• Abstract
  • Definition
    Nature of Crimes
    Fighting Crime
  • Policy
  • Prevention
  • Detection
  • Measuring
    Crimes of the Future
  • Information Theft
  • Cyber-Terrorism
    Pop Culture




  • While congress and state legislatures attempt to struggle to update laws to keep up with technology, many prosecutors have had to look to older, more general laws to apply to these new places. For instance, child pornography is generally prosecuted under perfectly analogy to the laws that make distribution of child pornography over U.S. mail illegal. Also, many fraud laws are written generally enough to apply online as well. Additionally, rather quickly after the proliferation of computers, trespassing laws were amended to cover invasion of a computer. Only more recently have congressmen, relatively much more educated regarding computers than those making the laws in the 70s and 80s, designed legislation specifically to fight computer crime.

    In this section, we first present acceptable use policies as one method for fighting computer criminals. Later, we move onto legislation, both laws made some years ago to laws made last year, specifically targeting computer crime. Then we look at some cases that have tested this legislation.

    Acceptable Use Policies

    Organizations, such as Universities and Internet Service Providers, generally have what are called acceptable use policies. These policies restrict what users can do online and sometimes guidelines for punishments. Since these policies are implemented by organizations which users can refuse to join, they can and do restrict users more than federal or state laws. For instance, a part of Stanford's Computer and Network Use Policy says users must "respect the integrity of information resources [by declining to take many actions, including not] sending chain-letters or excessive messages, either locally or off-campus" ["Computer Usage" 1]. Meanwhile, chain mail, unless it is a pyramid scheme, is not restricted by law. In addition, these policies provide further methods of fighting computer criminals. For example, in addition to being prosecuted under U.S. law, those who break into systems from Stanford can be punished (e.g. being expelled) by the following policy: "Users of University information resources must not access computers, computer software, computer data or information, or networks without proper authorization, or intentionally enable others to do so, regardless of whether the computer, software, data, information, or network in question is owned by the University" ["Computer Usage" 1].

    Federal and Financial Protection

    Recently, however, a few laws have been passed that are focused on computers. The Computer Fraud and Abuse of 1986 made it a federal crime to intentionally access a computer for purposes including: obtaining top-secret military information, or personal, financial, or credit information; committing a fraud; or altering or destroying federal information [Strothcamp sld. 10] However, this law only applied to protection of federal property and financial information. Fortunately it was updated both in 1994 and 1996 to suit modern computer risks better.

    National Information Infrastructure Protection Act

    The primary legislation addressing computer crime is 18 U.S. Code, Section 1030, also known as The National Information Infrastructure Protection Act of 1996, which prohibits certain types of fraud and unauthorized access. The act was originally made in 1986 and amended in 1994, but the newly amended version in 1996 was an attempt to address the growth of computer crime and to centralize computer crime law. The Computer Crime and Intellectual Property Section (CCIPS) of the Department of Justice decided it was easier to add to or modify existing computer crime law than change all other law potentially affected by computers. It is the CCIPS's hope that as new technologies arrive, modifying Section 1030 may suffice. In any case, old law was insufficient to address the new nature of computer crime ["Section 1030" 1-2].

    The law covers the following criminal activity involving breakins to protected computers:

    • anything against the U.S. government
    • unauthorized access allowing one to obtain financial records or government, interstate, or international information illegally
    • unauthorized access to nonpublic government computer
    • defraudulent unauthorized access for any value (but not just the computer itself, unless it is worth $5,000 or more)
    • causing damage through code or access (whether reckless or not)
    • transmitting password or other means of access if it affects interstate or international commerce or a government computer
    • transmitting a threat (through interstate or international commerce) to damage a computer with the intent to extort money ["Section 1030" 1-3]

    Law enforcement, political subdivisions, and intelligence agencies are immune to the law. Also, civil cases can be brought, but only within two years of the date of the act or the discovery of the act. ["Section 1030" 7]

    Copyright Issues

    On December 16, 1997 the President signed a new bill (HR 2265) that imposes large criminal penalties for willful infringement of copyright materials. The law was specifically designed to protect against infringement through electronic means (in addition to ordinary ones) and closes up loopholes from previous laws.

    Child Pornography

    Recently some legislation has been passed specifically to combat online child pornography.

    The Customs Cybersmuggling Center, part of the United States Customs Service and established in 1996, "analyzes intelligence data related to child pornography, disseminates information to other law enforcement agencies and coordinates undercover operations to catch people who are electronically distributing child pornography." Furthermore, if a bill introduced on Feb. 11, 1999, passes, it will raise the center's budget by 100% [Varon 1-2].

    A recent federal law "makes it illegal to possess computer images that look like children engaged in sex." And although this law was originally called unconstitutional by a lower court, a federal judge recently overturned that decision, effectively making the law constitutional ["Court Upholds" 1].


    National Information Infrastructure Protection Act

    In 1996, a man allegedly launched a software "bomb" after being fired; the bomb caused $10 million in damage by permanently deleting important software programs ["Former Chief" 1-3].

    In 1997, a juvenile used a modem to disable a community phone service and radio transmissions at an airport, rendering the air traffic control tower useless for six hours ["Juvenile Computer" 1-4].

    In 1998, an Israeli man was arrested for breaking into a large number of computers, including government computers, in the United States and Israel. No classified information was compromised, but it took an international effort to track down this criminal ["Israeli Citizen" 1-2].

    These cases reflect the variety of computer fraud and breakins. For example, the age and nationality of hackers can certainly vary, as well as the type of damage they can cause. So these types of crimes really are everyone's problem. Additionally, all these cases were or are being prosecuted using the National Information Infrastructure Protection Act. This means that we have had success in attacking such crimes in a centralized, fairly well-defined manner.

    Child Pornography

    In contrast to other types of computer crime, child pornography is largely collaborative. This is because it involves a large number of people trying to share in material provided by a few. Due to this collaborative nature, child pornography cases are often fairly epic in the number of suspects, arrests, and convictions.

    One of the most well-known and successful campaigns against child pornography has been Operation Rip Cord, led by New York Attorney General Dennis Vacco's office and founded in 1997. By September of that year, the operation had led to 31 prosecutions and 1500 additional suspects [Bunn 1]. In October, 1998, the operation helped arrest another 13 people, and also by that date it had identified suspects in 31 countries ["Internet Child" 1].

    The United States Customs Service has also cracked down hard on child pornography: in 1997 it made 173 arrests and 178 convictions, and in 1998 it made at least 183 arrests and at least 189 convictions. A September, 1998, sting identified 100 new suspects from 14 countries [MacMillan 1].

    Many such stings have involved the cooperation of both state and federal law enforcement agencies. The highly international nature of child pornography makes such cooperation necessary.