When the FBI Comes Calling…®
COMPUTER CRIMES (Continued)
Definitions
- the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device; 18 U.S.C. § 1030(e)(1);
- the term "protected computer" means a computer-
- exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; id. § 1030(e)(2)(A);or
- which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; id. § 1030(e)(2)(B);
- the term "financial record" means information derived from any record held by a financial institution pertaining to a customer's relationship with the financial institution; id. § 1030(e)(5);
- the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter; id. § 1030(e)(6);
- the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information; id. § 1030(e)(8);
- the term "loss" means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; id. § 1030(e)(11).
Exceptions
Section 1030 does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States. 18 U.S.C. § 1030(f).
Case Law Interpreting Section 1030
An operator of a pornographic website violated sections 1030(a)(2)(C) and (5)(C) by exceeding his authorized access and impairing computer facilities, when he maintained a membership with an Internet service provider (hereinafter ISP) in order to harvest e-mail addresses of other members using extractor software programs. America Online v. LCGM 46 F. Supp. 2d 444, 450-51 (E.D. Va. 1998).
An individual and his attorney also violated section 1030 when they used a patently unlawful subpoena to gain access to e-mail stored by a corporation's ISP. Theofel v. Farey-Jones, 341 F.3d 978, 981, 986 (9th Cir. 2003). (Note that in this case, the defendants were found civilly liable).
In recent months, some noteworthy cases have been brought under the Computer Fraud and Abuses Act, such as Leandro Aragoncillo's case in which he is accused of illegally accessing a computer in the office of the Vice President of the United States.
18 U.S.C. § 1037 (2007).
The Crime
Section 1037 concerns itself with unsolicited commercial email, also known as spam. Under 18 U.S.C. § 1037(a), it is a crime to do or conspire to do one, some, or all of the five things outlined in section 1037(a)(1)-(5). The first is accessing a protected computer without authorization and intentionally initiating the transmission of multiple commercial electronic mail messages (for simplicity, hereinafter "emails") from or through that computer. The second is using a protected computer to relay or retransmit multiple commercial emails, intending to deceive or mislead recipients about the origin of such a message. The third is materially falsifying header information in multiple emails and intentionally initiating the transmission of such emails. The forth is registering, "using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names." Finally, the fifth category of crime is falsely representing "oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses," and intentionally initiating the transmission of multiple emails from such addresses.
The Punishment
Under 18 U.S.C. § 1037(b), there are 3 different categories of punishment. The first category carries a punishment of a fine, imprisonment for not more than 5 years, or both, if the offense is committed in furtherance of a felony under Federal or State law, or if the defendant has previously been convicted under 18 U.S.C. § 1037, 18 U.S.C. § 1030, or under the law of any State for conduct involving the transmission of multiple emails or the unauthorized access to a computer system. The second category carries a punishment of a fine, imprisonment for not more than 3 years, or both if section 1037(a)(1) is violated, if section 1037(a)(4) is violated and 20 or more falsified accounts or 10 or more falsified domain name registrations were involved, if the volume of emails transmitted exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period, if the offense caused loss to one or more persons aggregating $ 5,000 or more in value during any 1-year period, if any individual committing the offense obtained anything of value aggregating $ 5,000 or more during any 1-year period; or if the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader. In any other situation, the punishment is a fine, imprisonment for not more than 1 year, or both.
A person who is convicted under section 1037 will be ordered to forfeit to the United States any real or personal property which constitutes or is traceable to gross proceeds obtained by that person, as well as any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of the offense.
Definitions
Some terms should be clarified. "Materially falsified" header or registration information, for example, as used in section 1037(a)(3)-(4), means it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. "Multiple" under section 1037 does not simply mean more than one; "multiple" means more than 100 electronic mail messages during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic mail messages during a 1-year period.
Case Law Interpreting Section 1037
There are no cases reported referring to section 1037 at this time.