Are Computer Crimes Different

In his article “Criminal Law In Cyberspace” Neal Katyal states that computers change the basic nature of criminal enterprise. A single individual, with the aid of a computer, can now commit a crime resulting in an extremely large amount of harm to society. Katyal argues that if in order to deter this harm the law should treat the computer as a quasi-conspirator.

Overall, I think the suggestion of penalizing the use of a computer in the commission of a crime is unnecessary. If computer users are able to cause more harm individually, perhaps we should increase their punishment accordingly. However, I believe that this can be accomplished without penalizing the use of a computer in the commission of an offense. If the theory is that computers allow criminals to do more harm, then the current statutory framework seems to recognize this. Sentencing guidelines provide for increased punishment for higher levels of losses. This would seem to apply to a criminal who is able to commit a crime individually through the use of a computer. While thinking about this topic it also occurred to me that while computers are able to maximize the financial harm a single individual is able to inflict, they generally also have the effect of removing any chance of physical violence from occurring during the commission of the offense. I believe that this should weight against factors leading towards increased punishment.

The Robinson and Darley article, The Role of Deterrence in the Formulation of Criminal Law Rules: At Its Worst When Doing Its Best raised some additional concerns about penalizing the use of computers in the commission of a crime. Katyal argued that doing so will lead to a deterrence effect on the commission of computer crimes. However, I found the article to be persuasive on the issue of whether deterrence really has an effect on the commission of future crimes. I agree that too few people know the law, or how the law would apply to their situation for an increase in punishment to have a deterrent effect.

United State v. Lee

This case presents the issue of when special skills sentencing adjustments relating to the use of a computer are appropriate. The court concluded that a level of computer expertise equal to Lee’s was not the equivalent of a special skill.

I found this statute troubling to say the least. The portion of the statute which allows for sentencing increases when the defendant abused a position of public or private trust makes sense to me. We want to discourage individuals in which society has placed trust from abusing that trust to commit crimes. I however do not believe that having “special skills” should also elevate one to a higher level of punishment. The court in United States v. Lee stated the rational as being, “to add to the punishment of those who turn legitimate special skills to the perpetration of evil deeds. I would find fault in the court’s rational that “that special societal investment and encouragement allows a person to acquire skills that are then held in a trust for all of us.” The expenses incurred in allowing an individual to gain a special skill are by and large born by the individual, and to say that these skills are held in a “special trust for all of us” is a mistaken assumption.

The cases also demonstrate that it is an exceedingly tough line drawing exercise when courts try to determine what constitutes a special skill. The court in Lee stated a two part test that asks whether the skill is not possessed by members of the general public, and also whether it is a skill that usually requires substantial education, training, or licensing. The definition seems too difficult to apply in real world situations. Does a master electrician count? The ordinary public does not possess this skill, and it requires substantial education, training and licensing. Also, how do courts determine when the special skill was used in the commission of an offense? What if the computer expert used a computer in committing an offense, but the use of the computer was a relatively minor part of the crime? What justifications are there for adding punishment to the criminal’s sentence simply because he had undergone the time and expense of educating himself?

· First Issue: Should sentences for computer-assisted crimes be different than those for traditional crimes?

Professor Katyal argues that increased punishment for computer-assisted crime will deter the greater harm that is associated with these crimes. He argues that the computer serves as a quasi-co-conspirator and the criminal justice system should treat the use of a computer in a crime as a type of participant, not a method of crime.

Does such an increase in punishment actually deter the crime? Assuming that the person who commits the computer-assisted crime is more removed from his or her actions than a person who commits a traditional crime, does increased punishment have any effect at all? Perhaps such an increase in punishment would increase deterrence for the same individual because they have first-hand knowledge about being caught and subjected to the increased punishment, but would not serve to deter the rest of society, especially if a computer-assisted criminal is personally and emotionally removed from the crime. The Cyber Magpie study demonstrated that, arguably, a higher percentage of people attempted to view the illegal materials posted online than would have attempted such viewing in person. It appears that the criminality of the action does not seem to have the same effect on criminals in cyberspace as it may in real space. On the other hand, is this removed perception and subsequent increase in crime precisely why we need stronger punishments to deter the crime?

Building on this, retribution theory would indicate that the person who uses the computer to commit a crime would be less deserving of punishment because they are removed from the actual commission of the crime (demonstrated in the hypo on p. 223). However, I think that the level of reality a person has about their actions is not the only inquiry for retribution theory. I believe that the idea of “just desserts” can be viewed in light of society’s view of the crime and ulpability of the person committing the crime. Under such a view, a defendant would be culpable regardless of their own level of removal from the crime, but in light of society’s view of the crime. If society views a computer-assisted crime as more or less deserving of a punishment than a traditional crime, then the “just desserts” for commission of such a crime would be correspondingly more or less severe.

· Issue 2: Special Skill issue

The two-part test was laid out in United States v. Lee: to be deserving of an increased offense level the skill must (1) “not be one possessed by the general public” and (2) “be one that usually requires substantial education, training, or licensing.” United States v. Mainard proposed a rationale for the rule: the additional punishment related to use of a special skill punishes those that use their legitimate special skills to assist in wrongdoing. This seems like more of a restatement of the rule than a rationale for the rule.

Is this an ethical standard? Should those who go through the trouble of obtaining a special skill be held to a higher ethical standard simply because they have acquired that skill? Many so-called special skills are related to a profession in which the person is held to an ethical standard; perhaps this ethical standard of professionals should not leak into the criminal punishment of a crime. Or, is it a standard relating to society’s view of such a crime? Are we looking at the trust that society placed in these people by allowing them to acquire the special skill and, as they have disappointed society in some manner by misappropriating these skills, society is willing to tell them that they are more “deserving” of punishment than someone who has not disappointed society in such a manner? Is there a difference between the two? The first argument may seem to rest on an ethical standard imposed to protect society and the other may seem to be imposed because society is “emotionally hurt” by the action, but is that simply the rationale and aftermath of the same idea?

Does the special skills “step-up” have a deterrence rationale? Could the rule be viewed as a way for professionals to be more closely guarded than the general public? Does it recognize that someone with special skills could potentially be able to cause greater harm or be more easily able to commit the crime and, therefore, we need to prevent this and deter these people from committing such a crime? Is it an evidentiary issue? Does it reflect that the criminal justice system has a harder time catching people who have special skill and can commit the crime using the special skill, so we want to deter their conduct even more than the conduct of a standard criminal using standard means? This idea is somewhat related to the escape rationale proposed by Prof. Katyal in arguing for increased punishment for computer-assisted crimes.

· Issue 3: Computer Misuse Offenses – Economic Loss rules

° Actual loss rules in § 1030 cases.

Is any loss that is attributable to the offense actually foreseeable? This does not seem to be the case; remember the case of the Ivy League scholar who wrote a virus and it ended up being much more widespread and resulting in much greater harm than he anticipated (he built in fail-safes that ended up not helping to curb the spread of the virus at all). Should the actual foreseeability of the harm matter? Perhaps the statute reflects that this is the risk that you take when you engage in a computer crime. Under the felony murder doctrine, foreseeability is not a factor; the doctrine essentially allows strict liability if a death occurs during the commission of a felony. This doctrine demonstrates that there is an inherent risk in committing a felony and, therefore, one who commits a felony assumes the risk of a death and the consequences thereof. Perhaps the step-up rule is a policy choice to deter risky conduct that may result in a great deal of harm because we view the commission of a computer crime as so reckless that the harm must be associated with it regardless of the foreseeability of the harm.

° Calculating loss in virus and worm cases.

It is very difficult to accurately measure damages in these types of cases. Punishing someone based on an estimate does not fit any of the theories of punishment. In terms of deterrence, crimes are not deterred if the punishment is not known or if the punishment is arbitrary in comparison to the crime committed. In terms of retribution, if the estimate is too high then the defendant is getting more than his “just desserts” in the punishment and if the estimate is too low then the defendant is not being given enough punishment for his actions.

Tracy's podcast from Week 5

---

Click here to download the ClassCaster audio.

Play It Now!

---

Note: Having seen the posting by Roman just before I posted this – I had to modify my input in order not to repeat the discussion of the points raised in his response. I apologize in advance if the points I raise seem pretty random as a result of that.

United States v. Carmichael

(alleged drug dealer’s trial where the defendant attempted to publicize the courtroom proceedings by posting the names and pictures of law enforcement agents and informants for the purported reason of gathering information about them and making this information available to the public – deemed not to be a “true threat”)

Issues with the tests for “true threats”

(1) When directed at a private citizen they should be based on that individual’s response to the threat or his/her reaction to it. Normally the person making such a statement or threat probably knows something about the particular situation and is using that information to create the “ominous cloud” behind the words themselves.

(2) Any posting of identity of “informants” suggests a means to threaten them in ongoing investigations since a lot of “career” informants might still be working with other undercover operations while a trial in this case is on-going. This could put their lives in danger without the actual threat coming from the defendant’s words. How does one account for this?

(3) Could the gag order not have covered this or was the injunction meant to be such a gag order?

(4) Context is very hard to determine unless made by people from the same strata of society, in the same geographic location etc. (hard for a prosecutor or judge to determine context accurately in all cases)

United States v. Tucker and Ashcroft v. Free Speech Coalition

Both cases deal with different provisions of anti-child pornographic laws.
Issues with some of the provisions in the law:

(1) Cache clearing in the old days was something you did after any internet browsing – it was a result of dealing with the browser technology. You could set-up your browser to automatically empty the cache in some cases. Would this “destruction of cached information” also point to “possession” as the Tucker court put it? What about a browser that doesn’t store images online? Should one’s guilt again be subject to one’s tech savviness?

(2) Computer-generated images are a huge issue in child pornography for reasons that go beyond what the courts point out. As graphic design abilities are enhanced on computers to generate models that are more like humans, would this not actually give incentive to the people involved in the trade to use a low-risk computer generated image rather than incur the wrath of the law using “live” models? (the courts think otherwise)

United States v. Poehlman

Issues:

(1) The risk with having something as subjective as “predisposition” put under the judicial microscope is that it tends to reflect an innate bias of society. There are current theories that link homosexuality to pedophilia. Could it not be extended to other deviant behavior such as cross-dressing and fetishism? In other words, wouldn’t a “sexually deviant” person be predisposed to commit other sexual crimes such as pedophilia?

(2) The Poehlman case is troubling because it appears that he was either not represented well in the state case, state law did not require proof of the same elements or did not believe that he would be prosecuted for the crime again under Federal law. I think having been convicted in California weakened his federal case.

(3) The Mann Act’s reach must be reconsidered in computer crimes because any transaction by computer these days is probably across state lines and hence the reach of Federal law is vastly enhanced (a blow to the new age of Federalism in Lopez?).

 (More)

DRAFT - Please edit this post before publishing. Change the topic to reflect the subject matter of the post. Do not edit the two lines below because they contain links to your audio recording.

---

Click here to download the ClassCaster audio.

Play It Now!

---

True Threat Doctrine

What constitutes a true threat on the Internet? The Carmichael court holds that a reasonable person (objective) test should be used to identify a true threat. The court states “the inquiry here is whether a reasonable person would view Carmichael’s website as a serious expression of an intention to inflict bodily harm”. Who is this reasonable person? Does this standard truly provide the maximum protection for freedom of expression while eliminating nefarious speech?

The difficulty in identifying the hypothetical reasonable person can lead to a chilling effect on free expression. Some forms of speech may seem threatening to most people even if the speaker never intended to communicate a threat. For example what if an email containing hateful and even violent rhetoric sent by a white supremacist to his friends gets accidentally routed to an African American individual. A reasonable person may think that such an email contains “a serious expression of an intention to inflict bodily harm”. The problem with this test is that the white supremacist may never have intended to threaten anybody and simply because of an email typo his free speech rights may be chilled. The true threat doctrine needs to contain a subjective intent element in order to minimize the impact on free speech rights of individuals.

II Virtual Pornography

Kerr in the notes after Ashcroft v. Free Speech Coalition asks whether the PROTECT Act’s narrow definition of virtual child pornography used in section 2256(8)(b) is constitutional?

This section states:

• (b) such visual depiction is a digital image, computer image, or computer-generated image that is, or is indistinguishable from, that of a minor engaging in sexually explicit conduct;

Under the reasoning of Aschcroft the section is probably unconstitutional. Ashcroft citing to the decision in Ferber reasoned “that where the speech is neither obscene nor the product of sexual abuse, it does not fall outside the protection of the first amendment.” The fault with the statute is that it does not have an obscenity requirement and since nobody is sexually abused in virtual pornography the statute would run afoul of the first amendment.

If section (b) had an identifiable minor requirement it would be constitutional since the mere presence of an identifiable minor, whether or not he or she actually engaged in sexual activity, could cause embarrassment and psychological problems for that minor. The speech does not lose its protection unless an actual minor is involved or the speech is obscene, the mere fact that the image can be made to look like a minor engaging in a sexual act is not enough to lose its constitutional protection.

III. Entrapment

Should the entrapment defense be modified for Internet related crimes? Dru Stevenson in Entrapment by Numbers argues that the entrapment defense should be modified because predisposition is a forgone conclusion in most Internet crimes cases. I, however, do not believe that the doctrine requires any modification.

Stevenson argues that simply logging on to certain chat rooms is enough for the government to prove predisposition, but the question of predisposition is a question of fact for the jury to decide. If and individual actively logged in to chat rooms that facilitate the trading of child pornography before any contact with the government then he may indeed have been predisposed to commit the underlying crime, and a reasonable jury should be allowed to hear the facts and come to its own conclusion beyond a reasonable doubt. If, however, the individual started logging into the chat rooms only after the initial inducement by the government then predisposition in all likelihood cannot be proven as a matter of law, just like in Poehlman, and the entrapment defense would succeed. Prosecuting a case should not be made more difficult simply because it is cheaper and easier to investigate more cases due to the advent of new technology.

 (More)

Click here to download the ClassCaster audio.

Play It Now!

---

Welcome to the Blog/Podcast center for the Fall 2006 Computer Crime Seminar at the University of Colorado School of Law, with your host, Paul Ohm