Fraud through the criminal use of a computer or the Internet can take many different forms. “Hacking” is a common form, in which a perpetrator uses technological tools to remotely access a protected computer or system. Another common form involves the interception of an electronic transmission unintended for the interceptor, such as passwords, credit card information, or other types of identity theft.
Computer fraud is defined in federal law in the Computer Fraud and Abuse Act (CFAA) as the access of a protected computer without authorization or exceeding authorization. The plain text of the statute appears to limit which computers are protected by the law:
(2) the term “protected computer” means a computer—
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States
However, in practice a "protected computer" has been defined as any computer with Internet access,1 because the Internet is an "instrumentality and channel of interstate commerce".2 Thus, the courts apply the law to nearly all computers by invoking the Commerce Clause.
Specifically, the CFAA prohibits computer espionage, computer trespassing in private or public computers, committing fraud with a computer, the distribution of malicious code, password trafficking, threatening to damage a protected computer. Although the CFAA is primarily a criminal statute, it does define a civil cause of action in § 1030(g).
Examples of computer or internet fraud in action include but are not limited to:
- Emails requesting money in return for small deposits, also known as an advance-fee scam, such as the infamous Nigerian prince scam.
- Emails attempting to gather personal information such as account numbers, Social Security numbers, and passwords; also known as phishing.
- Using someone else’s computer to access personal information with the intent to use such fraudulently.
- Installing spyware or malware to engage in data mining.
- Violating copyright laws by copying information with the intent to sell it.
- Hacking into or illegally using a computer to change information, such as grades, work reports, etc.
- Sending computer viruses or worms with the intent to destroy or ruin another's computer.
- Denial of service, in which an authorized user's access to a network is intentionally interrupted.
Violators may be prosecuted under:
- 17 U.S.C. § 506 Copyright Infringement - Criminal Offenses
- 18 U.S.C. § 1028 Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information
- 18 U.S.C. § 1029 Fraud and Related Activity in Connection with Access Devices
- 18 U.S.C. § 1030 Fraud and Related Activity in Connection with Computers
- 18 U.S.C. § 1343 Fraud by Wire, Radio, or Television
- 18 U.S.C. § 1362 Malicious Mischief - Communication Lines, Stations, or Systems
- 18 U.S.C. § 2511 Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited
- 18 U.S.C. § 2701 Unlawful Access to Stored Communications
- 18 U.S.C. § 2702 Voluntary Disclosure of Customer Communications or Records
- 18 U.S.C. § 2703 Required Disclosure of Customer Communications or Records
Last updated in July of 2017 by Stephanie Jurkowski.
- 1. "[A] computer affected by or involved in interstate commerce--effectively all computers with Internet access." United States v. Nosal, 676 F.3d 854, 859 (9th Cir. 2012).
- 2. United States v. MacEwan, 445 F.3d 237, 245 (3d Cir. 2006).
Key Internet Sources
- U.S. Department of Justice: Computer Crime and Intellectual Property Section (CCIPS)
- Internet Crime Complaint Center
- Identity Theft (Nolo.com)
- Wired: Online Crime A Tough Collar
- Good Starting Point in Print: Orin S. Kerr, Computer Crime Law, West Academic