How Do Federal Cybercrimes Differ from State Cybercrime Laws?
For the federal government to have jurisdiction over any crime, the crime must involve a crossing of state lines, took place on federal land or involving a federal employee, was related to the military, or violated a specific federal statute. The main difference is that state cybercrimes are usually local and small in nature. The hacker usually did not cross state lines, but again, we are talking about the internet because we are talking about cybercrimes. By its nature, the hacker most likely crossed a state line somehow.
From a practical point of view, if the crime was minor, the federal government will likely not get involved. But when we are talking about foreign citizens who are hacking US banks and US companies, the federal government will absolutely get involved.
Federal Laws Against Cybercrime
Computer Fraud and Abuse Act (18 U.S.C. §1030) – Many cybercrime cases are prosecuted under the Computer Fraud and Abuse Act, which covers a variety of computer crimes and has been used very assertively by the federal government in recent years.
The basic requirements for prosecution under this law are that the computer is a “protected computer,” and that the individual accessed it “without authorization.” Due to recent amendments, these terms are defined broadly. A “protected computer” is any computer that is connected to the internet. That would include a person’s computer provided by an employer, public library computers, or other electronic devices with internet access. Similarly, the definition of “without authorization” is also exceedingly broad. A person with authorization to use a specific computer may still be prosecuted under this law if the use of the computer “exceeds authorization” or if the computer is used for some “improper purpose.”
Criminal prosecutions under the Computer Fraud and Abuse Act usually fall into one of the following categories:
- Obtaining National Security Information,
- Unauthorized Access of a Protected Computer,
- Trespassing in Relation to Government Computers,
- Unauthorized Access with Intent to Defraud (which includes internet fraud and “phishing”),
- Damaging a Computer or Computer Information,
- Trafficking in Computer Passwords with the Intent to Defraud,
- Threatening to Damage a Computer,
- Attempt and Conspiracy – In cases involving alleged violations of computer hacking laws, the government also prosecutes anyone who is attempting or conspiring to engage in any of this type of activity. The Computer Fraud and Abuse Act has a provision that specifically addresses attempt and conspiracy charges.
Violations of the Computer Fraud and Abuse Act can be prosecuted as misdemeanors or felonies depending on the motivation behind the wrongdoing. Accessing a computer and obtaining information for financial gain is considered a felony, as is any violation of this law that causes a loss in excess of $5,000.
The specific penalties for violating the Computer Fraud and Abuse Act depend on the type of misconduct involved and the amount of harm that it causes. As with any other federal criminal prosecution, a person’s sentence will be determined primarily by the calculation of the advisory Federal Sentencing Guidelines.
CAN-SPAM Act (18 U.S.C. §1037) – The CAN-SPAM Act is intended to prosecute people who distribute large amounts of unsolicited commercial emails known as spam. There are a variety of different civil and criminal penalties under this law, and the punishment usually depends on the amount of “spam” delivered or how it was used.
Unlawful Access to Stored Communications (18 U.S.C. §2701) – This act prohibits the use of a computer to access another person’s “electronic communication service” where the person has their email or voicemail stored. If the unauthorized access to voicemail or email is done for financial gain, it becomes a felony.
Cyberstalking Cases (18 U.S. Code § 2261A) – The term “cyberstalking” commonly refers to the use of a computer or other electronic device to threaten or harass another individual. Federal law also specifically prohibits “stalking” as conduct or communication that is meant to injure, offend, threaten physical harm, harass or intimidate another person. When a computer is used to threaten sexual transgression, it is often referred to as “sextortion.” Prosecuting a cyberstalking case will often involve several different federal laws. A person could be prosecuted under the Computer Fraud and Abuse Act by either threatening to damage another computer or threatening to reveal threatening confidential information. A person could also be prosecuted under the general federal extortion law if cyberstalking involves threats to cause serious injury to another person.
Unlawful Internet Gambling Enforcement Act – Internet gambling falls under the Unlawful Internet Gambling Enforcement Act, although, Gambling Act does not specifically prohibit internet gambling. The U.S. government has decided that internet gambling is illegal through the Wire Act, under which wire fraud and other white-collar crimes are included. The law makes it illegal for any gaming business to accept payments in connection with unlawful internet gambling.
Federal Internet Sex Crimes – The FBI, the Department of Homeland Security, ICE, and other various federal law enforcement agencies aggressively pursue internet sex crimes. These include possession, receipt, or distribution of child pornography, online communications with minors, distribution of obscene images, or enticement of minors. It is possible through hacking, error, or government overreach, for a completely innocent person to be swept up in a federal criminal internet sex crimes case. Similarly, federal agents often pretend to be minors online, attempting to entice unsuspecting members of the public into making chargeable online statements. And just as federal law enforcement aggressively pursues internet investigations, federal prosecutors also take a hardline approach to prosecution. In federal court, defendants in internet sex crime cases involving allegations of child pornography can face mandatory minimum sentences of 5, 10, or 15 years.
Sentencing for Computer and Internet Crimes in Federal Court – Federal sentencing is regulated by the federal sentencing guidelines, which are renewed annually by the Congressional Sentencing Commission. Factors that will determine the recommended sentence will include the loss amounts, the number of victims, the role defendant played in the scheme, and the nature of the offense. For more information on Federal Sentencing see the article What are Potential Defenses and Sentences in Cybercrime?
New York State Laws Against Cyber Crime
New York’s Penal Law Article 156 describes various internet offenses and cybercrimes and the potential punishments for committing these offenses. Specifically, the law enumerates five distinct offenses involving computers: unauthorized use of a computer, computer trespass, computer tampering, unlawful duplication, or unlawful possession of computer-related material. These offenses are often charged as felonies and may also result in federal charges since cybercrimes usually involve a crossing of state lines.
Unauthorized Use of a Computer (NY Penal Law 156.05) – Unauthorized Use of a Computer is a Class A Misdemeanor that occurs when someone knowingly uses, causes to be used, or accesses a computer, computer network, or computer service without proper authorization.
Computer Trespass (NY Penal Law 156.10) – Punishable as Class E Felony, Computer Trespass is charged when a person gains unauthorized use of a computer, and does so with the intent to commit, attempt, or further the commission of another felony offense, or knowingly gains access to computer material.
Computer Tampering (NY Penal Law 156.20) – The crime of computer tampering is divided into four degrees. Fourth-degree computer tampering – the most basic of the offenses – occurs when a person commits the offense of unauthorized use of a computer (or computer service or computer network) and “intentionally alters in any manner or destroys computer data or a computer program of another person.” First-degree computer tampering occurs when an individual intentionally alters or destroys computer data or a computer program causing damages that exceed $50,000.
Unlawful Duplication or Unlawful Possession of Computer-Related Materials (MY Penal Law 156.30) – New York penalizes the unlawful duplication and criminal possession of computer-related material. The former occurs when a person copies, reproduces, or duplicates computer material, data, or a program and has no right to do so. A person commits the latter offense when having no right to do so, he or she knowingly possesses in any form any copy, reproduction, or duplicate of any computer data or program that was the subject of unlawful duplication – with the intent to benefit him or herself or another.
Internet Sex Crimes in New York – Although not technically considered a cybercrime, in New York a person engaging in online sexual activity can be charged with include:
- Disseminating indecent material to a minor;
- Promoting an obscene sexual performance by a child;
- Possessing an obscene sexual performance by a child;
- Promoting a sexual performance by a child; and
- Possessing a sexual performance by a child.
Sentencing for Computer and Internet Crimes in New York – New York State Penal Law Articles 70 and 80 defines penalties for computer crime convictions that can include prison time and/or fines. Factors that will influence sentencing for cyber, computer, and internet crimes will depend on who the victim is, and whether the defendant has prior criminal charges. Previous convictions as a persistent felony offender, violent felony offender, or persistent violent felony offender, can significantly impact sentencing.
Maximum Sentences for Computer and Internet Crimes in NY
- Class B Felony conviction could result in a maximum sentence of 25 years in prison and/or a fixed fine not to exceed $5,000 or double the amount of the defendant’s financial gain from the offense,
- Class C Felony conviction could result in a maximum sentence of 15 years in prison and/or a fine that will not exceed $5,000 or double the amount of the defendant’s gain from committing actions taken.
- Class D Felony conviction could result in a maximum prison sentence of 7 years and/or a fine of up to $5,000 or double the amount of the defendant’s financial gain.
- Class E Felony conviction could lead to a maximum sentence of 4 years in prison and/or a fine not to exceed $5,000 or double the defendant’s gain.
- Class A Misdemeanor conviction could result in a 1-year prison sentence and/or fines up to $1,000.
- Class B Misdemeanor conviction could result in a jail sentence of up to 3 months and/or fines not to exceed $500.
For more information on Cybercrimes, an initial consultation is your next best step. Get the information and legal answers you are seeking by calling (718) 989-2908 today.