Hostname: page-component-78c5997874-94fs2 Total loading time: 0 Render date: 2024-11-08T04:24:29.722Z Has data issue: false hasContentIssue false

The Scope and the Nature of Computer Crimes Statutes - A Critical Comparative Study

Published online by Cambridge University Press:  06 March 2019

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

When computer crime statutes had yet to be enacted, computer crimes were subjected to traditional criminal laws. This policy resulted in greater expense and other considerable difficulties. These problems and difficulties paved the way for the emergence of a consensus calling for legislators to intervene and enact specific computer crime legislation suited to confronting this new type of criminal activity. Many countries in the world responded by enacting new criminal legislation and many others are on their way to take similar legislative steps.

For the legislative intervention to be sound and successful two major questions should be adequately addressed; the scope of legislative intervention and the nature of computer crime legislation enacted. Regarding the first question, new criminal provisions are needed only to cover those crimes that are unique to computers themselves, other crimes in which a computer is used simply as an instrument for perpetration are either covered by existing criminal provisions or can be covered by simple amendments of said provisions. Another step that should be taken by legislators is the amendment of existing criminal laws with an aim to cover some special cases such as the cases in which the computer is used as an instrument for committing known traditional crimes, making the perpetration of such crimes easier or resulting in more dangerous consequences compared to their more traditional forms and cases in which intangible digitized property comes under threat from criminal activities.

While many countries in the world have soundly followed such a method in dealing with computer related misconducts legislatively, others have failed to do so. In some countries, the legislator has criminalized some criminal conducts that have long since been criminalized by that country's penal code. This creates conflict between criminal provisions, posing problems to prosecutors and courts alike.

Regarding the nature of computer crime statutes, the legislator is presented with two options. The first is the inclusion of the aforementioned criminal provisions in one separate code as one specific computer crime statute. The second is inserting substantive criminal provisions related to computer crimes into the existing penal law of the country. While the first method preserves the unity of substantive criminal law of the country in one code and prevents the dispersion of criminal provisions into many separate laws, the second one would, by contrast, create much-needed public awareness of computer crime.

Type
Articles
Copyright
Copyright © 2010 by German Law Journal GbR 

References

1 Jonathan Herring, Criminal Law 4–5 (2002).Google Scholar

2 Dodd S. Griffith, The Computer Fraud and Abuse Act of 1986: A Measured Response to A Growing Problem, 43 Vanderbilt Law Review (Vand. L. Rev.) 453 (1990), 454.Google Scholar

3 Amalia M. Wagner, The Challenge of Computer – Crime legislation: How Should New York Respond, 33 Buffalo Law Review (Buff L. Rev.) 777 (1984), 795.Google Scholar

4 Douglas H. Hancock, To What Extent Should Computer Related Crimes Be the Subject of Specific Legislative Attention?, 12 Albany Law Journal of Science & Technology (Alb. L.J. Sci. & Tech.) 97 (2001), 97; Carla Ottaviano, Computer Crime, 26 IDEA: The Journal of Law and Technology (IDEA) 163 (1985–1986), 167.Google Scholar

5 At present, several terms are used for naming misconducts relating computer and Internet including ‘cybercrime', ‘e-crime', ‘digital crime’ etc. See, Russel G. Smith Et Al, Cyber Criminals On Trial 5 (2004). For the purpose of this Article, I will mainly use the term ‘computer crime'.Google Scholar

6 See, supra, note 3, 782.Google Scholar

7 United Nations Commission on Crime Prevention and Criminal Justice, International Review of Criminal Policy – United Nations Manual On The Prevention and Control of Computer Crime., 8th Cong. 21 (Vienna, April 27 – May 6, 1999), available at: http://www.uncjin.org/Documents/irpc4344.pdf (last accessed 12 June 2010).Google Scholar

8 Id, 23.Google Scholar

9 Carol C. McCall, Computer Crime Statutes: Are They Bringing the Gap between Law and Technology, 11 Criminal Justice Journal (Crim. Just. J.) 203 (1988–1989), 208.Google Scholar

10 Id, 208-9, citing D. Parker, Fighting Computer Crime (1988), 236–44 (1988).Google Scholar

11 Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, Pub. L. No. 98–473, ch. 21, 98 Stat. 2190 (1984) (codified as amended at 18 U.S.C. section 1030 (1988)).Google Scholar

12 Id, section 1030(e).Google Scholar

13 See, supra, note 9, 208 citing D. Parker, Fighting Computer Crime 242 (1988). See, however, supra, note 2, 461: “[t]he adopted definition of ‘computer” was intended to limit the type of activity prohibited under the 1984 Act by explicitly excluding automated typewriters, typesetters, hand held calculators, and other similar devices. This exclusion helped to ensure that the legislation did not prohibit conduct which Congress did not intend to proscribe.”Google Scholar

14 Computer Misuse Act (1990), ch. 18, the full text of it is available at: http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm (last accessed 14 June 2010).Google Scholar

15 Steve Shackelford, Computer-Related Crime: An International Problem in Need of an International Solution, 27 Texas International law Journal (Tex. Int'l L.J.) 479 (1992), 491 (citing The Law Commission, Working Paper No. 186, Criminal Law Computer Misuse 23 (1989)).Google Scholar

16 See, supra, note 2, 483.Google Scholar

17 Neal Kumar Katyal, Criminal Law in Cyberspace, 149 University of Pennsylvania law Review (U. Pa. L. Rev.) 1003 (2001), 1004.Google Scholar

18 Robert M. Couch, A Suggested Legislative Approach to the Problem of Computer Crime, 38 Washington and Lee Law Review (Wash. & Lee L. Rev.) 1194 (1981), 1175.Google Scholar

19 Gary J. Valeriano, Pitfalls in Insurance Coverage for “Computer Crimes”, 59 Defense Counsel Journal (Def. Couns. J.) 511 (1992), 511.Google Scholar

20 Robert Ditzion et al., Computer Crimes, 40 American Criminal Law Review (Am. Crim. L. Rev.)285 (2003), 286.Google Scholar

21 Julie A. Tower, Hacking Vermont's Computer Crimes Statute, 25 Vermont Law Review 945 (2001), 950 (citing National Institute of Justice, U.S. Department of Justice, Computer Crime: Criminal Justice Resource Manual 2 (1989)).Google Scholar

22 See, supra, note 9, 208 citing S. Nycum & D. Parker, Prosecutorial Experience With State Computer Crime Laws 34 (1986).Google Scholar

23 See, Jo-Ann M. Adams, Comment, Controlling Cyberspace: Applying the Computer Fraud and Abuse Act to the Internet, 12 Santa Clara Computer & High Technology Law Journal (Santa Clara Computer & High Tech L.J.) 403 (1996), 409 (defining computer crime as “those crimes where knowledge of a computer system is essential to commit the crime”); Barry J. Hurewitz & Allen M. Lo, Computer-Related Crimes, 30 American Criminal law Review (Am. Crim. L. Rev.) 495 (1993), 496 (defining computer crime as “any illegal act for which knowledge of computer technology is essential for prosecution”).Google Scholar

24 J. Soma, Computer Technology and The law 265 (1983). Cited by William S. Allred, Criminal Law- Connecticut Adopts Comprehensive Computer Crime Legislation: Public Act 84-206, 7 Western New England law Review (W. New Eng. L. Rev.) 807 (1984–1985), 810.Google Scholar

25 Brian C. Lewis, Prevention of Computer Crime Amidst International Anarchy, American Criminal law Review (Am. Crim. L. Rev.) 1353 (2004(, 1355 (“In general, computer crimes are crimes where a computer system itself is the target, while computer- enabled crime is a traditional crime like fraud or theft that is facilitated by a computer”).Google Scholar

26 Elizabeth A. Glynn, Computer Abuse: The Emerging Crime and the Need for Legislation, 12 Fordham Urban law Journal (Fordham Urb. L.J.) 73 (1984), 74–5.Google Scholar

27 See, supra, note 19, 512.Google Scholar

28 Michael Edmund O'Neill, Old Crimes in New Bottles: Sanctioning Cybercrime, 9 George Mason Law Review (Geo. Mason L. Rev.) 237 (2000), 243.Google Scholar

29 Laura J. Nicholson et al, Comment, Computer Crimes, 37 Am. Crim. L. Rev. 207 (2000), 211.Google Scholar

30 See, supra, note 28, 246249.Google Scholar

31 Id., 242.Google Scholar

32 Id., 249.Google Scholar

33 See, supra, note 9, 204 citing Causes of DC10 Crash on Erebus, ANTARCTIC (June 1981), 186.Google Scholar

34 Michael Hatcher, Computer Crimes, 36 Am. Crim. L. Rev. 397 (1999), 400.Google Scholar

35 See, supra, note 7, 34.Google Scholar

36 Adam G. Ciongoli, Ninth Survey of White Collar Crime, Computer-Related Crimes, 31 Am. Crim. L. Rev. 425 (1994), 427.Google Scholar

37 Xan Raskin & Jeannie Schaldach-Paiva, Eleventh Survey of White Collar Crime, Computer Crimes, 33 Am. Crim. L. Rev. 541 (1996), n. 7 citing William C. Flanagan & Brigid McMenamin, The Playground Bullies are Learning How to Type, Forbes (Dec. 21, 1992), 184.Google Scholar

38 Anne W. Branscomb, Rogue Computer Programs and Computer Rogues: Tailoring the Punishment to Fit the Crime, 16 Rutgers Computer & Technology Law Journal (Rutgers Computer & Tech. L.J.) 1 (1990), 2426.Google Scholar

39 See, supra, note 7, 33.Google Scholar

40 See, supra, note 15, 482.Google Scholar

41 Kenneth C. Brancik, Insider Computer Fraud: An In-Depth Framework For Detecting And Defending Against Insider Attacks 1, 4 (2008).Google Scholar

42 Gerald L. Kovacich & Andy Jones, High Technology Crime Investigator's Handbook 28,9 (2006).Google Scholar

43 Id., 31 (indicating that outsiders share the same motivations as insiders in addition to the following motivations: revenge of a former employee, competitors wanting inside information, new employees who provide information relative to their previous employer, former employee curiosity about their previous access ID and password still being valid, political agenda, environmental activists attacking corporations who they believe are harming the environment, nationalistic economic pressures, espionage and information warfare). Id., 32.Google Scholar

44 Id., 24.Google Scholar

45 See, Bernadette H. Schnell & Clemens Martin, Cybercrime – A Reference Handbook xii (2004)Google Scholar

46 See, supra, note 7, 35.Google Scholar

47 See, supra, note 42, 26.Google Scholar

48 See, supra, note 15, 482.Google Scholar

49 Debra Littlejohn Shinder, Scene of the Cybercrime: Computer Forensics Handbook 289 (2002).Google Scholar

50 See, supra, note 15, 482.Google Scholar

51 See, German Criminal Law (StGB), Section 120.Google Scholar

52 See, Iraqi Penal Code (1969), article 444(6).Google Scholar

53 See, supra, note 9, 223.Google Scholar

54 See, supra, note 4, 163.Google Scholar

55 See, supra, note 26, 99100; Shannon L. Hopkins, Cybercrime Convention: A Positive Beginning to a Long Road Ahead, 2 Journal of High Technology law (JHTL) 101 (2003), 102–3 (“Current criminal laws are unable to respond quickly to the rapid changes in Internet technology”).Google Scholar

56 See, supra, note 3, 795 (Because of a lack of previous experience in dealing with computer crime and a dearth of reliable statistics upon which to base informed opinions, legislators, computer crime experts, and computer technologists find themselves differing sharply on the best legislative approach to the problem. They disagree on whether to enact completely new legislation or to amend existing laws, and whether support federal or state legislation, or both”).Google Scholar

57 See, supra, notes 25–33, and accompanying text.Google Scholar

58 See, e.g., supra, note 15, 500 (“The proper focus of computer-related crime statutes should be those crimes that are unique to computers themselves, not crimes that are facilitated or furthered through the use of a computer.”); Stephen P. Heymann, Legislating Computer Crime, 34 Harvard Journal on Legislation (Harv. J. On Legis.) 373 (1997), 380 (“For the most part, the federal criminal court already adequately covers crimes, such as the bank teller's embezzlement, in which a criminal uses a computer merely as a tool”).Google Scholar

59 Patrick Corbett, Michigan's Arsenal For Fighting Cybercrime: An Overview of State Laws Relating to Computer Crimes, 79 Michigan Bar Journal (Mich. B.J.) 656 (2000), 657.Google Scholar

60 Article 8 of ‘Law on The Prevention of Information Technology Crimes’ stipulates that “anyone who intentionally and unlawfully eavesdrops, receives or intercepts communication transmitted across the Internet or an information technology device shall be liable to imprisonment, a fine or both”.Google Scholar

61 This article provides that anyone who uses the Internet or an information technology device to threaten or blackmail another to act or not act shall be liable to imprisonment for up to 2 years and a fine not exceeding AED 50,000 or either. If threat is used to induce the commission of a felony or cause defamation, the penalty shall be imprisonment for up to 10 years”.Google Scholar

62 See, Rizgar M. Kadir, Remarks on the Law on Preventing Misuse of the Communication Equipments No. 6 of 2006, 35 Tarazu Academic Journal, 105 (2008).Google Scholar

63 Article 363 of Iraqi Penal Code (1969) provides that “Any person who intentionally disturbs other by the abuse of cable or wireless communications equipment is punishable by a period of imprisonment not exceeding 1 year plus a fine not exceeding 100 dinars or by one of those penalties”.Google Scholar

64 See, supra, note 17, 1006.Google Scholar

65 See, supra, note 5, 48.Google Scholar

66 See Eric J. Sinrod & William P. Reilly, Cyber-Crime: A Practical approach to the Application of Federal Computer Crimes Law, 16 Santa Clara Computer & High Tech. L.J. 177 (2000), 218.Google Scholar

67 See also, supra, note 21, 974 (“[T]he legislature might consider tying sentences to the gravity of the offense, using the value of data lost, stolen, or damaged as one factor, rather than as the sole factor in determining punishment”); Katyal, supra, note 17, 1076 (“Penalties would need to be revised as well, insofar as they were designed for an age in which crimes were tougher to solve”).Google Scholar

68 See, supra, note 51, Section 242(1).Google Scholar

69 Id., Section 243(1).Google Scholar

70 See Id., Sections 249(1) and 250(1)(b).Google Scholar

71 Id., Section 177(1).Google Scholar

72 Id., Section 178.Google Scholar

73 See, supra, note 4, 163.Google Scholar

74 See Id., 163 (“An overview of the case law dealing with crimes involving computers indicates that the courts have had difficulty identifying and defining the “res” element in these cases”).Google Scholar

75 See, supra, note 5, 41.Google Scholar

76 John Montgomery, Computer Crime, White-Collar Crime: Fourth Survey of Law, 24 Am. Crim. L. Rev. 429 (1987), 430–31.Google Scholar

77 See StGB, Sections 202a, 202b and 202c. Section 202c has been implemented by the 41st amendment to StGB and came into effect on 11 August 2007. The 41st amendment also amended Sections 202a, 202b, 303a and 303b of StGB, which in substance criminalize illegal access to, and interception and interference of data and sabotage of computer systems and so make up the core computer crimes. Dennis Jlussi, Handle with Care – But Don't Panic, Criminalisation of Hacker Tools in German Criminal Law and Its Effect on IT Security Professionals, has been implemented by the 41st amendment to StGB and is in effect as of August 11, 2007. The 41st amendment also amended Sections 202a, 202b, 303a and 303b of StGB, which in substance criminalize illegal access to, and interception and interference of data and sabotage of computer systems. Dennis Jlussi, Handle With Care – But Don't Panic, Criminalisation of Hacker Tools In German Criminal Law and Its Effect on IT Security Professionals, EICAR-Newsletter, (May 2008), 3, available at: http://www.eicar.org/press/infomaterial/Eicarnews_Mai_2008_fnl.pdf (last accessed 14 June 2010).Google Scholar

78 See, Danish Penal Code, Section 263.Google Scholar

79 See, French Penal Code (1994), articles 323-1 to 323-3. These articles have been inserted to the code during the period of 2000–2004.Google Scholar

80 See, Swiss Penal Code, article 143bis.Google Scholar

81 See, Criminal Code of Canada, article 342.1.Google Scholar

82 United Nations Conference on Trade and Development (UNCTAD), Information Economy Report, 235 (2005), available at: http://www.unctad.org/en/docs/sdteedc20051_en.pdf (last accessed 12 June 2010).Google Scholar

83 See, supra, note 17,1021.Google Scholar

84 See, supra, note 7, 75.Google Scholar

85 See, supra, note 14.Google Scholar

86 Pub. L. No. 99-474,100 Stat. 1213 (codified as amended at 18 U.S.C. § 1030 (1988))Google Scholar

87 See, Subsection 1030(a)(1) of Computer Fraud and Abuse Act of 1986,18 U.S.C.Google Scholar

88 Donna L. Beatty, Malaysia's “Computer Crimes Act 1997” Gets Tough on Cybercrime But Fails to Advance the Development of Cyberlaws, 7 Pacific Rim Law & Policy Journal (Pac. Rim L. & Pol'y J.) 351 (1998), 359.Google Scholar

89 See, supra, note 51, Section 202a(1) which reads in full: “[w]hosoever unlawfully obtains data for himself or another that were not intended for him and were especially protected against unauthorised access, if he has circumvented the protection, shall be liable to imprisonment of not more than three years or a fine”. The English version is from Prof. Dr. Michael Bohlander's translation of StGB. Full text of this version is available at: http://www.gesetze-im-internet.de/englisch_stgb/index.html (last accessed 12 June 2010).Google Scholar

90 See, French Penal Code, article 323(1).Google Scholar

91 See, Criminal Code of Canada, article 342.1(1).Google Scholar

92 Council of Europe Convention on Cybercrime, 23 November 2001, C.E.T.S. No. 185, concluded and opened for signature, entered into force Jul. 1, 2004, available at: http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm (last accessed 14 June 2010).Google Scholar

93 Article 2 reads in full: [e]ach Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system”.Google Scholar

94 Explanatory Report to the Convention on Cybercrime, no. 44, available at: http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm (last accessed 14 June 2010).Google Scholar

95 See, supra, note 15, 498.Google Scholar

96 See, supra note 17, section 2(5)(b). The penalty for the Unauthorized Access Offense is a fine, up to six months prison, a fine, or both. Id., section 1(3).Google Scholar

97 See, supra, note 94, no. 60.Google Scholar

99 Paragraph 2 provides that “a Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm”.Google Scholar

100 See, supra, note 14, Section 3.Google Scholar

101 Id., Section 3(3).Google Scholar

102 See, supra, note 15, 499.Google Scholar

103 See, supra, note 82, 236.Google Scholar

104 See, supra, note 94, no. 71.Google Scholar

105 See, e.g., supra, note 51, Section 202c entitled ‘Acts preparatory to data espionage and phishing'.Google Scholar

106 See, supra, note 28, 266; supra, note 17, 1050.Google Scholar

107 See, supra, note 94, no. 73. Paragraph (1) of the article 6 of the Convention has been formulated as following “Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right: a. the production, sale, procurement for use, import, distribution or otherwise making available of: (i) a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5; (ii) a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and b. the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches”.Google Scholar