[Home] [Help] [Databases] [WorldLII] [Feedback] | ||
Murdoch University Electronic Journal of Law |
Cybercrime Investigation and Prosecution: The Role of Penal and Procedural Law
Author: | Susan W Brenner BA, MA, JD Professor of Law, University of Dayton School of Law |
Issue: | Volume 8, Number 2 (June 2001) |
[1] See Part II, infra.
[2] See Part II, infra.
[3] See Part II, infra.
[4] See Part III & IV, infra.
[5] See Part II, infra.
[6] Fast-spreading Virus Hits U.S., Asia, Europe, USAToday (June 7, 2000), http://www.usatoday.com/life/cyber/tech/cth837.htm.
[7] See, e.g., Corporate Systems Hard-Hit by Virus, USA Today (June 7, 2000), http://www.usatoday.com/life/cyber/tech/cth839.htm.
[8] See, e.g., Philipplines' Laws Complicate Virus Case, USAToday (June 7, 2000), http://www.usatoday.com/life/cyber/tech/cth879.htm ("Finally, . . . a judge agreed to issue a warrant under a 1998 law regulating the use of 'access devices' such as credit cards or equipment to obtain money, goods or services").
[9] See, e.g., Charges Dropped Against Love bug Suspect, USAToday, (August 21, 2000), http://www.usatoday.com/life/cyber/tech/cti418.htm. The theft and fraud charges were apparently abased on the fact that the "love bug" was designed to steal computer passwords. The charging premise seems to have been that the virus was intended to steal "property"-i.e., passwords-and use them to commit fraud-i.e., to obtain computer services, and perhaps other property, by deception. See, e.g., Love bug Virus May Be Accident, USAToday (June 7, 2000) (http://www.usatoday.com/life/cyber/tech/cth894.htm (de Guzman's thesis project was a computer program that was designed to steal passwords; the thesis project was rejected because it was designed to commit theft).
[10] See, e.g., Charges Dropped Against Love bug Suspect, USAToday, (August 21, 2000), http://www.usatoday.com/life/cyber/tech/cti418.htm.
[11] See, e.g., David Noack, "Love bug" Damage Worldwide: $10 Billion, apbnews.com, http://www.apbnews.com/newscenter/internetcrime/2000/05/08/lovebug_impact0508_01 .html; Dirk Beveridge, Student Says He May Have Sent Out "Love bug" Virus Accidentally, The Detroit News (May 12, 2000), http://detnews.com/2000/technology/0005/15/-54297.htm.
[12] See, e.g., David Noack, "Love bug" Damage Worldwide: $10 Billion, apbnews.com, http://www.apbnews.com/newscenter/internetcrime/2000/05/08/lovebug_impact0508_01 .html; Dirk Beveridge, Student Says He May Have Sent Out "Love bug" Virus Accidentally, The Detroit News (May 12, 2000), http://detnews.com/2000/technology/0005/15/-54297.htm.
[13] See, e.g., "Love bug" Prompts New Philippine Law, USAToday (June 14, 2000), http://www.usatoday.com/life/cyber/tech/cti095.htm (under the new law, hackers and those who spread computer viruses can be fined a minimum of $2,350 and a maximum ''commensurate'' with the damage caused, and can be imprisoned for up to three years). See also Republic of the Philippines, Eleventh Congress - Second Regular Session, Republic Act No. 8792, Part V section 33, http://www.mcconnellinternational.com/services/country/philippines.pdf.
[14] See, e.g., "Love bug" Prompts New Philippine Law, USAToday (June 14, 2000), http://www.usatoday.com/life/cyber/tech/cti095.htm.
[15] See, e.g., Philipplines' Laws Complicate Virus Case, USAToday (June 7, 2000), http://www.usatoday.com/life/cyber/tech/cth879.htm: `This is a new type of crime and the law applicable is not so clear,' said [Philippines National Bureau of Investigation] director Federico Opinion, who admitted that his own office has no computers, and whose agency was assisted by the FBI in the so-called Love bug case.
Scores of nations, especially in the developing world, lack laws governing cyberspace crimes and are woefully short on the computer-savvy investigators and technology required to go after sophisticated hackers.
'The scary thing about the Internet is that somebody with a computer in a jurisdiction where there are no cybercrime laws can get on and wreak havoc around the rest of the world,''said Susan Brenner, a cybercrime expert at The University of Dayton Law School in Ohio.
Thirty-seven countries now have statutes dealing with ''unauthorized access'' to computers and computer systems, according to a list compiled by Stein Schjolberg, a Norwegian judge active in cyberjurisprudence.
But the laws are anything but uniform and there are no international treaties governing cybercrime. The European Union released a draft treaty last week, said Brenner, adding that it would not be approved until next year at the earliest.
In the meantime, the lack of global legal standards for combating malicious hackers is 'going to cause delays in cooperation, with investigators floundering around as to what they should try to do,' said John F. Murphy, a Villanova University law professor who specializes in international terrorism. . . .
Even with such laws, locating and successfully prosecuting cyber culprits 'is like tracing vapor' because skilled hackers can make it difficult to establish their identities on the Internet, said Philippine law professor Josephine Victoria T. Yam.
The Net's global nature can even frustrate law enforcement cooperation among countries that have cybercrime statutes because of their lack of uniformity.
There is, for example, great potential for disputes regarding admissibility of electronic evidence, which is weighed differently in different countries.
There are also disputes over which country should have jurisdiction over an offender - the hacker's home country or those of his victims.
Take the case of the Love bug virus, which struck millions of computers worldwide when it was unleashed Thursday, causing hundreds of millions of dollars in damage.
'Is the crime the creating and setting loose of the thing or is the crime the damage committed and where?,' posed Brenner, the U.S. cybercrime expert. 'In that case we have millions of cases of damage.'
The United States has not said whether it would seek the extradition of the Love bug virus authors. But if Washington were to do so, the lack of Philippine cybercrime law could be an impediment.
Although the United States and the Philippines have an extradition treaty, Philippine law requires that laws exist in both countries recognizing a given offense.
[16] A recent study points out that countries which do not have adequate cybercrime laws "will become less able to compete in the new economy" because "[a]s cyber crime increasingly breaches national borders, nations perceived as havens run the risk of having their electronic messages blocked by the network." McConnell International, Cyber Crime and Punishment ("Overview"), http://www.mcconnellinternational.com/services/cybercrime.htm.
[17] See, e.g., Student Calls "Love bug" Virus an Accident, Muzi News (May 11, 2000), http://news.muzi.com/ll/english/68369.shtml; Love bug Suspect Suggests It Was "Accidental", apbnews.com (May 11, 2000), http://www.apbnews.com/newscenter/internetcrime/2000/05/11/lovebug0511_01.html.
[18] See, e.g., United States v. Baker, 1997 Fed. App. 0036P (Sixth Circuit Court of Appeals 1997), http://laws.lp.findlaw.com/6th/970036p.html (U.S. federal courts of appeals upheld dismissal of charges against defendant who posted descriptions of his raping, torturing and killing woman online because provisions of federal criminal statute did not encompass his actions). The Baker case is discussed in Section III, infra.
[19] See, e.g., Lynn Burke, Love bug Case Dead in Manila, Wired News (August 21, 2000), http://www.wired.com/news/print/0,1294,38342,00.html (in the aftermath of the "love bug" episode, U.S. prosecutor quoted as stating that "`[a]s long as there are governments that don't take these crimes seriously, it's going to be very difficult for other countries to really protect their computers'").
[20] See, e.g., Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism ("Why a Multilateral Convention"), http://www.oas.org/juridico/english/monograph.htm.
[21] Some reports indicated that many people "in the Philippines seem[ed] to care little about the ["love bug"] virus, which posed few problems in the relatively uncomputerized country but stirred cyber chaos in the wealthy West." See, e.g., Student Calls "Love bug" Virus an Accident, Muzi News (May 11, 2000), http://news.muzi.com/ll/english/68369.shtml. See also Love bug Suspect Suggests It Was "Accidental", apbnews.com (May 11, 2000), http://www.apbnews.com/newscenter/internetcrime/2000/05/11/lovebug0511_01.html (noting that the speaker of the Philippine House of Representatives described the suspect as a "misguided genius" and said the dissemination of the virus showed "that the Philippines possesses world-class information technology skills").
[22] See, e.g., Lynn Burke, Love bug Case Dead in Manila, Wired News (August 21, 2000), http://www.wired.com/news/print/0,1294,38342,00.html (since Philippine law did not outlaw the creation and dissemination of viruses, the "love bug" suspect could not be extradited to countries with such laws, like the United State of America). See also Extradition Treaty Between The Government of Belize and the Government of The United States of America, Article 1, http://www.belize.gov.bz/features/treaty/welcome.html#1 ("The Contracting States agree to extradite to each other, pursuant to the provisions of this Treaty, persons sought for prosecution or convicted of an extraditable offense by the authorities in the Requesting State").
An offense shall be an extraditable offense if it falls within any of the descriptions listed in the Schedule annexed to this Treaty, which is an integral part of the Treaty, or any other offense, provided that in either case the offense is punishable under the laws in both Contracting States by deprivation of liberty for a period of miore than one year or by a more severe penalty.
Extradition Treaty Between The Government of Belize and the Government of The United States of America, Article 2(1), http://www.belize.gov.bz/features/treaty/welcome.html#1. See generally United States v. Lui, http://www.law.emory.edu/1circuit/mar97/97-1084.01a.html (reviewing U.S. extradition law).
[23] See generally Council of Europe, Draft Convention on Cyber-Crime (Draft No. 25 Rev. 5), http://conventions.coe.int/treaty/EN/projets/cybercrime25.htm (noting need for cooperation among nations to mount an "effective fight against cyber-crime").
[24] See, e.g., McConnell International, Cyber Crime and Punishment ("What's Different About Cyber Crime?"), http://www.mcconnellinternational.com/services/cybercrime.htm:
Effective law enforcement is complicated by the transnational nature of cyberspace. Mechanisms of cooperation across national borders to solve and prosecute crimes are complex and slow. Cyber criminals can defy the conventional jurisdictional realms of sovereign nations, originating an attack from almost any computer in the world, passing it across multiple national boundaries, or designing attacks that appear to be originating from foreign sources. Such techniques dramatically increase both the technical and legal complexities of investigating and prosecuting cyber crimes.
[25] See, e.g., U.S. Wants More Cybercrime Laws, Wired News (July 26, 2000), http://www.wired.com/news/politics/0,1283,37809,00.html:
More than 100 countries do not have the laws to deal with computer-related crime, undercutting efforts to battle a growing international threat, law enforcement officials said on Wednesday. `Currently, at least 60 percent of INTERPOL membership lacks the appropriate legislation to deal with Internet/computer-related crime,' Edgar Adamson of the U.S. Customs Service told a House of Representatives panel. Adamson heads the U.S. National Central Bureau, which coordinates U.S. ties to INTERPOL, the global police alliance facilitating cooperation among 178 member nations. In testimony prepared for the Subcommittee on Government Management, Information and Technology, Adamson said the border-hopping nature of cyber crime showed the need for international law-enforcement cooperation `has never been greater.' At issue is garden-variety crime facilitated by new technology such as child pornography, pedophilia, identity theft, and credit-card fraud as well as viruses and other malicious code like the `denial of service' attacks that blocked access to major commercial websites in February.
[26] McConnell International, Cyber Crime and Punishment ("The Cyber Crime Laws of Nations"), http://www.mcconnellinternational.com/services/cybercrime.htm. For a list of the 52 countries, see McConnell International, Cyber Crime and Punishment note 4, http://www.mcconnellinternational.com/services/cybercrime.htm.
[27] See also Stein Schj¿lberg, The Legal Framework - Unauthorized Access to Computer Systems; Penal Legislation in 37 Countries (collecting cybercrime- specific legislation adopted in various countries), http://www.mossbyrett.of.no/info/legal.html#COUNTRIES.
[28] See, e.g., McConnell International, Cyber Crime and Punishment ("The Cyber Crime Laws of Nations"), http://www.mcconnellinternational.com/services/cybercrime.htm. This study focused on data-related crimes (interception, modification and theft), network- related crimes (interference and sabotage), access crimes (hacking and virus distribution) and "associated computer-related crimes" (fraud, forgery and aiding and abetting computer criminals).
[29] See, e.g., McConnell International, Cyber Crime and Punishment ("The Cyber Crime Laws of Nations"), http://www.mcconnellinternational.com/services/cybercrime.htm. This study did consider whether countries had amended their existing penal laws to "extend" them into cyberspace; and the report notes that law enforcement officials in some countries, Canada being an example, believe their existing laws provide adequate protection against certain types of cybercrimes, such as fraud, forgery and aiding and abetting cybercrime. See, e.g., McConnell International, Cyber Crime and Punishment ("The Cyber Crime Laws of Nations"), http://www.mcconnellinternational.com/services/cybercrime.htm. The authors of the report do not, however, seem to believe traditional penal law is adequate for this purpose: In the conclusion, the report explains that "[d]espite the progress being made in many countries, most countries still rely on standard terrestrial law to prosecute cyber crimes." See McConnell International, Cyber Crime and Punishment ("Conclusions"), http://www.mcconnellinternational.com/services/cybercrime.htm. The report describes these laws as "archaic" and suggests they are inadequate for this purpose. See McConnell International, Cyber Crime and Punishment ("Conclusions"), http://www.mcconnellinternational.com/services/cybercrime.htm.
[30] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[31] These categories are a distillation of the general categories one encounters in penal codes around the world. See, e.g., Criminal Code of Canada, http://laws.justice.gc.ca/en/C-46/index.html; Criminal Law of the People's Republic of China, http://www.qis.net/chinalaw/prclaw60.htm; New South Wales, Crimes Act 1900, http://www.austlii.edu.au/au/legis/nsw/consol_act/ca190082/; Revised Penal Code of the Philippines, Book Two, http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm. See also American Law Institute, Model Penal Code, http://www.ali.org.
[32] See, e.g., 1999 Revision of the Model State Computer Crimes Code, http://www.cybercrimes.net/99MSCCC/99MSCCCMain.html.
[33] See, e.g., German Law Archive, German Penal Code section 211, http://www.iuscomp.org/gla/; Swedish Penal Code, Part 2 - Chapter 3 section 1, http://wings.buffalo.edu/law/bclc/sweden.pdf.
[34] See, e.g., German Law Archive, German Penal Code sectionsection 223-226, http://www.iuscomp.org/gla/.
[35] See, e.g., Criminal Code of Canada, Part VIII ("Offenses Against the Person and Reputation"), http://laws.justice.gc.ca/en/C-46/index.html; Criminal Law of the People's Republic of China, Part II - Chapter IV, http://www.qis.net/chinalaw/prclaw60.htm; Revised Penal Code of the Philippines, Book Two, Title Eight, http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm
[36] See, e.g., Criminal Code of Canada, Part V, http://laws.justice.gc.ca/en/C-46/index.html; Criminal Law of the People's Republic of China, Chapter IV, http://www.qis.net/chinalaw/prclaw60.htm; New South Wales, Crimes Act 1900, Part 3, http://www.austlii.edu.au/au/legis/nsw/consol_act/ca190082/; Revised Penal Code of the Philippines, Book Two, Title Eleven, http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm; Swedish Penal Code, Part 2 - Chapter 6 section 1, http://wings.buffalo.edu/law/bclc/sweden.pdf.
[37] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[38] See, e.g., 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.01.1, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.01.1.html:
For example, an individual hacks into an industry's computer, say General Motor's computer. The individual then programs the computer so that the 2001 Chevy Blazer is modified. The modification is that the brakes will fail on every 10th Blazer produced after it has been driven for 5002 miles. If a person who buys a Chevy Blazer and then dies because the brakes failed due to the modification of the design made by the individual hacker, then the individual is guilty of . . . murder . . . .
There are anecdotal reports that this has occurred, but the stories so far seem to be apocryphal. See, e.g., David L. Carter, Computer Crime Categories: How Computer Criminals Operate, http://www.lectlaw.com/files/cri14.htm; Corporate Crime, http://www.williamsinference.com/2414crime.htm. Hackers have, however, gained entry to hospital records. See, e.g., Kevin Poulsen, Hospital Records Hacked Hard, The Register (December 17, 2000), http://www.theregister.co.uk/content/6/15285.html ("A sophisticated hacker took command of large portions of the University of Washington Medical Centre's internal network earlier this year and downloaded computerized admissions records for four thousand heart patients").
[39] Extradition may, of course, be impeded by other issues, such as the extraditing nation's discomfort with the penalty that can be imposed by the nation seeking to prosecute the perpetrator. See, e.g., Canada Bars Death- Penalty Extradition to U.S., The Irish Times (April 22, 2001), http://www.ireland.com/newspaper/breaking/2001/0215/breaking82.htm. But issues such as this arise without regard to whether the commission of the offense involved the use of a computer and so implicated the notion of "cybercrime."
[40] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[41] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[42] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/. See also 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.01.1, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.01.1.html ("Computer Homicide is designated as a null section because the drafters of the Code feel that the existing law is sufficient to cover homicides which occur via the computer").
[43] See generally 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.01.1, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.01.1.html (hypothesizing product alteration to effect murder).
[44] See, e.g., Texas Penal Code section 22.07, http://www.bakers-legal-pages.com/pc/2207.htm (offense to threaten to commit any offense involving violence to person or property with the intent to place any person in fear of imminent serious bodily injury).
[45] See, e.g., State v. Gallicio, 129 So. 541 (La. 1930) (conviction for using telephone to transmit threat to "kill, maim, wound and murder" victim over telephone upheld). See also People v. Daly, 154 Misc. 149, 276 N.Y.S. 583 (1935); People ex rel. Gannon v. McAdoo, 117 A.D. 438, 102 N.Y.S. 656 (1907).
[46] See, e.g., People v. Munn, 688 N.Y.S. 2d 384, 386 (N.Y. City Criminal Court 1999):
I find . . . that the allegations are sufficient to establish the elements of the charge of aggravated harassment in the second degree and that Penal Law section 240.30(1) may be construed to prohibit harassing and threatening messages sent to individuals over the Internet. This is true even though the law was originally written in 1965 and then revised in 1969, before Internet communication was envisioned. The present language of the statute is broad enough as it stands to prohibit this type of computer-generated harassing communication.
[47] See generally 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.01.1, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.01.1.html (hypothesizing product alteration to effect murder).
[48] See 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.02.2, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.02.2html (discussing this scenario and the challenges it poses for traditional law).
[49] 18 U.S. Code section 875(a) provides as follows:
(a) Whoever transmits in interstate or foreign commerce any communication containing any demand or request for a ransom or reward for the release of any kidnapped person, shall be fined under this title or imprisoned not more than twenty years, or both. (b) Whoever, with intent to extort from any person, firm, association, or corporation, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to kidnap any person or any threat to injure the person of another, shall be fined under this title or imprisoned not more than twenty years, or both. (c) Whoever transmits in interstate or foreign commerce any communication containing any threat to kidnap any person or any threat to injure the person of another, shall be fined under this title or imprisoned not more than five years, or both. (d) Whoever, with intent to extort from any person, firm, association, or corporation, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to injure the property or reputation of the addressee or of another or the reputation of a deceased person or any threat to accuse the addressee or any other person of a crime, shall be fined under this title or imprisoned not more than two years, or both.
[50] 104 F.3d 1492, 1997 Fed. App. 0036P (Sixth Circuit Court of Appeals 1997), http://laws.lp.findlaw.com/6th/970036p.html.
[51] See 104 F.3d at 1495-1496, 1997 Fed. App. 0036P, http://laws.lp.findlaw.com/6th/970036p.html.
[52] See 104 F.3d at 1498, 1997 Fed. App. 0036P, http://laws.lp.findlaw.com/6th/970036p.html (Krupansky, J., dissenting):
By November 1994, Baker's sadistic stories attracted the attention of an individual who called himself `Arthur Gonda,= a Usenet service subscriber residing in Ontario, Canada, who apparently shared similarly misdirected proclivities. Baker and Gonda subsequently exchanged at least 41 private computerized electronic mail ("e-mail") communications between November 29, 1994 and January 25, 1995. Concurrently, Baker continued to distribute violent sordid tales on the electronic bulletin board. On January 9, 1995, Baker brazenly disseminated publicly, via the electronic bulletin board, a depraved torture- and-snuff story in which the victim shared the name of a female classmate of Baker's referred to below as "Jane Doe" . . . This imprudent act triggered notification of the University of Michigan authorities by an alarmed citizen on January 18, 1995. On the following day, Baker admitted to a University of Michigan investigator that he had authored the story and published it on the Internet.
[53] See 104 F.3d at 1493, 1997 Fed. App. 0036P, http://laws.lp.findlaw.com/6th/970036p.html.
[54] See 104 F.3d at 1493, 1997 Fed. App. 0036P, http://laws.lp.findlaw.com/6th/970036p.html.
[55] See 104 F.3d at 1497, 1997 Fed. App. 0036P, http://laws.lp.findlaw.com/6th/970036p.html:
Accordingly, to achieve the intent of Congress, we hold that, to constitute "a communication containing a threat" under Section 875(c), a communication must be such that a reasonable person (1) would take the statement as a serious expression of an intention to inflict bodily harm (the mens rea), and (2) would perceive such expression as being communicated to effect some change or achieve some goal through intimidation (the actus reus). . . .Applying our interpretation of the statute to the facts before us, we conclude that the communications between Baker and Gonda do not constitute "communications containing a threat" under Section 875(c). Even if a reasonable person would take the communications between Baker and Gonda as serious expressions of an intention to inflict bodily harm, no reasonable person would perceive such communications as being conveyed to effect some change or achieve some goal through intimidation. Quite the opposite, Baker and Gonda apparently sent e- mail messages to each other in an attempt to foster a friendship based on shared sexual fantasies.
See also 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.02.2, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.02.2html (discussing this scenario and the challenges it poses for traditional law).
[56] See, e.g., 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.02.2, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.02.2html:
[One scenario arose in] . . . Will County, Chicago. In this case, an individual proficient with the use of a computer used the Internet to post a child's (or adult's) name and telephone number on sexual explicit Internet sites. This posting invited visitors to call and inquire about the named individual, who was a child. As a result, the named individual was subjected to consistent, harassing and possibly sexual explicit telephone calls every day of the week, at any and all hours. The repeated inquiries caused the recipient of the calls and/or messages to become fearful for his/her safety and the safety of their family. The Boehle family decided that they had to move outside of Will County in order to protect their daughter, who was the subject of the postings, telephone calls and messages, from any potential harm they feared might occur as a result of such harassment.
(footnotes omitted).
[57] See, e.g., U.S. Department of Justice, 1999 Report on Cyberstalking: A New Challenge for Law Enforcement and Industry, http://www.usdoj.gov:80/criminal/cybercrime/cyberstalking.htm.
[58] See, e.g., U.S. Department of Justice, 1999 Report on Cyberstalking: A New Challenge for Law Enforcement and Industry, http://www.usdoj.gov:80/criminal/cybercrime/cyberstalking.htm.
[59] See, e.g., Cyberstalking Law Invoked, Wired News (January 25, 1999), http://www.wired.com/news/politics/0,1283,17504,00.html.
[60] See, e.g., Feds Find Dangerous Cyberstalking Hard to Prevent, cnn.com (June 12, 2000), http://europe.cnn.com/2000/TECH/computing/06/12/cyberstalkers.idg/.
[61] See California Penal Code section 646.9(a), http://caselaw.lp.findlaw.com/cacodes/pen/639-653.1.html:
Any person who willfully, maliciously, and repeatedly follows or harasses another person and who makes a credible threat with the intent to place that person in reasonable fear for his or her safety, or the safety of his or her immediate family, is guilty of the crime of stalking, punishable by imprisonment in a county jail for not more than one year or by a fine of not more than one thousand dollars ($1,000), or by both that fine and imprisonment, or by imprisonment in the state prison.
Note that this statute does require a "credible threat." The statutory definition of a "credible threat" is, however, broad enough to encompass Dellapenta's conduct. See California Penal Code section 646.9(g), http://caselaw.lp.findlaw.com/cacodes/pen/639-653.1.html ("`"credible threat' means a verbal or written threat, including that performed through the use of an electronic communication device, or a threat implied by a pattern of conduct or a combination of verbal, written, or electronically communicated statements and conduct made with the intent to place the person that is the target of the threat in reasonable fear for his or her safety or the safety of his or her family and made with theapparent ability to carry out the threat so as to cause the person who is the target of the threat to reasonably fear for his or her safety or the safety of his or her family").
[62] See, e.g., Feds Find Dangerous Cyberstalking Hard to Prevent, cnn.com (June 12, 2000), http://europe.cnn.com/2000/TECH/computing/06/12/cyberstalkers.idg/. See also Cyberstalking: The Cases (Randi Barber), citing State v. Dellapenta (Los Angeles Superior Court 1999), http://www.unc.edu/courses/law357c/cyberprojects/spring00/cyberstalking/cyberstalk/cases.html#barber.
[63] See, e.g., Feds Find Dangerous Cyberstalking Hard to Prevent, cnn.com (June 12, 2000), http://europe.cnn.com/2000/TECH/computing/06/12/cyberstalkers.idg/.
[64] See, e.g., Cyberstalking: The Cases, http://www.unc.edu/courses/law357c/cyberprojects/spring00/cyberstalking/cyberstalk/cases.html.
[65] See, e.g., 1999 Revision of the Model State Computer Crimes Code, Commentary to section 2.02.2, http://www.cybercrimes.net/99MSCCC/MSCCC/Article2/2.02.2html.
[66] For a discussion of the distinctions between cyberstalking and online harassment, see, e.g., 1999 Revision of the Model State Computer Crimes Code, sectionsection 2.02 & 2.03, http://www.cybercrimes.net/99MSCCC/99MSCCCMain.html.
[67] See, e.g., Cyberstalking: The Cases, http://www.unc.edu/courses/law357c/cyberprojects/spring00/cyberstalking/cyberstalk/cases.html.
[68] Cyberstalking and online harassment can have a sexual focus or a non-sexual focus. See, e.g., 1999 Revision of the Model State Computer Crimes Code, sectionsection 2.02 & 2.03, http://www.cybercrimes.net/99MSCCC/99MSCCCMain.html. The discussion above tends to assume non-sexual cyberstalking and/or online harassment, simply to provide a contrast to the issues raised by specifically sexual offenses such as rape.
[69] See Julian Dibbell, A Rape in Cyberspace, http://www.humanities.uci.edu/mposter/syllabi/readings/rape.html.
[70] See, e.g., 1999 Revision of the Model State Computer Crimes Code, section 3.04.1, http://cybercrimes.net/99MSCCC/MSCCC/Article3/3.04.1.html.
[71] See, e.g., 1999 Revision of the Model State Computer Crimes Code, section 3.04.1, http://cybercrimes.net/99MSCCC/MSCCC/Article3/3.04.1.html.
[72] See, e.g., 1999 Revision of the Model State Computer Crimes Code, section 3.04.1, http://cybercrimes.net/99MSCCC/MSCCC/Article3/3.04.1.html.
[73] See, e.g., 1999 Revision of the Model State Computer Crimes Code, section 3.04.1, http://cybercrimes.net/99MSCCC/MSCCC/Article3/3.04.1.html.
[74] To avoid copyright issues, we will assume that the video is entirely the perpetrator's creation, using computer technology and, perhaps, live actors.
[75] Relying on civil remedies is likely to be inadequate, as this case illustrates:
Jayne Hitchcock's ordeal started after she exposed an Internet scam being run by a group of people calling themselves the Woodside Literary Agency. Jayne was suddenly the target of an elaborate smear campaign designed to intimidate, harass, and belittle her. First the agency launched a series of emailbombs (to her home, to her place of work at the University of Maryland, and to her husband Chris' email account). Then, the harassers forged posts in her name to hundreds of newsgroups. The posts indicated that Jayne was interested in having people call or stop by her house to share their sexual fantasies with her. Her home address and phone number were included. Jayne described her emotional state by saying: "I felt like someone had broken into my house, touched all of my things, didn't take anything and left -- I felt violated and scared for my life."
Jayne attempted to get help from the police. She contacted her local police department, the police commissioner, even the FBI. No one she spoke to could help. Eventually, Jayne decided she would take care of the problem herself. She and a group of her friends and family tracked down the stalkers themselves.
Since her harassers were not subject to criminal prosecution, Jayne filed several civil suits (one for $10 million) that are still pending. After the civil suits were filed, the harassment worsened, and Jayne was forced to go to therapy to deal with the problems it was causing her. In order to avoid her harassers, Jayne and her family relocated to another state and had their names removed from public records. The harassment stopped for only a short time. Jayne is still the target of Internet harassment.
Cyberstalking: The Cases, http://www.unc.edu/courses/law357c/cyberprojects/spring00/cyberstalking/cyberstalk/cases.html#hitchcock.
[76] See Free Speech Coalition v. Reno, 198 F.3d 1083, 1089 (9th Cir. 1999), certiorari granted, 121 S.Ct. 826 (January 22, 2001):
The Child Pornography Prevention Act of 1996 expanded the law to combat the use of computer technology to produce pornography containing images that look like children. The new law sought to stifle the use of technology for evil purposes. This of course was a marked change in the criminal regulatory scheme. Congress had always acted to prevent harm to real children. In the new law, Congress shifted the paradigm from the illegality of child pornography that involved the use of real children in its creation to forbid a "visual depiction" that "is, or appears to be, of a minor engaging in sexually explicit conduct." See 18 U.S.Code section 2256(8)(B).
[77] See Free Speech Coalition v. Reno, 198 F.3d 1083, 1092 (9th Cir. 1999), certiorari granted, 121 S.Ct. 826 (January 22, 2001):
The language of the statute questioned here can criminalize the use of fictional images that involve no human being, whether that fictional person is over the statutory age and looks younger, or indeed, a fictional person under the prohibited age. Images that are, or can be, entirely the product of the mind are criminalized. The CPPA's definition of child pornography extends to drawings or images that `appear' to be minors or visual depictions that `convey' the impression that a minor is engaging in sexually explicit conduct, whether an actual minor is involved or not. The constitutionality of this definition is not supported by existing case law.
[78] See, e.g., U.S. v. Mento, 231 F.3d 912 (4th Cir. 2000); U.S. v. Acheson, 195 F.3d 645 (11th Cir. 1999).
[79] For more about imposing criminal liability on someone for disseminating information that is publicly available, see section III(D), below.
[80] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, California Criminal Law Review (2001), http://boalt.org/CCLR/.
[81] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, California Criminal Law Review (2001), http://boalt.org/CCLR/.
[82] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, California Criminal Law Review (2001), http://boalt.org/CCLR/.
[83] See, e.g., Fiji Islands, Penal Code, Chapter XXVII ("Larceny, Embezzlement and Conversion") & Chapter XXX ("Robbery and Extortion"). See also Wayne R. LaFave, Criminal Law sectionsection 8.1-8.13 (2000).
[84] See, e.g., Shari'ah Penal Code Law - Zamfara State of Nigeria, Chapter VIII - section 144, http://www.nigerianlaws.com/frames/docs/stats/ShariaCodeChap3-9.html.
[85] See, e.g., German Law Archive, German Penal Code sectionsection 249-252, http://www.iuscomp.org/gla/.
[86] See, e.g., German Law Archive, German Penal Code section 263, http://www.iuscomp.org/gla/; Spanish Penal Code section Article 248 (1), http://www.mcconnellinternational.com/services/country/spain.pdf.
[87] See, e.g., German Law Archive, German Penal Code section 253, http://www.iuscomp.org/gla/.
[88] See, e.g., German Law Archive, German Penal Code section 244, http://www.iuscomp.org/gla/; Revised Penal Code of the Philippines, Book Two, Title Ten, Chapter One,
http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm; Shari'ah Penal Code Law - Zamfara State of Nigeria, Chapter VIII - sectionsection 184-193, http://www.nigerianlaws.com/frames/docs/stats/ShariaCodeChap3-9.html.
[89] See, e.g., Swedish Penal Code, Part 2 - Chapter 10 section 1, http://wings.buffalo.edu/law/bclc/sweden.pdf.
[90] See, e.g., Cyber-Extortion Results in Prison Sentence, Net4TV (October 8, 2000), http://net4tv.com/voice/story.cfm?storyid=2931.
[91] See, e.g., Computer Related Embezzlement, New Technologies, Inc., http://www.4incidentresponse.com/cons7.html.
[92] See, e.g., U.S. Securities and Exchange Commission, Internet Fraud: How to Avoid Investment Scams, http://www.sec.gov/investor/pubs/cyberfraud.htm. Compare German Law Archive, German Penal Code section 263, http://www.iuscomp.org/gla/ (fraud) with German Law Archive, German Penal Code section 263a, http://www.iuscomp.org/gla/ (computer fraud).
[93] See, e.g., Security on Trial in Citibank Cyber-Theft Case, The Guardian Newswire (Vol. II, Issue 5), http://www.dlxguard.com/oct97news.htm.
[94] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[95] See, e.g., Security on Trial in Citibank Cyber-Theft Case, The Guardian Newswire (Vol. II, Issue 5), http://www.dlxguard.com/oct97news.htm.
[96] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[97] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[98] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[99] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[100] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[101] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[102] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[103] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[104] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[105] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/. See also Turkey Criminal Code Article 525/a,
http://www.mcconnellinternational.com/services/country/turkey.pdf.
[106] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[107] Cf. 1999 Revision of the Model State Computer Crimes Code, section 6.01.1 and Commentary, http://www.cybercrimes.net/99MSCCC/MSCCC/Article6/6.01.1.html.
[108] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/. This definition of hacking does not, of course, include the further step of gaining access with the purpose of committing further crimes once inside the system; this type of aggravated hacking can be analogized to burglary. See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[109] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[110] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[111] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[112] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[113] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[114] See, e.g., Brendan I. Koerner, To Heck with Hacktivism, Salon.com (July 20, 2000), http://www.salon.com/tech/feature/2000/07/20/hacktivism/. See also Rachel Munro, May Day Alert: Real or Hype?, ZDNet News (April 30, 2001), http://www.zdnet.com/zdnn/stories/news/0,4586,2713746,00.html?chkpt=zdnn_rt_late st.
[115] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[116] See, e.g., Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[117] See, e.g., Brendan I. Koerner, To Heck with Hacktivism, Salon.com (July 20, 2000), http://www.salon.com/tech/feature/2000/07/20/hacktivism/. The German Penal Code provides an example of how distinct penal laws can address "real world" and "virtual world" damage to property: Section 303 ("Damaging Property") makes it an offense, punishable by a fine or by imprisonment for "not more than two years" , to unlawfully damage or destroy the property of another. German Law Archive, German Penal Code section 303, http://www.iuscomp.org/gla/. Section 304 ("Alteration of Data") makes it an offense, also punishable by a fine or by imprisonment for not more than two years, to unlawfully delete, suppress, render unusable or alter data. German Law Archive, German Penal Code section 304, http://www.iuscomp.org/gla/. Section 303b ("Computer Sabotage") makes it an offense, punishable by a fine or by imprisonment for not more than five years, to interfere "with data processing which is of substantial significance to the business or enterprise of another or a public authority" by violating section 303 or by destroying or damaging a "data processing system or a data carrier". German Law Archive, German Penal Code section 303b, http://www.iuscomp.org/gla/.
[118] See, e.g., Glenn A. Gilmour, Hate-Motivated Violence section 5.0, Department of Justice - Canada, http://canada.justice.gc.ca/en/dept/pub/hmv/ (surveying hate crime laws of various countries). See also What are Hate Crimes?, Stop the Hate, http://www.stopthehate.org/hate_crimes.html (definition of hate crimes).
[119] See, e.g., Jolo, Denial of Service or "Nuke" Attacks (February 21, 2001), http://www.irchelp.org/irchelp/nuke/#netattack.
[120] See, e.g., James Brooke, Teenager Pleads Guilty to Hacking, N.Y. Times (January 19, 2001), http://www.nytimes.com/2001/01/19/technology/19CANA.html (teen-aged hacker pled guilty to denial of service attacks conducted in Feburary, 2000 against various sites, including amazon.com, cnn.com, ebay.com and yahoo.com; the Federal Bureau of Investigation estimated that the attacks caused $1.7 billion in damage).
[121] See, e.g., Alabama Code section 13A-8-10(a)(1) ("A person commits the crime of theft of services if . . . [h]e intentionally obtains services known by him to be available only for compensation by deception, threat, false token or other means to avoid payment for the services").
[122] See, e.g., Best Online Casinos, http://bestonlinecasinos.com/ (listing online casinos);
Jeff Goodell, How to Run a Successful Silicon Valley Business, N.Y. Times (April 8, 2001), http://www.nytimes.com/2001/04/08/magazine/08SILICON.html (prostitutes using web sites to market their services and arrange meetings with customers); SexAddicted: The Best Pornography on the Web, http://www.sexaddicted.com/index.html?bp=google-bottom&bc=pornography.
[123] See, e.g., 1999 Revision of the Model State Computer Crimes Code section 3.02 (using the Internet to disseminate pornography); section 3.03 (using the Internet to promote prostitution), section 7.01 (Internet gambling), section 7.02 (using the Internet to provide alcohol or cigarettes to minors), http://www.cybercrimes.net/99MSCCC/99MSCCCMain.html.
[124] See, e.g., German Law Archive, German Penal Code section 285, http://www.iuscomp.org/gla/ ("Whoever participates in a public game of chance . . . shall be punished with imprisonment"). See also German Law Archive, German Penal Code section 284, http://www.iuscomp.org/gla/ (outlawing unauthorized games of chance). If a jurisdiction lacks laws against gambling or feels they are not adequate to reach online gambling, it can, of course, adopt a cybercrimespecific gambling prohibition. See, e.g., 1998 Model State Computer Crimes Code section 7.01.3, http://www.cybercrimes.net/98MSCCC/Article7/section7013.html.
[125] This argument is especially likely to be made by the operator of an online casino whose web site is maintained in Country A, where the casino is legal, but who is charged with operating a gambling business in violation of local law in Country B. See, e.g., 1998 Model State Computer Crimes Code, Commentary to section 7.01, http://www.cybercrimes.net/98MSCCC/Article7/commentarysection701.html. One way for Country B to avoid dealing with this admittedly difficult issue is to focus its prosecutorial efforts on those who patronize online casinos. See, e.g., 1998 Model State Computer Crimes Code section 7.01.3, http://www.cybercrimes.net/98MSCCC/Article7/section7013.html.
[126] See, e.g., 1998 Model State Computer Crimes Code, Commentary to section 3.03, http://www.cybercrimes.net/98MSCCC/Article3/commentarysection303.html. See also 1998 Model State Computer Crimes Code section 3.03.4, http://www.cybercrimes.net/98MSCCC/Article3/section3034.html (using the Internet to promote prostitution).
[127] See, e.g., 1998 Model State Computer Crimes Code sectionsection 7.02 & 7.03, http://www.cybercrimes.net/98MSCCC/MSCCCMain.html (using the Internet to supply liquor or drugs to minors; using the Internet to sell prescription drugs).
[128] See, e.g., United States of America v. Carl. E. Johnson (No. CR98-5393JRB), Government's Trial Memorandum, http://www.ccc.de/mirrors/jya.com/cej-usbrief.htm ("The defendant was charged . . . with . . . threatening federal judges and officers via the Internet in retaliation for the performance of their official duties").
[129] See, e.g., 1999 Revision of the Model State Computer Crimes Code sectionsection 8.03 & 8.04, http://www.cybercrimes.net/99MSCCC/99MSCCCMain.html. See also Markus Hubner, The Mitnick Story, http://bau2.uibk.ac.at/matic/mitnick.htm:
[A]t age 25, Mitnick was sentenced to one year in a minimum security facility by judge Mariana R. Pfaelzer of the U. S. District Court in Los Angeles Ca. . . .
One year later, Mitnick was released from the facility and assigned a probation officer. Reportably, strange things began to happen. The probation officer's phone was suddenly disconnected, and the phone company having no record of it. A judge's credit record at TRW inc. was unexplainably altered. Records of Mitnick's arrest and conviction could not be found on the Court's computers at Santa Cruz Ca.
[130] See, e.g., 1999 Revision of the Model State Computer Crimes Code section 8.04.2, http://www.cybercrimes.net/99MSCCC/99MSCCCMain.html.
[131] See, e.g., 17-A Maine Criminal Code sectionsection 454, 456-457, http://janus.state.me.us/legis/statutes/17-A/title17-Ach190sec0.html.
[132] See, e.g., 18 U.S. Code section 115(a)(1)(B) (offense to threaten "to assault, kidnap, or murder, a United States official, a United States judge, a Federal law enforcement officer, or an official whose killing would be a crime under" 18 U.S. Code section 1114. Since this statute focuses on the harm-e.g., the threat-and not on the method used to transmit the threat, it can be applied to online threats as well as to those communicated in person. See, e.g., United States of America v. Carl. E. Johnson, Superseding Indictment - Count Two(No. CR98- 5393JRB), Government,
http://www.ccc.de/mirrors/jya.com/cej040399.htm#Superseding:
On or about June 23, 1997, CARL EDWARD JOHNSON did threaten to murder and aid and abet in the murder of J. Kelley Arnold, a United States Magistrate Judge, with intent to retaliate against Judge Arnold on account of the performance of his official duties, which threat CARL EDWARD JOHNSON transmitted over the Internet, and was received over the Internet at Tacoma, within the Western District of Washington, and elsewhere.
All in violation of Title 18, United States Code, Section ll5(a)(1)(B) and (b)(4) and Section 2.
[133] See, e.g., Arizona Revised Statutes section 13-2809(A):
A person commits tampering with physical evidence if, with intent that it be used, introduced, rejected or unavailable in an official proceeding which is then pending or which such person knows is about to be instituted, such person:
[134] See, e.g., Fiji Islands Penal Code section 130, http://www.vanuatu.usp.ac.fj/paclawmat/Fiji_legislation/Consolidation_1978/Fiji_Penal_Code.html:
Any person who, knowing that any book, document or thing of any kind whatsoever is or may be required in evidence in a judicial proceeding, wilfully removes or destroys it or renders it illegible or indecipherable or incapable of identification, with intent thereby to prevent it from being used in evidence, is guilty of a misdemeanour.
[135] For a sample statute that specifically addresses this type of conduct, see 1999 Revision of the Model State Computer Crimes Code section 8.04.3, http://www.cybercrimes.net/99MSCCC/MSCCC/Article8/8.04.3.html.
[136] See, e.g., 1999 Revision of the Model State Computer Crimes Code, Commentary to section 8.08, http://www.cybercrimes.net/99MSCCC/MSCCC/Article8/8.08.html.
[137] See, e.g., Matt Carolan, The Scandals of Net Vigilantism, ZDNet UK (February 8, 2001),
http://www.anchordesk.co.uk/anchordesk/commentary/columns/0,2415,7108262,00.htm; Jason Meserve, Fighting Fire with Fire, Network World Fusion (May 29, 2000), http://napps.nwfusion.com/newsletters/bug/0529bug1.html; Shelley M. Liberto, Vigilantism on the Internet: The "Web Posse" Crosses the Line, http://www.libertolaw.com/4-98.html. See also1999 Revision of the Model State Computer Crimes Code, Commentary to section 8.08, http://www.cybercrimes.net/99MSCCC/MSCCC/Article8/8.08.html.
[138] See, e.g.,1999 Revision of the Model State Computer Crimes Code, section 8.08, http://www.cybercrimes.net/99MSCCC/MSCCC/Article8/8.08.html.
[139] See, e.g., 18 U.S. Code section 115(a)(1)(B) (offense to threaten "to assault, kidnap, or murder, a United States official, a United States judge, a Federal law enforcement officer, or an official whose killing would be a crime under" 18 U.S. Code section 1114.
[140] See http://www.justicefiles.org/.
[141] See, e.g., Michael Ko, Kirkland Sues Over Web Site Listing Officers' Personal Details, Seattle Times (April 3, 2001), http://archives.seattletimes.nwsource.com/cgibin/texis/web/vortex/display?slug=website03m&date=20010403&query=kirkland+police +web+site: [T]he city of Kirkland has filed a lawsuit against the creators of a Web site that lists the home addresses, phone numbers, salaries and, in some cases, Social Security numbers of police officers in that city. . . .
Kirkland wants the Web site shut down because of safety concerns, said City Manager David Ramsay. The release of home addresses and Social Security numbers is like `shouting fire in a crowded theater.' . . . A police officer's job, by nature, breeds enemies, and the Web site could be a resource for people seeking retribution, either physically or financially, he said.
[142] See, e.g., 1999 Revision of the Model State Computer Crimes Code section 8.06.1, http://www.cybercrimes.net/99MSCCC/MSCCC/Article8/8.06.1.html:
(A) A person commits the offense of posting confidential information of law enforcement officials when;
(1) they purposefully or knowingly;
(2) cause confidential information;
(3) of a law enforcement official;
(4) to be disseminated via a computer, computer system, computer network, the Internet, e-mail or any other online communication system. (B) Definitions:
(1) confidential information for the purposes of this section is defined as information that is normally not available to the public (i.e. bank account number) or information that a person has taken steps to ensure is not readily available to the public (i.e. unlisted phone number or address). (2) law enforcement official is defined in Section 8.02(B)(9). (C) Any person who commits this offense is guilty of a fifth degree felony as set out under Section 1.05 of the Model Code.
[143] See, e.g., Netscape White Pages,
http://hoe.netscape.com/netcenter/whitepages.html. See also Netscape Yellow Pages, http://yp.netscape.com/.
[144] See, e.g., Fiji Penal Code sectionsection 50-53, http://www.vanuatu.usp.ac.fj/paclawmat/Fiji_legislation/Consolidation_1978/Fiji_Penal_Code.html. See also Criminal Law of the People's Republic of China, sections 102-112, http://www.qis.net/chinalaw/prclaw60.htm#ChapterI2; Revised Penal Code of the Philippines, Art. 114,
http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm/; Swedish Penal Code, Part 2 - Chapter 22, http://wings.buffalo.edu/law/bclc/sweden.pdf.
[145] See, e.g., Fiji Penal Code sectionsection 62-66, sectionsection 79-94, http://www.vanuatu.usp.ac.fj/paclawmat/Fiji_legislation/Consolidation_1978/Fiji_ Penal_Code.html. See also Criminal Law of the People's Republic of China, sectionsection 114-138, http://www.qis.net/chinalaw/prclaw60.htm; Swedish Penal Code, Part 2 - Chapter 16, http://wings.buffalo.edu/law/bclc/sweden.pdf
[146] See, e.g., Criminal Law of the People's Republic of China, sectionsection 114-138, http://www.qis.net/chinalaw/prclaw60.htm I2.
[147] See also Criminal Law of the People's Republic of China, sectionsection 140-150, sectionsection 170-190, http://www.qis.net/chinalaw/prclaw60.htm I2.
[148] See, e.g., Samoa Crimes Ordinance, section 42, http://www.vanuatu.usp.ac.fj/Paclawmat/Samoa_legislation/Samoa_Crimes.html; Shari'ah Penal Code Law - Zamfara State of Nigeria, Chapter VII - sectionsection 400-403, http://www.nigerianlaws.com/frames/docs/stats/ShariaCodeChap3-9.html; Swedish Penal Code, Part 2 - Chapter 22 section 1,
http://wings.buffalo.edu/law/bclc/sweden.pdf.
[149] See, e.g., Criminal Law of the People's Republic of China, section 102, http://www.qis.net/chinalaw/prclaw60.htm I2; Revised Penal Code of the Philippines, Art. 114,
http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm/. See also Fiji Penal Code section 50,
http://www.vanuatu.usp.ac.fj/paclawmat/Fiji_legislation/Consolidation_1978/Fiji_Penal_Code.html.
[150] See, e.g., Criminal Law of the People's Republic of China, section 111, http://www.qis.net/chinalaw/prclaw60.htm Chapter I2.
[151] See, e.g., Center for Strategic & International Studies, Cybercrime . . . Cyberterrorism . . . Cyberwarfare, http://www.csis.org/pubs/cyberfor.html:
Using the tools of information warfare, cyberterrorists can overload telephone lines with special software; disrupt the operations of air traffic control as well as shipping and railroad computers; scramble the software used by major financial institutions, hospitals and other emergency services; alter by remote control the formulas for medication at pharmaceutical plants; change the pressure in gas pipelines to cause a valve failure; sabotage the New York Stock Exchange.
[152] See, e.g., Center for Strategic & International Studies, Cybercrime . . . Cyberterrorism . . . Cyberwarfare, http://www.csis.org/pubs/cyberfor.html: The new pervasive tools of information technology blend truth and fiction in ways not easily discernible to decisionmakers. The Internet is also a global superhighway for disinformation. Thus, potentially damaging decisions can be taken as shortened time lines mandate immediate action.
[153] See, e.g., Center for Strategic & International Studies, Cybercrime . . . Cyberterrorism . . . Cyberwarfare, http://www.csis.org/pubs/cyberfor.html.
[154] See, e.g., Danish Criminal Code section 193(1), http://www.mcconnellinternational.com/services/country/denmark.pdf: Any person who, in an unlawful manner, causes major disturbances in the operation of public means of communication, of the public mail service, of publicly used telegraph or telephone services, of radio and television installations, of data processing systems or of installations for the public supply of water, gas, electricity or heating shall be liable to simple detention or to imprisonment for any term not exceeding four years or, in mitigating circumstances, to a fine.
Cf. 1999 Revision of the Model State Computer Crimes Code section 8.07, http://www.cybercrimes.net/99MSCCC/MSCCC/Article8/8.07.html (sample statute specifically prohibiting the use of computer technology to engage in terroristic acts, including attacks on computer networks, stealing information needed to create weapons of mass destruction, transmitting harmful programs designed to interfere with the operation of computer systems and/or public utilities, etc.).
[155] See, e.g., Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism ("Why a Multilateral Convention"). Commentary on the Draft Convention section 2, http://www.oas.org/juridico/english/monograph.htm.
[156] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 217 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[157] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 217 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[158] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 217 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[159] See, e.g., 1999 Revision of the Model State Computer Crimes Code section 1.03, http://www.cybercrimes.net/99MSCCC/MSCCC/Article1/1.03.html: (A) It is the policy of this state to exercise its jurisdiction over crime and persons charged with the commission of crime to the fullest extent allowable. . . .
(B) In accord with this policy, a person shall be subject to prosecution in this State for an offense he/she commits while he/she is physically located either within or outside this State, by his/her own conduct and/or that of another for which he/she is legally accountable, if:
(1) the offense is committed either wholly or partly within this State; or
(2) the offender's conduct committed wholly outside this State constitutes an attempt to commit an offense within this State; or
(3) the offender's conduct committed wholly outside this State constitutes a conspiracy to commit an offense within this State, and an act in furtherance of the conspiracy was committed within this State, either directly by the offender or at his instigation; or
(4) the offender's conduct committed wholly or partly within this State constitutes an attempt, solicitation, and/or conspiracy to commit in another jurisdiction an offense under the laws of both this State and such other jurisdiction.
(C) An offense is committed partly within this State if either an act constituting an element of the offense, or the result that is an element of the offense, occurs in this State.
(D) When an offense is committed under the laws of this State and it appears beyond a reasonable doubt that the offense or any element thereof took place either in this State or in another jurisdiction or jurisdictions, but it cannot reasonably be determined in which it took place, such offense or element is presumed to have taken place in this State for purposes of this section.
(E) This State's jurisdictional territory includes the land and water within its boundaries and the air space above such land and water within which it either has exclusive or concurrent legislative jurisdiction. It also includes any computer signals and/or messages received in and/or transmitted from this State. See also 1999 Revision of the Model State Computer Crimes Code, Commentary to section 1.03, http://www.cybercrimes.net/99MSCCC/MSCCC/Article1/1.03.html.
[160] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 217 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[161] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 217 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[162] See, e.g., Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism ("Why a Multilateral Convention"). Commentary on the Draft Convention section 2, http://www.oas.org/juridico/english/monograph.htm: Transnational fraud, for example, has led to decisions by national courts assuming jurisdiction on the basis of any significant connection to the conduct involved. Among these are the States where a fraud was planned, where an effort to defraud was initiated, where individuals worked at implementing the fraud, where or through which communications were made that were intrinsic to the fraud, where the victims were located, and where the fraud had material and intended effects. The widespread recognition of fraud as criminal activity leads States readily to find jurisdiction over such activity, despite the significant relationship particular frauds may have to other States. They tend to assume that punishing fraud will be supported by other affected States, rather than opposed as violating their sovereignty.
At the very least, leaving aside the heightened dangers posed by cybercrime, the same rationale that supports such a broad assertion of jurisdiction over fraud supports a similar assertion of jurisdiction over cybercrime.
[163] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 220 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[164] See, e.g., U.S. Code, Federal Rules of Criminal Procedure for the U.S. District Courts, Rule 41(b) ("A warrant may be issued under this rule to search for and seize any (1) property that constitutes evidence of the commission of a criminal offense; or (2) contraband, the fruits of crime, or things otherwise criminally possessed; or (3) property designed or intended for use or which is or has been used as the means of committing a criminal offense; or (4) person for whose arrest there is probable cause, or who is unlawfully restrained").
[165] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 171 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm: [T[here are some differences with respect to the search of computer data, which may necessitate different or special procedural provisions to ensure that computer data can be obtained in a manner that is equally effective as a search and seizure of tangible data. First, the data is in intangible form, such as in an electromagnetic form. Second, while the data may be read with the use of computer equipment, it cannot be seized and taken away in the same sense as can a paper record. The physical medium on which the intangible data is stored (e.g., the computer hard-drive or a diskette) must be seized and taken away, or a copy of the data must be made in either tangible form (e.g., computer printout) or intangible form on a physical medium (e.g., diskette), and the tangible medium containing the copy is seized and taken away. In the latter two situations where copies of the data are made, the original data remains in the computer system or storage device. Some changes may be required to domestic law to ensure that intangible data can be searched and seized. Third, due to the connectivity of computer systems, data may not be stored in the particular computer that is searched, but such data may be readily accessible to that system. It could be stored in an associated data storage device that is connected directly to the computer, or connected to the computer indirectly through communication systems, such as the Internet. This may or may not require new laws to permit an extension of the search to where the data is actually stored (or the retrieval of the data from that site to the computer being searched), or the use traditional search powers in a more co-ordinated and expeditious manner at both locations.
[166] See, e.g., Model Code of Cybercrime Investigative Procedure, http://www.cybercrimes.net/MCCIP/MCCIP.html.
[167] Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ 22 (February 14, 2001),
http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[168] See Council of Europe, Draft Convention on Cyber-Crime (Draft No. 25 Rev. 5), Chapter II - section 1, -
http://conventions.coe.int/treaty/EN/projets/cybercrime25.htm.
[169] See Council of Europe, Draft Convention on Cyber-Crime (Draft No. 25 Rev. 5), Chapter II - section 2, -
http://conventions.coe.int/treaty/EN/projets/cybercrime25.htm.
[170] See Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism, http://www.oas.org/juridico/english/monograph.htm.
[171] See Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism, Article 3, http://www.oas.org/juridico/english/monograph.htm.
[172] See Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism, Articles 4-6, http://www.oas.org/juridico/english/monograph.htm.
[173] See Center for International Security and Cooperation, A Proposal for an International Convention on Cyber Crime and Terrorism, Commentary on the Draft Convention section 1, http://www.oas.org/juridico/english/monograph.htm; Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ ¦ 22-30 (February 14, 2001),
http://conventions.coe.int/treaty/EN/cadreprojets.htm.
[174] See, e.g., Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime ¦ ¦ 25 (February 14, 2001), http://conventions.coe.int/treaty/EN/cadreprojets.htm ("Although the substantive law provisions relate to offences using information technology, the Convention uses technology-neutral language so that the substantive criminal law offences may be applied to both current and future technologies involved").
[175] For an example of parallel provisions, one addressing conventional criminality and the other addressing cyber-criminality, see, e.g., German Law Archive, German Penal Code section 263(1), http://www.iuscomp.org/gla/ ("Whoever, with the intent of obtaining for himself or a third person an unlawful material benefit, damages the assets of another, by provoking or affirming a mistake, by pretending that false facts exist or by distorting or suppressing true facts, shall be punished with imprisonment for not more than five years or a fine") and German Law Archive, German Penal Code section 263a(1), http://www.iuscomp.org/gla/ ("Whoever, with the intent of obtaining for himself or a third person an unlawful material benefit, damages the assets of another by influencing the result of a data processing operation through incorrect configuration of a program, use of incorrect or incomplete data, unauthorized use of data or other unauthorized influence on the order of events, shall be punished with imprisonment for not more than five years or a fine").
[176] See Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[177] Donn B. Parker, Is Computer Crime Real?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[178] See Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[179] See Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[180] See Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
[181] See Susan W. Brenner, Is There Such a Thing as Virtual Crime?, ___ California Criminal Law Review ____ (2001), http://boalt.org/CCLR/.
Copyright 2001 by Susan W. Brenner