Close X

For the purposes of this page, computer crimes encompasses such behavior as accessing electronic communications without authorization, accessing computer systems without authorization, and sending unsolicited commercial email, also known as spam.

18 U.S.C. § 2701 (2007).

The Crime Under 18 U.S.C. § 2701(a), it is illegal to either intentionally access a facility through which an electronic communication service is provided without authorization or to intentionally exceed authorization to access such a facility, thereby obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage.

The Punishment Punishment under 18 U.S.C. § 2701(b) for violating section 2701(a) depends on the purpose behind the access. If the access was for the purposes of commercial advantage, malicious destruction or damage, private commercial gain, or in furtherance of any criminal or tortuous act in violation of the Constitution, or Federal or State law, first-time offenders will be fined, imprisoned for not more than 5 years, or both. For any subsequent such violation, then punishment consists of a fine, imprisonment for not more than 10 years, or both. If the purpose of the access was for any other reason, then punishment for a first-time offense consists of a fine, imprisonment for not more than 1 year, or both, while subsequent violations are punished by a fine, imprisonment for not more than 5 years, or both./p>

Exceptions Exceptions exist under 18 U.S.C. § 2701(c) for people or entities who provide a wire or electronic communication service, for a user of such a service accessing communications intended for his use.

Definition The definition of “electronic communication service” is found in 18 U.S.C. § 2510 (2007). It refers to any service that allows its users to send and receive electronic communications, which in turn are defined as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce.” However, wire and oral communications are excepted from this definition, as are tones from a pager, communication from a tracking device, and electronic funds transfer information stored by financial institutions.

Case Law Interpreting Section 2701An airline company violated section 2701(a)(1) when an airline official gained access to a pilot's secure website by using two other pilot's names to establish accounts and passwords, because the two pilots were not “users” of the website at the time they authorized the official to use their names. Konop v. Hawaiian Airlines, Inc. 302 F.3d 868, 880 (9th Cir. 2002).

However, in a different case, when a company accessed an insurance agent's e-mail without authorization, there was no violation of privacy laws because there was no interception of e-mail within the meaning of privacy laws, and because section 2701(c) provided protection to the company because it provided a wire or electronic communications service. Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 114 (3d Cir. 2003).

If a person has authorization to access a database, there can be no violation of section 2701, not matter how maliciously or larcenously that access is used. Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F. Supp. 2d 817, 821 (E.D. Mich. 2000).

18 U.S.C. § 1030 (2007).

The Crime

Section 1030 is the main component of the Computer Fraud and Abuses Act. The FBI and the United States Secret Service may investigate violations of this section. 18 U.S.C. 1030(d). It is a violation of this section for a person to:having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined by 42 U.S.C. § 2014(y), with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted, or attempt to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retain the same and fail to deliver it to the officer or employee of the United States entitled to receive it; 18 U.S.C. § 1030(a)(1); or intentionally access a computer without authorization or exceed authorized access, and thereby obtain-information contained in a financial record of a financial institution, or of a card issuer as defined by 15 U.S.C. § 1602(n) or contained in a file of a consumer reporting agency on a consumer, as such terms are defined by 15 U.S.C. §§ 1681 et seq.; id. § 1030(a)(2)(A); information from any department or agency of the United States; id. § 1030(a)(2)(B); or information from any protected computer if the conduct involved an interstate or foreign communication; id. § 1030(a)(2)(C); or intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, access such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;id. § 1030(a)(3); or
knowingly and with intent to defraud, access a protected computer without authorization, or exceed authorized access, and by means of such conduct further the intended fraud and obtain anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $ 5,000 in any 1-year period; id. § 1030(a)(4); or cause damage by
knowingly cause the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause damage without authorization, to a protected computer; id. § 1030(a)(5)(A)(i); intentionally access a protected computer without authorization, and as a result of such conduct, recklessly cause damage; id. § 1030(a)(5)(A)(ii); or
intentionally access a protected computer without authorization, and as a result of such conduct, cause damage; id. § 1030(a)(5)(A)(iii); and by the just-mentioned conduct cause
loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $ 5,000 in value; id. § 1030(a)(5)(B)(i); the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals; id. § 1030(a)(5)(B)(ii); physical injury to any person; id. § 1030(a)(5)(B)(iii); a threat to public health or safety; id. § 1030(a)(5)(B)(iv)or
damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security; id. § 1030(a)(5)(B)(v); or
knowingly and with intent to defraud traffic in any password or similar information through which a computer may be accessed without authorization, if-
such trafficking affects interstate or foreign commerce; id. § 1030(a)(6)(A); or such computer is used by or for the Government of the United States; id. § 1030(a)(6)(B);
with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; id. § 1030(a)(7); If a person attempts to commit any of the offenses found in section 1030(a), he will be punished as if he had actually committed the violation. 18 U.S.C. § 1030(b).

The Punishment Punishment for a violation of section 1030 is enormously complicated. Punishment can consist of:

a fine, imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; 18 U.S.C. § 1030(c)(1)(A); and

a fine, imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section; or an attempt to commit an offense punishable under this subparagraph; id. § 1030(c)(1)(B);

a fine, imprisonment for not more than one year, or both, in the case of an offense under subsection (a)(2), (a)(3), (a)(5)(A)(iii), or (a)(6) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; id. § 1030(c)(2)(A);

a fine, imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(2), or an attempt to commit an offense punishable under this subparagraph, if-the offense was committed for purposes of commercial advantage or private financial gain; id. § 1030(c)(2)(B)(i);
the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; id. § 1030(c)(2)(B)(ii); or the value of the information obtained exceeds $ 5,000; id. § 1030(c)(2)(B)(iii);

a fine, imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; id. § 1030(c)(2)(C);

a fine, imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4) or (a)(7) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; id. § 1030(c)(3)(A); and

a fine, imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4), (a)(5)(A)(iii), or (a)(7) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this section; id. § 1030(c)(3)(B);

a fine, imprisonment for not more than 10 years, or both, in the case of an offense under subsection (a)(5)(A)(i), or an attempt to commit an offense punishable under that subsection; id. § 1030(c)(4)(A);

a fine, imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(5)(A)(ii), or an attempt to commit an offense punishable under that subsection; id. § 1030(c)(4)(B);

a fine, imprisonment for not more than 20 years, or both, in the case of an offense under subsection (a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to commit an offense punishable under either subsection, that occurs after a conviction for another offense under this section; id. § 1030(c)(4)(C); and if the offender knowingly or recklessly causes or attempts to cause serious bodily injury from conduct in violation of subsection (a)(5)(A)(i),

a fine under this title or imprisonment for not more than 20 years, or both; id. § 1030(c)(5)(A); and
if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i),

a fine under this title or imprisonment for any term of years or for life, or both. id. § 1030(c)(5)(B);

;COMPUTER CRIMES (Continued)

Definitions

the term “computer” means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device; 18 U.S.C. § 1030(e)(1); the term “protected computer” means a computer- exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; id. § 1030(e)(2)(A);or<?p>

which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; id. § 1030(e)(2)(B);

the term “financial record” means information derived from any record held by a financial institution pertaining to a customer's relationship with the financial institution; id. § 1030(e)(5);

the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter; id. § 1030(e)(6);

the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information; id. § 1030(e)(8);

the term “loss” means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; id. § 1030(e)(11).

Exceptions Section 1030 does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States. 18 U.S.C. § 1030(f).

Case Law Interpreting Section 1030 An operator of a pornographic website violated sections 1030(a)(2)(C) and (5)(C) by exceeding his authorized access and impairing computer facilities, when he maintained a membership with an Internet service provider (hereinafter ISP) in order to harvest e-mail addresses of other members using extractor software programs. America Online v. LCGM 46 F. Supp. 2d 444, 450-51 (E.D. Va. 1998).

An individual and his attorney also violated section 1030 when they used a patently unlawful subpoena to gain access to e-mail stored by a corporation's ISP. Theofel v. Farey-Jones, 341 F.3d 978, 981, 986 (9th Cir. 2003). (Note that in this case, the defendants were found civilly liable)

.

In recent months, some noteworthy cases have been brought under the Computer Fraud and Abuses Act, such as Leandro Aragoncillo's case in which he is accused of illegally accessing a computer in the office of the Vice President of the United States.

18 U.S.C. § 1037 (2007).

The Crime Section 1037 concerns itself with unsolicited commercial email, also known as spam. Under 18 U.S.C. § 1037(a), it is a crime to do or conspire to do one, some, or all of the five things outlined in section 1037(a)(1)-(5).

The first is accessing a protected computer without authorization and intentionally initiating the transmission of multiple commercial electronic mail messages (for simplicity, hereinafter “emails”) from or through that computer. The second is using a protected computer to relay or retransmit multiple commercial emails, intending to deceive or mislead recipients about the origin of such a message. The third is materially falsifying header information in multiple emails and intentionally initiating the transmission of such emails. The forth is registering, “using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names.” Finally, the fifth category of crime is falsely representing “oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses,” and intentionally initiating the transmission of multiple emails from such addresses.

The Punishment Under 18 U.S.C. § 1037(b), there are 3 different categories of punishment. The first category carries a punishment of a fine, imprisonment for not more than 5 years, or both, if the offense is committed in furtherance of a felony under Federal or State law, or if the defendant has previously been convicted under 18 U.S.C. § 1037, 18 U.S.C. § 1030, or under the law of any State for conduct involving the transmission of multiple emails or the unauthorized access to a computer system. The second category carries a punishment of a fine, imprisonment for not more than 3 years, or both if section 1037(a)(1) is violated, if section 1037(a)(4) is violated and 20 or more falsified accounts or 10 or more falsified domain name registrations were involved, if the volume of emails transmitted exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period, if the offense caused loss to one or more persons aggregating $ 5,000 or more in value during any 1-year period, if any individual committing the offense obtained anything of value aggregating $ 5,000 or more during any 1-year period; or if the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader. In any other situation, the punishment is a fine, imprisonment for not more than 1 year, or both.

A person who is convicted under section 1037 will be ordered to forfeit to the United States any real or personal property which constitutes or is traceable to gross proceeds obtained by that person, as well as any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of the offense.

Definitions Some terms should be clarified. “Materially falsified” header or registration information, for example, as used in section 1037(a)(3)-(4), means it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. “Multiple” under section 1037 does not simply mean more than one; “multiple” means more than 100 electronic mail messages during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic mail messages during a 1-year period.a

Case Law Interpreting Section 1037 There are no cases reported referring to section 1037 at this time.

Board Certifications



Contact Us Today

Fay Arfa is committed to answering your questions about Trials, Appeals, Habeas Corpus, State Crimes, Federal Crimes, and Sex Crimes law issues in California.

We offer a free telephone consultation and we'll gladly discuss your case with you at your convenience. Contact us today to schedule an appointment.