We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
Published online by Cambridge University Press: 06 March 2019
When computer crime statutes had yet to be enacted, computer crimes were subjected to traditional criminal laws. This policy resulted in greater expense and other considerable difficulties. These problems and difficulties paved the way for the emergence of a consensus calling for legislators to intervene and enact specific computer crime legislation suited to confronting this new type of criminal activity. Many countries in the world responded by enacting new criminal legislation and many others are on their way to take similar legislative steps.
For the legislative intervention to be sound and successful two major questions should be adequately addressed; the scope of legislative intervention and the nature of computer crime legislation enacted. Regarding the first question, new criminal provisions are needed only to cover those crimes that are unique to computers themselves, other crimes in which a computer is used simply as an instrument for perpetration are either covered by existing criminal provisions or can be covered by simple amendments of said provisions. Another step that should be taken by legislators is the amendment of existing criminal laws with an aim to cover some special cases such as the cases in which the computer is used as an instrument for committing known traditional crimes, making the perpetration of such crimes easier or resulting in more dangerous consequences compared to their more traditional forms and cases in which intangible digitized property comes under threat from criminal activities.
While many countries in the world have soundly followed such a method in dealing with computer related misconducts legislatively, others have failed to do so. In some countries, the legislator has criminalized some criminal conducts that have long since been criminalized by that country's penal code. This creates conflict between criminal provisions, posing problems to prosecutors and courts alike.
Regarding the nature of computer crime statutes, the legislator is presented with two options. The first is the inclusion of the aforementioned criminal provisions in one separate code as one specific computer crime statute. The second is inserting substantive criminal provisions related to computer crimes into the existing penal law of the country. While the first method preserves the unity of substantive criminal law of the country in one code and prevents the dispersion of criminal provisions into many separate laws, the second one would, by contrast, create much-needed public awareness of computer crime.
1 Jonathan Herring, Criminal Law 4–5 (2002).Google Scholar
2 Dodd S. Griffith, The Computer Fraud and Abuse Act of 1986: A Measured Response to A Growing Problem, 43 Vanderbilt Law Review (Vand. L. Rev.) 453 (1990), 454.Google Scholar
3 Amalia M. Wagner, The Challenge of Computer – Crime legislation: How Should New York Respond, 33 Buffalo Law Review (Buff L. Rev.) 777 (1984), 795.Google Scholar
4 Douglas H. Hancock, To What Extent Should Computer Related Crimes Be the Subject of Specific Legislative Attention?, 12 Albany Law Journal of Science & Technology (Alb. L.J. Sci. & Tech.) 97 (2001), 97; Carla Ottaviano, Computer Crime, 26 IDEA: The Journal of Law and Technology (IDEA) 163 (1985–1986), 167.Google Scholar
5 At present, several terms are used for naming misconducts relating computer and Internet including ‘cybercrime', ‘e-crime', ‘digital crime’ etc. See, Russel G. Smith Et Al, Cyber Criminals On Trial 5 (2004). For the purpose of this Article, I will mainly use the term ‘computer crime'.Google Scholar
6 See, supra, note 3, 782.Google Scholar
7 United Nations Commission on Crime Prevention and Criminal Justice, International Review of Criminal Policy – United Nations Manual On The Prevention and Control of Computer Crime., 8th Cong. 21 (Vienna, April 27 – May 6, 1999), available at: http://www.uncjin.org/Documents/irpc4344.pdf (last accessed 12 June 2010).Google Scholar
8 Id, 23.Google Scholar
9 Carol C. McCall, Computer Crime Statutes: Are They Bringing the Gap between Law and Technology, 11 Criminal Justice Journal (Crim. Just. J.) 203 (1988–1989), 208.Google Scholar
10 Id, 208-9, citing D. Parker, Fighting Computer Crime (1988), 236–44 (1988).Google Scholar
11 Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, Pub. L. No. 98–473, ch. 21, 98 Stat. 2190 (1984) (codified as amended at 18 U.S.C. section 1030 (1988)).Google Scholar
12 Id, section 1030(e).Google Scholar
13 See, supra, note 9, 208 citing D. Parker, Fighting Computer Crime 242 (1988). See, however, supra, note 2, 461: “[t]he adopted definition of ‘computer” was intended to limit the type of activity prohibited under the 1984 Act by explicitly excluding automated typewriters, typesetters, hand held calculators, and other similar devices. This exclusion helped to ensure that the legislation did not prohibit conduct which Congress did not intend to proscribe.”Google Scholar
14 Computer Misuse Act (1990), ch. 18, the full text of it is available at: http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm (last accessed 14 June 2010).Google Scholar
15 Steve Shackelford, Computer-Related Crime: An International Problem in Need of an International Solution, 27 Texas International law Journal (Tex. Int'l L.J.) 479 (1992), 491 (citing The Law Commission, Working Paper No. 186, Criminal Law Computer Misuse 23 (1989)).Google Scholar
16 See, supra, note 2, 483.Google Scholar
17 Neal Kumar Katyal, Criminal Law in Cyberspace, 149 University of Pennsylvania law Review (U. Pa. L. Rev.) 1003 (2001), 1004.Google Scholar
18 Robert M. Couch, A Suggested Legislative Approach to the Problem of Computer Crime, 38 Washington and Lee Law Review (Wash. & Lee L. Rev.) 1194 (1981), 1175.Google Scholar
19 Gary J. Valeriano, Pitfalls in Insurance Coverage for “Computer Crimes”, 59 Defense Counsel Journal (Def. Couns. J.) 511 (1992), 511.Google Scholar
20 Robert Ditzion et al., Computer Crimes, 40 American Criminal Law Review (Am. Crim. L. Rev.)285 (2003), 286.Google Scholar
21 Julie A. Tower, Hacking Vermont's Computer Crimes Statute, 25 Vermont Law Review 945 (2001), 950 (citing National Institute of Justice, U.S. Department of Justice, Computer Crime: Criminal Justice Resource Manual 2 (1989)).Google Scholar
22 See, supra, note 9, 208 citing S. Nycum & D. Parker, Prosecutorial Experience With State Computer Crime Laws 34 (1986).Google Scholar
23 See, Jo-Ann M. Adams, Comment, Controlling Cyberspace: Applying the Computer Fraud and Abuse Act to the Internet, 12 Santa Clara Computer & High Technology Law Journal (Santa Clara Computer & High Tech L.J.) 403 (1996), 409 (defining computer crime as “those crimes where knowledge of a computer system is essential to commit the crime”); Barry J. Hurewitz & Allen M. Lo, Computer-Related Crimes, 30 American Criminal law Review (Am. Crim. L. Rev.) 495 (1993), 496 (defining computer crime as “any illegal act for which knowledge of computer technology is essential for prosecution”).Google Scholar
24 J. Soma, Computer Technology and The law 265 (1983). Cited by William S. Allred, Criminal Law- Connecticut Adopts Comprehensive Computer Crime Legislation: Public Act 84-206, 7 Western New England law Review (W. New Eng. L. Rev.) 807 (1984–1985), 810.Google Scholar
25 Brian C. Lewis, Prevention of Computer Crime Amidst International Anarchy, American Criminal law Review (Am. Crim. L. Rev.) 1353 (2004(, 1355 (“In general, computer crimes are crimes where a computer system itself is the target, while computer- enabled crime is a traditional crime like fraud or theft that is facilitated by a computer”).Google Scholar
26 Elizabeth A. Glynn, Computer Abuse: The Emerging Crime and the Need for Legislation, 12 Fordham Urban law Journal (Fordham Urb. L.J.) 73 (1984), 74–5.Google Scholar
27 See, supra, note 19, 512.Google Scholar
28 Michael Edmund O'Neill, Old Crimes in New Bottles: Sanctioning Cybercrime, 9 George Mason Law Review (Geo. Mason L. Rev.) 237 (2000), 243.Google Scholar
29 Laura J. Nicholson et al, Comment, Computer Crimes, 37 Am. Crim. L. Rev. 207 (2000), 211.Google Scholar
30 See, supra, note 28, 246–249.Google Scholar
31 Id., 242.Google Scholar
32 Id., 249.Google Scholar
33 See, supra, note 9, 204 citing Causes of DC10 Crash on Erebus, ANTARCTIC (June 1981), 186.Google Scholar
34 Michael Hatcher, Computer Crimes, 36 Am. Crim. L. Rev. 397 (1999), 400.Google Scholar
35 See, supra, note 7, 34.Google Scholar
36 Adam G. Ciongoli, Ninth Survey of White Collar Crime, Computer-Related Crimes, 31 Am. Crim. L. Rev. 425 (1994), 427.Google Scholar
37 Xan Raskin & Jeannie Schaldach-Paiva, Eleventh Survey of White Collar Crime, Computer Crimes, 33 Am. Crim. L. Rev. 541 (1996), n. 7 citing William C. Flanagan & Brigid McMenamin, The Playground Bullies are Learning How to Type, Forbes (Dec. 21, 1992), 184.Google Scholar
38 Anne W. Branscomb, Rogue Computer Programs and Computer Rogues: Tailoring the Punishment to Fit the Crime, 16 Rutgers Computer & Technology Law Journal (Rutgers Computer & Tech. L.J.) 1 (1990), 24–26.Google Scholar
39 See, supra, note 7, 33.Google Scholar
40 See, supra, note 15, 482.Google Scholar
41 Kenneth C. Brancik, Insider Computer Fraud: An In-Depth Framework For Detecting And Defending Against Insider Attacks 1, 4 (2008).Google Scholar
42 Gerald L. Kovacich & Andy Jones, High Technology Crime Investigator's Handbook 28,9 (2006).Google Scholar
43 Id., 31 (indicating that outsiders share the same motivations as insiders in addition to the following motivations: revenge of a former employee, competitors wanting inside information, new employees who provide information relative to their previous employer, former employee curiosity about their previous access ID and password still being valid, political agenda, environmental activists attacking corporations who they believe are harming the environment, nationalistic economic pressures, espionage and information warfare). Id., 32.Google Scholar
44 Id., 24.Google Scholar
45 See, Bernadette H. Schnell & Clemens Martin, Cybercrime – A Reference Handbook xii (2004)Google Scholar
46 See, supra, note 7, 35.Google Scholar
47 See, supra, note 42, 26.Google Scholar
48 See, supra, note 15, 482.Google Scholar
49 Debra Littlejohn Shinder, Scene of the Cybercrime: Computer Forensics Handbook 289 (2002).Google Scholar
50 See, supra, note 15, 482.Google Scholar
51 See, German Criminal Law (StGB), Section 120.Google Scholar
52 See, Iraqi Penal Code (1969), article 444(6).Google Scholar
53 See, supra, note 9, 223.Google Scholar
54 See, supra, note 4, 163.Google Scholar
55 See, supra, note 26, 99–100; Shannon L. Hopkins, Cybercrime Convention: A Positive Beginning to a Long Road Ahead, 2 Journal of High Technology law (JHTL) 101 (2003), 102–3 (“Current criminal laws are unable to respond quickly to the rapid changes in Internet technology”).Google Scholar
56 See, supra, note 3, 795 (Because of a lack of previous experience in dealing with computer crime and a dearth of reliable statistics upon which to base informed opinions, legislators, computer crime experts, and computer technologists find themselves differing sharply on the best legislative approach to the problem. They disagree on whether to enact completely new legislation or to amend existing laws, and whether support federal or state legislation, or both”).Google Scholar
57 See, supra, notes 25–33, and accompanying text.Google Scholar
58 See, e.g., supra, note 15, 500 (“The proper focus of computer-related crime statutes should be those crimes that are unique to computers themselves, not crimes that are facilitated or furthered through the use of a computer.”); Stephen P. Heymann, Legislating Computer Crime, 34 Harvard Journal on Legislation (Harv. J. On Legis.) 373 (1997), 380 (“For the most part, the federal criminal court already adequately covers crimes, such as the bank teller's embezzlement, in which a criminal uses a computer merely as a tool”).Google Scholar
59 Patrick Corbett, Michigan's Arsenal For Fighting Cybercrime: An Overview of State Laws Relating to Computer Crimes, 79 Michigan Bar Journal (Mich. B.J.) 656 (2000), 657.Google Scholar
60 Article 8 of ‘Law on The Prevention of Information Technology Crimes’ stipulates that “anyone who intentionally and unlawfully eavesdrops, receives or intercepts communication transmitted across the Internet or an information technology device shall be liable to imprisonment, a fine or both”.Google Scholar
61 This article provides that anyone who uses the Internet or an information technology device to threaten or blackmail another to act or not act shall be liable to imprisonment for up to 2 years and a fine not exceeding AED 50,000 or either. If threat is used to induce the commission of a felony or cause defamation, the penalty shall be imprisonment for up to 10 years”.Google Scholar
62 See, Rizgar M. Kadir, Remarks on the Law on Preventing Misuse of the Communication Equipments No. 6 of 2006, 35 Tarazu Academic Journal, 105 (2008).Google Scholar
63 Article 363 of Iraqi Penal Code (1969) provides that “Any person who intentionally disturbs other by the abuse of cable or wireless communications equipment is punishable by a period of imprisonment not exceeding 1 year plus a fine not exceeding 100 dinars or by one of those penalties”.Google Scholar
64 See, supra, note 17, 1006.Google Scholar
65 See, supra, note 5, 48.Google Scholar
66 See Eric J. Sinrod & William P. Reilly, Cyber-Crime: A Practical approach to the Application of Federal Computer Crimes Law, 16 Santa Clara Computer & High Tech. L.J. 177 (2000), 218.Google Scholar
67 See also, supra, note 21, 974 (“[T]he legislature might consider tying sentences to the gravity of the offense, using the value of data lost, stolen, or damaged as one factor, rather than as the sole factor in determining punishment”); Katyal, supra, note 17, 1076 (“Penalties would need to be revised as well, insofar as they were designed for an age in which crimes were tougher to solve”).Google Scholar
68 See, supra, note 51, Section 242(1).Google Scholar
69 Id., Section 243(1).Google Scholar
70 See Id., Sections 249(1) and 250(1)(b).Google Scholar
71 Id., Section 177(1).Google Scholar
72 Id., Section 178.Google Scholar
73 See, supra, note 4, 163.Google Scholar
74 See Id., 163 (“An overview of the case law dealing with crimes involving computers indicates that the courts have had difficulty identifying and defining the “res” element in these cases”).Google Scholar
75 See, supra, note 5, 41.Google Scholar
76 John Montgomery, Computer Crime, White-Collar Crime: Fourth Survey of Law, 24 Am. Crim. L. Rev. 429 (1987), 430–31.Google Scholar
77 See StGB, Sections 202a, 202b and 202c. Section 202c has been implemented by the 41st amendment to StGB and came into effect on 11 August 2007. The 41st amendment also amended Sections 202a, 202b, 303a and 303b of StGB, which in substance criminalize illegal access to, and interception and interference of data and sabotage of computer systems and so make up the core computer crimes. Dennis Jlussi, Handle with Care – But Don't Panic, Criminalisation of Hacker Tools in German Criminal Law and Its Effect on IT Security Professionals, has been implemented by the 41st amendment to StGB and is in effect as of August 11, 2007. The 41st amendment also amended Sections 202a, 202b, 303a and 303b of StGB, which in substance criminalize illegal access to, and interception and interference of data and sabotage of computer systems. Dennis Jlussi, Handle With Care – But Don't Panic, Criminalisation of Hacker Tools In German Criminal Law and Its Effect on IT Security Professionals, EICAR-Newsletter, (May 2008), 3, available at: http://www.eicar.org/press/infomaterial/Eicarnews_Mai_2008_fnl.pdf (last accessed 14 June 2010).Google Scholar
78 See, Danish Penal Code, Section 263.Google Scholar
79 See, French Penal Code (1994), articles 323-1 to 323-3. These articles have been inserted to the code during the period of 2000–2004.Google Scholar
80 See, Swiss Penal Code, article 143bis.Google Scholar
81 See, Criminal Code of Canada, article 342.1.Google Scholar
82 United Nations Conference on Trade and Development (UNCTAD), Information Economy Report, 235 (2005), available at: http://www.unctad.org/en/docs/sdteedc20051_en.pdf (last accessed 12 June 2010).Google Scholar
83 See, supra, note 17,1021.Google Scholar
84 See, supra, note 7, 75.Google Scholar
85 See, supra, note 14.Google Scholar
86 Pub. L. No. 99-474,100 Stat. 1213 (codified as amended at 18 U.S.C. § 1030 (1988))Google Scholar
87 See, Subsection 1030(a)(1) of Computer Fraud and Abuse Act of 1986,18 U.S.C.Google Scholar
88 Donna L. Beatty, Malaysia's “Computer Crimes Act 1997” Gets Tough on Cybercrime But Fails to Advance the Development of Cyberlaws, 7 Pacific Rim Law & Policy Journal (Pac. Rim L. & Pol'y J.) 351 (1998), 359.Google Scholar
89 See, supra, note 51, Section 202a(1) which reads in full: “[w]hosoever unlawfully obtains data for himself or another that were not intended for him and were especially protected against unauthorised access, if he has circumvented the protection, shall be liable to imprisonment of not more than three years or a fine”. The English version is from Prof. Dr. Michael Bohlander's translation of StGB. Full text of this version is available at: http://www.gesetze-im-internet.de/englisch_stgb/index.html (last accessed 12 June 2010).Google Scholar
90 See, French Penal Code, article 323(1).Google Scholar
91 See, Criminal Code of Canada, article 342.1(1).Google Scholar
92 Council of Europe Convention on Cybercrime, 23 November 2001, C.E.T.S. No. 185, concluded and opened for signature, entered into force Jul. 1, 2004, available at: http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm (last accessed 14 June 2010).Google Scholar
93 Article 2 reads in full: [e]ach Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system”.Google Scholar
94 Explanatory Report to the Convention on Cybercrime, no. 44, available at: http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm (last accessed 14 June 2010).Google Scholar
95 See, supra, note 15, 498.Google Scholar
96 See, supra note 17, section 2(5)(b). The penalty for the Unauthorized Access Offense is a fine, up to six months prison, a fine, or both. Id., section 1(3).Google Scholar
97 See, supra, note 94, no. 60.Google Scholar
98 Id. Google Scholar
99 Paragraph 2 provides that “a Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm”.Google Scholar
100 See, supra, note 14, Section 3.Google Scholar
101 Id., Section 3(3).Google Scholar
102 See, supra, note 15, 499.Google Scholar
103 See, supra, note 82, 236.Google Scholar
104 See, supra, note 94, no. 71.Google Scholar
105 See, e.g., supra, note 51, Section 202c entitled ‘Acts preparatory to data espionage and phishing'.Google Scholar
106 See, supra, note 28, 266; supra, note 17, 1050.Google Scholar
107 See, supra, note 94, no. 73. Paragraph (1) of the article 6 of the Convention has been formulated as following “Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right: a. the production, sale, procurement for use, import, distribution or otherwise making available of: (i) a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5; (ii) a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and b. the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches”.Google Scholar
You have
Access
