Jurisdictional Issues of Cybercrime within the United States

Within the United States, the jurisdiction to prosecute crimes depends not only on where the crime took place, but the severity and type of crime. Even with existing laws against non-Cyber crimes, many questions arise as to whether the individual states or the federal government should be in charge of a particular prosecution. With the advent of the internet, the lines dividing those jurisdictions seem to have blurred even farther.

Federal Cyber-crime Jurisdiction and Prosecution

Amid the rapidly expanding global reach of the Internet, many questions arise as to how to regulate and prosecute any wrongdoings that are bound to occur. Given the lack of physical presence within this virtual network, it becomes difficult to identify jurisdictional boundaries and what level of prosecution must be taken. As our technology undergoes daily progression, laws must also adapt to these advancements to ensure the protection of all those who utilize this virtual world. For this section, we will explore the jurisdiction exercised under the federal court system by taking a look at its involvement in cyber-crime prosecution. In addition, we will apply some real court cases to exemplify the issues at hand.

As new cyber-crimes become prominent within the realm of the Internet, so have new laws against these cyber-crimes. Before the Internet, prosecution was based on the physicality of a criminal action or criminal possession, whereas now there may be no need for physical analysis. For example, under the Child Pornography Prevention Act (CPPA), federal law prohibits the distribution and/or possession of child pornography, which specifically includes the use of computers. This law also encompasses the ability of computers to alter and manipulate an image, stating that a computer generated image of child pornography will still violate federal law. (Click here for an example court case involving the CPPA.) Another criminal activity that has expanded significantly over the Internet is the act of harassment. Current federal law makes it a crime to transmit any communication in interstate or foreign commerce containing a threat of personal injury. Another harassment statute includes using any telecommunications device to annoy, abuse, harass, or threaten another person, which also includes the act of cyber-stalking. The use of the Internet provides criminals the opportunity to commit these crimes with almost total anonymity.

Although child pornography and harassment exemplify how the Internet is used as a tool for committing more widespread crimes, this issue can become much more complicated. Take for example the case "Eros LLC vs. John Doe," in which one user of the virtual world Second Life attempts to sue another user for copyright infringement. Kevin Alderman, under the avatar name Stroker Serpentine, sells virtual sex toys throughout Second Life, which he converts into actual profit. He has sued another avatar named Volkov Catteneo for the infringement and sale of a virtual "SexGen bed." The main problem here is that Volkov Catteneo is a virtual character, who has claimed that his real-world identity is not even on file. Under compliance with the Digital Millennium Copyright Act, one can actually file for copyright infringement in the Second Life world. However, how does one sue a virtual character over the infringement of a virtual object, for relatively virtual money? This case is the first of its kind and shows how the expansion of the Internet world raises issues we would not have thought could occur. It goes to show that real-life crimes such as harassment, fraud, and copyright infringement become even more complicated issues when enacted over a network such as the Internet.

In order to encompass the possibilities of criminal activity that can be carried out with a computer, a standard has to be developed. For example, the Computer Fraud and Abuse Act (CFAA) is the current reference for federal jurisdictional prosecution over violators who gain unauthorized access to a computer involved with a financial institution. This federal statute defines the act of computer fraud as knowingly accessing a computer without authorization or exceeding authorized access by which one gains information protected by the United States government. Once we have such standards to help guide the prosecution of cyber-crimes, it must also be established how jurisdiction is to be determined. For the most part, federal courts can handle cases that involve the United States government, its Constitution, federal laws, controversies between states, and also issues between the United States and foreign governments. When investigating a computer crime, resources among federal, state, and local agencies are often pooled together in order to investigate and solve the cases in the most efficient way possible. Some agencies that may investigate domestic cyber-crimes are the Federal Bureau of Investigation, the United States Secret Service, the United States Customs Service, the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco, and Firearms and Explosives. Such agencies may specialize in different areas, so the most suited agency to handle a dispute depends on the cyber-crime itself.

As already noted, the main difficulty when dealing with cyber-crimes is how to decide the level of jurisdiction that should be applied. If a cyber-crime occurs within a state, such as California, that state's laws may be applied without any intervention of federal legislation. However, if it is determined that a federal law has been violated in addition to any state law, the jurisdiction may fall under federal legislation. In contrast, say a cyber-crime is rooted in California but attacks a server in New York, will one or both of the states handle it or will federal intervention prove necessary? For the most part, unless the case is not resolved between the states themselves, state legislation is given the benefit of self-governance. For example, if California had no law against unauthorized computer access, a dispute may arise when New York requests affirmative action against the perpetrator. In such a case, once one state's desired actions conflict with the other, federal law may step in for constitutional ruling.

Overall, the jurisdictional challenges on the federal level have not posed as many problems as the state and international levels have. Most federal laws encompass issues at all levels, whether local, state, or international. Most of the cases that arise at these other levels can be resolved with the intervention of federal legislation, if necessary. Before the prosecution even occurs, the cyber-crime must be properly reported so that it can be investigated. As stated earlier, there are different federal agencies who may handle different types of cyber-crimes. In order to report a cyber-crime appropriately, one should first find out which agency is most suited to handle the issue at hand. Simply click here for more information on reporting cyber-crimes.

For further listings of federal cyber-crimes, click here.

State Legislation covering Cyber Crime

State Legislation specifically designed to combat computer crimes was first seen in 1978 with Arizona and Florida. Today, computer specific legislation is seen in every state and, is in most cases, based on the 1977 and 1979 proposed Federal Computer Systems Protection Act. The precise definitions and wording provided in theses statutes give the state a better way to prosecute criminals in computer related offenses than did general criminal codes.

State Computer crime legislation, like federal computer crime statutes, outlines computer offensives into three different categories; Computers used a tool, Computer used as a source, and Computer used as a target. State Statutes address a wide range of areas. The first main area that they address is the concept of property and how it is conceived from a "physical" domain to electronic information and computer technologies. The second, many states require damage or destruction in which the perpetrator will "alter, damage, delete or destroy computer programs or files". (2) For a few states, gaining access to intellectual property isn't considered a crime but for most it is prosecutable. State Statutes protecting IP is also expanded into protecting it against common crimes such as, trespassing (unauthorized access to files), vandalism (altering or deleting data) and theft (copying information). The fourth aspect of the statutes is the "unlawful insertion or contamination". The use of these statutes is to criminalize the use of Viruses and Trojans and other such malicious programs. The statutes do not require access to the computer by the offenders because the attacks can be transmitted through several means and not always directly from the source. One of the first examples of State Legislation adopting new laws in combating computer crime is in Virginia. In 1978 the Supreme Court of Virginia held that unauthorized use of computer time and services did not form the basis of a conviction because it did not fall under the current definition of "goods and chattels" defined in the current criminal code. So in response to this decision the Virginia legislator passed an act that changed the definition of computer time and services to be considered property so it the abuse of such could be prosecuted as larceny, embezzlement or false pretenses. Virginia, again in 1983, expanded on what they did in 1978 with the Computer Crimes abuse Act. The act was fairly comprehensive in defining new computer crimes, such as, computer fraud, computer trespass, computer invasion of privacy, theft of computer services, and personal trespass with a computer.

With the rise in State Legislation one of the most significant problems that impede prosecution is jurisdictional issues. These jurisdictional issues can arise between state to state or state to federal. A simple case of jurisdictional issues related to state to state would be an example of a suspect running a fake pharmacy in Pennsylvania and then selling drugs via the internet to recipients in states such as Florida or Texas. In this case regular jurisdiction does not apply. This crime spans a large geographic area and cannot be investigated as a normal crime would be. In this case, for example, Florida would have to subpoena Pennsylvania for the records of the suspect and would have to help further the investigation by Florida. In this case Pennsylvania does not have to help in the prosecution, especially if the individual is not causing any harm in their state. This is due to the fact that the prosecutors must prove that the defendant had the intent to cause harm in the state. This is just a simple example of Jurisdictional issues that arise from the geographic location of the perpetrator. In fact, states have begun to change their jurisdictional laws concerning cyber-crime to encompass all criminal activity originating or taking place in their geographical jurisdiction. For example, Arkansas has a statute that states "for the purpose of determining jurisdiction, a person is subject to prosecution in this state " if the transmission that constitutes the offense either originates in this state or is received in this state". Pennsylvania has a similar clause on their statute on cyber crime stating that the offense committed "either at the place where conduct constituting an element of the offense occurred or at the place where the result which is an element of the offense occurred within this" Common Wealth is under the jurisdictional powers of this state's Attorney General.(More on PA Computer Crime Laws) Others use different wording in there statutes on cyber-crime. For example Hawaii and Oklahoma statutes state a person "who causes, by any means, the access of a computer... or computer network in one jurisdiction from another jurisdiction is deemed to have personally accessed the computer or computer network in each jurisdiction". In cases such as West Virginia the states have adopted a clause that gives them jurisdiction over the flow of information through their state. This kind of statute causes another problem with jurisdiction and that is "excess jurisdiction". "Excesses jurisdiction" is the case in which a criminal working out of one geographic location affects victims in other geographic locations. If all locations have cyber-crime statutes and laws then all jurisdictions might want to prosecute that criminal. (The remedies to this type of issue, according to Susan Brenner a Law Professor at Dayton, is more thoroughly discussed here Cybercrime Jurisdiction)

In the fight against cyber crime, and in general computer crime, the states and federal legislature most continually adapt to the adversary. Federal Law enforcement handles most of the interstate criminal activity but they are continually working with state and local law enforcement to train them in detecting, investigating and prosecuting cyber criminals. Adaptation on the state level is seen in which legislation is adopting minimal penalties for certain cyber crimes, which in the past were more strictly prosecuted on the federal level. Continual cooperation between state and state and state to federal will be the only possible remedy in handling investigative and jurisdictional issues until there are changes on the national level concerning jurisdiction over all interstate cyber crime.

Works Cited

"Child Pornography Prevention Act."
Faculty-Web, Information Technology, Northwestern University. 26 Mar. 2009 http://facultyweb.at.northwestern.edu/commstud/freespeech/cont/cases/morphed.html

Computer Crime & Intellectual Property Section.
United States Department of Justice. 25 Mar. 2009 http://www.cybercrime.gov/

"Federal Bureau of Investigation - Cyber Investigations - Cybercrime."
Federal Bureau of Investigation Homepage. 26 Mar. 2009 http://www.fbi.gov/cyberinvest/cyberhome.htm

"Federal Cyber Crimes."
KEYTLaw - A Legal Information Source. 30 Mar. 2009 http://www.keytlaw.com/Links/cybercrimes.htm

"How to Report Internet Crimes."
KEYTLaw - A Legal Information Source. 26 Mar. 2009 http://www.keytlaw.com/netlaw/reportnetcrime.htm

"The Electronic Frontier: the Challenge of Unlawful Conduct Involving the Use of the Internet."
United States Department of Justice. 26 Mar. 2009 http://www.usdoj.gov/criminal/cybercrime/unlawful.htm

"SL business sues for copyright infringement
Reuters/Second Life. 29 Mar. 2009 http://secondlife.reuters.com/stories/2007/07/03/sl-business-sues-for-copyright-infringement/

"The Digital Millennium Copyright Act of 1998."
U.S. Copyright Office. 27 Mar. 2009 http://www.copyright.gov/legislation/dmca.pdf

U.S. Courts | The Federal Judiciary.
30 Mar. 2009 http://www.uscourts.gov/

Arthur J Carter IV, Audrey Perry. "COMPUTER CRIMES. " 
The American Criminal Law Review  41.2 (2004): 313-365. Law Module

Hatcher, Michael, Jay McDaniel, and Stacy Ostfeld. "Computer Crimes."
American Criminal Law Reveiw (1999). http://www.articlearchives.com/crime-law/criminal-offenses-cybercrime/1079103-1.html

Brenner, Susan W. "Cyber Crime Jurisdiction."
Crime Law Soc Change (2006): 189-206. http://www.springerlink.com/content/e115601u0337ug25/fulltext.pdf

"Computer Crimes laws - Information on the law about Computer Crimes."
Law Library - American Law and Legal Information. 07 Apr. 2009 http://law.jrank.org/pages/11804/Computer-Crimes.html

"The Electronic Frontier: the Challenge of Unlawful Conduct Involving the Use of the Internet (March 9, 2000)."
United States Department of Justice. 07 Apr. 2009 http://www.usdoj.gov/criminal/cybercrime/unlawful.htm

"States take growing role in cyber crimefighting -- Federal Computer Week."
Federal Computer Week -- Federal Computer Week. 07 Apr. 2009 http://www.fcw.com/Articles/2009/03/30/States-take-growing-role-in-cyber-crimefighting.aspx