CYBERCRIME – WEEK 1 (Lectures 1, 2) DAVID THAW University of Connecticut School of Law

CLASS OVERVIEW Lecture 1: Introduction to Computer Crimes/Computer Misuse Lecture 2: Use of Property Crimes to Punish Computer Misuse Lecture 3: The CFAA (18 U.S.C. § 1030) and “Access” Discussion

LECTURE 1 OVERVIEW Preview of Course Themes: Substantive crimes Investigatory means/methods Jurisdictional issues Background – mine, yours, and getting the most out of the class Casebook hypos Administrivia

COURSE THEMES Substantive Crimes Focus on privacy and economic (property) interests rather than crimes-against-persons Investigatory Means/Methods Physical crimes: witnesses, physical evidence (think CSI) Computer crimes: computer logs, other digital evidence Jurisdiction Physical crimes: traditionally province of the states Computer crimes: (usually) shift to federal prosecution

BACKGROUND Me: Law and Computer Science (Information Security) You: Required: first-year criminal law (that’s it!) Helpful (but definitely not mandatory): Criminal procedure Internet law Intellectual property If you’re just taking the class because it sounds “fun” – great!

CYBERCRIME OVERVIEW What makes a computer crime? Substantive Law: crimes against/involving the use of computers Procedural Law: crimes involving collection of evidence that exists in computerized (electronic) form

CYBERCRIME OVERVIEW Substantive Law Computer Misuse Crimes – intentional interference with proper function of computers Exs: hacking, malware, DDoS Traditional Crimes – traditional crimes committed using/facilitated by computers Exs: Internet fraud, online threats, distribution of child pornography, theft of trade secrets

CYBERCRIME OVERVIEW Procedural Law Fourth Amendment Digital evidence collection when is retrieving evidence from a computer a “search”? Statutory Privacy Law Wiretap Act (1968) Title III of Omnibus Crime Control and Safe Streets Act 1986: Electronic Communications Privacy Act (ECPA) – amended Title III to include data transmission Stored Communications Act (SCA) – Title II of ECPA Pen Register Statute Investigative/Prosecutorial Questions: Jurisdictional  Procedural  Substantive

COMPUTER MISUSE Offenses involving interference with the proper functioning of computing and information systems Why do I say “computing and info. systems”? Forms of computer misuse: Exceeding privileges Interfering with (denying) others’ privileges

DISCUSSION Cases United States v. Seidlitz State v. McGraw Casebook Hypotheticals Fred Felony KillerBee/Bryan Smith Sarah Jones

CASEBOOK HYPO – CRIMES/INVESTIGATION Fred Felony – Jewelry Store “Stick-Up” Jurisdictional? Procedural? Substantive? Fred Felony – Credit Card Theft Jurisdictional? Procedural? Substantive? The answers to these questions often interrelate!

CASEBOOK HYPO – COMPUTER MISUSE KillerBee (Bryan Smith) What “crimes” occurred? Is punishment justified? Utilitarian? Retributive? Damages – is there a “but for” (proximate causation) problem here? Should criminal law consider a proximate causation problem? Differences among targets’ security/damages – do they matter?

CASEBOOK HYPO – COMPUTER MISUSE Sarah Jones What “crimes” occurred? Is punishment justified? Utilitarian? Retributive? Are there (yet) damages? What future damages might exist? Who is more deserving of punishment, Bryan or Sarah?