(5)).
157. § 1030(a)(6).
158. Id.
159. § 1030(a)(7).
160. Id.
161. § 1030(d)(1).
162. § 1030(a)(1).
163. § 1030(d)(2); § 1030(a)(1).
164. § 1030(a)(1).
165. § 1030(a)5.
166. 18 U.S.C. § 2332b(g)(5)(B)(i).
167. § 1030(a)(4).
168. See United States v. Czubinski, 106 F.3d 1069, 1078-79 (1st Cir. 1997) (reversing conviction because nothing of value was obtained by defendant's mere browsing of IRS files).
169. See id. at 1078.
170. § 1030(a)(5)(B).
171. § 103(a)(5)(B)(i).
172. § 1030(a)(5)(B)(ii)(v).
173. § 1030(b).
174. § 1030(c).
175. § 1030(e)(10).
176. § 1030(C)(1), (c)(4)(A) (violating § 1030(a)(l) and (a)(5)(A)(i) respectively).
177. § 1030(c)(2)(A).
178. § 1030(C)(SKA), (c)(4)(B).
179. § 1030(cX2KB).
180. §103<Xc)(3XA),(c)(4)(B).
181. § 1030(c)(2XQ, (c)(3)(B).
182. § 103(KcXlXB), (c)(4)(C) (violating § (a)(5)(A)(i) or (a)(5)(A)(ii) respectively).
183. § 103<Kc)(5)(A).
184. § 1030(C)(S)(B).
185. U.S.S.G. MANUAL § 2M3.2(a) (2007).
186. Id. § 2B1.1. For a complete explanation of the application of section 2B1.1 and its loss table, see the MAIL AND WIRE FRAUD article in this issue.
187. Id. § 2B2.3.
188. Id. § 2B3.2.
189. Id. § 2X1.1 (setting base offense levels identical to those assigned to respective completed offenses, but reducing levels by three points if acts necessary to commit the offense were not completed or nearly completed).
1890. see, e.g.. Jay Lyman, Spam Costs $20 Billion Each Year in Lost Productivity, Å-COMMERCE TiMES, Dec. 29, 2003, http://www.ecommercetimes.com/perl/story/32478.html (last visited Jan. 22, 2008) (reporting a study stating the cost to businesses from spam is increasing at a rate of more than 100% per year).
191. Saee Jeffrey D. Sullivan & Michael B. De Leeuw, Spam After CAN-SPAM: How Inconsistent Thinking Has Made A Hash Out of Unsolicited Commercial E-Mail Policy, 20 SANTA CXARA COMPUTER & HIGH TECH. L. J. 887, 891-92 (2004) (discussing the history of anti-spam legislation in the United States).
192. Pub. L. No. 108-187,117 Stat 2699 (codified at 15 U.S.C. §§ 7701-7713 and 18 U.S.C. § 1037).
193. Sullivan & De Leeuw, supra note 191, at 888 (explaining Congress' attempt at responding to the rapidly growing problem of unsolicited email).
194. § 1037.
195. Id.
196. §7704.
197. Federal Trade Commission, The CAN-SPAM Act: Requirements for Commercial Emailers, FTC FACTS FOR BUSINESS, yApr. 2004 (explaining the range of fines and criminal penalties for violations of the CAN-SPAM Act), http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.pdf (last visited Jan. 22, 2008).
198. Id.
199. id.
200. See Bus. SOFTWARE ALLIANCE & INT'L DATA CORP., infra note 397 (finding that the U.S. software makers lost $6.645 billion to pirated software).
201. The Software & Information Industry Association recognizes ten kinds of software piracy. Software & Info. Indus. Ass'n, What is Piracy? Types of Software Piracy, http://www.siia.com/piracy/whatis.asp (last visited Jan. 22, 2008). This is up from seven kinds just six years ago. SOFTWARE & INFO. INDUS. ASS'N, REPORT ON GLOBAL SOFTWARE PIRACY 7 (2000), http://www.sua.net/estore/GPR-00.pdf (last visited Jan. 22, 2008).
202. Id. at 7 (stating programs that took years and millions of dollars to develop can be "duplicated or illegally distributed in minutes with the touch of a button").
203. Id. at 15 (claiming a computer user can duplicate an otherwise expensive product in bulk for no more than the cost of a blank compact disc).
204. Id. at 7 (noting the quality of pirated software is only slightly inferior to the original).
205. See KENNETH COHEN ET AL., U.S. SENTENCING COMM'N, No ELECTRONIC THEFT ACT, POLICY DEVELOPMENT TEAM REPORT (Feb. 1999), http://www.ussc.gov/agendas/02_99/NETBRF99.PDF (last visited Jan. 22, 2008) (noting that investigators may have trouble tracking down the creators of infringing websites, since the creators often change their ISPs to avoid detection).
206. Peter Brown & Richard Raysman, Napster Threatens Copyright Law, 224 N.Y.L.J. 3, 3 (2000) (discussing the ease with which copyrighted music can be distributed via the Internet with little or no degradation in quality and exploring the potential for massive copyright infringement because of technological advances).
207. Copyright Act, 17 U.S.C. § 506(a); Criminal Penalties for Copyright Infringement, Pub. L. No. 102-561, 106 Stat. 4233 (1992) (codified as 18 U.S.C. § 2319 (2000)) (amending § 2319 to provide felony penalties for some copyright violations).
208. 17 U.S.C. § 506(a).
209. Id. An enforceable copyright must be registered with the Register of Copyrights, be original, and be fixed in a tangible medium of expression. 17 U.S.C. § 102(a); 17 U.S.C. § 411(a); La Resolana Architects, PAv. clay Realtors Angel Fire, 416 F.3d 1195 (10th Cir. 2005).
210. § 506(a)(l); § 506(a)(2) ("Evidence of reproduction or distribution of a copyrighted work, by itself, shall not be sufficient to establish willful infringement."). Courts are split as to whether "willful" refers to intent to copy or intent to infringe. Compare Repp v. Webber, 132 F.3d 882, 889 (2d Cir. 1997) (noting violators are liable for subconscious copyright infringement of musical compositions), with United States v. Moran, 757 F. Supp. 1046, 1052 (D. Neb. 1991) (accepting no intent to infringe argument).
211. §506(a)(2).
212. OFFICE OF LEGAL EDUC., DOJ, PROSECUTINO INTELLECTUAL PROPERTY CRIMES, at 16 (3d ed. 2006) (citing § 506(a)(1)), http://www.cybercrtae.gov/ipinanuaVipma2006.pdf (last visited Jan. 22,2008).
213. § 109(a); see Bourne v. Walt Disney Co., 68 F.3d 621,632-33 (2d Cir. 1995) (applying first sale doctrine to challenged conduct); Quality King Distribs., Inc. v. L'anza Research Int'l, Inc., 523 U.S. 135, 152 (1998) ("[O]nce the copyright owner places a copyrighted item in the stream of commerce by selling it, he has exhausted his exclusive statutory right to control its distribution.").
214. See Microsoft Corp. v. Harmony Computers & Elec., Inc., 846 F. Supp. 208,212 (E.D.N.Y. 1994).
215. § 109(d) (noting the first sale doctrine does not apply to "any person who has acquired possession of the copy or phonorecord from the copyright owner, by rental, lease, loan, or otherwise, without acquiring ownership of it"); Adobe Systems, Inc. v. One Stop Micro, Inc., 84 F. Supp. 2d 1086, 1089 (N.D. CaI. 2000) (stating a copyright owner "does not forfeit his right of distribution by entering into a licensing agreement").
216. § 107.
217. Id.
218. Campbell v. Acuff-Rose Music, Inc., 510 U.S. 569, 584 (1994) (transformative uses more likely to be fair); Sony Corp. v. Universal City Studios, 464 U.S. 417,449 (1984) (commercial uses are presumptively unfair, noncommercial and nonprofit activity is presumptively fair).
219. See, e.g.. Harper & Row, Publishers, Inc. v. Nation Enters., 471 U.S. 539,563 (1985) (factual works more likely to be fair than fictional).
220. See, e.g., id. at 564-66 (the greater the size or importance of the portion of the work that is used the less likely the use falls under the "fair use" defense).
221. See id. at 568 ('"o negate fair use, one need only show that if the challenged use 'should become widespread, it would adversely affect the potential market for the copyrighted work.'" (quoting Sony, 464 U.S. at 451)).
222. 18 U.S.C. § 2319 (2000).
223. See § 2319(c)(1); see also U.S.S.G. MANUAL § 2B5.3 (2007).
224. See U.S.S.G. MANUAL app. A.
225. See id. § 2B5.3(a).
226. Id. cmt. n.2.
227. Id. § 2B5.3(b)(1).
228. Digital Millennium Copyright Act, Pub. L. No. 105-304, 112 Stat. 2863 (1998) (codified as amended at 17 U.S.C. §§12010 -1205).
229. 17 U.S.C. §§ 1201-1205.
230. § 1201(a)(1).
231. § 1201(a)(3XB); see also U.S. COPYRIGHT OFFICE, THE DIGITAL MILLENNIUM COPYRIGHT ACT OF 1998: U.S. COPYRIGHT OFFICE SUMMARY (Dec. 1998), 3-4, http://lcweb.loc.gov/copyright/legislation/dmca.pdf (last visited Jan. 22, 2008).
232. § 1201(a)(3)(A).
233. See Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 294, 325 (S.D.N.Y. 2000) (stating that it is a violation of § 1201 to place a hypertext link to another site that offers technology circumvention measures on your website, where the purpose of the hypertext link is to provide the user with access to a technology circumvention measure).
234. This category includes computer code designed to circumvent encryption software protecting a digital work. See id. In Reimerdes, the court declined to extend First Amendment protection to computer code because although it is "expressive," it is also functional, and the court may legitimately regulate the undesirable consequences of its functions. see id. at 304 (stating that the expressive element of computer code "no more immunizes its functional aspects from regulation than the expressive motives of an assassination immunize the assassin's action").
235. See, e.g., Sony Computer Entm't Am., Inc. v. GameMasters, 87 F. Supp. 2d 976, 985 (N.D. Cal. 1999) (granting preliminary injunction based on evidence that the sale of "game enhancers," devices that circumvented a mechanism on the game console that ensured console would operate only when encrypted data was read from authorized CD-ROMs, likely violated § 1201); see also Davidson & Associates v. Jung, 422 F.3d 630 (8th Cir. 2005) (holding that the computer game purchasers' development of an alternative to the sellers' online gaming service, which allowed other purchasers to access the service without an encoded identification key, is considered "circumvention").
236. See RealNetworks, Inc. v. Streambox, Inc., No. 2:99CV02070,2000 WL 127311, at *2, *3 (W.D. Wash. Jan. 18, 2000) (holding that the circumvention does not have to act directly against the technology protection measure itself).
237. 17 U.S.C. § 1201(a)(2). With the exception of manufacturers of a certain type of VCR, manufacturers of devices that could be used to illegally copy or access copyrighted works are not mandated to implement technological measures preventing consumers from using it in that manner. See § 1201(c)(3).
238. See § 1201(d) (excepting non-profit library, archive, and educational institutions); § 1201(e) (excepting governmental law enforcement and intelligence activities); § 1201(f) (excepting reverse engineering in cases where a person has lawfully obtained a copy of a computer program in order to make it interoperable with other programs); § 1201(g) (excepting encryption research); § 1201(h) (providing exception for protection of minors); § 1201(i) (providing exception for personal privacy, where the technological measure or the work it protects invades that privacy); § 1201(j) (excepting security testing).
239. 111 F. Supp. 2d 294 (S.D.N.Y. 2000).
240. Id. at 322 ("The use of technological means of controlling access to a copyrighted work may affect the ability to make fair uses of the work.").
241. Id. at 323 (stating Congress expressly considered this problem and included the exceptions listed in § 1201(d)-(j) in direct response).
242. See id. (reiterating Congress' conviction that this limitation preserves legitimate uses of the fair use defense).
243. § 1202.
244. § 1202(c).
245. § 1202(c)(8).
246. § 1202(a)-(b). But see Kelly v. Aribba Soft Corp., 336 F.3d 811 (9th Cir. 2003) (holding an Internet search engine that stores and displays "thumbnail" versions of visual images without their copyright management information would be a prima facie violation of § 1202, but it is justified under the "fair use" doctrine).
247. § 1202(c)(7).
248. § 512. But see A&M Records, Inc. v. Napster, Inc., 284 F.3d 1091 (9th Cir. 2002) (affirming that file sharing service is not an ISP eligible for the safe harbor defense, because it is not a "passive conduit" for information transmission).
249. § 512; see also ALS Scan, Inc. v. RemarQ Cmtys., Inc., 239 F.3d 619, 625 (4th Cir. 2001) (discussing notification requirements under DMCA and noting that, with respect to multiple works, it is not required to identify all of the works - a representative list is sufficient).
250. § 1204.
251. Pub. L. No. 99-508, 100 Stat. 1848 (codified as amended at 18 U.S.C. §§ 2510-2521, 2701-2710, 3121-3126).
252. ECPA §§ 101-303. The Fifth Circuit interpreted ECPA as supplementing the Communications Act of 1934 (codified as amended at scattered sections of 47 U.S.C.). Accordingly, the court held that concurrent prosecution under both acts does not violate the Double Jeopardy Clause of the Fifth Amendment. United States v. Crawford, 52 F.3d 1303, 1306-07 (5th Cir. 1995).
253. Pub. L. No. 99-508, 100 Stat. 1848 (the Act was divided into Title I, the Wiretap Act, Title II, the Stored Communications Act, and Title III, the Pen Register Act).
254. ECPA § 101(a) (amending § 2510(1)) (broadening statutory definition of communications covered to include those "affecting interstate or foreign commerce").
255. ECPA § 105(b) (amending § 2516) (granting law enforcement officers the power to file an application to a Federal judge to get authorization to intercept electronic communications where such interception may provide evidence of any Federal felony).
256. See United States v. Petersen, 98 F.3d 502, 504-05 (9th Cir. 1996) (upholding ECPA conviction for hacking into telephone system).
257. See supra Section III.B (discussing CFAA).
258. Compare United States v. Chick, 61 F.3d 682, 687-88 (9th Cir. 1995) (permitting government to use ECPA to prosecute defendant for pirating modified satellite descramblers), and United States v. Harrell, 983 F.2d 36, 37-38 (5th Cir. 1993) (acknowledging ECPA's proper application to modified satellite descramblers), with United States v. Shriver, 989 F.2d 898, 904-07 (7th Cir. 1992) (concluding § 2512 covers sale or ownership of satellite descramblers only if descramblers are designed primarily to pirate satellite-transmitted broadcasts).
259. 18 U.S.C. § 2701(a).
260. § 2701 (a). See generally Orin Kerr, A User 's Guide to the Stored Communications Act, and a Legislator 's Guide to Amending it, 72 Geo. Wash. L. Rev. 1208 (2004).
261. § 2707(e); McCready v. eBay, Inc., 453 F.3d 882, 884 (7th Cir. 2006).
262. § 2701(c)(1).
263. §2701(c)(2).
264. § 2701(b)(1)(A).
265. § 2701(b)(1)(B).
266. § 2701(b)(2).
267. See 12707(a) (which authorizes civil suits against any "person or entity" other than the United States, in violation of ECPA's substantive provisions); see also Konop v. Hawaiian Airlines, Inc. (In re Hawaiian Airlines, Inc.), 355 B.R. 225, 226 (D. Haw. 2006) (holding that damages may be assessed at $1,000 per violation); Organization JD Ltda. v. DOJ, 18 F.3d 91, 94-95 (2d Cir. 1994) (per curiam) (holding that governmental "entities" can be subject to liability under § 2707(a) where appellants were intended recipients of electronic fund transfers seized by DEA agents).
268. 18 U.S.C. §§ 2510-2521.
269. Pub. L. No. 99-508, tit. I, 100 Stat. 1848.
270. See S. REP. No. 90-1097 (1968), reprinted in 1968 U.S.C.C.A.N. 2112 (Title III codifies Katz v. United States, 389 U.S. 347 (1967) and Berger v. New York, 388 U.S. 41 (1967).
271. § 2511(1)(a).
272. § 2511.
273. § 2518(3)(c).
274. § 2518(4)-(5).
275. § 2518.
276. § 2518.
277. § 2516.
278. § 2518(5).
279. § 2518(6).
280. See "Carnivore" and the Fourth Amendment: Hearing Before the Subcomm. on the Constitution of the H. Comm. on the Judiciary (2000) (statement of Kevin V. DiGregory, Deputy Assistant Attorney General, DOJ) [hereinafter DiGregory Statement] (explaining OEO reviews each proposed Title III application to ensure that interception satisfies Fourth Amendment requirements, and is in compliance with applicable statutes and regulations).
281. § 2520(d); McCready v. eBay, Inc., 453 F.3d 882 (7th Cir. 2006).
282. §2511(2)(i).
283. §2510(21).
284. See id.
285. Id.
286. See United States v. Scarfo, 180 F. Supp. 2d 572, 581 (D.N.J. 2001) (holding that the use of a keystroke logger did not violate § 2510).
287. §§ 2511, 2513, 2520, 2521 ; see DiGregory Statement, supra note 280 (listing remedies for violating Title III by improperly intercepting electronic communications).
288. §2511(4)(a).
289. §2511(4)(b).
290. U.S.S.G. MANUAL §2H3.1(a) (2007).
291. Id. §2H3.1(b)(1).
292. Id. §2H3.1(c)(1).
293. See § 2515; United States v. Giordano, 416 U.S. 505 (1974) (holding that statutory exclusionary rule of Title III provides protection beyond the judicially created exclusionary rule under Constitution for wiretap interception); Alderman v. United States, 394 U.S. 165 (1969); Simmons v. United States, 390 U.S. 377 (1968).
294. See § 2520(a) (which authorizes civil suits against any "person or entity" other than the United States, in violation of ECPA's substantive provisions); see also Smoot v. United Transp. Union, 246 F.3d 633 (6th Cir. 2001 ); Brown v. Waddell, 50 F.3d 285, 294 (4th Cir. 1995) (holding that law enforcement use of "clone pagers" to intercept numeric transmissions received on digital display pagers violated § 2511 and subjected state officials to civil liability).
295. United States v. Councilman, 418 F.3d 67 (1st Cir. 2005) (en banc).
296. Id. at 80. But see Orin S. Kerr, COMPUTER CRIME LAW, 457 (2006) (noting that the court did not decide whether there was an interception but suggested in dicta that there was).
297. Councilman, 418 F.3d at 76-78.
298. Id. at 87 (Torrella, J., dissenting) (citing "Theofel v. Farey-Jones, 359 F.3d 1066,1077-78 (9th Cir. 2004) (post-delivery); Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 113-14 (3d Cir. 2003) (post-delivery); United States v. Steiger, 318 F.3d 1039,1048-49 (11th Cir. 2003) (on hard drive)... ; Konop v. Hawaiian Airlines, 302 F.3d 868, 878-79 (9th Cir. 2002) (on website server)... ; Steve Jackson Games, Inc. v. United States Secret Serv., 36 F.3d 457,461-62 (5th Cir. 1994) (pre-retrieval)").
299. 36 F.3d 457 (5th Cir. 1994).
300. Id. at 458.
301. Councilman, 418 F.3d at 70.
302. The court in Councilman implied that the transmission ends when the recipient opens the e-mail, id. at 71, but this language was not needed to decide the issue, since the e-mail was intercepted before being placed in the recipient's mail box, and may be dicta.
303. 18 U.S.C. § 1028(a)(7), (d)(7).
304. § 1028(a)(1); see, e.g.. United States v. Rashwan, 328 F.3d 160,165 (4th Cir. 2003) (holding that aiding and abetting the production is also covered).
305. § 1028(a)(2).
306. E.g., § 1028(a)(3) (prohibiting possession of five or more false or stolen identification documents with the intent to use them unlawfully or transfer them).
307. § 1028(d)(4) ("[A] document of a type intended or commonly accepted for the purposes of identification of individuals that is not issued by or under the authority of a governmental entity; and appears to be issued by or under [such] authority.").
308. § 1028(a)(3)-(4).
309. § 1028(d)(2) ("[D]ocument-making implement means any ... computer file, computer disc, electronic device, or computer hardware or software, that is specifically configured or primarily used for making an identification document, a false identification document, or another document-making implement."); United States v. Cabrera, 208 F.3d 309, 314 (1st Cir. 2000) (defining "primarily used" as referring to "the particular use to which the defendant put the device, not its 'general' use within society").
310. § 1028(a)(5).
311. § 1028(d)(10).
312. § 1028(b)(2).
313. § 1028(b)(1).
314. § 1028(b)(3).
315. § 1028(b)(4).
316. U.S.S.G. MANUAL Table 2B1.1 (2007).
317. Id. §§ 2L2.1, 2L2.2, 2B1.1.
318. Id. § 2B1.1 cmt. n.19; see United States v. Kaminski, No. 99-1604, 2000 WL 1527932 (2d Cir. Oct. 12, 2000) (upholding upward departure based prior rape conviction and the likelihood false identification documents would be used to commit rape).
319. 18 U.S.C. § 1343. See generally the MAIL AND WIRE FRAUD article in this issue.
320. § 1343.
321. See United States v. Pirello, 255 F.3d 728, 732 (9th Cir. 2001) (holding that fraudulently soliciting for money on a website violated wire fraud statute); United States v. Briscoe, 65 F.3d 576, 580-81 (7th Cir. 1995) (holding that fraudulent transfer of funds through a computer system violates wire fraud statute).
322. Compare United States v. Wang, 898 F. Supp. 758, 759 (D. Colo. 1995) (holding computer program is property and infringement may be prosecuted under both Copyright Act and wire fraud statute), with United States v. LaMacchia, 871 F. Supp. 535, 540-44 (D. Mass. 1994) (dismissing wire fraud charge because infringement not criminal).
323. United States v. Rothberg, 222 F. Supp. 2d 1009, 1018 (N.D. Ill. 2002).
324. § 1343.
325. Id.
326. 18 U.S.C. § 1961.
327. U.S.S.G. MANUAL app. A (2007).
328. Id. § 2C1.7(a),(b)(1)(A).
329. Id. § 2C1.7(b)(1)(A); see, e.g., United States v. Mack, 159 F.3d 208, 220 (6th Cir. 1998) (applying § 2 C1.7(b)(1)(B) to a prison security chief); United States v. ReBrook, 58 F.3d 961,969 (4th Cir. 1995) (upholding increase in offense level pursuant to § 2C1.7(b)(1)(B) for wire fraud conviction based on video lottery systems because defendant was public official holding high-level decision-making or sensitive position).
330. U.S.S.G. MANUAL § 2B1.1 (2007); see, e.g., United States v. Catalfo, 64 F.3d 1070, 1082-83 (7th Cir. 1995) (upholding sentencing enhancement for wire fraud by illegal computerized futures trading because defendant could have foreseen possible loss from his conduct and was therefore accountable for monetary loss under former § 2F1.1).
331. See Pornography, Technology, and Process: Problems and Solutions on Peer-to-Peer Networks: Hearing Before the S. Judiciary Comm., 108th Cong. (2003) (statement of John Malcolm, Deputy Assistant Attorney General, Criminal Division, DOJ) [hereinafter Malcolm Statement].
332. See supra note 7 (discussing victims' reluctance to report computer crimes).
333. See Liza Porteus, FBI's New Cyber-Division Quietly Ramps Up, NAT'L J. TECH. DAILY, Apr. 8, 2002, http://www.govexec.com/dailyfed/0402/040802tdl.htm (last visited Jan. 22, 2008).
334. See id.
335. See FBI, Cyber Investigations, http://www.fbi.gov/cyberinvest/cyberhome.htm (last visited Jan. 22, 2008).
336. See FBI, Innocent Images National Initiative, http://www.ibi.gov/publications/innocent.htm (last visited Jan. 22, 2008).
337. See id.
338. See NAT'L WHITE COLLAR CRIME CTR. & FBI, THE INTERNET CRIME COMPLAINT CENTER 2006 INTERNET CRIME REPORT: JANUARY 1, 2006-DECEMBER 31, 2006 (2007), http://www.ic3.gov/media/annualreport/ 2006_IC3Report.pdf (last visited Jan. 22, 2008).
339. See id at 3 (describing a decrease from the previous year in the number of complaints being referred by IC3 and noting that the vast majority of these relate to online auction fraud).
340. See generally DOJ, Computer Crime & Intellectual Property Section, http://www.usdoj.gov/criminal/ cybercrime/index.html (providing cases, recent law, reports, and other documents related to computer crime) (last visited Jan. 22, 2008).
341. See Prosecution of Intellectual Property Crimes and the 'STOP!' Initiative: Hearing Before the Subcomm. on Oversight of Government Management, the Fed. Workforce, and the District of Columbia of the S. Comm. on Homeland Security and Governmental Affairs, 109th Cong. (2005) (statement of Laura H. Parsky, Deputy Assistant Att'y Gen., Criminal Division, DOJ) (describing recent initiatives of CCIPS targeting online piracy, fraud and illicit peer-to-peer network file sharing) [hereinafter Parsky I.P. Crime Statement].
342. Press Release, DOJ, Attorney General Alberto R. Gonzales Renews Commitment to Justice Department's Intellectual Property Task Force (Mar. 9, 2005), http://www.usdoj.gov/opa/pr/2005/March/05_ag_111.htm (last visited Jan. 22, 2008).
343. See id.
344. See id.
345. See id.; see also Parsky I.P. Crime Statement, supra note 341 (describing the CHIP program in detail).
346. See Parsky I.P. Crime Statement, supra note 341.
347. See generally DOJ, Child Exploitation and Obscenity Section, http://www.usdoj.gov/criminal/ceos/ index.html (providing cases, recent law, testimony, reports, and other documents related to child pornography) (last visited Jan. 22, 2008).
348. See Sexual Crimes Against Children: Hearing on H.R. 2388 and H.R. 2318 Before the H. Comm. on the Judiciary, 109th Cong. (2005) (statement of Laura H. Parsky, Deputy Assistant Att'y Gen., Criminal Division, DOJ) [hereinafter Parsky Sex Crimes Statement].
349. See id. (stating that in 1997, 352 defendants were charged with child pornography crimes and 299 convicted and in 2004, 1,486 cases were filed and 1,066 convicted); Eric Holder, Deputy Attorney Gen., DOJ, Remarks at the International Conference on Combating Child Pornography on the Internet (Sept. 29, 1999) (stating that federal prosecutions of Internet child pomographers have increased 10% every year since 1995, and approximately 400 Internet child pomographers are prosecuted each year), http://www.usdoj.gov/criminay cybercrime/dagceos.html (last visited Jan. 22, 2008). But see supra Part III.B.1. (describing the constitutional challenges to federal child pornography statutes).
350. See, e.g., Press Release, DOJ, Justice Department Announces Eight Charged in Internet Piracy Crackdown (July 28, 2005) ("Operations...resulted in a total of more than 200 search warrants executed in 15 countries; [one operation] alone has yielded a total of 30 U.S. felony convictions and another 10 convictions overseas."); Press Release, U.S. Customs Serv., 45 Children Rescued, 20 Arrests in U.S. Customs, Danish Police Investigation of Global Child-Molesting, Pornography Ring (Aug. 9, 2002); Press Release, U.S. Customs Serv., U.S. Customs, 10 Foreign Countries, Serve Multiple Search Warrants on Internet Child Pornography Ring (Mar. 20, 2002).
351. See Parsky I.P. Crime Statement, supra note 341 (describing the growth of online piracy); Parsky Sex Crimes Statement, supra note 348 (describing the burgeoning problem of child pornography and the ease, speed, and anonymity of distribution over the Internet); Malcolm Statement, supra note 331 (describing the problem of anonymous use and the various modes of purveyance of child pornography over the Internet, including newsgroups, Internet relay chat, and the threat posed by peer-to-peer software).
352. ARIZ. REV. STAT. ANN § 13-2316 (2000).
353. FLA. STAT. §§ 815.01-815.07 (1996 & Supp. 1999).
354. ALA. CODE §§ 13A-8-100 to 13A-8-103 (1994); ALASKA STAT. §§ 11.46.200(a)(3), 11.46.484(a)(5), 11.46.740, 11.46.985, 11.46.990(2000); ARE. REV. STAT. ANN. §§ 13-2301(E), 13-2316(2000); ARK. CODE ANN. §§ 5-41-101 to 5-41-108 (1997); CAL. PENAL CODE §§ 502, 1203.047 (West 1998 & Supp. 2004); COLO. REV. STAT. §§ 18-5.5-101 to 5-102 (2000); CONN. GEN. STAT. §§ 53a-250 to -261 (1999 & Supp. 2001); DEL. CODE ANN. tit. 11, §§ 931-939 (1995 & Supp. 2000); FLA. STAT. §§ 815.01-.07 (2000); GA. CODEANN. §§ 16-9-90 to -94 (1998); HAW. REV. STAT. §§ 708-890 to -893 (1999); IDAHO CODEANN. §§ 18-2201 to -2202,26-1220 (1997); 720 ILL. COMP. STAT. 5/16D-1 to -7 (1998 & Supp. 1999); IND. CODE §§ 35-41-2-3,35-43-1-4 (1998); IOWA CODE ANN. §§ 716A.1-.16 (West 1993 & Supp. 2000); KAN. STAT. ANN. § 21-3755 (1995 & Supp. 1999); KY. REV. STAT. ANN. §§ 434.840-.860 (1999); LA. REV. STAT. ANN. §§ 14:73.1-.5 (1997 & Supp. 2001); ME. REV. STAT. ANN. tit. 17-A, §§ 431-433 (West Supp. 2000); MD. CODE, CRIM. LAW 17-302 (West 2004); MASS. GEN. LAWS ch. 266, §§ 30, 33A, 120F (1992 & Supp. 2000); MICH. COMP. LAWS §§ 752.791-.797 (1991 & Supp. 2000); MINN. STAT. §§ 609.87-.894 (1998); MISS. CODE ANN. §§ 97-45-1 to -13 (2000); Mo. REV. STAT. § 569.095 (1994) (amended by Stolen Property - Services - Penalty Provisions, 2002 Mo. Legis. Serv. 194 (West)); MONT. CODE ANN. §§ 45-6-310, -311 (1999); NEB. REV. STAT. §§ 28-1343 to -1348 (1995); NEV. REV. STAT. §§ 205.473-.491 (2007); N.H. RBV. STAT. ANN. §§ 638:16-:19 (1996 & Supp. 2005); N.J. STAT. ANN. §§ 2A:38A-1 to -6 (West 2000), 2C:20-23 to -34 (West 1995 & Supp. 2000); N.M. STAT. §§ 30-45-1 to -7 (2006); N.Y. PENAL LAW §§ 156.00-.50 (McKinney 2006); N.C. GEN. STAT. §§ 14-453 to -457 (2005); N.D. CENT. CODE § 12.1-06.1-08 (1997 & Supp. 2003); Orao REV. CODE ANN. § 2913.04 (West 2007); OKLA. STAT. ANN. tit. 21, §§ 1951-1958 (West Supp. 2001); OR. REV. STAT. §§ 164.125, 164.377 (1999); 18 PA. CONS. STAT. ANN. § 7601,7603,7611, 7615,7616 (West Supp. 2003); R.I. GEN. LAWS §§ 11-52-1 to -8 (2000); S.C. CODEANN. §§ 16-16-10 to -40 (Law. Co-op. 1985 & Supp. 2000) (amended by Computer Abuse Act of 2002,2002 S.C. Acts 169); S.D. CODIFIED LAWS §§ 43-43B-1 to -8 (1997); TENN. CODE ANN. §§ 39-14-601 to -603 (1997 & Supp. 2000); TEX. PENAL CODE ANN. §§ 33.01-.04 (Vernon 1994 & Supp. 2001); UTAH CODE ANN. §§ 76-6-701 to -705 (1999 & Supp. 2000); VT. STAT. ANN., tit. 13, §§ 4101-4107 (Supp. 1999); VA. CODEANN. §§ 18.2-152.1 to .15 (1996 & Supp. 2000); WASH. REV. CODE §§ 9A.52.110-.130 (1998); W. VA. CODE. §§ 61-3C-1 to -21 (2000); Wis. STAT. § 943.70 (1998); WYO. STAT. ANN. §§ 6-3-501 to -505 (1999 and Supp. 2000).
355. S. 240, 96th Cong. § 1 (1979); S. 1766, 95th Cong. § 1 (1977); see also Federal Computer Systems Protection Act: Hearings on S. 1766 Before the Subcomm. on Criminal Laws and Procedures of the S. Comm. on the Judiciary, 95th Cong. 170-71 (1978) (setting forth proposed 1977 legislation).
356. See Robin K. Kutz, Note, Computer Crime in Virginia: A Critical Examination of the Criminal Offenses in the Virginia Computer Crimes Act, 27 WM. & MARY L. REV. 783, 789-90 (1986). Two states, Ohio and Massachusetts, took a third approach, choosing only to "redefine certain terms in their criminal codes to ensure that their statutes covered computers and computer-related intangible property." Id. at 790.
357. See Jerome Y. Roache, Computer Crime Deterrence, 13 AM. J. CRIM. L. 391, 392 (1986) (explaining how prosecution is aided by eliminating the need for prosecutors, attorneys, and judges to rationalize the application of a traditional criminal law in a technical, computer-related context).
358. See Marc. D. Goodman, Why the Police Don't Care About Computer Crime, 10 HARV. J. L. &TECH.465, 468-69 (1997).
359. See CAL. PENAL CODE § 502.01 (West 1998 & Supp. 2004); NJ. STAT. ANN. § 2C:64-1 (West 1995 & Supp. 2000); N.M. STAT. ANN. § 30-45-7 (1997). Illinois distributes half the forfeited proceeds to the local government agency that investigated the computer fraud for training and enforcement purposes, and half to the county in which the prosecution was brought, where it is placed in a special fund and appropriated to the State's Attorney for use in training and enforcement. 720 ILL. COMP. STAT. 5/16D-6 (1998 & Supp. 1999).
360. See ALASKA STAT. § 11.41.270 (2000); MICH. COMP. LAWS ANN. § 750.411(h)(e)(vi) (West Supp. 2000); OKLA. STAT. ANN. tit. 21, § 1173 (West Supp. 2001); WIS. STAT. § 947.0125 (2001); WYO. STAT. ANN. § 6-2-506 (1999).
361. ALA. CODE § 13A-11-8(b)(1)(a) (1994 & Supp. 2000); CONN. GEN. STAT. § 53a-183 (2001); IDAHO CODE ANN. § 18-6710(3) (1997); N.H. REV. STAT. ANN. § 644:4(11) (1996 & Supp. 2000); N.Y. PENAL LAW § 240.30 (McKinney 1989 & Supp. 2001).
362. E.g., MICH. COMP. LAWS ANN. §750.145(d) (West Supp. 2004).
363. See Vives v. City of New York, 405 F.3d 115 (2d Cir. 2005) (CAL. PENAL CODE § 502.01 (West 1998 & Supp. 2004)); State v. Brobst, 857 A.2d 1253 (N.H. 2004) (N.H. REV. STAT. ANN. § 644:4(1) (1996 & Supp. 2000) was overbroad); ACLU v. Johnson, 194 F.3d 1149 (10th Cir. 1999) (N.M. STAT. § 30-37-3.2(A) (1978) (banning communication of indecent material to minors)); ACLU of Georgia v. Miller, 977 F. Supp. 1228, 1231 (N.D. Ga. 1997) (GA. CODE ANN. § 16-9-93.1 (19%) (banning pseudonyms in electronic communication).
364. Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Missouri, Nevada, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming all have enacted some permutation of anti-spam legislation. See DAVID E. SORKIN, SPAM LAWS (Apr. 20, 2005), http:// www.spamlaws.com/state/summary.shtml (last visited Jan. 22, 2008).
365. See NBB. REV. STAT. § 28-1343(5) (1995).
366. See ARK. CODE ANN. § 5-41-106 (1997); CONN. GEN. STAT. § 52-57Ob (Supp. 1999); DEL CODE ANN. tit. 11, § 939 (1995 & Supp. 2000); GA. CODE ANN. § 16-9-93 (1998); 720 ILL. COMP. STAT. 5/16D-3(4)(c) (1998 & Supp. 1999); Mo. REV. STAT. § 537.525 (1994); N.J. REV. STAT. §§ 2A:38A-1 to 2A-.38A-6 (2000); OKLA. STAT. ANN tit. 21, § 1955 (West Supp. 2001); R.I. GEN. LAWS § 11-52-6 (2000); W. VA. CODE § 61-3C-16 (2000).
367. See Benjamin Edelman, State Spyware Legislation, http://www.benedelman.org/spyware/legislation/ (last visited Jan. 22, 2008).
368. See Benjamin Edelman, "Spyware"-Research, Testing, Legislation and Suits, http://www.benedelman.org/ spyware/#suits (last visited Jan. 22,2008).
369. Arkansas, California, Connecticut, Delaware, Florida, Georgia, Illinois, Indiana, Louisiana, Maine, Minnesota, Montana, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Pennsylvania, Rhode Island, Tennessee, Texas, and Washington.
370. See, e.g., CAL. CIV. CODE § 1798.29(a) (West 2007); § 1798.82; ARK. CODE ANN. §§ 4-110-101 to 108 (2007).
371. See, e.g., CAL. CIV. CODE § 1798.29(a) (West 2007); § 1798.82; ARK. CODE ANN. §§ 4-110-101 to 108 (2007).
372. See Strassheim v. Daily, 221 U.S. 280, 285 (1911) (for criminal jurisdiction over out-of-state conduct, there must be (i) an act occurring outside the state; (ii) which is intended to produce detrimental effects within the state; and (iii) is the cause of detrimental effects within the state).
373. See Terrence Berg, State Criminal Jurisdiction in Cyberspace: Is There a Sheriff on the Electronic Frontier?, 79 MICH. B. J. 659, 660 (2000) (explaining that although a resident of one state is affected by a computer crime, the website may have "a real-world address" in another state, and may be hosted by an ISP in yet another state).
374. See id. at 659 (explaining that in criminal cases, "the 'minimum contacts' analysis does not apply when determining criminal jurisdiction ..., [instead] the analysis focuses on the intent of the defendant and the effects within the forum state").
375. See id. at 661 ("States that have broadened the... approach by also allowing jurisdiction where a result of the offense, whether an element or not, occurs in the forum state, are: Arizona, Kansas, New York, and Missouri.").
376. See WIS. STAT. ANN. § 939.03(1)(c) (West 1996 & Supp 2003) (extending jurisdiction where the out-of-state person "does an act with intent that it cause in this state a consequence set forth in a section defining a crime").
377. See Berg, supra note 373, at 661 (citing CAL. PENAL CODE § 778 (Deering 1998); S.D. CODIFIED LAWS § 23A-16-2 (1998)).
378. BUREAU OF JUSTICE STATISTICS, DOJ, NATIONAL SURVEY OF PROSECUTORS: PROSECUTORS IN STATE COURTS, 5 (2006), available at http://www.ojp.gov/bjs/pub/pdf/psc05.pdf (last visited Jan. 22, 2008).
379. Id.
380. Id.
381. Id.
382. See generally Kate Reder, Ashcroft v. ACLU: Should Congress Try, Try, and Try Again, or Does the International Problem of Regulating Internet Pornography Require an International Solution? 6 N.C. J.L. & TECH. 139 (2004); Computer Crime & Intellectual Prop. Section, DOJ, International Aspects of Computer Crime (providing cases, laws, testimony, reports, and other documents related to international efforts to combat cybercrime), http://www.usdoj.gov/criminal/cybercrime/intl.html (last visited Oct. 30, 2007).
383. See Reno v. ACLU, 521 U.S. 844, 851 (1997) (defining Cyberspace as a "unique medium... located in no particular geographical location but available to anyone, anywhere in the world, with access to the Internet").
384. See Walter Gary Sharp, Sr., Note, Redefining National Security in Today's World of Information Technology and Emergent Threats, 9 DUKE J. COMP. & INT'L L. 383, 384 (1999); see also Steve Shackelford, Note, Computer-Related Crime: An International Problem in Need of an International Solution, 27 TEX. INT'L L.J. 479, 494 (1992).
385. See Larry Lange, Trust a Hacker Under 30? You'd Better, ELEC. ENG'G TIMES, Aug. 19,1996 (estimating that $800 million was lost by banks and other corporations because of attacks on their computer systems). see generally the FINANCIAL INSTITUTIONS FRAUD, MAIL AND WIRE FRAUD, and secURITIES FRAUD articles in this issue.
386. See, e.g., Katyal, supra note 4, at 1048-49 (describing how Ramsi Yousef, who masterminded the 1993 World Trade Center bombing, used encryption to store details of scheme on his laptop computer).
387. Chris Reed, The Admissibility and Authentication of Computer Evidence-A Confusion of Issues, 5th BILETA Conference (2005); see also JOHN ANDREWS & MICHAEL HIRST, ANDREWS & HIRST ON CRIMINAL EVIDENCE 380-85 (3d ed. 1997) (describing problems with current English evidentiary regime, and agreeing with proposed changes); Clifford Miller, Electronic Evidence - Can You Prove the Transaction Took Place?, 9 No. 5 COMPUTER L. 21 (1992) (analyzing problems of getting evidence of computer crimes admitted under United Kingdom rules of evidence); THE LAW COMMISSION, CONSULTATION PAPER No. 138, CRIMINAL LAW; EVIDENCE IN CRIMINAL PROCBEDINOS: HEARSAY AND RELATED TOPICS 207 (1995).
388. See Amy Knoll, Any Which Way But Loose: Nations Regulate the Internet, 4 TUL. J. INT'L & COMP. L. 275 (1996) (describing and evaluating legislation in Belarus, China, Croatia, the European Union, France, Germany, Russia, Singapore, and the United States).
389. The German Penal Code (Strafgesetzbuch) proscribes distributing any fascist or other related literature. § 86 Nr. 1.4 StGB; § 131 Nr. 1 StGB; French Penal Code R. 645-1 (2001).
390. See Ahmad Mardini, Gulf-Culture: Officials Worry About Smut on Internet, INTER PRESS SERV (1996).
391. See Yahoo! Inc. v. La Ligue Contre le Racisme et L'Antisemitisme, 433 F.3d 1199 (9th Cir. 2006) (en banc) (dismissing suit where 3 judges held that there was no jurisdiction and three that the suit not ripe); see also Elissa A. Okoniewski, Yahoo!, Inc. v. UCRA: The French Challenge to Free Expression on the Internet, 18 AM. U. INT'L L. REV. 295 (2002) (showing the legal tensions between nations as cultural and constitutional norms come into conflict); Silvia Ascarelli & Kimberley A. Strassel, Two German Cases Show How Europe Still Is Struggling to Regulate Internet, WALL ST. J., Apr. 21, 1997, at B9; Silvia Ascarelli, Two On-line Services Companies Investigated in Racial Hatred Case, WALL ST. J., Jan. 26, 1996, at B2.
392. See Silvia Ascarelli, Technology & Takeovers: Politician Is Acquitted in Internet Case in Berlin, WALL ST. J. EUR., July 1, 1997, at 11.
393. Michael Laris, Beijing Launches a New Offensive to Squelch Dissent on Internet, WASH. POST, Dec. 31, 1997, at A16 (describing regulations).
394. See Patrick Symmes, Che is Dead, WIRED MAGAZINE, Feb. 1998, at 140,145 (describing Internet culture in Cuba).
395. See BUS. SOFTWARE ALLIANCE & INT'L DATA CORP., FOURTH ANNUAL BSA AND IDC GLOBAL SOFTWARE PIRACY STUDY (2007), http://www.bsa.org/globalstudy/upload/2007-Global-Piracy-Study-EN.pdf (last visited Jan. 22, 2008).
396. Id.
397. Laura H. Parsky, Deputy Assistant Attorney Gen., DOJ, Remarks at International Conference on Intellectual Property Protection (Oct. 14, 2004) (describing international cooperation in combating intellectual property crime), http://www.usdoj.gov/criminal/cybercrime/parskySpeech.htm (last visited Jan. 22, 2008).
398. See Ulrich Sieber, Computer Crimes and Other Crimes Against Information Technology: Commentary and Preparatory Questions for the Colloquium of the AIDP in Wuenburg, 64 REV. INT'L DE DROIT PENAL 67, 69-70 (1993) (discussing adoption of computer crime legislation).
399. See, e.g., Computer Misuse Act, 1990, c. 18 (U.K.).
400. See Cybercrimes - Coordinated Effort to Attack Cybercrimes, 3 No. 1 CYBERSPACE L. 32, 32 (1998) (discussing cooperative effort to coordinate Internet legislation between Britain, Canada, France, Germany, Italy, Japan, Russia, and the United States); Cole Durham, The Emerging Structures of Criminal Information Law: Tracing the Contours of a New Paradigm: General Report for the AIDP Colloquium, 64 REV. INT'L DE DROIT PENAL 79, 97-109 (1993) (discussing patterns of convergence in computer crime legislation with regard to unauthorized access, unauthorized interception, unauthorized use of computer, alteration of data or programs, computer sabotage, computer espionage, unauthorized use or reproduction of computer programs, unauthorized reproduction of topography, computer forgery, and computer fraud).
401. Council of Europe, Chart of Signatures and Ratifications (39 countries have signed the treaty including four parties outside of the Council of Europe), http://conventions.coe.int/Treaty/Commun/ChercheSig. asp?NT= 185&CM= l&DF= 11/30/2007&CL=ENG (last visited Jan. 22, 2008).
402. Council of Europe, Convention on Cybercrime, opened for signature Nov. 23, 2001, C.E.T.S. No. 185, http://conventions.coe.int/Treaty/en/Treaties/Word/185.doc (last visited Jan. 22, 2008).
403. See DOJ, COUNCIL OF EUROPE CONVENTION ON CYBERCRIME: FREQUENTLY ASKED QUESTIONS AND ANSWERS (Nov. 10, 2003), http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm (last visited Jan. 22, 2008).
404. Fighting Cybercrime: Hearing Before the Subcomm. on Crime of the H. Comm. on the Judiciary, 107th Cong. 1 (2001) (statement of Michael Chertoff, Assistant Att'y Gen. Criminal Division), http://judiciary.house.gov/ legacy/72616.pdf (last visited Jan. 22, 2008).
405. Id.
406. See Durham, supra note 392, at 97 n.51 (citing efforts by Council of Europe, OECD, and United Nations).
407. See generally Business Software Alliance, http://www.bsa.org (last visited Jan. 22, 2008).
Copyright Georgetown University Law Center Spring 2008