Field Guidance on New Authorities That Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001
Date: October 15, 2003Source: Computer Crime Research Center
C. Section 1030(c) - Aggregating the damage caused by a hacker’s
entire course of conduct
Previous law: Previous law was unclear about whether the government
could aggregate the loss resulting from damage an individual caused to
different protected computers in seeking to meet the jurisdictional threshold
of $5,000 in loss. For example, an individual could unlawfully access
five computers on a network on ten different dates – as part of a
related course of conduct – but cause only $1,000 loss to each computer
during each intrusion. If previous law were interpreted not to allow aggregation,
then that person would not have committed a federal crime at all since
he or she had not caused over $5,000 to any particular computer.
Amendment: Under the amendments in Section 814 of the Act, the
government may now aggregate "loss resulting from a related course
of conduct affecting one or more other protected computers" that
occurs within a one year period in proving the $5,000 jurisdictional threshold
for damaging a protected computer. 18 U.S.C. § 1030(a)(5)(B)(i).
D. 1030(c)(2)(C) - New offense for damaging computers used for national
security and criminal justice
Previous law: Section 1030 previously had no special provision
that would enhance punishment for hackers who damage computers used in
furtherance of the administration of justice, national defense, or national
security. Thus, federal investigators and prosecutors did not have jurisdiction
over efforts to damage criminal justice and military computers where the
attack did not cause over $5,000 loss (or meet one of the other special
requirements). Yet these systems serve critical functions and merit felony
prosecutions even where the damage is relatively slight. Indeed, attacks
on computers used in the national defense that occur during periods of
active military engagement are particularly serious – even if they
do not cause extensive damage or disrupt the war-fighting capabilities
of the military – because they divert time and attention away from
the military’s proper objectives. Similarly, disruption of court
computer systems and data could seriously impair the integrity of the
criminal justice system.
Amendment: Amendments in Section 814 of the Act create section
1030(a)(5)(B)(v) to solve this inadequacy. Under this provision, a hacker
violates federal law by damaging a computer "used by or for a government
entity in furtherance of the administration of justice, national defense,
or national security," even if that damage does not result in provable
loss over $5,000.
E. Subsection 1030(e)(2) - expanding the definition of "protected
computer" to include computers in foreign countries
Previous law: Before the amendments in Section 814 of the Act,
section 1030 of title 18 defined "protected computer" as a computer
used by the federal government or a financial institution, or one "which
is used in interstate or foreign commerce." 18 U.S.C. § 1030(e)(2).
The definition did not explicitly include computers outside the United
States.
Because of the interdependency and availability of global computer networks,
hackers from within the United States are increasingly targeting systems
located entirely outside of this country. The statute did not explicitly
allow for prosecution of such hackers. In addition, individuals in foreign
countries frequently route communications through the United States, even
as they hack from one foreign country to another. In such cases, their
hope may be that the lack of any U.S. victim would either prevent or discourage
U.S. law enforcement agencies from assisting in any foreign investigation
or prosecution.
Amendment: Section 814 of the Act amends the definition of "protected
computer" to make clear that this term includes computers outside
of the United States so long as they affect "interstate or foreign
commerce or communication of the United States." 18 U.S.C. §
1030(e)(2)(B). By clarifying the fact that a domestic offense exists,
the United States can now use speedier domestic procedures to join in
international hacker investigations. As these crimes often involve investigators
and victims in more than one country, fostering international law enforcement
cooperation is essential.
In addition, the amendment creates the option, where appropriate, of
prosecuting such criminals in the United States. Since the U.S. is urging
other countries to ensure that they can vindicate the interests of U.S.
victims for computer crimes that originate in their nations, this provision
will allow the U.S. to provide reciprocal coverage.
F. Subsection 1030(e)(10) - counting state convictions as "prior
offenses"
Previous law: Under previous law, the court at sentencing could,
of course, consider the offender’s prior convictions for State computer
crime offenses. State convictions, however, did not trigger the recidivist
sentencing provisions of section 1030, which double the maximum penalties
available under the statute.
Amendment: Section 814 of the Act alters the definition of "conviction"
so that it includes convictions for serious computer hacking crimes under
State law – i.e., State felonies where an element of the offense
is "unauthorized access, or exceeding authorized access, to a computer."
18 U.S.C. § 1030(e)(10).
Previous law: Calculating "loss" is important where
the government seeks to prove that an individual caused over $5,000 loss
in order to meet the jurisdictional requirements found in 1030(a)(5)(B)(i).
Yet prior to the amendments in Section 814 of the Act, section 1030 of
title 18 had no definition of "loss." The only court to address
the scope of the definition of loss adopted an inclusive reading of what
costs the government may include. In United States v. Middleton, 231 F.3d
1207, 1210-11 (9th Cir. 2000), the court held that the definition of loss
includes a wide range of harms typically suffered by the victims of computer
crimes, including costs of responding to the offense, conducting a damage
assessment, restoring the system and data to their condition prior to
the offense, and any lost revenue or costs incurred because of interruption
of service.
Amendments: Amendments in Section 814 codify the appropriately
broad definition of loss adopted in Middleton. 18 U.S.C. § 1030(e)(11).
Section 815 Additional Defense to Civil Actions Relating to Preserving
Records in Response to government Requests
Section 815 added to an existing defense to a cause for damages for
violations of the Electronic Communications Privacy Act, Chapter 121 of
Title 18. Under prior law it was a defense to such a cause of action to
rely in good faith on a court warrant or order, a grand jury subpoena,
a legislative authorization, or a statutory authorization. This amendment
makes clear that the "statutory authorization" defense includes
good-faith reliance on a government request to preserve evidence under
18 U.S.C. § 2703(f).
Section 816 requires the Attorney General to establish such regional
computer forensic laboratories as he considers appropriate, and to provide
support for existing computer forensic laboratories, to enable them to
provide certain forensic and training capabilities. The provision also
authorizes the spending of money to support those laboratories.
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2005-09-02 05:27:51 - Very nice Anelia |
| Total 1 comments |
