Scott Garland
1) Computer Fraud and Abuse Act, 18 U.S.C.§ 1030
a) § 1030(a)(1) – National security systems and information
b) § 1030(a)(2) – Accessing information on a protected computer
i) Elements
(1) Intentionally access computer w/o authorization, or exceed authorized access
(2) Obtain information, and
(a) Obtaining = viewing
(b) Information need not have been copied, removed, or destroyed
(3) Target is government, financial institution or protected computer
ii) Penalties
(1) 1st offense = misdemeanor
(2) 1st offense = felony
(a) Access is for commercial advantage/gain, or
(b) Furtherance of some other crime or tort, or
(c) Value of information >$5000
(3) 2nd offense = 10 year max.
iii) Example
(1) U.S. v. You Li, http://www.usdoj.gov/criminal/cybercrime/liIndict.htm (D. Utah) (press release re indictment)
c) § 1030(a)(3) – Trespass on government computer
i) Elements
(1) Intentional access w/o authorization, or exceed authorized access, on non-public federal government computer
(a) Can be shared use computer (e.g., government contractor) if conduct affects US use
ii) Penalties
(1) 1st offense = misdemeanor
(2) 2nd offense = 10 year max.
d) § 1030(a)(4) – Intrusion to further a fraud
i) Elements
(1) Knowing, and with intent to defraud,
(2) Access a protected computer w/o authorization, or exceeds authorized access, and
(3) Furthers the fraud and obtains something of value >$5000/year
ii) Penalties
(1) 1st offense = 5 yr max
(2) 2nd offense= 10 yr max
iii) Examples
(1) U.S. v. You Li (D. Utah) (press release re indictment), available at http://www.usdoj.gov/criminal/cybercrime/liIndict.htm
(2) Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc., 119 F. Supp. 2d 1121 (W.D. Wash. 2000)
(a) Compare with mail and wire fraud
(i) 18 U.S.C.§§ 1341, 1343, 1346
(ii)U.S. v. Carpenter (S. Ct.)
e) 1030(a)(5) – Damage to Systems/Data
i) Conduct
(1) Transmit program, information, code, or command and, w/o authorization, cause damage to a protected computer, or
(2) Intentionally access protected computer w/o authorization and recklessly cause damage, or
(3) Intentionally access protected computer w/o authorization and cause damage
ii) Damage
(1) Cause (or if attempt, would have caused) damage
(2) Damage
(a) Loss in aggregate of $5000
(b) Modification or impairment of medical treatment
(c) Physical injury
(d) Any damage, in any amount if computer system is used by government for administration of justice, national defense or national security
iii) Loss –§ 1030(e)(11)
(1) Any reasonable cost to any victim
(2) Cost of response
(3) Damage assessment
(4) Restore data/program/system to previous configuration
(5) Lost revenue
(6) Consequential damage due to loss of service
(7) Damage to Systems/Data
iv) Penalties
(1) § 1030(a)(5)(i)
(a) 1st offense – 10 yr max.
(b) 2nd offense – 20 yr max.
(c) Any offense knowing/recklessly causing serious bodily harm – 20 yr max.
(d) Any offense knowingly/recklessly causing death – life max
(2) § 1030(a)(5)(ii)
(a) 1st offense – 5 yr max.
(b) 2nd offense – 20 yr max.
(3) § 1030(a)(5)(iii)
(a) 1st offense – misdemeanor
(b) 2nd offense – 10 yr max.
v) Examples
(1) U.S. v. Angle (D. Mass.) (press release re indictment), available at http://www.usdoj.gov/criminal/cybercrime/angleCharged.htm
(2) U.S. v. Fisher (D. Utah) (press release re indictment), available at http://www.usdoj.gov/criminal/cybercrime/fisherIndict.htm
f) § 1030(a)(6) – Trafficking in computer passwords
i) Elements
(1) Knowingly
(2) With intent to defraud
(3) Traffic in password or similar info
(a) Transfer/dispose to another, or obtain control of with intent to transfer/dispose
(4) Regarding government computer or protected computer
ii) Penalties
(1) 1st offense - Misdemeanor
(2) 2nd offense – 10 yr max.
g) § 1030(a)(7) – Threats to computers
i) Elements
(1) For purposes of extortion
(2) Transmit in interstate/foreign commerce
(3) Any threat to cause damage to a protected computer
ii) Penalties
(1) 1st offense – 5 yr max
(2) 2nd offense – 10 yr max
iii) Compare with 18 U.S.C.§ 875
h) Sentencing Guidelines
i) Review Sentencing Table
ii) § 1030(a)(1) – U.S.S.G.§ 2M3.2
iii) § 1030(a)(2) – U.S.S.G.§ 2B1.1
iv) § 1030(a)(3) – U.S.S.G.§ 2B2.3
v) § 1030(a)(4) – U.S.S.G.§ 2B1.1
vi) § 1030(a)(5) – U.S.S.G.§ 2B1.1
vii) § 1030(a)(6) – U.S.S.G.§ 2B1.1
viii) § 1030(a)(7) – U.S.S.G.§ 2B3.2
ix) Focus on
(1) U.S.S.G.§ 2B1.1’s discussion of actual vs. intended loss
(a) Consider application when the defendant obtained information, but the government cannot prove that he used it
(2) Which sentencing guideline provisions are geared specifically to computer crimes?
i) Civil Liability –§ 1030(g)
i) Anyone suffering damage/loss can bring civil action for damages/injunctive relief
(1) Damage/loss =
(a) Aggregate loss $5000/yr
(b) Modification/impairment of medical treatment
(c) Physical injury
(d) Threat to public health/safety
ii) Recovery limited to economic loss
iii) Consider whether prosecutors can prosecute a wider or narrower swath of cases than can civil litigants
2) Criminal Intellectual Property Law
a) Copyright
i) Compare 17 U.S.C.§§ 106, 107 with 17 U.S.C.§ 506 and 18 USC§§ 2319, 2319B
ii) Which rights are criminally enforceable?
iii) How are they broader or narrower than the rights that are civilly enforceable?
(1) # of rights
(2) Mens rea
(3) Scope/magnitude of conduct
(4) Consult CCIPS’s manual, Prosecuting Intellectual Property Crimes ch.3 (2001), available at http://www.cybercrime.gov/ipmanual/03ipma.htm
iv) Why did Congress enact 17 U.S.C.§ 506(a)(1)(C) and 18 U.S.C.§ 2319B?
b) Trademark
i) Compare 15 U.S.C.§ 1114(1) with 18 U.S.C.§ 2320
ii) Which rights are criminally enforceable?
iii) How are they broader or narrower than the rights that are civilly enforceable?
(1) Compare U.S. v. Hanafy with U.S. v. Milstein
(2) Review United States v. Bohai Trading Co., 45 F.3d 577, 580 (1st Cir. 1995)
(3) Review CCIPS’s manual, Prosecuting Intellectual Property Crims ch. 2 (2001), available at http://www.cybercrime.gov/ipmanual/02ipma.htm
iv) Why?
c) Trade secrets
i) Compare of 18 U.S.C.§§ 1831, 1832, 1838, 1839 with Uniform Trade Secrets ActÕs definitions of “misappropriation”, “improper means”, and “trade secret”
ii) Which rights are criminally enforceable?
(1) Review Prosecuting Intellectual Property Crimes§ VIII.B.11 (2001), available at http://www.cybercrime.gov/ipmanual/08ipma.htm#VIII.B.11. [NB: The period following VIII.B.11 should be part of the hyperlink.]
iii) How are they broader or narrower than the rights that are civilly enforceable?
(1) Why?
iv) How else can theft of trade secrets be charged?
(1) 18 U.S.C.§ 1030(a)(2)
(2) 18 U.S.C.§ 1030(a)(4)
(3) 18 U.S.C.§§ 1341, 1343, 1346
(4) 18 U.S.C.§§ 2314-2315
v) Example
(1) U.S. v. Lockwood (E.D. Mich.), available at http://www.usdoj.gov/criminal/cybercrime/lockwoodind.pdf
d) Sentencing Guidelines
i) Copyright and trademark – U.S.S.G.§ 2B5.3
(1) See U.S. Sentencing Commission, Intellectual Property Amendments: 2006, Policy Development Team Report, at 13-15 (May 2006) (discussion of uploading amendment), available at http://www.ussc.gov/publicat/IntelProp-report.pdf
(a) Why didn’t anybody understand why Congress was concerned with the uploading definition?
ii) Trade secrets – U.S.S.G.§ 2B1.1
iii) What does the difference in guidelines tell us about copyright and trademark crimes vs. trade secret crimes?
iv) What does the difference in guidelines tell us about copyright and trademark crimes vs. computer crimes?
3) Prosecutorial Discretion
a) Strength of the Case
b) Principles of Federal Prosecution§§ 9-27.001 – 9-27.250, U.S. Attorneys’ Manual, available at http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/title9/27mcrm.htm
i) Consider non-criminal enforcement alternatives in IP crimes
c) DOJ Priorities
d) Investigative Agencies’ Priorities
e) Sentencing Guidelines
f) Congressional Priorities
i) Consider 17 U.S.C.§ 506(a)(1)(C) and 18 U.S.C.§ 2319B
g) DOJ and U.S. Attorneys’ Differing Perspectives
h) Office Guidelines
i) Loss thresholds
i) Rules of Thumb
i) Can I prove the crime?
ii) Does it feel like a crime?
iii) Why commit federal resources?
j) IP Crimes
i) Large-scale and organized violations
ii) Health and safety risks
iii) Persistent violators
iv) Mean-spirited, vindictive, underhanded conduct