Trouble Online

Legal Research

Legal Issues of the 21st Century

Spring 2004

 

I.              INTRODUCTION

Since the advent of the internet, some computer users have found new ways to make trouble online.  With the rise of this powerful new medium has come tremendous opportunity for abuse.  Some online crimes (such as extortion, defamation) fall neatly under already legislated areas of the law.  Other acts (such as hacking into another computer, use of copyrighted materials, etc.) do not appear to fit perfectly under existing law due to their online nature.  These are the areas in which legislatures have been scrambling to address in recent years.  Online harassment, online terrorism, and virus distribution are three such areas of crime that have had an increasingly negative impact on the world in which we live.  As the number of people online continues to grow and technology becomes more sophisticated, the legislature and the judiciary are working to quickly and effectively minimize these online threats.  This research focuses on the current law regarding specific issues raised by the abovementioned online crimes.

II.            HARASSMENT ON THE INTERNET

The crime of harassment/stalking has only fairly recently been recognized as a crime.  California was the first state to pass anti-stalking/harassment legislation in 1990.[1]  Since California passed itÕs law in 1990, all States have made stalking a crime.  Harassment in cyberspace is something that most computer users encounter at some point online.  Harassment may come in any form from repeated spam solicitations to former acquaintances deliberately seeking to cyberstalk you.  Harassment in any form is at best a nuisance and at worst an affliction that can ruin a personÕs life.  The internet has made harassing others easier than ever, and the government is working to more effectively address this problem.  Both the U.S. and California have enacted statutes addressing the problem of online harassment/cyberstalking.  Courts have found that anti-harassment laws do not violate the constitutional right to free speech.[2]

California Penal Code ¤ 646.9 specifically states that "harass" means to engage in a knowing and willful course of conduct directed at a specific person that seriously alarms, annoys, torments, or terrorizes the person, and that serves no legitimate purpose.[3]  The act includes the provision that a "credible threat" means a verbal or written threat, including that performed through the use of an electronic communication device.[1]  Even without this provision, the State could likely prosecute online harassers because their behavior would still be illegal under the definition of ÒharassÓ.  While the legislators likely included this provision to account for harassment done via fax machine, telephones, etc., (the internet was not widely known yet) it is clear that the congress recognized that new forms of technology were emerging and that the law would not permit harassment by newly emerging means.  When it comes to harassment and stalking on the internet, state statutes vary widely.  Besides California, several states (such as Alaska, Michigan, Oklahoma, etc.) specifically prohibit stalking through email and other electronic techniques.[4]  There is also pending legislation in several states to strengthen existing laws regarding the stalking and harassment of children.[5]

The Federal Government also acted in 1996, enacting a law to prohibit stalkers from traveling across a state line in pursuit of their victims.  This allowed the federal government to prosecute when the case for prosecution by the state was weak and the crime was intrastate in nature.  Federal Statute 18 U.S.C.A. ¤ 2261(a) (known as the Interstate Stalking Punishment and Prevention Act of 1996) prohibits individuals from traveling across a state line with the intent to injure or harass another person or placing such person in reasonable fear of death or bodily injury as a result of, or in the course of, such travel.  This law has been widely applied in the prosecution of online harassers as well.  In United States v. Alkhabaz[6], the Federal Government charged the defendant with transmitting interstate communications containing threats to kidnap or injure another person.  While Section 2261(a) was applied, the court found that emails between defendant and another, expressing sexual interest in violence against women and girls, did not constitute "communication containing a threat" within the meaning of statute.[7]

III.          ONLINE TERRORISM

 

One of the greatest emerging threats to our national security and the global economy may be online terrorism.  Since September 11th, 2001, more attention has been given to the vulnerability of the nation's telecommunications, internet, and other vital networks to computer-based attack.  As has been done in recent years, online terrorists could attack by sending viruses that attack enough PCÕs that it sends our financial infrastructure into disarray.  Another concern is that hackers could break into confidential government databases and steal top-secret information that could make the country vulnerable to traditional forms of attack.  The United States Department of Justice created a Cybercrime Unit to focus on crimes that are committed in cyberspace.  Many who get prosecuted by this unit are convicted under 18 U.S.C. 1030.  The Computer Crime Statute outlines what constitutes fraud and related activities when done using a computer.  Most other criminal acts online are prosecuted under statutes that apply to crimes committed either online and offline. 

In early 2004, the Department of Homeland Security unveiled a new system to alert the public to online terrorism when it is discovered.[8]  According to U.S. Senator Charles Schumer, the new system fails in that it does not call for mandatory reporting of computer viruses.[9]  Even without such mandatory federal reporting requirements, companies have incentive to exercise self-protection against online terrorism because they can legally be held accountable under 18 U.S.C. 1030, even if they themselves are the victims of online terror.  Section 1030(a)(2) states that whoever Òintentionally accesses a computer without authorization or exceeds authorized accessÓ[10] and obtains information as a result Òshould be punished under subsection (c).Ó[11]  Because intent is not requiredÑsimply exceeding access may be enough (as is evidenced by the ÒorÓ)Ñcompanies must protect their computer systems so that the possibility of inadvertently gaining access to information is minimized.

IV.          STOPPING THE SPREAD OF A VIRUS

As mentioned in the previous section, there is no specifically spelled-out legal obligation to report a computer virus.[12]   Aside from self-imposed ethical obligations to do so, the language of 18 U.S.C. 1030 may also impose a legal obligation if certain conditions are met.  Section 1030(5)(A)(i) specifically states that punishment is owed to anyone who Òknowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.Ó[13]  The wording of this statute may create a legal obligation to prevent the spread of a virus, perhaps even if the virus does not affect that user personally.  If, for instance, a Mac user stores a virus on his hard drive that does not affect Macs but he knows it can infect Wintel PCÕs, it can be argued the Mac user is ÒknowinglyÓ causing the transmission of the file.  If anyone suffers the damages described in Section (B)(i)-(v),[14] this user may be held liable.  Thus, 18 U.S.C. 1030 appears to create the legal obligation to prevent the spread of a virus, regardless of whether there is a personal impact.

V.            RECENT DOJ PROSECUTIONS

The DOJ has become increasingly vigilant in prosecuting those who commit cybercrimes.  To illustrate the commitment by the DOJ to prosecuting online crimes, listed below are just a few of the more interesting suits that have been brought by the DOJ (taken from the DOJ website) in the past year: 

1.             Thomas E. Ray, III, from Jackson, MS, was charged with two felony extortion charges including extortion-threats to damage property or reputation and extortion-threats to damage computers. According to the indictment, Ray, who used the e-mail name "Jamie Weathersby," used his e-mail to contact Best Buy in October 2003 and threatened to expose and exploit a purported computer security problem unless Best Buy paid him $2.5 million. Security officials with Best Buy contacted federal authorities and worked with agents on the Minnesota CyberCrime Task Force during the federal investigation. Best Buy stated they found no proof that their customer data or customer accounts were compromised.  If convicted, Ray faces a maximum potential penalty of two years in prison and/or a $250,000 fine for extortion-threats to damage property or reputation and up to five years in prison and/or a $250,000 fine for extortion-threats to damage computers.

2.             A Manchester, New Hampshire man was found guilty of eight felony counts related to a website where he posted thousands of Social Security Numbers and other personal information belonging to employees of Global Crossing. William Sutcliffe, 42, was convicted of thee counts of making interstate threats to injure or kill and five counts of transferring Social Security Numbers with the intent to aid and abet another felony. Soon after his termination from Global Crossing, Sutcliffe established a website Ð EvilGX.com Ð the name of which referenced Global Crossing's stock symbol. Sutcliffe also picketed outside Global Crossing's Beverly Hills offices and held a sign referring people to his website.  The website contained personal information about many Global Crossing employees. In addition to Social Security Numbers, the website had phone numbers, home addresses, dates of birth and other data. The website also contained threats to publish even more information about additional employees, and links to other websites that discussed the ease with which identity fraud could be committed by an individual with the required personal information of another, such as birthdate and social security number.  As employees realized their personal information was being made public, Global Crossing filed a lawsuit and obtained a temporary restraining order directing Sutcliffe not to publicize information he obtained while he was a Global Crossing employee. As a result of the guilty verdicts on the eight felony charges, Sutcliffe faces a maximum possible penalty of 30 years in federal prison.

3)             An unemployed man pleaded guilty to defrauding eBay bidders of $42,000 through online auctions of music and sporting event tickets. Ryan McCarty, 23, admitted that in Oct. 2000 he created the eBay account "freeatlance". McCarty also admitted that through the account, he posted approximately 50 separate auction listings for tickets to music concerts.  Furthermore, McCarty admitted that in Sept. 2002, using the eBay accounts "ticketinsider", "besttickets2002", and "tickets12000", he posted approximately 24 separate auction listings on eBay in which he offered tickets for sale to concerts and tickets to sporting events.  McCarty admitted that when posting these auction listings, he concealed from potential bidders the fact that he did not possess and did not intend to deliver the tickets that he was offering for sale. McCarty also admitted he directed the winning bidders to remit payment in advance of ticket shipment. Furthermore, he admitted to directing most of the winning bidders to mail checks and money orders made payable to him to his home in Sewell and that approximately 53 winning bidders followed his directions. McCarty admitted that when he failed to deliver the tickets to winning bidders who had made payment, the winning bidders began to contact him via e-mail to complain. In response, McCarty admitted he falsely and fraudulently claimed that he had mailed the tickets and that they must have been lost or stolen in transit.  McCarty admitted that by the above means, he defrauded winning bidders on the ticket auctions of a total of approximately $41,804.  McCarty faces a maximum sentence of five years in prison and a $250,000 fine. He also could be ordered to pay restitution and the costs of prosecution.

4)             Matthew Thomas Guevara, age 21, of Chicago, Illinois, pleaded guilty to wire fraud, in violation of Title 18, United States Code, Section 1343.  According to the plea agreement, beginning in late 2000 and continuing until August 2001, Guevara operated a scheme to defraud customers of the Microsoft Network (MSN). He first created false email accounts with the Internet Service Provider Hotmail and an unauthorized website with the address www.msnbilling.com through the Internet Service Provider Yahoo! Guevara then sent MSN customers email messages, purporting to come from MSN, that directed the customers to the fraudulent www.msnbilling.com website and asked them to verify their accounts by providing their name, MSN account and credit card information. Each time a customer entered the information, the website automatically forwarded it to one of Guevara Ôs false Hotmail accounts. Guevara used the stolen credit card information himself and provided it to another person as well.  He faces a maximum statutory penalty of five years in prison and a fine of up to $250,000.00.

VI.          CONCLUSION

Many new legal issues have been raised by the growth of the internet.  As with most burgeoning technologies, new technological methods of doing things have led to new opportunities to exploit loopholes and engage in illegal conduct online.   My research has shown that in some areas, the legislature and the judiciary have taken sufficient steps to update laws to account for online crimes.  In some areas, it is evident that the government is slow in introducing new legislation to close some of these loopholes.  Still, in other areas, it appears that legislation that existed prior to the internet age sufficiently accounts for crimes committed online.  Since it is still relatively new, the internet remains a popular tool for criminal activity.  As new laws are passed and the judiciary continues to develop a better understanding of online issues, it will gradually become more difficult to make trouble online.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 


[1] Available at http://www.ojp.gov:80/vawo/grants/stalk98/stalk98.txt.

[2] Id.

[3] Cal. Penal Code ¤ 646.9(e)(1990).

[4] See infra note 1.

[5] Id.

[6] United States v. Alkhabaz 104 F.3d 1492 (1997).

[7] Id. at 1496.

[8] Available at http://schumer.senate.gov/SchumerWebsite/pressroom/ press_releases/PR02353.html.

[9] Id.

[10] 18 U.S.C. ¤ 1030(a)(2) (1984).

[11] Id. at 1030(7).

[12] See supra p.4.

[13] 18 U.S.C. ¤ 1030(5)(A)(i) (1984).

[14] Id. at ¤ 1030.  This portion of the statute states:

(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)--

(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

(ii) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;

(iii) physical injury to any person;

(iv) a threat to public health or safety; or

(v) damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national.