Prosecuting Computer Crimes H. Marshall Jarrett Computer Crime and Director, EOUSA Intellectual Property Section Criminal Division Michael W. Bailie Director, OLE OLE Litigation Series Ed Hagen Assistant Director, Published by OLE Office of Legal Education Executive Office for Scott Eltringham United States Attorneys Computer Crime and Intellectual Property Section The Office of Legal Education intends that this book Editor in Chief be used by Federal prosecutors for training and law enforcement purposes. The contents of this book provide internal suggestions to Department of Justice attorneys. Nothing in it is intended to create any substantive or procedural rights, privileges, or benefits enforceable in any administrative, civil, or criminal matter by any prospective or actual witnesses or parties. See United States v. Caceres, 440 U.S. 741 (1979). Table of Contents Preface and Acknowledgements .................................................................... v Chapter 1. Computer Fraud and Abuse Act ..........................................1 A. Key Definitions ....................................................................................................... 4 B. Obtaining National Security Information ..........§ 1030(a)(1) ....................12 C.­ Accessing a Computer and Obtaining Information ................................................................§ 1030(a)(2) ....................16 D. Trespassing in a Government Computer ............§ 1030(a)(3) ....................23 E. Accessing to Defraud and Obtain Value .............§ 1030(a)(4) ....................26 F. Damaging a Computer or Information ..............§ 1030(a)(5) ....................35 G. Trafficking in Passwords ..........................................§ 1030(a)(6) ....................49 H. Threatening to Damage a Computer ...................§ 1030(a)(7) ....................52 I. Attempt and Conspiracy .........................................§ 1030(b) .........................55 J. Forfeiture ....................................................................§ 1030(i) & (j) ...............56 Chapter 2. Wiretap Act .................................................................................... 59 A. Intercepting a Communication ............................§ 2511(1)(a) ....................60 B. Disclosing an Intercepted Communication .......§ 2511(1)(c) ....................73 C. Using an Intercepted Communication ...............§ 2511(1)(d) ...................77 D. Statutory Exceptions and Defenses ..................................................................78 E. Statutory Penalties ................................................................................................87 Chapter 3. Other Network Crime Statutes ....................................... 89 A. Unlawful Access to Stored Communications ....§ 2701 ..............................89 B. Identity Theft .............................................................§ 1028(a)(7) ....................96 C. Aggravated Identity Theft .......................................§ 1028A .........................100 D. Access Device Fraud .................................................§ 1029 ............................102 E. CAN-SPAM Act .......................................................§ 1037 ............................105 F. Wire Fraud .................................................................§ 1343 ............................109 G. Communication Interference ................................§ 1362 ............................110 Chapter 4. Special Considerations ......................................................... 113 A. Jurisdiction ...........................................................................................................113 B. Venue .....................................................................................................................115 C. Statute of Limitations ........................................................................................120 D. Juveniles ................................................................................................................121 iii Chapter 5. Sentencing .................................................................................... 131 A. Base Offense Levels ............................................................................................131 B. Adjustments Under Section 2B1.1 .................................................................132 C. CAN-SPAM Act .................................................................................................142 D. Wiretap Act ..........................................................................................................143 E. Generally-Applicable Adjustments .................................................................144 F. Conditions of Supervised Release ...................................................................146 Appendices A. Unlawful Online Conduct and Applicable Federal Laws .........................149 B. Jury Instructions .................................................................................................157 C. Best Practices for Working with Companies ................................................173 D. Best Practices for Victim Response and Reporting ....................................177 E. Network Crime Resources................................................................................185 Table of Authorities ......................................................................................... 189 Index ......................................................................................................................... 201 iv Prosecuting Computer Crimes Preface and Acknowledgements This manual examines the federal laws that relate to computer crimes. Our focus is on those crimes that use or target computer networks, which we interchangeably refer to as “computer crime,” “cybercrime,” and “network crime.” Examples of computer crime include computer intrusions, denial of service attacks, viruses, and worms. We do not attempt to cover issues of state law and do not cover every type of crime related to computers, such as child pornography or phishing. This publication is the second edition of “Prosecuting Computer Crimes” and updates the previous version published in February 2007. During the three years since then, case law developed and, more importantly, Congress significantly amended the Computer Fraud and Abuse Act. Like the first edition of this manual, the revisions contained in this edition of the manual are the result of the efforts and knowledge of many people at CCIPS. Scott Eltringham edited and published it under the supervision of John Lynch and Richard Downing. Substantial assistance was provided by Mysti Degani, Jenny Ellickson, Josh Goldfoot, and Jaikumar Ramaswamy, all of whom took lead responsibility for revising one or more chapters. We are grateful to Ed Hagen and the Office of Legal Education for their assistance in publishing this manual and the prior edition. This manual is intended as assistance, not authority. The research, analysis, and conclusions herein reflect current thinking on difficult and dynamic areas of the law; they do not represent the official position of the Department of Justice or any other agency. This manual has no regulatory effect, confers no rights or remedies, and does not have the force of law or a U.S. Department of Justice directive. See United States v. Caceres, 440 U.S. 741 (1979). Electronic copies of this document are available from our website, www. cybercrime.gov. We may update the electronic version periodically and we advise prosecutors and agents to check the website’s version for the latest developments. CCIPS will honor requests for paper copies only when made by Preface & Acknowledgements v law enforcement officials or by public institutions. Please send such requests to the following address: Attn: Prosecuting Computer Crime manual Computer Crime and Intellectual Property Section 10th & Constitution Ave., N.W. John C. Keeney Bldg., Suite 600 Washington, DC 20530 vi Prosecuting Computer Crimes Chapter 1 Computer Fraud and Abuse Act In the early 1980s law enforcement agencies faced the dawn of the computer age with growing concern about the lack of criminal laws available to fight emerging computer crimes. Although the wire and mail fraud provisions of the federal criminal code were capable of addressing some types of computer- related criminal activity, neither of those statutes provided the full range of tools needed to combat these new crimes. See H.R. Rep. No. 98-894, at 6 (1984), reprinted in 1984 U.S.C.C.A.N. 3689, 3692. In response, Congress included in the Comprehensive Crime Control Act of 1984 provisions to address the unauthorized access and use of computers and computer networks. The legislative history indicates that Congress intended these provisions to provide “a clearer statement of proscribed activity” to “the law enforcement community, those who own and operate computers, as well as those who may be tempted to commit crimes by unauthorized access.” Id. Congress did this by making it a felony to access classified information in a computer without authorization and making it a misdemeanor to access financial records or credit histories stored in a financial institution or to trespass into a government computer. In so doing, Congress opted not to add new provisions regarding computers to existing criminal laws, but rather to address federal computer-related offenses
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages213 Page
-
File Size-